Current File : //proc/self/root/var/log/secure-20230122
Jan 15 03:51:58 host sshd[13558]: Connection closed by 190.138.240.31 port 47024 [preauth]
Jan 15 03:52:47 host sshd[13719]: Invalid user ef from 194.110.203.109 port 53076
Jan 15 03:52:47 host sshd[13719]: input_userauth_request: invalid user ef [preauth]
Jan 15 03:52:47 host sshd[13719]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 03:52:47 host sshd[13719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 03:52:49 host sshd[13719]: Failed password for invalid user ef from 194.110.203.109 port 53076 ssh2
Jan 15 03:52:52 host sshd[13719]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 03:52:54 host sshd[13719]: Failed password for invalid user ef from 194.110.203.109 port 53076 ssh2
Jan 15 03:52:57 host sshd[13719]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 03:52:59 host sshd[13719]: Failed password for invalid user ef from 194.110.203.109 port 53076 ssh2
Jan 15 03:53:02 host sshd[13719]: Connection closed by 194.110.203.109 port 53076 [preauth]
Jan 15 03:53:02 host sshd[13719]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 03:54:47 host sshd[14071]: User root from 211.114.214.37 not allowed because not listed in AllowUsers
Jan 15 03:54:47 host sshd[14071]: input_userauth_request: invalid user root [preauth]
Jan 15 03:54:47 host unix_chkpwd[14078]: password check failed for user (root)
Jan 15 03:54:47 host sshd[14071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.114.214.37 user=root
Jan 15 03:54:47 host sshd[14071]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 03:54:49 host sshd[14071]: Failed password for invalid user root from 211.114.214.37 port 43656 ssh2
Jan 15 03:54:50 host unix_chkpwd[14084]: password check failed for user (root)
Jan 15 03:54:50 host sshd[14071]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 03:54:51 host sshd[14071]: Failed password for invalid user root from 211.114.214.37 port 43656 ssh2
Jan 15 03:54:52 host unix_chkpwd[14092]: password check failed for user (root)
Jan 15 03:54:52 host sshd[14071]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 03:54:54 host sshd[14071]: Failed password for invalid user root from 211.114.214.37 port 43656 ssh2
Jan 15 03:54:55 host unix_chkpwd[14098]: password check failed for user (root)
Jan 15 03:54:55 host sshd[14071]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 03:54:57 host sshd[14071]: Failed password for invalid user root from 211.114.214.37 port 43656 ssh2
Jan 15 03:55:48 host sshd[14406]: Invalid user dnsekakf2$$ from 182.220.185.60 port 59110
Jan 15 03:55:48 host sshd[14406]: input_userauth_request: invalid user dnsekakf2$$ [preauth]
Jan 15 03:55:48 host sshd[14406]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 03:55:48 host sshd[14406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.220.185.60
Jan 15 03:55:49 host sshd[14406]: Failed password for invalid user dnsekakf2$$ from 182.220.185.60 port 59110 ssh2
Jan 15 03:55:50 host sshd[14406]: Failed password for invalid user dnsekakf2$$ from 182.220.185.60 port 59110 ssh2
Jan 15 03:55:50 host sshd[14406]: Connection closed by 182.220.185.60 port 59110 [preauth]
Jan 15 03:56:15 host sshd[14466]: Connection closed by 190.138.240.31 port 45996 [preauth]
Jan 15 04:00:28 host sshd[15359]: Connection closed by 190.138.240.31 port 44934 [preauth]
Jan 15 04:00:58 host sshd[15495]: Did not receive identification string from 183.146.30.163 port 50429
Jan 15 04:02:41 host sshd[15932]: Connection reset by 123.60.48.155 port 53830 [preauth]
Jan 15 04:02:44 host sshd[15934]: Connection reset by 123.60.48.155 port 53826 [preauth]
Jan 15 04:04:50 host sshd[16309]: Connection closed by 190.138.240.31 port 43886 [preauth]
Jan 15 04:09:08 host sshd[17250]: Connection closed by 190.138.240.31 port 42844 [preauth]
Jan 15 04:12:19 host sshd[17842]: Invalid user user from 112.155.227.221 port 60979
Jan 15 04:12:19 host sshd[17842]: input_userauth_request: invalid user user [preauth]
Jan 15 04:12:19 host sshd[17842]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:12:19 host sshd[17842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.155.227.221
Jan 15 04:12:21 host sshd[17842]: Failed password for invalid user user from 112.155.227.221 port 60979 ssh2
Jan 15 04:12:23 host sshd[17842]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:12:25 host sshd[17842]: Failed password for invalid user user from 112.155.227.221 port 60979 ssh2
Jan 15 04:12:25 host sshd[17842]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:12:27 host sshd[17842]: Failed password for invalid user user from 112.155.227.221 port 60979 ssh2
Jan 15 04:12:28 host sshd[17842]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:12:30 host sshd[17842]: Failed password for invalid user user from 112.155.227.221 port 60979 ssh2
Jan 15 04:12:30 host sshd[17842]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:12:32 host sshd[17842]: Failed password for invalid user user from 112.155.227.221 port 60979 ssh2
Jan 15 04:13:24 host sshd[18171]: Connection closed by 190.138.240.31 port 41794 [preauth]
Jan 15 04:13:31 host sshd[18225]: User ftp from 122.117.100.124 not allowed because not listed in AllowUsers
Jan 15 04:13:31 host sshd[18225]: input_userauth_request: invalid user ftp [preauth]
Jan 15 04:13:31 host unix_chkpwd[18232]: password check failed for user (ftp)
Jan 15 04:13:31 host sshd[18225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.100.124 user=ftp
Jan 15 04:13:31 host sshd[18225]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 15 04:13:33 host sshd[18225]: Failed password for invalid user ftp from 122.117.100.124 port 40618 ssh2
Jan 15 04:13:34 host unix_chkpwd[18239]: password check failed for user (ftp)
Jan 15 04:13:34 host sshd[18225]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 15 04:13:36 host sshd[18225]: Failed password for invalid user ftp from 122.117.100.124 port 40618 ssh2
Jan 15 04:13:37 host unix_chkpwd[18245]: password check failed for user (ftp)
Jan 15 04:13:37 host sshd[18225]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 15 04:13:38 host sshd[18225]: Failed password for invalid user ftp from 122.117.100.124 port 40618 ssh2
Jan 15 04:13:39 host sshd[18225]: Connection reset by 122.117.100.124 port 40618 [preauth]
Jan 15 04:13:39 host sshd[18225]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.100.124 user=ftp
Jan 15 04:17:31 host sshd[18978]: Connection closed by 190.138.240.31 port 40762 [preauth]
Jan 15 04:17:50 host sshd[19055]: User root from 218.161.16.245 not allowed because not listed in AllowUsers
Jan 15 04:17:50 host sshd[19055]: input_userauth_request: invalid user root [preauth]
Jan 15 04:17:50 host unix_chkpwd[19063]: password check failed for user (root)
Jan 15 04:17:50 host sshd[19055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.161.16.245 user=root
Jan 15 04:17:50 host sshd[19055]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 04:17:52 host sshd[19055]: Failed password for invalid user root from 218.161.16.245 port 33961 ssh2
Jan 15 04:17:52 host sshd[19055]: Connection reset by 218.161.16.245 port 33961 [preauth]
Jan 15 04:19:01 host sshd[19256]: Invalid user roger from 209.141.56.48 port 33320
Jan 15 04:19:01 host sshd[19256]: input_userauth_request: invalid user roger [preauth]
Jan 15 04:19:01 host sshd[19256]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:19:01 host sshd[19256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 15 04:19:03 host sshd[19256]: Failed password for invalid user roger from 209.141.56.48 port 33320 ssh2
Jan 15 04:19:03 host sshd[19256]: Connection closed by 209.141.56.48 port 33320 [preauth]
Jan 15 04:21:52 host sshd[19867]: Invalid user yousef from 190.138.240.31 port 39718
Jan 15 04:21:52 host sshd[19867]: input_userauth_request: invalid user yousef [preauth]
Jan 15 04:21:52 host sshd[19867]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:21:52 host sshd[19867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.138.240.31
Jan 15 04:21:54 host sshd[19867]: Failed password for invalid user yousef from 190.138.240.31 port 39718 ssh2
Jan 15 04:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 04:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 04:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 04:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=ugotscom user-2=wwwrmswll user-3=wwwresourcehunte user-4=keralaholi user-5=travelboniface user-6=wwwpmcresource user-7=laundryboniface user-8=dartsimp user-9=a2zgroup user-10=wwwkaretakers user-11=cochintaxi user-12=mrsclean user-13=wwwnexidigital user-14=kottayamcalldriv user-15=phmetals user-16=gifterman user-17=palco123 user-18=straightcurve user-19=wwwletsstalkfood user-20=wwwevmhonda user-21=bonifacegroup user-22=pmcresources user-23=wwwtestugo user-24=shalinijames user-25=vfmassets user-26=wwwkapin user-27=woodpeck user-28=disposeat user-29=wwwkmaorg user-30=remysagr feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 04:22:02 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-HEKH7c8ASzqiTZfH.~
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-HEKH7c8ASzqiTZfH.~'
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-HEKH7c8ASzqiTZfH.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 04:22:03 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 04:22:03 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 04:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 04:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 04:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 04:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 04:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 04:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 04:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 04:32:53 host sshd[22280]: Invalid user admin from 195.226.194.142 port 33086
Jan 15 04:32:53 host sshd[22280]: input_userauth_request: invalid user admin [preauth]
Jan 15 04:32:53 host sshd[22280]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:32:53 host sshd[22280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 15 04:32:55 host sshd[22280]: Failed password for invalid user admin from 195.226.194.142 port 33086 ssh2
Jan 15 04:32:55 host sshd[22280]: Received disconnect from 195.226.194.142 port 33086:11: Bye Bye [preauth]
Jan 15 04:32:55 host sshd[22280]: Disconnected from 195.226.194.142 port 33086 [preauth]
Jan 15 04:34:46 host sshd[22596]: Did not receive identification string from 149.129.220.222 port 61000
Jan 15 04:35:05 host sshd[22599]: Connection closed by 102.152.138.1 port 51428 [preauth]
Jan 15 04:35:24 host sshd[22725]: Invalid user oracle from 114.25.31.4 port 55987
Jan 15 04:35:24 host sshd[22725]: input_userauth_request: invalid user oracle [preauth]
Jan 15 04:35:24 host sshd[22725]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:35:24 host sshd[22725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.25.31.4
Jan 15 04:35:27 host sshd[22725]: Failed password for invalid user oracle from 114.25.31.4 port 55987 ssh2
Jan 15 04:35:27 host sshd[22725]: Connection reset by 114.25.31.4 port 55987 [preauth]
Jan 15 04:41:45 host sshd[23948]: User root from 220.135.0.16 not allowed because not listed in AllowUsers
Jan 15 04:41:45 host sshd[23948]: input_userauth_request: invalid user root [preauth]
Jan 15 04:41:45 host unix_chkpwd[23956]: password check failed for user (root)
Jan 15 04:41:45 host sshd[23948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.0.16 user=root
Jan 15 04:41:45 host sshd[23948]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 04:41:48 host sshd[23948]: Failed password for invalid user root from 220.135.0.16 port 60226 ssh2
Jan 15 04:41:49 host unix_chkpwd[23965]: password check failed for user (root)
Jan 15 04:41:49 host sshd[23948]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 04:41:51 host sshd[23948]: Failed password for invalid user root from 220.135.0.16 port 60226 ssh2
Jan 15 04:41:52 host unix_chkpwd[23973]: password check failed for user (root)
Jan 15 04:41:52 host sshd[23948]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 04:41:55 host sshd[23948]: Failed password for invalid user root from 220.135.0.16 port 60226 ssh2
Jan 15 04:41:55 host sshd[23948]: Connection reset by 220.135.0.16 port 60226 [preauth]
Jan 15 04:41:55 host sshd[23948]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.0.16 user=root
Jan 15 04:43:23 host sshd[24332]: Invalid user dnsekakf2$$ from 114.33.2.29 port 44051
Jan 15 04:43:23 host sshd[24332]: input_userauth_request: invalid user dnsekakf2$$ [preauth]
Jan 15 04:43:23 host sshd[24332]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:43:23 host sshd[24332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.2.29
Jan 15 04:43:25 host sshd[24332]: Failed password for invalid user dnsekakf2$$ from 114.33.2.29 port 44051 ssh2
Jan 15 04:43:25 host sshd[24332]: Connection reset by 114.33.2.29 port 44051 [preauth]
Jan 15 04:43:29 host sshd[24348]: Invalid user admin from 211.20.56.215 port 43576
Jan 15 04:43:29 host sshd[24348]: input_userauth_request: invalid user admin [preauth]
Jan 15 04:43:29 host sshd[24348]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:43:29 host sshd[24348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.20.56.215
Jan 15 04:43:31 host sshd[24348]: Failed password for invalid user admin from 211.20.56.215 port 43576 ssh2
Jan 15 04:43:31 host sshd[24348]: Failed password for invalid user admin from 211.20.56.215 port 43576 ssh2
Jan 15 04:43:31 host sshd[24348]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:43:34 host sshd[24348]: Failed password for invalid user admin from 211.20.56.215 port 43576 ssh2
Jan 15 04:43:34 host sshd[24348]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:43:37 host sshd[24348]: Failed password for invalid user admin from 211.20.56.215 port 43576 ssh2
Jan 15 04:43:37 host sshd[24348]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:43:38 host sshd[24348]: Failed password for invalid user admin from 211.20.56.215 port 43576 ssh2
Jan 15 04:43:39 host sshd[24348]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:43:40 host sshd[24348]: Failed password for invalid user admin from 211.20.56.215 port 43576 ssh2
Jan 15 04:43:40 host sshd[24348]: error: maximum authentication attempts exceeded for invalid user admin from 211.20.56.215 port 43576 ssh2 [preauth]
Jan 15 04:43:40 host sshd[24348]: Disconnecting: Too many authentication failures [preauth]
Jan 15 04:43:40 host sshd[24348]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.20.56.215
Jan 15 04:43:40 host sshd[24348]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 15 04:44:05 host sshd[24477]: Invalid user antonio from 107.189.30.59 port 48408
Jan 15 04:44:05 host sshd[24477]: input_userauth_request: invalid user antonio [preauth]
Jan 15 04:44:05 host sshd[24477]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:44:05 host sshd[24477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 15 04:44:08 host sshd[24477]: Failed password for invalid user antonio from 107.189.30.59 port 48408 ssh2
Jan 15 04:44:09 host sshd[24477]: Connection closed by 107.189.30.59 port 48408 [preauth]
Jan 15 04:55:22 host sshd[26846]: Invalid user usr from 99.156.183.174 port 35558
Jan 15 04:55:22 host sshd[26846]: input_userauth_request: invalid user usr [preauth]
Jan 15 04:55:22 host sshd[26846]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:55:22 host sshd[26846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=99.156.183.174
Jan 15 04:55:24 host sshd[26846]: Failed password for invalid user usr from 99.156.183.174 port 35558 ssh2
Jan 15 04:55:25 host sshd[26846]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:55:26 host sshd[26892]: Invalid user gitlab-runner from 220.134.7.32 port 50148
Jan 15 04:55:26 host sshd[26892]: input_userauth_request: invalid user gitlab-runner [preauth]
Jan 15 04:55:26 host sshd[26892]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:55:26 host sshd[26892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.7.32
Jan 15 04:55:27 host sshd[26846]: Failed password for invalid user usr from 99.156.183.174 port 35558 ssh2
Jan 15 04:55:28 host sshd[26846]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:55:28 host sshd[26892]: Failed password for invalid user gitlab-runner from 220.134.7.32 port 50148 ssh2
Jan 15 04:55:29 host sshd[26892]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:55:30 host sshd[26846]: Failed password for invalid user usr from 99.156.183.174 port 35558 ssh2
Jan 15 04:55:32 host sshd[26892]: Failed password for invalid user gitlab-runner from 220.134.7.32 port 50148 ssh2
Jan 15 04:55:32 host sshd[26846]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:55:32 host sshd[26892]: Connection reset by 220.134.7.32 port 50148 [preauth]
Jan 15 04:55:32 host sshd[26892]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.7.32
Jan 15 04:55:34 host sshd[26846]: Failed password for invalid user usr from 99.156.183.174 port 35558 ssh2
Jan 15 04:57:42 host sshd[27336]: Invalid user tangbo from 80.68.7.50 port 53510
Jan 15 04:57:42 host sshd[27336]: input_userauth_request: invalid user tangbo [preauth]
Jan 15 04:57:42 host sshd[27336]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:57:42 host sshd[27336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.68.7.50
Jan 15 04:57:44 host sshd[27336]: Failed password for invalid user tangbo from 80.68.7.50 port 53510 ssh2
Jan 15 04:57:44 host sshd[27336]: Received disconnect from 80.68.7.50 port 53510:11: Bye Bye [preauth]
Jan 15 04:57:44 host sshd[27336]: Disconnected from 80.68.7.50 port 53510 [preauth]
Jan 15 04:58:43 host sshd[27658]: Invalid user jungwoo from 103.5.113.148 port 46522
Jan 15 04:58:43 host sshd[27658]: input_userauth_request: invalid user jungwoo [preauth]
Jan 15 04:58:43 host sshd[27658]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:58:43 host sshd[27658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.5.113.148
Jan 15 04:58:45 host sshd[27658]: Failed password for invalid user jungwoo from 103.5.113.148 port 46522 ssh2
Jan 15 04:58:45 host sshd[27658]: Received disconnect from 103.5.113.148 port 46522:11: Bye Bye [preauth]
Jan 15 04:58:45 host sshd[27658]: Disconnected from 103.5.113.148 port 46522 [preauth]
Jan 15 04:58:57 host sshd[27692]: Invalid user ec2-user from 211.57.67.231 port 62303
Jan 15 04:58:57 host sshd[27692]: input_userauth_request: invalid user ec2-user [preauth]
Jan 15 04:58:57 host sshd[27692]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:58:57 host sshd[27692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.57.67.231
Jan 15 04:58:59 host sshd[27692]: Failed password for invalid user ec2-user from 211.57.67.231 port 62303 ssh2
Jan 15 04:59:00 host sshd[27692]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:59:01 host sshd[27707]: Invalid user zhangwen from 158.69.48.204 port 48652
Jan 15 04:59:01 host sshd[27707]: input_userauth_request: invalid user zhangwen [preauth]
Jan 15 04:59:01 host sshd[27707]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:59:01 host sshd[27707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.48.204
Jan 15 04:59:02 host sshd[27707]: Failed password for invalid user zhangwen from 158.69.48.204 port 48652 ssh2
Jan 15 04:59:02 host sshd[27692]: Failed password for invalid user ec2-user from 211.57.67.231 port 62303 ssh2
Jan 15 04:59:03 host sshd[27707]: Received disconnect from 158.69.48.204 port 48652:11: Bye Bye [preauth]
Jan 15 04:59:03 host sshd[27707]: Disconnected from 158.69.48.204 port 48652 [preauth]
Jan 15 04:59:03 host sshd[27692]: Connection reset by 211.57.67.231 port 62303 [preauth]
Jan 15 04:59:03 host sshd[27692]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.57.67.231
Jan 15 04:59:47 host sshd[27852]: Invalid user admin from 118.37.193.14 port 54248
Jan 15 04:59:47 host sshd[27852]: input_userauth_request: invalid user admin [preauth]
Jan 15 04:59:47 host sshd[27852]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:59:47 host sshd[27852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.37.193.14
Jan 15 04:59:49 host sshd[27852]: Failed password for invalid user admin from 118.37.193.14 port 54248 ssh2
Jan 15 04:59:52 host sshd[27852]: Failed password for invalid user admin from 118.37.193.14 port 54248 ssh2
Jan 15 04:59:53 host sshd[27852]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:59:55 host sshd[27852]: Failed password for invalid user admin from 118.37.193.14 port 54248 ssh2
Jan 15 04:59:56 host sshd[27852]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 04:59:58 host sshd[27852]: Failed password for invalid user admin from 118.37.193.14 port 54248 ssh2
Jan 15 05:01:41 host sshd[28214]: Invalid user soumyaray from 45.225.160.66 port 38580
Jan 15 05:01:41 host sshd[28214]: input_userauth_request: invalid user soumyaray [preauth]
Jan 15 05:01:41 host sshd[28214]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:01:41 host sshd[28214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.225.160.66
Jan 15 05:01:43 host sshd[28214]: Failed password for invalid user soumyaray from 45.225.160.66 port 38580 ssh2
Jan 15 05:01:44 host sshd[28214]: Received disconnect from 45.225.160.66 port 38580:11: Bye Bye [preauth]
Jan 15 05:01:44 host sshd[28214]: Disconnected from 45.225.160.66 port 38580 [preauth]
Jan 15 05:02:46 host sshd[28386]: Invalid user admin from 195.226.194.142 port 43560
Jan 15 05:02:46 host sshd[28386]: input_userauth_request: invalid user admin [preauth]
Jan 15 05:02:47 host sshd[28386]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:02:47 host sshd[28386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 15 05:02:48 host sshd[28386]: Failed password for invalid user admin from 195.226.194.142 port 43560 ssh2
Jan 15 05:02:49 host sshd[28386]: Received disconnect from 195.226.194.142 port 43560:11: Bye Bye [preauth]
Jan 15 05:02:49 host sshd[28386]: Disconnected from 195.226.194.142 port 43560 [preauth]
Jan 15 05:03:31 host sshd[28621]: Invalid user mahsa from 158.69.48.204 port 45199
Jan 15 05:03:31 host sshd[28621]: input_userauth_request: invalid user mahsa [preauth]
Jan 15 05:03:31 host sshd[28621]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:03:31 host sshd[28621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.48.204
Jan 15 05:03:32 host sshd[28621]: Failed password for invalid user mahsa from 158.69.48.204 port 45199 ssh2
Jan 15 05:03:33 host sshd[28621]: Received disconnect from 158.69.48.204 port 45199:11: Bye Bye [preauth]
Jan 15 05:03:33 host sshd[28621]: Disconnected from 158.69.48.204 port 45199 [preauth]
Jan 15 05:03:44 host sshd[28649]: Invalid user liuliu from 80.68.7.50 port 55796
Jan 15 05:03:44 host sshd[28649]: input_userauth_request: invalid user liuliu [preauth]
Jan 15 05:03:44 host sshd[28649]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:03:44 host sshd[28649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.68.7.50
Jan 15 05:03:46 host sshd[28649]: Failed password for invalid user liuliu from 80.68.7.50 port 55796 ssh2
Jan 15 05:03:46 host sshd[28649]: Received disconnect from 80.68.7.50 port 55796:11: Bye Bye [preauth]
Jan 15 05:03:46 host sshd[28649]: Disconnected from 80.68.7.50 port 55796 [preauth]
Jan 15 05:04:13 host sshd[28722]: Invalid user steam from 125.228.149.62 port 41129
Jan 15 05:04:13 host sshd[28722]: input_userauth_request: invalid user steam [preauth]
Jan 15 05:04:13 host sshd[28722]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:04:13 host sshd[28722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.149.62
Jan 15 05:04:14 host sshd[28722]: Failed password for invalid user steam from 125.228.149.62 port 41129 ssh2
Jan 15 05:04:15 host sshd[28722]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:04:17 host sshd[28722]: Failed password for invalid user steam from 125.228.149.62 port 41129 ssh2
Jan 15 05:04:17 host sshd[28722]: Failed password for invalid user steam from 125.228.149.62 port 41129 ssh2
Jan 15 05:04:17 host sshd[28722]: Connection closed by 125.228.149.62 port 41129 [preauth]
Jan 15 05:04:17 host sshd[28722]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.149.62
Jan 15 05:04:35 host sshd[28798]: Invalid user wanglanying from 158.69.48.204 port 58455
Jan 15 05:04:35 host sshd[28798]: input_userauth_request: invalid user wanglanying [preauth]
Jan 15 05:04:35 host sshd[28798]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:04:35 host sshd[28798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.48.204
Jan 15 05:04:37 host sshd[28798]: Failed password for invalid user wanglanying from 158.69.48.204 port 58455 ssh2
Jan 15 05:04:37 host sshd[28798]: Received disconnect from 158.69.48.204 port 58455:11: Bye Bye [preauth]
Jan 15 05:04:37 host sshd[28798]: Disconnected from 158.69.48.204 port 58455 [preauth]
Jan 15 05:04:57 host sshd[28887]: Invalid user wanglanying from 80.68.7.50 port 53698
Jan 15 05:04:57 host sshd[28887]: input_userauth_request: invalid user wanglanying [preauth]
Jan 15 05:04:57 host sshd[28887]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:04:57 host sshd[28887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.68.7.50
Jan 15 05:04:59 host sshd[28887]: Failed password for invalid user wanglanying from 80.68.7.50 port 53698 ssh2
Jan 15 05:04:59 host sshd[28887]: Received disconnect from 80.68.7.50 port 53698:11: Bye Bye [preauth]
Jan 15 05:04:59 host sshd[28887]: Disconnected from 80.68.7.50 port 53698 [preauth]
Jan 15 05:05:30 host sshd[29022]: Invalid user bigipuser3 from 118.36.222.108 port 54243
Jan 15 05:05:30 host sshd[29022]: input_userauth_request: invalid user bigipuser3 [preauth]
Jan 15 05:05:30 host sshd[29022]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:05:30 host sshd[29022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.36.222.108
Jan 15 05:05:30 host sshd[29051]: User root from 1.20.154.11 not allowed because not listed in AllowUsers
Jan 15 05:05:30 host sshd[29051]: input_userauth_request: invalid user root [preauth]
Jan 15 05:05:30 host unix_chkpwd[29054]: password check failed for user (root)
Jan 15 05:05:30 host sshd[29051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.20.154.11 user=root
Jan 15 05:05:30 host sshd[29051]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 05:05:33 host sshd[29022]: Failed password for invalid user bigipuser3 from 118.36.222.108 port 54243 ssh2
Jan 15 05:05:33 host sshd[29051]: Failed password for invalid user root from 1.20.154.11 port 47844 ssh2
Jan 15 05:05:34 host unix_chkpwd[29062]: password check failed for user (root)
Jan 15 05:05:34 host sshd[29051]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 05:05:36 host sshd[29051]: Failed password for invalid user root from 1.20.154.11 port 47844 ssh2
Jan 15 05:05:36 host unix_chkpwd[29069]: password check failed for user (root)
Jan 15 05:05:36 host sshd[29051]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 05:05:38 host sshd[29051]: Failed password for invalid user root from 1.20.154.11 port 47844 ssh2
Jan 15 05:05:39 host unix_chkpwd[29076]: password check failed for user (root)
Jan 15 05:05:39 host sshd[29051]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 05:05:40 host sshd[29051]: Failed password for invalid user root from 1.20.154.11 port 47844 ssh2
Jan 15 05:05:47 host sshd[29125]: Invalid user tangbo from 45.225.160.66 port 60308
Jan 15 05:05:47 host sshd[29125]: input_userauth_request: invalid user tangbo [preauth]
Jan 15 05:05:47 host sshd[29125]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:05:47 host sshd[29125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.225.160.66
Jan 15 05:05:50 host sshd[29125]: Failed password for invalid user tangbo from 45.225.160.66 port 60308 ssh2
Jan 15 05:05:50 host sshd[29125]: Received disconnect from 45.225.160.66 port 60308:11: Bye Bye [preauth]
Jan 15 05:05:50 host sshd[29125]: Disconnected from 45.225.160.66 port 60308 [preauth]
Jan 15 05:07:20 host sshd[29384]: Invalid user ashka from 45.225.160.66 port 36816
Jan 15 05:07:20 host sshd[29384]: input_userauth_request: invalid user ashka [preauth]
Jan 15 05:07:20 host sshd[29384]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:07:20 host sshd[29384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.225.160.66
Jan 15 05:07:22 host sshd[29384]: Failed password for invalid user ashka from 45.225.160.66 port 36816 ssh2
Jan 15 05:07:22 host sshd[29384]: Received disconnect from 45.225.160.66 port 36816:11: Bye Bye [preauth]
Jan 15 05:07:22 host sshd[29384]: Disconnected from 45.225.160.66 port 36816 [preauth]
Jan 15 05:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 05:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 05:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 05:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 05:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 05:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=bonifacegroup user-2=wwwevmhonda user-3=straightcurve user-4=wwwletsstalkfood user-5=gifterman user-6=palco123 user-7=phmetals user-8=kottayamcalldriv user-9=wwwnexidigital user-10=mrsclean user-11=wwwkmaorg user-12=disposeat user-13=remysagr user-14=wwwkapin user-15=woodpeck user-16=vfmassets user-17=wwwtestugo user-18=shalinijames user-19=pmcresources user-20=wwwpmcresource user-21=travelboniface user-22=wwwrmswll user-23=wwwresourcehunte user-24=keralaholi user-25=ugotscom user-26=cochintaxi user-27=wwwkaretakers user-28=dartsimp user-29=a2zgroup user-30=laundryboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 05:22:02 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 05:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 05:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=evmhonda.com --output=json
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/test -e /home/wwwevmhonda/wordpress-backups
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 15 05:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=letsstalkfood.com --output=json
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/test -e /home/wwwletsstalkfood/wordpress-backups
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 15 05:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=mrsclean.co.in --output=json
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/test -e /home/mrsclean/wordpress-backups
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 15 05:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/test -e /home/mrsclean/wordpress-backups
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 15 05:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=shalinijames.com --output=json
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/test -e /home/shalinijames/wordpress-backups
Jan 15 05:22:03 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 15 05:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=testugo.in --output=json
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 15 05:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 15 05:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 15 05:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=ugotechnologies.com --output=json
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 05:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 05:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 05:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=woodpeckerindia.com --output=json
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/test -e /home/woodpeck/wordpress-backups
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 15 05:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=panlys.com --output=json
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/test -e /home/palco123/wordpress-backups
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 15 05:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=resourcehunters.com --output=json
Jan 15 05:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/test -e /home/wwwresourcehunte/wordpress-backups
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /var/cpanel/licenseid_credentials.json
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=bonifacegroup ; COMMAND=/bin/cat /home/bonifacegroup/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user bonifacegroup by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user bonifacegroup
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/cat /home/wwwevmhonda/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=straightcurve ; COMMAND=/bin/cat /home/straightcurve/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user straightcurve by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user straightcurve
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/cat /home/wwwletsstalkfood/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=gifterman ; COMMAND=/bin/cat /home/gifterman/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user gifterman by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user gifterman
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/cat /home/palco123/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=phmetals ; COMMAND=/bin/cat /home/phmetals/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user phmetals by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user phmetals
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=kottayamcalldriv ; COMMAND=/bin/cat /home/kottayamcalldriv/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user kottayamcalldriv by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user kottayamcalldriv
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwnexidigital ; COMMAND=/bin/cat /home/wwwnexidigital/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user wwwnexidigital by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user wwwnexidigital
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/cat /home/mrsclean/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkmaorg ; COMMAND=/bin/cat /home/wwwkmaorg/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user wwwkmaorg by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user wwwkmaorg
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=disposeat ; COMMAND=/bin/cat /home/disposeat/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user disposeat by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user disposeat
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=remysagr ; COMMAND=/bin/cat /home/remysagr/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user remysagr by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user remysagr
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkapin ; COMMAND=/bin/cat /home/wwwkapin/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user wwwkapin by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user wwwkapin
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/cat /home/woodpeck/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=vfmassets ; COMMAND=/bin/cat /home/vfmassets/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user vfmassets by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user vfmassets
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/cat /home/wwwtestugo/.wp-toolkit-identifier
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 15 05:22:05 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 15 05:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/cat /home/shalinijames/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=pmcresources ; COMMAND=/bin/cat /home/pmcresources/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user pmcresources by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user pmcresources
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwpmcresource ; COMMAND=/bin/cat /home/wwwpmcresource/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user wwwpmcresource by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user wwwpmcresource
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=travelboniface ; COMMAND=/bin/cat /home/travelboniface/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user travelboniface by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user travelboniface
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwrmswll ; COMMAND=/bin/cat /home/wwwrmswll/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user wwwrmswll by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user wwwrmswll
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/cat /home/wwwresourcehunte/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/cat /home/keralaholi/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -f /home/keralaholi/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -e /home/keralaholi/-wpt-tmp-dZj7SnSyx5yfKQ7M.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/sh -c cat > /home/keralaholi/-wpt-tmp-dZj7SnSyx5yfKQ7M.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=cochintaxi ; COMMAND=/bin/cat /home/cochintaxi/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user cochintaxi by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user cochintaxi
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkaretakers ; COMMAND=/bin/cat /home/wwwkaretakers/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user wwwkaretakers by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user wwwkaretakers
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=dartsimp ; COMMAND=/bin/cat /home/dartsimp/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user dartsimp by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user dartsimp
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=a2zgroup ; COMMAND=/bin/cat /home/a2zgroup/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user a2zgroup by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user a2zgroup
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=laundryboniface ; COMMAND=/bin/cat /home/laundryboniface/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user laundryboniface by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user laundryboniface
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/cat /home/keralaholi/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -f /home/keralaholi/.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -e /home/keralaholi/-wpt-tmp-xQ8IudICqJCd3hNl.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/sh -c cat > /home/keralaholi/-wpt-tmp-xQ8IudICqJCd3hNl.wp-toolkit-identifier
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_shared_ip --output=json
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_public_ip ip=167.71.234.10 --output=json
Jan 15 05:22:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 05:22:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ShGSh4QpycOsaBCy.~
Jan 15 05:22:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ShGSh4QpycOsaBCy.~'
Jan 15 05:22:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ShGSh4QpycOsaBCy.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 05:22:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 05:22:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 05:22:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 05:22:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 05:22:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 05:22:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 05:22:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 05:22:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 05:22:48 host sshd[553]: Invalid user guest from 103.186.99.250 port 59934
Jan 15 05:22:48 host sshd[553]: input_userauth_request: invalid user guest [preauth]
Jan 15 05:22:49 host sshd[553]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:22:49 host sshd[553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.99.250
Jan 15 05:22:50 host sshd[553]: Failed password for invalid user guest from 103.186.99.250 port 59934 ssh2
Jan 15 05:22:51 host sshd[553]: Received disconnect from 103.186.99.250 port 59934:11: Bye Bye [preauth]
Jan 15 05:22:51 host sshd[553]: Disconnected from 103.186.99.250 port 59934 [preauth]
Jan 15 05:23:31 host sshd[710]: Invalid user admin from 59.126.62.69 port 59058
Jan 15 05:23:31 host sshd[710]: input_userauth_request: invalid user admin [preauth]
Jan 15 05:23:31 host sshd[710]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:23:31 host sshd[710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.62.69
Jan 15 05:23:33 host sshd[710]: Failed password for invalid user admin from 59.126.62.69 port 59058 ssh2
Jan 15 05:23:34 host sshd[710]: Connection reset by 59.126.62.69 port 59058 [preauth]
Jan 15 05:25:01 host sshd[933]: Connection reset by 60.251.181.68 port 46164 [preauth]
Jan 15 05:29:11 host sshd[1785]: Invalid user zhangguirong from 103.186.99.250 port 44863
Jan 15 05:29:11 host sshd[1785]: input_userauth_request: invalid user zhangguirong [preauth]
Jan 15 05:29:11 host sshd[1785]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:29:11 host sshd[1785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.99.250
Jan 15 05:29:13 host sshd[1785]: Failed password for invalid user zhangguirong from 103.186.99.250 port 44863 ssh2
Jan 15 05:29:13 host sshd[1785]: Received disconnect from 103.186.99.250 port 44863:11: Bye Bye [preauth]
Jan 15 05:29:13 host sshd[1785]: Disconnected from 103.186.99.250 port 44863 [preauth]
Jan 15 05:30:47 host sshd[2122]: Invalid user buhaoniman from 103.186.99.250 port 39359
Jan 15 05:30:47 host sshd[2122]: input_userauth_request: invalid user buhaoniman [preauth]
Jan 15 05:30:47 host sshd[2122]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:30:47 host sshd[2122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.99.250
Jan 15 05:30:49 host sshd[2127]: Invalid user pi from 85.138.99.147 port 56588
Jan 15 05:30:49 host sshd[2127]: input_userauth_request: invalid user pi [preauth]
Jan 15 05:30:50 host sshd[2129]: Invalid user pi from 85.138.99.147 port 56598
Jan 15 05:30:50 host sshd[2129]: input_userauth_request: invalid user pi [preauth]
Jan 15 05:30:50 host sshd[2122]: Failed password for invalid user buhaoniman from 103.186.99.250 port 39359 ssh2
Jan 15 05:30:50 host sshd[2127]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:30:50 host sshd[2127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.138.99.147
Jan 15 05:30:50 host sshd[2129]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:30:50 host sshd[2129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.138.99.147
Jan 15 05:30:50 host sshd[2122]: Received disconnect from 103.186.99.250 port 39359:11: Bye Bye [preauth]
Jan 15 05:30:50 host sshd[2122]: Disconnected from 103.186.99.250 port 39359 [preauth]
Jan 15 05:30:52 host sshd[2127]: Failed password for invalid user pi from 85.138.99.147 port 56588 ssh2
Jan 15 05:30:52 host sshd[2129]: Failed password for invalid user pi from 85.138.99.147 port 56598 ssh2
Jan 15 05:30:52 host sshd[2127]: Connection closed by 85.138.99.147 port 56588 [preauth]
Jan 15 05:30:52 host sshd[2129]: Connection closed by 85.138.99.147 port 56598 [preauth]
Jan 15 05:42:35 host sshd[3876]: Invalid user eg from 194.110.203.109 port 41972
Jan 15 05:42:35 host sshd[3876]: input_userauth_request: invalid user eg [preauth]
Jan 15 05:42:35 host sshd[3876]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:42:35 host sshd[3876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 05:42:37 host sshd[3876]: Failed password for invalid user eg from 194.110.203.109 port 41972 ssh2
Jan 15 05:42:40 host sshd[3876]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:42:42 host sshd[3876]: Failed password for invalid user eg from 194.110.203.109 port 41972 ssh2
Jan 15 05:42:45 host sshd[3876]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:42:47 host sshd[3876]: Failed password for invalid user eg from 194.110.203.109 port 41972 ssh2
Jan 15 05:42:50 host sshd[3876]: Connection closed by 194.110.203.109 port 41972 [preauth]
Jan 15 05:42:50 host sshd[3876]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 05:47:43 host sshd[4540]: User root from 125.228.163.111 not allowed because not listed in AllowUsers
Jan 15 05:47:43 host sshd[4540]: input_userauth_request: invalid user root [preauth]
Jan 15 05:47:43 host unix_chkpwd[4545]: password check failed for user (root)
Jan 15 05:47:43 host sshd[4540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.163.111 user=root
Jan 15 05:47:43 host sshd[4540]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 05:47:44 host sshd[4540]: Failed password for invalid user root from 125.228.163.111 port 44069 ssh2
Jan 15 05:47:46 host unix_chkpwd[4556]: password check failed for user (root)
Jan 15 05:47:46 host sshd[4540]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 05:47:47 host sshd[4540]: Failed password for invalid user root from 125.228.163.111 port 44069 ssh2
Jan 15 05:47:48 host unix_chkpwd[4559]: password check failed for user (root)
Jan 15 05:47:48 host sshd[4540]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 05:47:50 host sshd[4540]: Failed password for invalid user root from 125.228.163.111 port 44069 ssh2
Jan 15 05:47:51 host unix_chkpwd[4580]: password check failed for user (root)
Jan 15 05:47:51 host sshd[4540]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 05:47:53 host sshd[4540]: Failed password for invalid user root from 125.228.163.111 port 44069 ssh2
Jan 15 05:50:00 host sshd[4808]: Invalid user zefeng from 159.223.62.234 port 39262
Jan 15 05:50:00 host sshd[4808]: input_userauth_request: invalid user zefeng [preauth]
Jan 15 05:50:00 host sshd[4808]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:50:00 host sshd[4808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.62.234
Jan 15 05:50:02 host sshd[4808]: Failed password for invalid user zefeng from 159.223.62.234 port 39262 ssh2
Jan 15 05:50:02 host sshd[4808]: Received disconnect from 159.223.62.234 port 39262:11: Bye Bye [preauth]
Jan 15 05:50:02 host sshd[4808]: Disconnected from 159.223.62.234 port 39262 [preauth]
Jan 15 05:51:06 host sshd[5094]: Invalid user xw from 196.179.231.103 port 35170
Jan 15 05:51:06 host sshd[5094]: input_userauth_request: invalid user xw [preauth]
Jan 15 05:51:06 host sshd[5094]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:51:06 host sshd[5094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.179.231.103
Jan 15 05:51:09 host sshd[5094]: Failed password for invalid user xw from 196.179.231.103 port 35170 ssh2
Jan 15 05:51:09 host sshd[5094]: Received disconnect from 196.179.231.103 port 35170:11: Bye Bye [preauth]
Jan 15 05:51:09 host sshd[5094]: Disconnected from 196.179.231.103 port 35170 [preauth]
Jan 15 05:52:39 host sshd[5275]: User root from 146.190.63.8 not allowed because not listed in AllowUsers
Jan 15 05:52:39 host sshd[5275]: input_userauth_request: invalid user root [preauth]
Jan 15 05:52:39 host unix_chkpwd[5278]: password check failed for user (root)
Jan 15 05:52:39 host sshd[5275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.63.8 user=root
Jan 15 05:52:39 host sshd[5275]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 05:52:41 host sshd[5275]: Failed password for invalid user root from 146.190.63.8 port 56272 ssh2
Jan 15 05:52:42 host sshd[5275]: Received disconnect from 146.190.63.8 port 56272:11: Bye Bye [preauth]
Jan 15 05:52:42 host sshd[5275]: Disconnected from 146.190.63.8 port 56272 [preauth]
Jan 15 05:53:20 host sshd[5354]: User root from 146.190.63.8 not allowed because not listed in AllowUsers
Jan 15 05:53:20 host sshd[5354]: input_userauth_request: invalid user root [preauth]
Jan 15 05:53:20 host unix_chkpwd[5357]: password check failed for user (root)
Jan 15 05:53:20 host sshd[5354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.63.8 user=root
Jan 15 05:53:20 host sshd[5354]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 05:53:22 host sshd[5354]: Failed password for invalid user root from 146.190.63.8 port 47730 ssh2
Jan 15 05:53:38 host sshd[5438]: Invalid user an from 188.166.252.132 port 47814
Jan 15 05:53:38 host sshd[5438]: input_userauth_request: invalid user an [preauth]
Jan 15 05:53:38 host sshd[5438]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:53:38 host sshd[5438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.252.132
Jan 15 05:53:39 host sshd[5438]: Failed password for invalid user an from 188.166.252.132 port 47814 ssh2
Jan 15 05:53:40 host sshd[5438]: Received disconnect from 188.166.252.132 port 47814:11: Bye Bye [preauth]
Jan 15 05:53:40 host sshd[5438]: Disconnected from 188.166.252.132 port 47814 [preauth]
Jan 15 05:54:06 host sshd[5496]: Invalid user sparky from 192.241.157.126 port 33904
Jan 15 05:54:06 host sshd[5496]: input_userauth_request: invalid user sparky [preauth]
Jan 15 05:54:06 host sshd[5496]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:54:06 host sshd[5496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.157.126
Jan 15 05:54:09 host sshd[5496]: Failed password for invalid user sparky from 192.241.157.126 port 33904 ssh2
Jan 15 05:54:09 host sshd[5496]: Received disconnect from 192.241.157.126 port 33904:11: Bye Bye [preauth]
Jan 15 05:54:09 host sshd[5496]: Disconnected from 192.241.157.126 port 33904 [preauth]
Jan 15 05:54:23 host sshd[5515]: Invalid user mingming from 187.217.117.3 port 36304
Jan 15 05:54:23 host sshd[5515]: input_userauth_request: invalid user mingming [preauth]
Jan 15 05:54:23 host sshd[5515]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:54:23 host sshd[5515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.217.117.3
Jan 15 05:54:24 host sshd[5515]: Failed password for invalid user mingming from 187.217.117.3 port 36304 ssh2
Jan 15 05:54:24 host sshd[5515]: Received disconnect from 187.217.117.3 port 36304:11: Bye Bye [preauth]
Jan 15 05:54:24 host sshd[5515]: Disconnected from 187.217.117.3 port 36304 [preauth]
Jan 15 05:56:10 host sshd[5853]: Invalid user zhjin from 196.179.231.103 port 59646
Jan 15 05:56:10 host sshd[5853]: input_userauth_request: invalid user zhjin [preauth]
Jan 15 05:56:10 host sshd[5853]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:56:10 host sshd[5853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.179.231.103
Jan 15 05:56:12 host sshd[5853]: Failed password for invalid user zhjin from 196.179.231.103 port 59646 ssh2
Jan 15 05:56:12 host sshd[5853]: Received disconnect from 196.179.231.103 port 59646:11: Bye Bye [preauth]
Jan 15 05:56:12 host sshd[5853]: Disconnected from 196.179.231.103 port 59646 [preauth]
Jan 15 05:56:21 host sshd[5871]: Invalid user an from 159.223.62.234 port 42576
Jan 15 05:56:21 host sshd[5871]: input_userauth_request: invalid user an [preauth]
Jan 15 05:56:21 host sshd[5871]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:56:21 host sshd[5871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.62.234
Jan 15 05:56:23 host sshd[5871]: Failed password for invalid user an from 159.223.62.234 port 42576 ssh2
Jan 15 05:56:23 host sshd[5871]: Received disconnect from 159.223.62.234 port 42576:11: Bye Bye [preauth]
Jan 15 05:56:23 host sshd[5871]: Disconnected from 159.223.62.234 port 42576 [preauth]
Jan 15 05:57:24 host sshd[5978]: Invalid user cvfinal from 196.179.231.103 port 58186
Jan 15 05:57:24 host sshd[5978]: input_userauth_request: invalid user cvfinal [preauth]
Jan 15 05:57:24 host sshd[5978]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:57:24 host sshd[5978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.179.231.103
Jan 15 05:57:27 host sshd[5978]: Failed password for invalid user cvfinal from 196.179.231.103 port 58186 ssh2
Jan 15 05:57:43 host sshd[6049]: Invalid user woaimeinv from 188.166.252.132 port 59704
Jan 15 05:57:43 host sshd[6049]: input_userauth_request: invalid user woaimeinv [preauth]
Jan 15 05:57:43 host sshd[6049]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:57:43 host sshd[6049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.252.132
Jan 15 05:57:43 host sshd[6051]: Invalid user tingtingchen from 159.223.62.234 port 39920
Jan 15 05:57:43 host sshd[6051]: input_userauth_request: invalid user tingtingchen [preauth]
Jan 15 05:57:43 host sshd[6051]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:57:43 host sshd[6051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.62.234
Jan 15 05:57:45 host sshd[6049]: Failed password for invalid user woaimeinv from 188.166.252.132 port 59704 ssh2
Jan 15 05:57:45 host sshd[6049]: Received disconnect from 188.166.252.132 port 59704:11: Bye Bye [preauth]
Jan 15 05:57:45 host sshd[6049]: Disconnected from 188.166.252.132 port 59704 [preauth]
Jan 15 05:57:46 host sshd[6051]: Failed password for invalid user tingtingchen from 159.223.62.234 port 39920 ssh2
Jan 15 05:57:46 host sshd[6051]: Received disconnect from 159.223.62.234 port 39920:11: Bye Bye [preauth]
Jan 15 05:57:46 host sshd[6051]: Disconnected from 159.223.62.234 port 39920 [preauth]
Jan 15 05:57:59 host sshd[6097]: Invalid user zhangyue from 192.241.157.126 port 44948
Jan 15 05:57:59 host sshd[6097]: input_userauth_request: invalid user zhangyue [preauth]
Jan 15 05:57:59 host sshd[6097]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:57:59 host sshd[6097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.157.126
Jan 15 05:58:01 host sshd[6097]: Failed password for invalid user zhangyue from 192.241.157.126 port 44948 ssh2
Jan 15 05:58:02 host sshd[6097]: Received disconnect from 192.241.157.126 port 44948:11: Bye Bye [preauth]
Jan 15 05:58:02 host sshd[6097]: Disconnected from 192.241.157.126 port 44948 [preauth]
Jan 15 05:58:46 host sshd[6186]: Invalid user an from 187.217.117.3 port 41028
Jan 15 05:58:46 host sshd[6186]: input_userauth_request: invalid user an [preauth]
Jan 15 05:58:46 host sshd[6186]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:58:46 host sshd[6186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.217.117.3
Jan 15 05:58:48 host sshd[6186]: Failed password for invalid user an from 187.217.117.3 port 41028 ssh2
Jan 15 05:58:49 host sshd[6186]: Received disconnect from 187.217.117.3 port 41028:11: Bye Bye [preauth]
Jan 15 05:58:49 host sshd[6186]: Disconnected from 187.217.117.3 port 41028 [preauth]
Jan 15 05:59:02 host sshd[6219]: Invalid user mingming from 188.166.252.132 port 52982
Jan 15 05:59:02 host sshd[6219]: input_userauth_request: invalid user mingming [preauth]
Jan 15 05:59:02 host sshd[6219]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:59:02 host sshd[6219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.252.132
Jan 15 05:59:04 host sshd[6219]: Failed password for invalid user mingming from 188.166.252.132 port 52982 ssh2
Jan 15 05:59:04 host sshd[6219]: Received disconnect from 188.166.252.132 port 52982:11: Bye Bye [preauth]
Jan 15 05:59:04 host sshd[6219]: Disconnected from 188.166.252.132 port 52982 [preauth]
Jan 15 05:59:09 host sshd[6256]: Invalid user hari from 192.241.157.126 port 39572
Jan 15 05:59:09 host sshd[6256]: input_userauth_request: invalid user hari [preauth]
Jan 15 05:59:09 host sshd[6256]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 05:59:09 host sshd[6256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.157.126
Jan 15 05:59:11 host sshd[6256]: Failed password for invalid user hari from 192.241.157.126 port 39572 ssh2
Jan 15 05:59:11 host sshd[6256]: Received disconnect from 192.241.157.126 port 39572:11: Bye Bye [preauth]
Jan 15 05:59:11 host sshd[6256]: Disconnected from 192.241.157.126 port 39572 [preauth]
Jan 15 06:01:02 host sshd[6636]: Invalid user jesulayomi from 187.217.117.3 port 33702
Jan 15 06:01:02 host sshd[6636]: input_userauth_request: invalid user jesulayomi [preauth]
Jan 15 06:01:02 host sshd[6636]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:01:02 host sshd[6636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.217.117.3
Jan 15 06:01:04 host sshd[6636]: Failed password for invalid user jesulayomi from 187.217.117.3 port 33702 ssh2
Jan 15 06:01:05 host sshd[6636]: Received disconnect from 187.217.117.3 port 33702:11: Bye Bye [preauth]
Jan 15 06:01:05 host sshd[6636]: Disconnected from 187.217.117.3 port 33702 [preauth]
Jan 15 06:21:29 host sshd[9320]: Invalid user pi from 201.110.150.212 port 51133
Jan 15 06:21:29 host sshd[9320]: input_userauth_request: invalid user pi [preauth]
Jan 15 06:21:29 host sshd[9320]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:21:29 host sshd[9320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.110.150.212
Jan 15 06:21:30 host sshd[9320]: Failed password for invalid user pi from 201.110.150.212 port 51133 ssh2
Jan 15 06:21:32 host sshd[9320]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:21:34 host sshd[9320]: Failed password for invalid user pi from 201.110.150.212 port 51133 ssh2
Jan 15 06:21:35 host sshd[9320]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:21:37 host sshd[9320]: Failed password for invalid user pi from 201.110.150.212 port 51133 ssh2
Jan 15 06:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 06:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 06:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 06:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 06:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 06:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 06:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 06:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 06:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 06:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 06:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 06:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 06:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 06:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwevmhonda user-2=bonifacegroup user-3=wwwletsstalkfood user-4=straightcurve user-5=kottayamcalldriv user-6=phmetals user-7=palco123 user-8=gifterman user-9=wwwnexidigital user-10=mrsclean user-11=disposeat user-12=remysagr user-13=wwwkmaorg user-14=wwwkapin user-15=woodpeck user-16=shalinijames user-17=wwwtestugo user-18=vfmassets user-19=pmcresources user-20=wwwpmcresource user-21=travelboniface user-22=ugotscom user-23=wwwresourcehunte user-24=keralaholi user-25=wwwrmswll user-26=cochintaxi user-27=wwwkaretakers user-28=a2zgroup user-29=dartsimp user-30=laundryboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 06:22:02 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 06:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 06:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-OKTooq3lVoKvvSbG.~
Jan 15 06:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-OKTooq3lVoKvvSbG.~'
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-OKTooq3lVoKvvSbG.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 06:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 06:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 06:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 06:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 06:22:38 host sshd[9652]: Connection closed by 172.104.11.34 port 64190 [preauth]
Jan 15 06:22:39 host sshd[9658]: Connection closed by 172.104.11.34 port 64196 [preauth]
Jan 15 06:22:41 host sshd[9662]: Connection closed by 172.104.11.34 port 64204 [preauth]
Jan 15 06:31:07 host sshd[10819]: Did not receive identification string from 197.227.21.70 port 45426
Jan 15 06:31:08 host sshd[10821]: User root from 197.227.21.70 not allowed because not listed in AllowUsers
Jan 15 06:31:08 host sshd[10821]: input_userauth_request: invalid user root [preauth]
Jan 15 06:31:08 host sshd[10820]: Invalid user halo from 197.227.21.70 port 45494
Jan 15 06:31:08 host sshd[10820]: input_userauth_request: invalid user halo [preauth]
Jan 15 06:31:08 host sshd[10825]: Invalid user steam from 197.227.21.70 port 45546
Jan 15 06:31:08 host sshd[10824]: Invalid user ansible from 197.227.21.70 port 45536
Jan 15 06:31:08 host sshd[10825]: input_userauth_request: invalid user steam [preauth]
Jan 15 06:31:08 host sshd[10824]: input_userauth_request: invalid user ansible [preauth]
Jan 15 06:31:08 host sshd[10833]: Invalid user ftpuser from 197.227.21.70 port 45474
Jan 15 06:31:08 host sshd[10833]: input_userauth_request: invalid user ftpuser [preauth]
Jan 15 06:31:08 host sshd[10826]: Invalid user steam from 197.227.21.70 port 45552
Jan 15 06:31:08 host sshd[10826]: input_userauth_request: invalid user steam [preauth]
Jan 15 06:31:08 host sshd[10832]: User root from 197.227.21.70 not allowed because not listed in AllowUsers
Jan 15 06:31:08 host sshd[10832]: input_userauth_request: invalid user root [preauth]
Jan 15 06:31:08 host sshd[10831]: User root from 197.227.21.70 not allowed because not listed in AllowUsers
Jan 15 06:31:08 host sshd[10831]: input_userauth_request: invalid user root [preauth]
Jan 15 06:31:08 host sshd[10835]: Invalid user user from 197.227.21.70 port 45550
Jan 15 06:31:08 host sshd[10828]: Invalid user esuser from 197.227.21.70 port 45558
Jan 15 06:31:08 host sshd[10838]: User root from 197.227.21.70 not allowed because not listed in AllowUsers
Jan 15 06:31:08 host sshd[10828]: input_userauth_request: invalid user esuser [preauth]
Jan 15 06:31:08 host sshd[10838]: input_userauth_request: invalid user root [preauth]
Jan 15 06:31:08 host sshd[10830]: User root from 197.227.21.70 not allowed because not listed in AllowUsers
Jan 15 06:31:08 host sshd[10830]: input_userauth_request: invalid user root [preauth]
Jan 15 06:31:08 host sshd[10827]: User root from 197.227.21.70 not allowed because not listed in AllowUsers
Jan 15 06:31:08 host sshd[10836]: User root from 197.227.21.70 not allowed because not listed in AllowUsers
Jan 15 06:31:08 host sshd[10837]: Invalid user testuser from 197.227.21.70 port 45526
Jan 15 06:31:08 host sshd[10827]: input_userauth_request: invalid user root [preauth]
Jan 15 06:31:08 host sshd[10836]: input_userauth_request: invalid user root [preauth]
Jan 15 06:31:08 host sshd[10837]: input_userauth_request: invalid user testuser [preauth]
Jan 15 06:31:08 host sshd[10835]: input_userauth_request: invalid user user [preauth]
Jan 15 06:31:08 host sshd[10834]: Invalid user dmdba from 197.227.21.70 port 45522
Jan 15 06:31:08 host sshd[10844]: Invalid user admin from 197.227.21.70 port 45512
Jan 15 06:31:08 host sshd[10844]: input_userauth_request: invalid user admin [preauth]
Jan 15 06:31:08 host sshd[10834]: input_userauth_request: invalid user dmdba [preauth]
Jan 15 06:31:08 host sshd[10842]: Invalid user ftpuser from 197.227.21.70 port 45520
Jan 15 06:31:08 host sshd[10842]: input_userauth_request: invalid user ftpuser [preauth]
Jan 15 06:31:08 host sshd[10843]: User root from 197.227.21.70 not allowed because not listed in AllowUsers
Jan 15 06:31:08 host sshd[10839]: User root from 197.227.21.70 not allowed because not listed in AllowUsers
Jan 15 06:31:08 host sshd[10843]: input_userauth_request: invalid user root [preauth]
Jan 15 06:31:08 host sshd[10839]: input_userauth_request: invalid user root [preauth]
Jan 15 06:31:08 host sshd[10841]: User root from 197.227.21.70 not allowed because not listed in AllowUsers
Jan 15 06:31:08 host sshd[10841]: input_userauth_request: invalid user root [preauth]
Jan 15 06:31:08 host sshd[10840]: Invalid user admin from 197.227.21.70 port 45500
Jan 15 06:31:08 host sshd[10840]: input_userauth_request: invalid user admin [preauth]
Jan 15 06:31:08 host sshd[10847]: Invalid user admin from 197.227.21.70 port 45492
Jan 15 06:31:08 host sshd[10847]: input_userauth_request: invalid user admin [preauth]
Jan 15 06:31:08 host sshd[10829]: Invalid user teamspeak from 197.227.21.70 port 45508
Jan 15 06:31:08 host sshd[10829]: input_userauth_request: invalid user teamspeak [preauth]
Jan 15 06:31:08 host sshd[10820]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:08 host sshd[10820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:08 host unix_chkpwd[10871]: password check failed for user (root)
Jan 15 06:31:08 host sshd[10821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70 user=root
Jan 15 06:31:08 host sshd[10821]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 06:31:08 host sshd[10825]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:08 host sshd[10825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:08 host sshd[10824]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:08 host sshd[10824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:08 host sshd[10826]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:08 host sshd[10826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:08 host sshd[10833]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:08 host sshd[10833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:08 host sshd[10828]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:08 host sshd[10828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:08 host sshd[10835]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:08 host sshd[10835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:08 host sshd[10837]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:08 host sshd[10837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:08 host sshd[10834]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:08 host sshd[10834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:08 host sshd[10844]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:08 host sshd[10844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:08 host unix_chkpwd[10872]: password check failed for user (root)
Jan 15 06:31:08 host sshd[10842]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:08 host sshd[10842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:08 host sshd[10832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70 user=root
Jan 15 06:31:08 host sshd[10832]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 06:31:08 host unix_chkpwd[10873]: password check failed for user (root)
Jan 15 06:31:08 host sshd[10831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70 user=root
Jan 15 06:31:08 host sshd[10831]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 06:31:08 host unix_chkpwd[10874]: password check failed for user (root)
Jan 15 06:31:08 host sshd[10840]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:08 host sshd[10840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:08 host sshd[10847]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:08 host sshd[10847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:08 host sshd[10827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70 user=root
Jan 15 06:31:08 host sshd[10827]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 06:31:08 host unix_chkpwd[10877]: password check failed for user (root)
Jan 15 06:31:08 host sshd[10838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70 user=root
Jan 15 06:31:08 host sshd[10838]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 06:31:08 host unix_chkpwd[10875]: password check failed for user (root)
Jan 15 06:31:08 host sshd[10830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70 user=root
Jan 15 06:31:08 host sshd[10830]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 06:31:08 host unix_chkpwd[10876]: password check failed for user (root)
Jan 15 06:31:08 host sshd[10836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70 user=root
Jan 15 06:31:08 host sshd[10836]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 06:31:08 host sshd[10829]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:08 host sshd[10829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:08 host unix_chkpwd[10880]: password check failed for user (root)
Jan 15 06:31:08 host sshd[10841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70 user=root
Jan 15 06:31:08 host sshd[10841]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 06:31:08 host unix_chkpwd[10879]: password check failed for user (root)
Jan 15 06:31:08 host sshd[10843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70 user=root
Jan 15 06:31:08 host sshd[10843]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 06:31:08 host unix_chkpwd[10878]: password check failed for user (root)
Jan 15 06:31:08 host sshd[10839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70 user=root
Jan 15 06:31:08 host sshd[10839]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 06:31:09 host sshd[10869]: Invalid user ansadmin from 197.227.21.70 port 45554
Jan 15 06:31:09 host sshd[10869]: input_userauth_request: invalid user ansadmin [preauth]
Jan 15 06:31:09 host sshd[10869]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:09 host sshd[10869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:10 host sshd[10820]: Failed password for invalid user halo from 197.227.21.70 port 45494 ssh2
Jan 15 06:31:10 host sshd[10821]: Failed password for invalid user root from 197.227.21.70 port 45540 ssh2
Jan 15 06:31:10 host sshd[10825]: Failed password for invalid user steam from 197.227.21.70 port 45546 ssh2
Jan 15 06:31:10 host sshd[10824]: Failed password for invalid user ansible from 197.227.21.70 port 45536 ssh2
Jan 15 06:31:10 host sshd[10826]: Failed password for invalid user steam from 197.227.21.70 port 45552 ssh2
Jan 15 06:31:10 host sshd[10833]: Failed password for invalid user ftpuser from 197.227.21.70 port 45474 ssh2
Jan 15 06:31:10 host sshd[10828]: Failed password for invalid user esuser from 197.227.21.70 port 45558 ssh2
Jan 15 06:31:10 host sshd[10835]: Failed password for invalid user user from 197.227.21.70 port 45550 ssh2
Jan 15 06:31:10 host sshd[10837]: Failed password for invalid user testuser from 197.227.21.70 port 45526 ssh2
Jan 15 06:31:10 host sshd[10834]: Failed password for invalid user dmdba from 197.227.21.70 port 45522 ssh2
Jan 15 06:31:10 host sshd[10844]: Failed password for invalid user admin from 197.227.21.70 port 45512 ssh2
Jan 15 06:31:10 host sshd[10842]: Failed password for invalid user ftpuser from 197.227.21.70 port 45520 ssh2
Jan 15 06:31:10 host sshd[10832]: Failed password for invalid user root from 197.227.21.70 port 45524 ssh2
Jan 15 06:31:10 host sshd[10831]: Failed password for invalid user root from 197.227.21.70 port 45504 ssh2
Jan 15 06:31:10 host sshd[10840]: Failed password for invalid user admin from 197.227.21.70 port 45500 ssh2
Jan 15 06:31:10 host sshd[10847]: Failed password for invalid user admin from 197.227.21.70 port 45492 ssh2
Jan 15 06:31:10 host sshd[10827]: Failed password for invalid user root from 197.227.21.70 port 45530 ssh2
Jan 15 06:31:10 host sshd[10838]: Failed password for invalid user root from 197.227.21.70 port 45542 ssh2
Jan 15 06:31:10 host sshd[10830]: Failed password for invalid user root from 197.227.21.70 port 45488 ssh2
Jan 15 06:31:10 host sshd[10836]: Failed password for invalid user root from 197.227.21.70 port 45532 ssh2
Jan 15 06:31:10 host sshd[10820]: Connection closed by 197.227.21.70 port 45494 [preauth]
Jan 15 06:31:10 host sshd[10829]: Failed password for invalid user teamspeak from 197.227.21.70 port 45508 ssh2
Jan 15 06:31:10 host sshd[10841]: Failed password for invalid user root from 197.227.21.70 port 45556 ssh2
Jan 15 06:31:10 host sshd[10821]: Connection closed by 197.227.21.70 port 45540 [preauth]
Jan 15 06:31:10 host sshd[10843]: Failed password for invalid user root from 197.227.21.70 port 45506 ssh2
Jan 15 06:31:10 host sshd[10839]: Failed password for invalid user root from 197.227.21.70 port 45476 ssh2
Jan 15 06:31:10 host sshd[10825]: Connection closed by 197.227.21.70 port 45546 [preauth]
Jan 15 06:31:10 host sshd[10824]: Connection closed by 197.227.21.70 port 45536 [preauth]
Jan 15 06:31:10 host sshd[10826]: Connection closed by 197.227.21.70 port 45552 [preauth]
Jan 15 06:31:10 host sshd[10833]: Connection closed by 197.227.21.70 port 45474 [preauth]
Jan 15 06:31:10 host sshd[10828]: Connection closed by 197.227.21.70 port 45558 [preauth]
Jan 15 06:31:10 host sshd[10835]: Connection closed by 197.227.21.70 port 45550 [preauth]
Jan 15 06:31:10 host sshd[10837]: Connection closed by 197.227.21.70 port 45526 [preauth]
Jan 15 06:31:10 host sshd[10834]: Connection closed by 197.227.21.70 port 45522 [preauth]
Jan 15 06:31:10 host sshd[10844]: Connection closed by 197.227.21.70 port 45512 [preauth]
Jan 15 06:31:10 host sshd[10832]: Connection closed by 197.227.21.70 port 45524 [preauth]
Jan 15 06:31:10 host sshd[10831]: Connection closed by 197.227.21.70 port 45504 [preauth]
Jan 15 06:31:10 host sshd[10842]: Connection closed by 197.227.21.70 port 45520 [preauth]
Jan 15 06:31:10 host sshd[10827]: Connection closed by 197.227.21.70 port 45530 [preauth]
Jan 15 06:31:10 host sshd[10838]: Connection closed by 197.227.21.70 port 45542 [preauth]
Jan 15 06:31:10 host sshd[10840]: Connection closed by 197.227.21.70 port 45500 [preauth]
Jan 15 06:31:10 host sshd[10847]: Connection closed by 197.227.21.70 port 45492 [preauth]
Jan 15 06:31:10 host sshd[10830]: Connection closed by 197.227.21.70 port 45488 [preauth]
Jan 15 06:31:10 host sshd[10836]: Connection closed by 197.227.21.70 port 45532 [preauth]
Jan 15 06:31:10 host sshd[10829]: Connection closed by 197.227.21.70 port 45508 [preauth]
Jan 15 06:31:10 host sshd[10841]: Connection closed by 197.227.21.70 port 45556 [preauth]
Jan 15 06:31:10 host sshd[10843]: Connection closed by 197.227.21.70 port 45506 [preauth]
Jan 15 06:31:10 host sshd[10839]: Connection closed by 197.227.21.70 port 45476 [preauth]
Jan 15 06:31:11 host sshd[10884]: Invalid user ftpuser from 197.227.21.70 port 45534
Jan 15 06:31:11 host sshd[10884]: input_userauth_request: invalid user ftpuser [preauth]
Jan 15 06:31:11 host sshd[10883]: Invalid user admin from 197.227.21.70 port 45478
Jan 15 06:31:11 host sshd[10883]: input_userauth_request: invalid user admin [preauth]
Jan 15 06:31:11 host sshd[10885]: User centos from 197.227.21.70 not allowed because not listed in AllowUsers
Jan 15 06:31:11 host sshd[10885]: input_userauth_request: invalid user centos [preauth]
Jan 15 06:31:11 host sshd[10884]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:11 host sshd[10884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:11 host sshd[10883]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:31:11 host sshd[10883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 15 06:31:11 host unix_chkpwd[10890]: password check failed for user (centos)
Jan 15 06:31:11 host sshd[10885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70 user=centos
Jan 15 06:31:11 host sshd[10869]: Failed password for invalid user ansadmin from 197.227.21.70 port 45554 ssh2
Jan 15 06:31:11 host sshd[10869]: Connection closed by 197.227.21.70 port 45554 [preauth]
Jan 15 06:31:13 host sshd[10884]: Failed password for invalid user ftpuser from 197.227.21.70 port 45534 ssh2
Jan 15 06:31:13 host sshd[10883]: Failed password for invalid user admin from 197.227.21.70 port 45478 ssh2
Jan 15 06:31:13 host sshd[10885]: Failed password for invalid user centos from 197.227.21.70 port 45496 ssh2
Jan 15 06:36:04 host sshd[11556]: Invalid user admin from 189.226.3.89 port 11371
Jan 15 06:36:04 host sshd[11556]: input_userauth_request: invalid user admin [preauth]
Jan 15 06:36:04 host sshd[11556]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:36:04 host sshd[11556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.226.3.89
Jan 15 06:36:06 host sshd[11556]: Failed password for invalid user admin from 189.226.3.89 port 11371 ssh2
Jan 15 06:36:07 host sshd[11556]: Failed password for invalid user admin from 189.226.3.89 port 11371 ssh2
Jan 15 06:36:08 host sshd[11556]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:36:10 host sshd[11556]: Failed password for invalid user admin from 189.226.3.89 port 11371 ssh2
Jan 15 06:36:11 host sshd[11556]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:36:13 host sshd[11556]: Failed password for invalid user admin from 189.226.3.89 port 11371 ssh2
Jan 15 06:36:13 host sshd[11556]: Connection reset by 189.226.3.89 port 11371 [preauth]
Jan 15 06:36:13 host sshd[11556]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.226.3.89
Jan 15 06:47:20 host sshd[13007]: Invalid user vadmin from 122.116.241.113 port 40309
Jan 15 06:47:20 host sshd[13007]: input_userauth_request: invalid user vadmin [preauth]
Jan 15 06:47:20 host sshd[13007]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:47:20 host sshd[13007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.241.113
Jan 15 06:47:22 host sshd[13007]: Failed password for invalid user vadmin from 122.116.241.113 port 40309 ssh2
Jan 15 06:47:25 host sshd[13007]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:47:26 host sshd[13007]: Failed password for invalid user vadmin from 122.116.241.113 port 40309 ssh2
Jan 15 06:47:27 host sshd[13007]: Connection closed by 122.116.241.113 port 40309 [preauth]
Jan 15 06:47:27 host sshd[13007]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.241.113
Jan 15 06:50:09 host sshd[13334]: Invalid user liuming from 23.242.51.26 port 58840
Jan 15 06:50:09 host sshd[13334]: input_userauth_request: invalid user liuming [preauth]
Jan 15 06:50:09 host sshd[13334]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:50:09 host sshd[13334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.242.51.26
Jan 15 06:50:11 host sshd[13334]: Failed password for invalid user liuming from 23.242.51.26 port 58840 ssh2
Jan 15 06:50:12 host sshd[13334]: Received disconnect from 23.242.51.26 port 58840:11: Bye Bye [preauth]
Jan 15 06:50:12 host sshd[13334]: Disconnected from 23.242.51.26 port 58840 [preauth]
Jan 15 06:52:06 host sshd[13586]: Invalid user anthony from 43.156.114.14 port 59622
Jan 15 06:52:06 host sshd[13586]: input_userauth_request: invalid user anthony [preauth]
Jan 15 06:52:06 host sshd[13586]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:52:06 host sshd[13586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.114.14
Jan 15 06:52:07 host sshd[13586]: Failed password for invalid user anthony from 43.156.114.14 port 59622 ssh2
Jan 15 06:52:07 host sshd[13586]: Received disconnect from 43.156.114.14 port 59622:11: Bye Bye [preauth]
Jan 15 06:52:07 host sshd[13586]: Disconnected from 43.156.114.14 port 59622 [preauth]
Jan 15 06:52:23 host sshd[13632]: Invalid user sunyanzi from 206.189.219.241 port 38898
Jan 15 06:52:23 host sshd[13632]: input_userauth_request: invalid user sunyanzi [preauth]
Jan 15 06:52:23 host sshd[13632]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:52:23 host sshd[13632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.219.241
Jan 15 06:52:25 host sshd[13632]: Failed password for invalid user sunyanzi from 206.189.219.241 port 38898 ssh2
Jan 15 06:52:26 host sshd[13632]: Received disconnect from 206.189.219.241 port 38898:11: Bye Bye [preauth]
Jan 15 06:52:26 host sshd[13632]: Disconnected from 206.189.219.241 port 38898 [preauth]
Jan 15 06:53:53 host sshd[13900]: Invalid user liuming from 207.249.96.145 port 47830
Jan 15 06:53:53 host sshd[13900]: input_userauth_request: invalid user liuming [preauth]
Jan 15 06:53:53 host sshd[13900]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:53:53 host sshd[13900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.249.96.145
Jan 15 06:53:55 host sshd[13900]: Failed password for invalid user liuming from 207.249.96.145 port 47830 ssh2
Jan 15 06:53:56 host sshd[13900]: Received disconnect from 207.249.96.145 port 47830:11: Bye Bye [preauth]
Jan 15 06:53:56 host sshd[13900]: Disconnected from 207.249.96.145 port 47830 [preauth]
Jan 15 06:54:05 host sshd[13926]: Invalid user liuming from 128.199.95.60 port 46886
Jan 15 06:54:05 host sshd[13926]: input_userauth_request: invalid user liuming [preauth]
Jan 15 06:54:05 host sshd[13926]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:54:05 host sshd[13926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.95.60
Jan 15 06:54:07 host sshd[13926]: Failed password for invalid user liuming from 128.199.95.60 port 46886 ssh2
Jan 15 06:54:07 host sshd[13926]: Received disconnect from 128.199.95.60 port 46886:11: Bye Bye [preauth]
Jan 15 06:54:07 host sshd[13926]: Disconnected from 128.199.95.60 port 46886 [preauth]
Jan 15 06:55:00 host sshd[14026]: Invalid user fmireshg from 23.242.51.26 port 50670
Jan 15 06:55:00 host sshd[14026]: input_userauth_request: invalid user fmireshg [preauth]
Jan 15 06:55:00 host sshd[14026]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:55:00 host sshd[14026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.242.51.26
Jan 15 06:55:02 host sshd[14026]: Failed password for invalid user fmireshg from 23.242.51.26 port 50670 ssh2
Jan 15 06:55:02 host sshd[14026]: Received disconnect from 23.242.51.26 port 50670:11: Bye Bye [preauth]
Jan 15 06:55:02 host sshd[14026]: Disconnected from 23.242.51.26 port 50670 [preauth]
Jan 15 06:56:10 host sshd[14203]: Invalid user shanghai from 43.156.114.14 port 53156
Jan 15 06:56:10 host sshd[14203]: input_userauth_request: invalid user shanghai [preauth]
Jan 15 06:56:10 host sshd[14203]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:56:10 host sshd[14203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.114.14
Jan 15 06:56:12 host sshd[14203]: Failed password for invalid user shanghai from 43.156.114.14 port 53156 ssh2
Jan 15 06:56:12 host sshd[14203]: Received disconnect from 43.156.114.14 port 53156:11: Bye Bye [preauth]
Jan 15 06:56:12 host sshd[14203]: Disconnected from 43.156.114.14 port 53156 [preauth]
Jan 15 06:56:16 host sshd[14213]: Invalid user telnet from 125.137.36.18 port 63277
Jan 15 06:56:16 host sshd[14213]: input_userauth_request: invalid user telnet [preauth]
Jan 15 06:56:16 host sshd[14213]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:56:16 host sshd[14213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.137.36.18
Jan 15 06:56:16 host sshd[14216]: Invalid user huanghua from 206.189.219.241 port 50908
Jan 15 06:56:16 host sshd[14216]: input_userauth_request: invalid user huanghua [preauth]
Jan 15 06:56:16 host sshd[14216]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:56:16 host sshd[14216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.219.241
Jan 15 06:56:17 host sshd[14218]: Invalid user chaochao from 23.242.51.26 port 39804
Jan 15 06:56:17 host sshd[14218]: input_userauth_request: invalid user chaochao [preauth]
Jan 15 06:56:17 host sshd[14218]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:56:17 host sshd[14218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.242.51.26
Jan 15 06:56:17 host sshd[14213]: Failed password for invalid user telnet from 125.137.36.18 port 63277 ssh2
Jan 15 06:56:17 host sshd[14216]: Failed password for invalid user huanghua from 206.189.219.241 port 50908 ssh2
Jan 15 06:56:18 host sshd[14213]: Connection reset by 125.137.36.18 port 63277 [preauth]
Jan 15 06:56:18 host sshd[14216]: Received disconnect from 206.189.219.241 port 50908:11: Bye Bye [preauth]
Jan 15 06:56:18 host sshd[14216]: Disconnected from 206.189.219.241 port 50908 [preauth]
Jan 15 06:56:19 host sshd[14218]: Failed password for invalid user chaochao from 23.242.51.26 port 39804 ssh2
Jan 15 06:56:29 host sshd[14273]: Invalid user liyuhua from 128.199.95.60 port 47100
Jan 15 06:56:29 host sshd[14273]: input_userauth_request: invalid user liyuhua [preauth]
Jan 15 06:56:29 host sshd[14273]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:56:29 host sshd[14273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.95.60
Jan 15 06:56:31 host sshd[14273]: Failed password for invalid user liyuhua from 128.199.95.60 port 47100 ssh2
Jan 15 06:56:31 host sshd[14273]: Received disconnect from 128.199.95.60 port 47100:11: Bye Bye [preauth]
Jan 15 06:56:31 host sshd[14273]: Disconnected from 128.199.95.60 port 47100 [preauth]
Jan 15 06:56:38 host sshd[14306]: Invalid user nilusha from 207.249.96.145 port 39604
Jan 15 06:56:38 host sshd[14306]: input_userauth_request: invalid user nilusha [preauth]
Jan 15 06:56:38 host sshd[14306]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:56:38 host sshd[14306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.249.96.145
Jan 15 06:56:39 host sshd[14306]: Failed password for invalid user nilusha from 207.249.96.145 port 39604 ssh2
Jan 15 06:56:40 host sshd[14306]: Received disconnect from 207.249.96.145 port 39604:11: Bye Bye [preauth]
Jan 15 06:56:40 host sshd[14306]: Disconnected from 207.249.96.145 port 39604 [preauth]
Jan 15 06:57:26 host sshd[14386]: Invalid user dingbo from 43.156.114.14 port 39130
Jan 15 06:57:26 host sshd[14386]: input_userauth_request: invalid user dingbo [preauth]
Jan 15 06:57:26 host sshd[14386]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:57:26 host sshd[14386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.114.14
Jan 15 06:57:27 host sshd[14386]: Failed password for invalid user dingbo from 43.156.114.14 port 39130 ssh2
Jan 15 06:57:27 host sshd[14386]: Received disconnect from 43.156.114.14 port 39130:11: Bye Bye [preauth]
Jan 15 06:57:27 host sshd[14386]: Disconnected from 43.156.114.14 port 39130 [preauth]
Jan 15 06:57:44 host sshd[14458]: Invalid user chaochao from 207.249.96.145 port 43504
Jan 15 06:57:44 host sshd[14458]: input_userauth_request: invalid user chaochao [preauth]
Jan 15 06:57:44 host sshd[14458]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:57:44 host sshd[14458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.249.96.145
Jan 15 06:57:46 host sshd[14458]: Failed password for invalid user chaochao from 207.249.96.145 port 43504 ssh2
Jan 15 06:57:46 host sshd[14458]: Received disconnect from 207.249.96.145 port 43504:11: Bye Bye [preauth]
Jan 15 06:57:46 host sshd[14458]: Disconnected from 207.249.96.145 port 43504 [preauth]
Jan 15 06:57:49 host sshd[14476]: Invalid user zhangjun from 128.199.95.60 port 40062
Jan 15 06:57:49 host sshd[14476]: input_userauth_request: invalid user zhangjun [preauth]
Jan 15 06:57:49 host sshd[14476]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:57:49 host sshd[14476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.95.60
Jan 15 06:57:51 host sshd[14476]: Failed password for invalid user zhangjun from 128.199.95.60 port 40062 ssh2
Jan 15 06:57:51 host sshd[14476]: Received disconnect from 128.199.95.60 port 40062:11: Bye Bye [preauth]
Jan 15 06:57:51 host sshd[14476]: Disconnected from 128.199.95.60 port 40062 [preauth]
Jan 15 06:58:34 host sshd[14731]: Invalid user fmireshg from 206.189.219.241 port 39584
Jan 15 06:58:34 host sshd[14731]: input_userauth_request: invalid user fmireshg [preauth]
Jan 15 06:58:34 host sshd[14731]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:58:34 host sshd[14731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.219.241
Jan 15 06:58:36 host sshd[14731]: Failed password for invalid user fmireshg from 206.189.219.241 port 39584 ssh2
Jan 15 06:58:36 host sshd[14731]: Received disconnect from 206.189.219.241 port 39584:11: Bye Bye [preauth]
Jan 15 06:58:36 host sshd[14731]: Disconnected from 206.189.219.241 port 39584 [preauth]
Jan 15 06:58:45 host sshd[14776]: Invalid user roger from 209.141.56.48 port 54130
Jan 15 06:58:45 host sshd[14776]: input_userauth_request: invalid user roger [preauth]
Jan 15 06:58:45 host sshd[14776]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 06:58:45 host sshd[14776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 15 06:58:47 host sshd[14776]: Failed password for invalid user roger from 209.141.56.48 port 54130 ssh2
Jan 15 06:58:47 host sshd[14776]: Connection closed by 209.141.56.48 port 54130 [preauth]
Jan 15 07:02:48 host sshd[15515]: Invalid user roger from 209.141.56.48 port 39464
Jan 15 07:02:48 host sshd[15515]: input_userauth_request: invalid user roger [preauth]
Jan 15 07:02:48 host sshd[15515]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:02:48 host sshd[15515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 15 07:02:51 host sshd[15515]: Failed password for invalid user roger from 209.141.56.48 port 39464 ssh2
Jan 15 07:02:51 host sshd[15515]: Connection closed by 209.141.56.48 port 39464 [preauth]
Jan 15 07:03:24 host sshd[15644]: Did not receive identification string from 156.234.95.151 port 41128
Jan 15 07:03:25 host sshd[15647]: Invalid user user from 156.234.95.151 port 50132
Jan 15 07:03:25 host sshd[15647]: input_userauth_request: invalid user user [preauth]
Jan 15 07:03:25 host sshd[15648]: User root from 156.234.95.151 not allowed because not listed in AllowUsers
Jan 15 07:03:25 host sshd[15648]: input_userauth_request: invalid user root [preauth]
Jan 15 07:03:25 host sshd[15647]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:03:25 host sshd[15647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.234.95.151
Jan 15 07:03:25 host unix_chkpwd[15672]: password check failed for user (root)
Jan 15 07:03:25 host sshd[15648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.234.95.151 user=root
Jan 15 07:03:25 host sshd[15648]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 07:03:26 host sshd[15645]: Invalid user git from 156.234.95.151 port 50128
Jan 15 07:03:26 host sshd[15645]: input_userauth_request: invalid user git [preauth]
Jan 15 07:03:26 host sshd[15645]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:03:26 host sshd[15645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.234.95.151
Jan 15 07:03:26 host sshd[15654]: Invalid user ansadmin from 156.234.95.151 port 50130
Jan 15 07:03:26 host sshd[15654]: input_userauth_request: invalid user ansadmin [preauth]
Jan 15 07:03:27 host sshd[15647]: Failed password for invalid user user from 156.234.95.151 port 50132 ssh2
Jan 15 07:03:27 host sshd[15648]: Failed password for invalid user root from 156.234.95.151 port 50126 ssh2
Jan 15 07:03:27 host sshd[15654]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:03:27 host sshd[15654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.234.95.151
Jan 15 07:03:27 host sshd[15647]: Connection closed by 156.234.95.151 port 50132 [preauth]
Jan 15 07:03:27 host sshd[15648]: Connection closed by 156.234.95.151 port 50126 [preauth]
Jan 15 07:03:27 host sshd[15715]: Invalid user test from 156.234.95.151 port 50140
Jan 15 07:03:27 host sshd[15715]: input_userauth_request: invalid user test [preauth]
Jan 15 07:03:27 host sshd[15646]: Invalid user admin from 156.234.95.151 port 50124
Jan 15 07:03:27 host sshd[15646]: input_userauth_request: invalid user admin [preauth]
Jan 15 07:03:27 host sshd[15715]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:03:27 host sshd[15715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.234.95.151
Jan 15 07:03:27 host sshd[15646]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:03:27 host sshd[15646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.234.95.151
Jan 15 07:03:27 host sshd[15645]: Failed password for invalid user git from 156.234.95.151 port 50128 ssh2
Jan 15 07:03:27 host sshd[15660]: Invalid user student from 156.234.95.151 port 50184
Jan 15 07:03:27 host sshd[15660]: input_userauth_request: invalid user student [preauth]
Jan 15 07:03:27 host sshd[15661]: Invalid user vagrant from 156.234.95.151 port 50186
Jan 15 07:03:27 host sshd[15661]: input_userauth_request: invalid user vagrant [preauth]
Jan 15 07:03:27 host sshd[15701]: Invalid user ftpuser from 156.234.95.151 port 50136
Jan 15 07:03:27 host sshd[15701]: input_userauth_request: invalid user ftpuser [preauth]
Jan 15 07:03:27 host sshd[15645]: Connection closed by 156.234.95.151 port 50128 [preauth]
Jan 15 07:03:27 host sshd[15716]: Invalid user admin from 156.234.95.151 port 50154
Jan 15 07:03:27 host sshd[15716]: input_userauth_request: invalid user admin [preauth]
Jan 15 07:03:28 host sshd[15660]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:03:28 host sshd[15660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.234.95.151
Jan 15 07:03:28 host sshd[15701]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:03:28 host sshd[15701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.234.95.151
Jan 15 07:03:28 host sshd[15703]: Invalid user admin from 156.234.95.151 port 50214
Jan 15 07:03:28 host sshd[15703]: input_userauth_request: invalid user admin [preauth]
Jan 15 07:03:28 host sshd[15658]: Invalid user devops from 156.234.95.151 port 50205
Jan 15 07:03:28 host sshd[15658]: input_userauth_request: invalid user devops [preauth]
Jan 15 07:03:28 host sshd[15716]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:03:28 host sshd[15716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.234.95.151
Jan 15 07:03:28 host sshd[15658]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:03:28 host sshd[15658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.234.95.151
Jan 15 07:03:28 host sshd[15654]: Failed password for invalid user ansadmin from 156.234.95.151 port 50130 ssh2
Jan 15 07:03:28 host sshd[15704]: Invalid user ubnt from 156.234.95.151 port 50192
Jan 15 07:03:28 host sshd[15704]: input_userauth_request: invalid user ubnt [preauth]
Jan 15 07:03:28 host sshd[15654]: Connection closed by 156.234.95.151 port 50130 [preauth]
Jan 15 07:03:29 host sshd[15715]: Failed password for invalid user test from 156.234.95.151 port 50140 ssh2
Jan 15 07:03:29 host sshd[15704]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:03:29 host sshd[15704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.234.95.151
Jan 15 07:03:29 host sshd[15646]: Failed password for invalid user admin from 156.234.95.151 port 50124 ssh2
Jan 15 07:03:30 host sshd[15660]: Failed password for invalid user student from 156.234.95.151 port 50184 ssh2
Jan 15 07:03:30 host sshd[15701]: Failed password for invalid user ftpuser from 156.234.95.151 port 50136 ssh2
Jan 15 07:03:30 host sshd[15716]: Failed password for invalid user admin from 156.234.95.151 port 50154 ssh2
Jan 15 07:03:30 host sshd[15658]: Failed password for invalid user devops from 156.234.95.151 port 50205 ssh2
Jan 15 07:03:30 host sshd[15704]: Failed password for invalid user ubnt from 156.234.95.151 port 50192 ssh2
Jan 15 07:09:23 host sshd[16543]: User root from 220.132.196.170 not allowed because not listed in AllowUsers
Jan 15 07:09:23 host sshd[16543]: input_userauth_request: invalid user root [preauth]
Jan 15 07:09:23 host unix_chkpwd[16546]: password check failed for user (root)
Jan 15 07:09:23 host sshd[16543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.196.170 user=root
Jan 15 07:09:23 host sshd[16543]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 07:09:26 host sshd[16543]: Failed password for invalid user root from 220.132.196.170 port 49734 ssh2
Jan 15 07:09:27 host unix_chkpwd[16549]: password check failed for user (root)
Jan 15 07:09:27 host sshd[16543]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 07:09:28 host sshd[16543]: Failed password for invalid user root from 220.132.196.170 port 49734 ssh2
Jan 15 07:09:29 host unix_chkpwd[16573]: password check failed for user (root)
Jan 15 07:09:29 host sshd[16543]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 07:09:31 host sshd[16543]: Failed password for invalid user root from 220.132.196.170 port 49734 ssh2
Jan 15 07:09:32 host sshd[16543]: Connection reset by 220.132.196.170 port 49734 [preauth]
Jan 15 07:09:32 host sshd[16543]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.196.170 user=root
Jan 15 07:13:16 host sshd[16980]: Invalid user vadmin from 220.134.123.248 port 57066
Jan 15 07:13:16 host sshd[16980]: input_userauth_request: invalid user vadmin [preauth]
Jan 15 07:13:16 host sshd[16980]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:13:16 host sshd[16980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.123.248
Jan 15 07:13:18 host sshd[16980]: Failed password for invalid user vadmin from 220.134.123.248 port 57066 ssh2
Jan 15 07:13:18 host sshd[16980]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:13:20 host sshd[16980]: Failed password for invalid user vadmin from 220.134.123.248 port 57066 ssh2
Jan 15 07:13:21 host sshd[16980]: Failed password for invalid user vadmin from 220.134.123.248 port 57066 ssh2
Jan 15 07:13:21 host sshd[16980]: Connection closed by 220.134.123.248 port 57066 [preauth]
Jan 15 07:13:21 host sshd[16980]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.123.248
Jan 15 07:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 07:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 07:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 07:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 07:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 07:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 07:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 07:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 07:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 07:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 07:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 07:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=wwwrmswll user-4=keralaholi user-5=wwwresourcehunte user-6=ugotscom user-7=cochintaxi user-8=wwwkaretakers user-9=dartsimp user-10=a2zgroup user-11=laundryboniface user-12=bonifacegroup user-13=wwwevmhonda user-14=wwwletsstalkfood user-15=straightcurve user-16=gifterman user-17=palco123 user-18=kottayamcalldriv user-19=phmetals user-20=mrsclean user-21=wwwnexidigital user-22=disposeat user-23=remysagr user-24=wwwkmaorg user-25=wwwkapin user-26=woodpeck user-27=vfmassets user-28=wwwtestugo user-29=shalinijames user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 07:22:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-MNQYaihZRmte6L5G.~
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-MNQYaihZRmte6L5G.~'
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-MNQYaihZRmte6L5G.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 07:22:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 07:22:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 07:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 07:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 07:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 07:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 07:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 07:22:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 07:22:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 07:29:31 host sshd[19283]: Invalid user eh from 194.110.203.109 port 54302
Jan 15 07:29:31 host sshd[19283]: input_userauth_request: invalid user eh [preauth]
Jan 15 07:29:31 host sshd[19283]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:29:31 host sshd[19283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 07:29:33 host sshd[19283]: Failed password for invalid user eh from 194.110.203.109 port 54302 ssh2
Jan 15 07:29:36 host sshd[19283]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:29:38 host sshd[19283]: Failed password for invalid user eh from 194.110.203.109 port 54302 ssh2
Jan 15 07:29:41 host sshd[19283]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:29:43 host sshd[19283]: Failed password for invalid user eh from 194.110.203.109 port 54302 ssh2
Jan 15 07:29:46 host sshd[19283]: Connection closed by 194.110.203.109 port 54302 [preauth]
Jan 15 07:29:46 host sshd[19283]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 07:34:27 host sshd[19847]: Invalid user soporte from 195.226.194.242 port 60388
Jan 15 07:34:27 host sshd[19847]: input_userauth_request: invalid user soporte [preauth]
Jan 15 07:34:28 host sshd[19847]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:34:28 host sshd[19847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 15 07:34:29 host sshd[19847]: Failed password for invalid user soporte from 195.226.194.242 port 60388 ssh2
Jan 15 07:34:29 host sshd[19847]: Received disconnect from 195.226.194.242 port 60388:11: Bye Bye [preauth]
Jan 15 07:34:29 host sshd[19847]: Disconnected from 195.226.194.242 port 60388 [preauth]
Jan 15 07:35:07 host sshd[19967]: Invalid user from 64.62.197.58 port 60959
Jan 15 07:35:07 host sshd[19967]: input_userauth_request: invalid user [preauth]
Jan 15 07:35:10 host sshd[19967]: Connection closed by 64.62.197.58 port 60959 [preauth]
Jan 15 07:42:33 host sshd[21074]: Invalid user viewuser from 205.185.113.129 port 57824
Jan 15 07:42:33 host sshd[21074]: input_userauth_request: invalid user viewuser [preauth]
Jan 15 07:42:33 host sshd[21074]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:42:33 host sshd[21074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 15 07:42:34 host sshd[21074]: Failed password for invalid user viewuser from 205.185.113.129 port 57824 ssh2
Jan 15 07:42:35 host sshd[21074]: Connection closed by 205.185.113.129 port 57824 [preauth]
Jan 15 07:50:29 host sshd[22653]: Invalid user jiazhen from 165.227.222.54 port 54652
Jan 15 07:50:29 host sshd[22653]: input_userauth_request: invalid user jiazhen [preauth]
Jan 15 07:50:29 host sshd[22653]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:50:29 host sshd[22653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.222.54
Jan 15 07:50:31 host sshd[22653]: Failed password for invalid user jiazhen from 165.227.222.54 port 54652 ssh2
Jan 15 07:50:32 host sshd[22653]: Received disconnect from 165.227.222.54 port 54652:11: Bye Bye [preauth]
Jan 15 07:50:32 host sshd[22653]: Disconnected from 165.227.222.54 port 54652 [preauth]
Jan 15 07:50:41 host sshd[22678]: Invalid user xiaoling from 217.182.75.250 port 39450
Jan 15 07:50:41 host sshd[22678]: input_userauth_request: invalid user xiaoling [preauth]
Jan 15 07:50:41 host sshd[22678]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:50:41 host sshd[22678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.75.250
Jan 15 07:50:43 host sshd[22678]: Failed password for invalid user xiaoling from 217.182.75.250 port 39450 ssh2
Jan 15 07:50:44 host sshd[22678]: Received disconnect from 217.182.75.250 port 39450:11: Bye Bye [preauth]
Jan 15 07:50:44 host sshd[22678]: Disconnected from 217.182.75.250 port 39450 [preauth]
Jan 15 07:51:50 host sshd[22850]: Invalid user roshni from 172.105.65.120 port 35538
Jan 15 07:51:50 host sshd[22850]: input_userauth_request: invalid user roshni [preauth]
Jan 15 07:51:50 host sshd[22850]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:51:50 host sshd[22850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.65.120
Jan 15 07:51:52 host sshd[22850]: Failed password for invalid user roshni from 172.105.65.120 port 35538 ssh2
Jan 15 07:51:52 host sshd[22850]: Received disconnect from 172.105.65.120 port 35538:11: Bye Bye [preauth]
Jan 15 07:51:52 host sshd[22850]: Disconnected from 172.105.65.120 port 35538 [preauth]
Jan 15 07:53:07 host sshd[23048]: Invalid user zhangzhen from 162.241.70.56 port 40400
Jan 15 07:53:07 host sshd[23048]: input_userauth_request: invalid user zhangzhen [preauth]
Jan 15 07:53:07 host sshd[23048]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:53:07 host sshd[23048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.241.70.56
Jan 15 07:53:09 host sshd[23048]: Failed password for invalid user zhangzhen from 162.241.70.56 port 40400 ssh2
Jan 15 07:53:10 host sshd[23048]: Received disconnect from 162.241.70.56 port 40400:11: Bye Bye [preauth]
Jan 15 07:53:10 host sshd[23048]: Disconnected from 162.241.70.56 port 40400 [preauth]
Jan 15 07:53:43 host sshd[23135]: Invalid user doudou from 165.232.64.113 port 53112
Jan 15 07:53:43 host sshd[23135]: input_userauth_request: invalid user doudou [preauth]
Jan 15 07:53:43 host sshd[23135]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:53:43 host sshd[23135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.232.64.113
Jan 15 07:53:46 host sshd[23135]: Failed password for invalid user doudou from 165.232.64.113 port 53112 ssh2
Jan 15 07:53:46 host sshd[23135]: Received disconnect from 165.232.64.113 port 53112:11: Bye Bye [preauth]
Jan 15 07:53:46 host sshd[23135]: Disconnected from 165.232.64.113 port 53112 [preauth]
Jan 15 07:54:17 host sshd[23314]: Invalid user zhangzhen from 167.71.166.90 port 41728
Jan 15 07:54:17 host sshd[23314]: input_userauth_request: invalid user zhangzhen [preauth]
Jan 15 07:54:17 host sshd[23314]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:54:17 host sshd[23314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.166.90
Jan 15 07:54:19 host sshd[23314]: Failed password for invalid user zhangzhen from 167.71.166.90 port 41728 ssh2
Jan 15 07:54:19 host sshd[23314]: Received disconnect from 167.71.166.90 port 41728:11: Bye Bye [preauth]
Jan 15 07:54:19 host sshd[23314]: Disconnected from 167.71.166.90 port 41728 [preauth]
Jan 15 07:55:30 host sshd[23508]: Invalid user huangkai from 165.227.222.54 port 59516
Jan 15 07:55:30 host sshd[23508]: input_userauth_request: invalid user huangkai [preauth]
Jan 15 07:55:30 host sshd[23508]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:55:30 host sshd[23508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.222.54
Jan 15 07:55:32 host sshd[23508]: Failed password for invalid user huangkai from 165.227.222.54 port 59516 ssh2
Jan 15 07:55:32 host sshd[23508]: Received disconnect from 165.227.222.54 port 59516:11: Bye Bye [preauth]
Jan 15 07:55:32 host sshd[23508]: Disconnected from 165.227.222.54 port 59516 [preauth]
Jan 15 07:56:03 host sshd[23565]: Invalid user liguirong from 217.182.75.250 port 39708
Jan 15 07:56:03 host sshd[23565]: input_userauth_request: invalid user liguirong [preauth]
Jan 15 07:56:03 host sshd[23565]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:56:03 host sshd[23565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.75.250
Jan 15 07:56:04 host sshd[23565]: Failed password for invalid user liguirong from 217.182.75.250 port 39708 ssh2
Jan 15 07:56:05 host sshd[23565]: Received disconnect from 217.182.75.250 port 39708:11: Bye Bye [preauth]
Jan 15 07:56:05 host sshd[23565]: Disconnected from 217.182.75.250 port 39708 [preauth]
Jan 15 07:56:08 host sshd[23575]: Invalid user lingling from 162.241.70.56 port 51596
Jan 15 07:56:08 host sshd[23575]: input_userauth_request: invalid user lingling [preauth]
Jan 15 07:56:08 host sshd[23575]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:56:08 host sshd[23575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.241.70.56
Jan 15 07:56:09 host sshd[23575]: Failed password for invalid user lingling from 162.241.70.56 port 51596 ssh2
Jan 15 07:56:10 host sshd[23575]: Received disconnect from 162.241.70.56 port 51596:11: Bye Bye [preauth]
Jan 15 07:56:10 host sshd[23575]: Disconnected from 162.241.70.56 port 51596 [preauth]
Jan 15 07:56:10 host sshd[23579]: Invalid user xw from 165.232.64.113 port 60772
Jan 15 07:56:10 host sshd[23579]: input_userauth_request: invalid user xw [preauth]
Jan 15 07:56:10 host sshd[23579]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:56:10 host sshd[23579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.232.64.113
Jan 15 07:56:12 host sshd[23579]: Failed password for invalid user xw from 165.232.64.113 port 60772 ssh2
Jan 15 07:56:12 host sshd[23579]: Received disconnect from 165.232.64.113 port 60772:11: Bye Bye [preauth]
Jan 15 07:56:12 host sshd[23579]: Disconnected from 165.232.64.113 port 60772 [preauth]
Jan 15 07:56:15 host sshd[23587]: Invalid user lianghao from 172.105.65.120 port 37520
Jan 15 07:56:15 host sshd[23587]: input_userauth_request: invalid user lianghao [preauth]
Jan 15 07:56:15 host sshd[23587]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:56:15 host sshd[23587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.65.120
Jan 15 07:56:17 host sshd[23587]: Failed password for invalid user lianghao from 172.105.65.120 port 37520 ssh2
Jan 15 07:56:17 host sshd[23587]: Received disconnect from 172.105.65.120 port 37520:11: Bye Bye [preauth]
Jan 15 07:56:17 host sshd[23587]: Disconnected from 172.105.65.120 port 37520 [preauth]
Jan 15 07:56:20 host sshd[23592]: Invalid user mengmeng from 167.71.166.90 port 46582
Jan 15 07:56:20 host sshd[23592]: input_userauth_request: invalid user mengmeng [preauth]
Jan 15 07:56:20 host sshd[23592]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:56:20 host sshd[23592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.166.90
Jan 15 07:56:21 host sshd[23592]: Failed password for invalid user mengmeng from 167.71.166.90 port 46582 ssh2
Jan 15 07:56:22 host sshd[23592]: Received disconnect from 167.71.166.90 port 46582:11: Bye Bye [preauth]
Jan 15 07:56:22 host sshd[23592]: Disconnected from 167.71.166.90 port 46582 [preauth]
Jan 15 07:56:33 host sshd[23634]: Invalid user zhangna from 165.227.222.54 port 34442
Jan 15 07:56:33 host sshd[23634]: input_userauth_request: invalid user zhangna [preauth]
Jan 15 07:56:33 host sshd[23634]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:56:33 host sshd[23634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.222.54
Jan 15 07:56:34 host sshd[23634]: Failed password for invalid user zhangna from 165.227.222.54 port 34442 ssh2
Jan 15 07:56:34 host sshd[23634]: Received disconnect from 165.227.222.54 port 34442:11: Bye Bye [preauth]
Jan 15 07:56:34 host sshd[23634]: Disconnected from 165.227.222.54 port 34442 [preauth]
Jan 15 07:56:53 host sshd[23687]: Invalid user zhiheng from 112.78.134.11 port 38469
Jan 15 07:56:53 host sshd[23687]: input_userauth_request: invalid user zhiheng [preauth]
Jan 15 07:56:53 host sshd[23687]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:56:53 host sshd[23687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.78.134.11
Jan 15 07:56:55 host sshd[23687]: Failed password for invalid user zhiheng from 112.78.134.11 port 38469 ssh2
Jan 15 07:56:55 host sshd[23687]: Received disconnect from 112.78.134.11 port 38469:11: Bye Bye [preauth]
Jan 15 07:56:55 host sshd[23687]: Disconnected from 112.78.134.11 port 38469 [preauth]
Jan 15 07:57:14 host sshd[23717]: Invalid user mengmeng from 165.232.64.113 port 59350
Jan 15 07:57:14 host sshd[23717]: input_userauth_request: invalid user mengmeng [preauth]
Jan 15 07:57:14 host sshd[23717]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:57:14 host sshd[23717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.232.64.113
Jan 15 07:57:15 host sshd[23720]: Invalid user leopoldo from 217.182.75.250 port 39844
Jan 15 07:57:15 host sshd[23720]: input_userauth_request: invalid user leopoldo [preauth]
Jan 15 07:57:15 host sshd[23720]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:57:15 host sshd[23720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.75.250
Jan 15 07:57:16 host sshd[23717]: Failed password for invalid user mengmeng from 165.232.64.113 port 59350 ssh2
Jan 15 07:57:17 host sshd[23720]: Failed password for invalid user leopoldo from 217.182.75.250 port 39844 ssh2
Jan 15 07:57:17 host sshd[23720]: Received disconnect from 217.182.75.250 port 39844:11: Bye Bye [preauth]
Jan 15 07:57:17 host sshd[23720]: Disconnected from 217.182.75.250 port 39844 [preauth]
Jan 15 07:57:18 host sshd[23754]: Invalid user beverlylin from 162.241.70.56 port 49900
Jan 15 07:57:18 host sshd[23754]: input_userauth_request: invalid user beverlylin [preauth]
Jan 15 07:57:18 host sshd[23754]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:57:18 host sshd[23754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.241.70.56
Jan 15 07:57:20 host sshd[23754]: Failed password for invalid user beverlylin from 162.241.70.56 port 49900 ssh2
Jan 15 07:57:20 host sshd[23754]: Received disconnect from 162.241.70.56 port 49900:11: Bye Bye [preauth]
Jan 15 07:57:20 host sshd[23754]: Disconnected from 162.241.70.56 port 49900 [preauth]
Jan 15 07:57:23 host sshd[23826]: Invalid user msalahuddin from 167.71.166.90 port 44824
Jan 15 07:57:23 host sshd[23826]: input_userauth_request: invalid user msalahuddin [preauth]
Jan 15 07:57:23 host sshd[23826]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:57:23 host sshd[23826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.166.90
Jan 15 07:57:24 host sshd[23829]: Invalid user xiaoling from 172.105.65.120 port 58746
Jan 15 07:57:24 host sshd[23829]: input_userauth_request: invalid user xiaoling [preauth]
Jan 15 07:57:24 host sshd[23829]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:57:24 host sshd[23829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.65.120
Jan 15 07:57:24 host sshd[23826]: Failed password for invalid user msalahuddin from 167.71.166.90 port 44824 ssh2
Jan 15 07:57:25 host sshd[23826]: Received disconnect from 167.71.166.90 port 44824:11: Bye Bye [preauth]
Jan 15 07:57:25 host sshd[23826]: Disconnected from 167.71.166.90 port 44824 [preauth]
Jan 15 07:57:26 host sshd[23829]: Failed password for invalid user xiaoling from 172.105.65.120 port 58746 ssh2
Jan 15 07:59:39 host sshd[24172]: Invalid user lianghao from 112.78.134.11 port 38968
Jan 15 07:59:39 host sshd[24172]: input_userauth_request: invalid user lianghao [preauth]
Jan 15 07:59:39 host sshd[24172]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 07:59:39 host sshd[24172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.78.134.11
Jan 15 07:59:41 host sshd[24172]: Failed password for invalid user lianghao from 112.78.134.11 port 38968 ssh2
Jan 15 07:59:41 host sshd[24172]: Received disconnect from 112.78.134.11 port 38968:11: Bye Bye [preauth]
Jan 15 07:59:41 host sshd[24172]: Disconnected from 112.78.134.11 port 38968 [preauth]
Jan 15 08:00:26 host sshd[24389]: User ftp from 106.105.115.156 not allowed because not listed in AllowUsers
Jan 15 08:00:26 host sshd[24389]: input_userauth_request: invalid user ftp [preauth]
Jan 15 08:00:26 host unix_chkpwd[24393]: password check failed for user (ftp)
Jan 15 08:00:26 host sshd[24389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.105.115.156 user=ftp
Jan 15 08:00:26 host sshd[24389]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 15 08:00:29 host sshd[24389]: Failed password for invalid user ftp from 106.105.115.156 port 34557 ssh2
Jan 15 08:00:29 host sshd[24389]: Connection reset by 106.105.115.156 port 34557 [preauth]
Jan 15 08:01:33 host sshd[24560]: Invalid user leopoldo from 112.78.134.11 port 60492
Jan 15 08:01:33 host sshd[24560]: input_userauth_request: invalid user leopoldo [preauth]
Jan 15 08:01:33 host sshd[24560]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:01:33 host sshd[24560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.78.134.11
Jan 15 08:01:34 host sshd[24560]: Failed password for invalid user leopoldo from 112.78.134.11 port 60492 ssh2
Jan 15 08:01:34 host sshd[24560]: Received disconnect from 112.78.134.11 port 60492:11: Bye Bye [preauth]
Jan 15 08:01:34 host sshd[24560]: Disconnected from 112.78.134.11 port 60492 [preauth]
Jan 15 08:03:02 host sshd[24727]: Invalid user dnsekakf2$$ from 211.225.148.244 port 61741
Jan 15 08:03:02 host sshd[24727]: input_userauth_request: invalid user dnsekakf2$$ [preauth]
Jan 15 08:03:02 host sshd[24727]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:03:02 host sshd[24727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.225.148.244
Jan 15 08:03:04 host sshd[24727]: Failed password for invalid user dnsekakf2$$ from 211.225.148.244 port 61741 ssh2
Jan 15 08:03:04 host sshd[24727]: Failed password for invalid user dnsekakf2$$ from 211.225.148.244 port 61741 ssh2
Jan 15 08:03:05 host sshd[24727]: Connection closed by 211.225.148.244 port 61741 [preauth]
Jan 15 08:03:07 host sshd[24744]: Invalid user user from 176.111.173.164 port 54620
Jan 15 08:03:07 host sshd[24744]: input_userauth_request: invalid user user [preauth]
Jan 15 08:03:07 host sshd[24744]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:03:07 host sshd[24744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.111.173.164
Jan 15 08:03:09 host sshd[24744]: Failed password for invalid user user from 176.111.173.164 port 54620 ssh2
Jan 15 08:03:13 host sshd[24744]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:03:15 host sshd[24744]: Failed password for invalid user user from 176.111.173.164 port 54620 ssh2
Jan 15 08:03:18 host sshd[24744]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:03:20 host sshd[24744]: Failed password for invalid user user from 176.111.173.164 port 54620 ssh2
Jan 15 08:03:23 host sshd[24744]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:03:25 host sshd[24744]: Failed password for invalid user user from 176.111.173.164 port 54620 ssh2
Jan 15 08:03:29 host sshd[24744]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:03:31 host sshd[24744]: Failed password for invalid user user from 176.111.173.164 port 54620 ssh2
Jan 15 08:04:53 host sshd[24937]: Invalid user postgres from 195.226.194.242 port 19328
Jan 15 08:04:53 host sshd[24937]: input_userauth_request: invalid user postgres [preauth]
Jan 15 08:04:53 host sshd[24937]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:04:53 host sshd[24937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 15 08:04:55 host sshd[24937]: Failed password for invalid user postgres from 195.226.194.242 port 19328 ssh2
Jan 15 08:04:55 host sshd[24937]: Received disconnect from 195.226.194.242 port 19328:11: Bye Bye [preauth]
Jan 15 08:04:55 host sshd[24937]: Disconnected from 195.226.194.242 port 19328 [preauth]
Jan 15 08:10:01 host sshd[25612]: Invalid user lianghao from 82.165.223.147 port 55442
Jan 15 08:10:01 host sshd[25612]: input_userauth_request: invalid user lianghao [preauth]
Jan 15 08:10:01 host sshd[25612]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:10:01 host sshd[25612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.165.223.147
Jan 15 08:10:03 host sshd[25612]: Failed password for invalid user lianghao from 82.165.223.147 port 55442 ssh2
Jan 15 08:10:03 host sshd[25612]: Received disconnect from 82.165.223.147 port 55442:11: Bye Bye [preauth]
Jan 15 08:10:03 host sshd[25612]: Disconnected from 82.165.223.147 port 55442 [preauth]
Jan 15 08:10:29 host sshd[25782]: Invalid user yangmei from 81.30.195.246 port 34738
Jan 15 08:10:29 host sshd[25782]: input_userauth_request: invalid user yangmei [preauth]
Jan 15 08:10:29 host sshd[25782]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:10:29 host sshd[25782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.30.195.246
Jan 15 08:10:31 host sshd[25782]: Failed password for invalid user yangmei from 81.30.195.246 port 34738 ssh2
Jan 15 08:10:31 host sshd[25782]: Received disconnect from 81.30.195.246 port 34738:11: Bye Bye [preauth]
Jan 15 08:10:31 host sshd[25782]: Disconnected from 81.30.195.246 port 34738 [preauth]
Jan 15 08:11:44 host sshd[25948]: Invalid user admin from 27.100.236.145 port 62196
Jan 15 08:11:44 host sshd[25948]: input_userauth_request: invalid user admin [preauth]
Jan 15 08:11:44 host sshd[25948]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:11:44 host sshd[25948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.100.236.145
Jan 15 08:11:47 host sshd[25948]: Failed password for invalid user admin from 27.100.236.145 port 62196 ssh2
Jan 15 08:11:47 host sshd[25948]: Failed password for invalid user admin from 27.100.236.145 port 62196 ssh2
Jan 15 08:11:48 host sshd[25948]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:11:51 host sshd[25948]: Failed password for invalid user admin from 27.100.236.145 port 62196 ssh2
Jan 15 08:11:51 host sshd[25948]: Connection reset by 27.100.236.145 port 62196 [preauth]
Jan 15 08:11:51 host sshd[25948]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.100.236.145
Jan 15 08:13:22 host sshd[26111]: Invalid user rbr from 82.165.223.147 port 34804
Jan 15 08:13:22 host sshd[26111]: input_userauth_request: invalid user rbr [preauth]
Jan 15 08:13:22 host sshd[26111]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:13:22 host sshd[26111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.165.223.147
Jan 15 08:13:24 host sshd[26111]: Failed password for invalid user rbr from 82.165.223.147 port 34804 ssh2
Jan 15 08:13:24 host sshd[26111]: Received disconnect from 82.165.223.147 port 34804:11: Bye Bye [preauth]
Jan 15 08:13:24 host sshd[26111]: Disconnected from 82.165.223.147 port 34804 [preauth]
Jan 15 08:13:28 host sshd[26119]: Invalid user roger from 209.141.56.48 port 43186
Jan 15 08:13:28 host sshd[26119]: input_userauth_request: invalid user roger [preauth]
Jan 15 08:13:28 host sshd[26119]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:13:28 host sshd[26119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 15 08:13:30 host sshd[26119]: Failed password for invalid user roger from 209.141.56.48 port 43186 ssh2
Jan 15 08:13:30 host sshd[26119]: Connection closed by 209.141.56.48 port 43186 [preauth]
Jan 15 08:14:01 host sshd[26172]: Invalid user roger from 209.141.56.48 port 34690
Jan 15 08:14:01 host sshd[26172]: input_userauth_request: invalid user roger [preauth]
Jan 15 08:14:01 host sshd[26172]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:14:01 host sshd[26172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 15 08:14:03 host sshd[26172]: Failed password for invalid user roger from 209.141.56.48 port 34690 ssh2
Jan 15 08:14:03 host sshd[26172]: Connection closed by 209.141.56.48 port 34690 [preauth]
Jan 15 08:14:38 host sshd[26250]: Invalid user wuliao from 152.32.167.29 port 37698
Jan 15 08:14:38 host sshd[26250]: input_userauth_request: invalid user wuliao [preauth]
Jan 15 08:14:38 host sshd[26250]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:14:38 host sshd[26250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.167.29
Jan 15 08:14:40 host sshd[26260]: Invalid user ziyuetian from 8.222.146.166 port 57496
Jan 15 08:14:40 host sshd[26260]: input_userauth_request: invalid user ziyuetian [preauth]
Jan 15 08:14:40 host sshd[26260]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:14:40 host sshd[26260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.222.146.166
Jan 15 08:14:40 host sshd[26250]: Failed password for invalid user wuliao from 152.32.167.29 port 37698 ssh2
Jan 15 08:14:41 host sshd[26250]: Received disconnect from 152.32.167.29 port 37698:11: Bye Bye [preauth]
Jan 15 08:14:41 host sshd[26250]: Disconnected from 152.32.167.29 port 37698 [preauth]
Jan 15 08:14:41 host sshd[26260]: Failed password for invalid user ziyuetian from 8.222.146.166 port 57496 ssh2
Jan 15 08:14:41 host sshd[26260]: Received disconnect from 8.222.146.166 port 57496:11: Bye Bye [preauth]
Jan 15 08:14:41 host sshd[26260]: Disconnected from 8.222.146.166 port 57496 [preauth]
Jan 15 08:15:00 host sshd[26287]: Invalid user sunshine from 82.165.223.147 port 45752
Jan 15 08:15:00 host sshd[26287]: input_userauth_request: invalid user sunshine [preauth]
Jan 15 08:15:00 host sshd[26287]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:15:00 host sshd[26287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.165.223.147
Jan 15 08:15:01 host sshd[26287]: Failed password for invalid user sunshine from 82.165.223.147 port 45752 ssh2
Jan 15 08:15:15 host sshd[26506]: Invalid user a_kawaba from 8.222.146.166 port 37112
Jan 15 08:15:15 host sshd[26506]: input_userauth_request: invalid user a_kawaba [preauth]
Jan 15 08:15:15 host sshd[26506]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:15:15 host sshd[26506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.222.146.166
Jan 15 08:15:17 host sshd[26506]: Failed password for invalid user a_kawaba from 8.222.146.166 port 37112 ssh2
Jan 15 08:15:17 host sshd[26506]: Received disconnect from 8.222.146.166 port 37112:11: Bye Bye [preauth]
Jan 15 08:15:17 host sshd[26506]: Disconnected from 8.222.146.166 port 37112 [preauth]
Jan 15 08:15:45 host sshd[26682]: Invalid user zhanghua from 81.30.195.246 port 56226
Jan 15 08:15:45 host sshd[26682]: input_userauth_request: invalid user zhanghua [preauth]
Jan 15 08:15:45 host sshd[26682]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:15:45 host sshd[26682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.30.195.246
Jan 15 08:15:47 host sshd[26682]: Failed password for invalid user zhanghua from 81.30.195.246 port 56226 ssh2
Jan 15 08:15:47 host sshd[26682]: Received disconnect from 81.30.195.246 port 56226:11: Bye Bye [preauth]
Jan 15 08:15:47 host sshd[26682]: Disconnected from 81.30.195.246 port 56226 [preauth]
Jan 15 08:16:55 host sshd[26780]: Invalid user chencheng from 152.32.167.29 port 40620
Jan 15 08:16:55 host sshd[26780]: input_userauth_request: invalid user chencheng [preauth]
Jan 15 08:16:55 host sshd[26780]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:16:55 host sshd[26780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.167.29
Jan 15 08:16:57 host sshd[26780]: Failed password for invalid user chencheng from 152.32.167.29 port 40620 ssh2
Jan 15 08:16:57 host sshd[26785]: Invalid user myc from 81.30.195.246 port 50880
Jan 15 08:16:57 host sshd[26785]: input_userauth_request: invalid user myc [preauth]
Jan 15 08:16:57 host sshd[26785]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:16:57 host sshd[26785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.30.195.246
Jan 15 08:16:57 host sshd[26780]: Received disconnect from 152.32.167.29 port 40620:11: Bye Bye [preauth]
Jan 15 08:16:57 host sshd[26780]: Disconnected from 152.32.167.29 port 40620 [preauth]
Jan 15 08:16:59 host sshd[26785]: Failed password for invalid user myc from 81.30.195.246 port 50880 ssh2
Jan 15 08:16:59 host sshd[26785]: Received disconnect from 81.30.195.246 port 50880:11: Bye Bye [preauth]
Jan 15 08:16:59 host sshd[26785]: Disconnected from 81.30.195.246 port 50880 [preauth]
Jan 15 08:17:22 host sshd[26862]: Invalid user testuser1 from 8.222.146.166 port 44160
Jan 15 08:17:22 host sshd[26862]: input_userauth_request: invalid user testuser1 [preauth]
Jan 15 08:17:22 host sshd[26862]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:17:22 host sshd[26862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.222.146.166
Jan 15 08:17:24 host sshd[26862]: Failed password for invalid user testuser1 from 8.222.146.166 port 44160 ssh2
Jan 15 08:17:24 host sshd[26862]: Received disconnect from 8.222.146.166 port 44160:11: Bye Bye [preauth]
Jan 15 08:17:24 host sshd[26862]: Disconnected from 8.222.146.166 port 44160 [preauth]
Jan 15 08:18:30 host sshd[27013]: Invalid user caonimabi from 152.32.167.29 port 39476
Jan 15 08:18:30 host sshd[27013]: input_userauth_request: invalid user caonimabi [preauth]
Jan 15 08:18:30 host sshd[27013]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:18:30 host sshd[27013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.167.29
Jan 15 08:18:32 host sshd[27013]: Failed password for invalid user caonimabi from 152.32.167.29 port 39476 ssh2
Jan 15 08:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 08:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 08:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 08:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 08:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=pmcresources user-2=vfmassets user-3=wwwtestugo user-4=shalinijames user-5=woodpeck user-6=wwwkapin user-7=remysagr user-8=disposeat user-9=wwwkmaorg user-10=wwwnexidigital user-11=mrsclean user-12=gifterman user-13=palco123 user-14=kottayamcalldriv user-15=phmetals user-16=wwwletsstalkfood user-17=straightcurve user-18=bonifacegroup user-19=wwwevmhonda user-20=laundryboniface user-21=dartsimp user-22=a2zgroup user-23=cochintaxi user-24=wwwkaretakers user-25=wwwrmswll user-26=wwwresourcehunte user-27=keralaholi user-28=ugotscom user-29=travelboniface user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 08:22:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-y67ysIM2NXANPF7R.~
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-y67ysIM2NXANPF7R.~'
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-y67ysIM2NXANPF7R.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 08:22:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 08:22:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 08:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 08:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 08:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 08:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 08:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 08:22:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 08:22:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 08:34:49 host sshd[29430]: User root from 195.226.194.142 not allowed because not listed in AllowUsers
Jan 15 08:34:49 host sshd[29430]: input_userauth_request: invalid user root [preauth]
Jan 15 08:34:49 host unix_chkpwd[29433]: password check failed for user (root)
Jan 15 08:34:49 host sshd[29430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142 user=root
Jan 15 08:34:49 host sshd[29430]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:34:51 host sshd[29430]: Failed password for invalid user root from 195.226.194.142 port 51054 ssh2
Jan 15 08:34:51 host sshd[29430]: Received disconnect from 195.226.194.142 port 51054:11: Bye Bye [preauth]
Jan 15 08:34:51 host sshd[29430]: Disconnected from 195.226.194.142 port 51054 [preauth]
Jan 15 08:39:28 host sshd[30076]: Invalid user roger from 209.141.56.48 port 33884
Jan 15 08:39:28 host sshd[30076]: input_userauth_request: invalid user roger [preauth]
Jan 15 08:39:28 host sshd[30076]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 08:39:28 host sshd[30076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 15 08:39:30 host sshd[30076]: Failed password for invalid user roger from 209.141.56.48 port 33884 ssh2
Jan 15 08:39:30 host sshd[30076]: Connection closed by 209.141.56.48 port 33884 [preauth]
Jan 15 08:42:32 host sshd[30584]: Bad packet length 2435711452. [preauth]
Jan 15 08:42:32 host sshd[30584]: ssh_dispatch_run_fatal: Connection from 36.238.20.122 port 35907: message authentication code incorrect [preauth]
Jan 15 08:46:05 host sshd[30963]: User root from 175.126.232.120 not allowed because not listed in AllowUsers
Jan 15 08:46:05 host sshd[30963]: input_userauth_request: invalid user root [preauth]
Jan 15 08:46:06 host unix_chkpwd[30967]: password check failed for user (root)
Jan 15 08:46:06 host sshd[30963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.126.232.120 user=root
Jan 15 08:46:06 host sshd[30963]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:46:08 host sshd[30963]: Failed password for invalid user root from 175.126.232.120 port 52378 ssh2
Jan 15 08:46:08 host sshd[30963]: Received disconnect from 175.126.232.120 port 52378:11: Bye Bye [preauth]
Jan 15 08:46:08 host sshd[30963]: Disconnected from 175.126.232.120 port 52378 [preauth]
Jan 15 08:47:17 host sshd[31213]: User root from 43.155.173.30 not allowed because not listed in AllowUsers
Jan 15 08:47:17 host sshd[31213]: input_userauth_request: invalid user root [preauth]
Jan 15 08:47:17 host unix_chkpwd[31216]: password check failed for user (root)
Jan 15 08:47:17 host sshd[31213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.155.173.30 user=root
Jan 15 08:47:17 host sshd[31213]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:47:18 host sshd[31213]: Failed password for invalid user root from 43.155.173.30 port 45904 ssh2
Jan 15 08:47:18 host sshd[31213]: Received disconnect from 43.155.173.30 port 45904:11: Bye Bye [preauth]
Jan 15 08:47:18 host sshd[31213]: Disconnected from 43.155.173.30 port 45904 [preauth]
Jan 15 08:48:07 host sshd[31318]: User root from 142.93.100.226 not allowed because not listed in AllowUsers
Jan 15 08:48:07 host sshd[31318]: input_userauth_request: invalid user root [preauth]
Jan 15 08:48:07 host unix_chkpwd[31321]: password check failed for user (root)
Jan 15 08:48:07 host sshd[31318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.100.226 user=root
Jan 15 08:48:07 host sshd[31318]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:48:09 host sshd[31318]: Failed password for invalid user root from 142.93.100.226 port 34108 ssh2
Jan 15 08:48:09 host sshd[31318]: Received disconnect from 142.93.100.226 port 34108:11: Bye Bye [preauth]
Jan 15 08:48:09 host sshd[31318]: Disconnected from 142.93.100.226 port 34108 [preauth]
Jan 15 08:49:06 host sshd[31420]: User root from 154.68.225.162 not allowed because not listed in AllowUsers
Jan 15 08:49:06 host sshd[31420]: input_userauth_request: invalid user root [preauth]
Jan 15 08:49:06 host unix_chkpwd[31423]: password check failed for user (root)
Jan 15 08:49:06 host sshd[31420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.68.225.162 user=root
Jan 15 08:49:06 host sshd[31420]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:49:09 host sshd[31420]: Failed password for invalid user root from 154.68.225.162 port 60854 ssh2
Jan 15 08:49:09 host sshd[31420]: Received disconnect from 154.68.225.162 port 60854:11: Bye Bye [preauth]
Jan 15 08:49:09 host sshd[31420]: Disconnected from 154.68.225.162 port 60854 [preauth]
Jan 15 08:49:13 host sshd[31428]: User root from 198.12.85.199 not allowed because not listed in AllowUsers
Jan 15 08:49:13 host sshd[31428]: input_userauth_request: invalid user root [preauth]
Jan 15 08:49:13 host unix_chkpwd[31431]: password check failed for user (root)
Jan 15 08:49:13 host sshd[31428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.85.199 user=root
Jan 15 08:49:13 host sshd[31428]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:49:15 host sshd[31428]: Failed password for invalid user root from 198.12.85.199 port 45472 ssh2
Jan 15 08:49:15 host sshd[31428]: Received disconnect from 198.12.85.199 port 45472:11: Bye Bye [preauth]
Jan 15 08:49:15 host sshd[31428]: Disconnected from 198.12.85.199 port 45472 [preauth]
Jan 15 08:50:25 host sshd[31567]: User root from 220.133.148.212 not allowed because not listed in AllowUsers
Jan 15 08:50:25 host sshd[31567]: input_userauth_request: invalid user root [preauth]
Jan 15 08:50:25 host unix_chkpwd[31571]: password check failed for user (root)
Jan 15 08:50:25 host sshd[31567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.148.212 user=root
Jan 15 08:50:25 host sshd[31567]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:50:27 host sshd[31567]: Failed password for invalid user root from 220.133.148.212 port 49680 ssh2
Jan 15 08:50:28 host unix_chkpwd[31595]: password check failed for user (root)
Jan 15 08:50:28 host sshd[31567]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:50:30 host sshd[31567]: Failed password for invalid user root from 220.133.148.212 port 49680 ssh2
Jan 15 08:50:31 host unix_chkpwd[31598]: password check failed for user (root)
Jan 15 08:50:31 host sshd[31567]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:50:33 host sshd[31567]: Failed password for invalid user root from 220.133.148.212 port 49680 ssh2
Jan 15 08:50:34 host unix_chkpwd[31602]: password check failed for user (root)
Jan 15 08:50:34 host sshd[31567]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:50:36 host sshd[31567]: Failed password for invalid user root from 220.133.148.212 port 49680 ssh2
Jan 15 08:50:37 host unix_chkpwd[31623]: password check failed for user (root)
Jan 15 08:50:37 host sshd[31567]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:50:39 host sshd[31567]: Failed password for invalid user root from 220.133.148.212 port 49680 ssh2
Jan 15 08:52:12 host sshd[31948]: User root from 175.126.232.120 not allowed because not listed in AllowUsers
Jan 15 08:52:12 host sshd[31948]: input_userauth_request: invalid user root [preauth]
Jan 15 08:52:12 host unix_chkpwd[31951]: password check failed for user (root)
Jan 15 08:52:12 host sshd[31948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.126.232.120 user=root
Jan 15 08:52:12 host sshd[31948]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:52:14 host sshd[31948]: Failed password for invalid user root from 175.126.232.120 port 53996 ssh2
Jan 15 08:52:14 host sshd[31948]: Received disconnect from 175.126.232.120 port 53996:11: Bye Bye [preauth]
Jan 15 08:52:14 host sshd[31948]: Disconnected from 175.126.232.120 port 53996 [preauth]
Jan 15 08:52:18 host sshd[31956]: User root from 142.93.100.226 not allowed because not listed in AllowUsers
Jan 15 08:52:18 host sshd[31956]: input_userauth_request: invalid user root [preauth]
Jan 15 08:52:18 host unix_chkpwd[31988]: password check failed for user (root)
Jan 15 08:52:18 host sshd[31956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.100.226 user=root
Jan 15 08:52:18 host sshd[31956]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:52:19 host sshd[31956]: Failed password for invalid user root from 142.93.100.226 port 51792 ssh2
Jan 15 08:52:19 host sshd[31956]: Received disconnect from 142.93.100.226 port 51792:11: Bye Bye [preauth]
Jan 15 08:52:19 host sshd[31956]: Disconnected from 142.93.100.226 port 51792 [preauth]
Jan 15 08:52:31 host sshd[32061]: User root from 154.68.225.162 not allowed because not listed in AllowUsers
Jan 15 08:52:31 host sshd[32061]: input_userauth_request: invalid user root [preauth]
Jan 15 08:52:31 host unix_chkpwd[32065]: password check failed for user (root)
Jan 15 08:52:31 host sshd[32061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.68.225.162 user=root
Jan 15 08:52:31 host sshd[32061]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:52:33 host sshd[32061]: Failed password for invalid user root from 154.68.225.162 port 44514 ssh2
Jan 15 08:53:16 host sshd[32149]: User root from 43.155.173.30 not allowed because not listed in AllowUsers
Jan 15 08:53:16 host sshd[32149]: input_userauth_request: invalid user root [preauth]
Jan 15 08:53:16 host unix_chkpwd[32151]: password check failed for user (root)
Jan 15 08:53:16 host sshd[32149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.155.173.30 user=root
Jan 15 08:53:16 host sshd[32149]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:53:18 host sshd[32149]: Failed password for invalid user root from 43.155.173.30 port 43278 ssh2
Jan 15 08:53:42 host sshd[32236]: User root from 198.12.85.199 not allowed because not listed in AllowUsers
Jan 15 08:53:42 host sshd[32236]: input_userauth_request: invalid user root [preauth]
Jan 15 08:53:42 host unix_chkpwd[32243]: password check failed for user (root)
Jan 15 08:53:42 host sshd[32236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.85.199 user=root
Jan 15 08:53:42 host sshd[32236]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 08:53:45 host sshd[32236]: Failed password for invalid user root from 198.12.85.199 port 40470 ssh2
Jan 15 08:53:45 host sshd[32236]: Received disconnect from 198.12.85.199 port 40470:11: Bye Bye [preauth]
Jan 15 08:53:45 host sshd[32236]: Disconnected from 198.12.85.199 port 40470 [preauth]
Jan 15 09:05:03 host sshd[1246]: User root from 195.226.194.242 not allowed because not listed in AllowUsers
Jan 15 09:05:03 host sshd[1246]: input_userauth_request: invalid user root [preauth]
Jan 15 09:05:04 host unix_chkpwd[1249]: password check failed for user (root)
Jan 15 09:05:04 host sshd[1246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242 user=root
Jan 15 09:05:04 host sshd[1246]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:05:05 host sshd[1246]: Failed password for invalid user root from 195.226.194.242 port 45758 ssh2
Jan 15 09:05:06 host sshd[1246]: Received disconnect from 195.226.194.242 port 45758:11: Bye Bye [preauth]
Jan 15 09:05:06 host sshd[1246]: Disconnected from 195.226.194.242 port 45758 [preauth]
Jan 15 09:06:01 host sshd[1454]: Invalid user admin from 122.117.185.252 port 46098
Jan 15 09:06:01 host sshd[1454]: input_userauth_request: invalid user admin [preauth]
Jan 15 09:06:01 host sshd[1454]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:06:01 host sshd[1454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.185.252
Jan 15 09:06:03 host sshd[1454]: Failed password for invalid user admin from 122.117.185.252 port 46098 ssh2
Jan 15 09:06:04 host sshd[1454]: Failed password for invalid user admin from 122.117.185.252 port 46098 ssh2
Jan 15 09:06:05 host sshd[1454]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:06:06 host sshd[1454]: Failed password for invalid user admin from 122.117.185.252 port 46098 ssh2
Jan 15 09:06:07 host sshd[1454]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:06:09 host sshd[1454]: Failed password for invalid user admin from 122.117.185.252 port 46098 ssh2
Jan 15 09:06:11 host sshd[1454]: Connection reset by 122.117.185.252 port 46098 [preauth]
Jan 15 09:06:11 host sshd[1454]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.185.252
Jan 15 09:06:22 host sshd[1517]: Invalid user pi from 49.213.228.22 port 60689
Jan 15 09:06:22 host sshd[1517]: input_userauth_request: invalid user pi [preauth]
Jan 15 09:06:22 host sshd[1517]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:06:22 host sshd[1517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.228.22
Jan 15 09:06:24 host sshd[1517]: Failed password for invalid user pi from 49.213.228.22 port 60689 ssh2
Jan 15 09:06:25 host sshd[1517]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:06:27 host sshd[1517]: Failed password for invalid user pi from 49.213.228.22 port 60689 ssh2
Jan 15 09:06:28 host sshd[1517]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:06:30 host sshd[1517]: Failed password for invalid user pi from 49.213.228.22 port 60689 ssh2
Jan 15 09:06:30 host sshd[1532]: Invalid user pi from 122.116.242.182 port 59270
Jan 15 09:06:30 host sshd[1532]: input_userauth_request: invalid user pi [preauth]
Jan 15 09:06:30 host sshd[1532]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:06:30 host sshd[1532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.242.182
Jan 15 09:06:31 host sshd[1517]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:06:32 host sshd[1532]: Failed password for invalid user pi from 122.116.242.182 port 59270 ssh2
Jan 15 09:06:33 host sshd[1517]: Failed password for invalid user pi from 49.213.228.22 port 60689 ssh2
Jan 15 09:06:33 host sshd[1532]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:06:33 host sshd[1517]: Connection reset by 49.213.228.22 port 60689 [preauth]
Jan 15 09:06:33 host sshd[1517]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.228.22
Jan 15 09:06:33 host sshd[1517]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 15 09:06:35 host sshd[1532]: Failed password for invalid user pi from 122.116.242.182 port 59270 ssh2
Jan 15 09:06:36 host sshd[1532]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:06:38 host sshd[1532]: Failed password for invalid user pi from 122.116.242.182 port 59270 ssh2
Jan 15 09:06:39 host sshd[1532]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:06:41 host sshd[1532]: Failed password for invalid user pi from 122.116.242.182 port 59270 ssh2
Jan 15 09:06:41 host sshd[1532]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:06:43 host sshd[1532]: Failed password for invalid user pi from 122.116.242.182 port 59270 ssh2
Jan 15 09:08:06 host sshd[1802]: Did not receive identification string from 104.221.223.82 port 49790
Jan 15 09:08:07 host sshd[1804]: Invalid user postgres from 104.221.223.82 port 40878
Jan 15 09:08:07 host sshd[1804]: input_userauth_request: invalid user postgres [preauth]
Jan 15 09:08:07 host sshd[1803]: Invalid user user from 104.221.223.82 port 40802
Jan 15 09:08:07 host sshd[1805]: Invalid user steam from 104.221.223.82 port 40836
Jan 15 09:08:07 host sshd[1803]: input_userauth_request: invalid user user [preauth]
Jan 15 09:08:07 host sshd[1805]: input_userauth_request: invalid user steam [preauth]
Jan 15 09:08:07 host sshd[1807]: Invalid user vagrant from 104.221.223.82 port 40972
Jan 15 09:08:07 host sshd[1807]: input_userauth_request: invalid user vagrant [preauth]
Jan 15 09:08:07 host sshd[1815]: Invalid user testuser from 104.221.223.82 port 41106
Jan 15 09:08:07 host sshd[1815]: input_userauth_request: invalid user testuser [preauth]
Jan 15 09:08:07 host sshd[1813]: User root from 104.221.223.82 not allowed because not listed in AllowUsers
Jan 15 09:08:07 host sshd[1813]: input_userauth_request: invalid user root [preauth]
Jan 15 09:08:07 host sshd[1811]: User root from 104.221.223.82 not allowed because not listed in AllowUsers
Jan 15 09:08:07 host sshd[1811]: input_userauth_request: invalid user root [preauth]
Jan 15 09:08:07 host sshd[1809]: User root from 104.221.223.82 not allowed because not listed in AllowUsers
Jan 15 09:08:07 host sshd[1809]: input_userauth_request: invalid user root [preauth]
Jan 15 09:08:07 host sshd[1810]: Invalid user admin from 104.221.223.82 port 40854
Jan 15 09:08:07 host sshd[1810]: input_userauth_request: invalid user admin [preauth]
Jan 15 09:08:07 host sshd[1806]: User root from 104.221.223.82 not allowed because not listed in AllowUsers
Jan 15 09:08:07 host sshd[1806]: input_userauth_request: invalid user root [preauth]
Jan 15 09:08:07 host sshd[1816]: Invalid user ubuntu from 104.221.223.82 port 41040
Jan 15 09:08:07 host sshd[1816]: input_userauth_request: invalid user ubuntu [preauth]
Jan 15 09:08:07 host sshd[1817]: Invalid user pi from 104.221.223.82 port 40800
Jan 15 09:08:07 host sshd[1817]: input_userauth_request: invalid user pi [preauth]
Jan 15 09:08:07 host sshd[1814]: Invalid user test from 104.221.223.82 port 41144
Jan 15 09:08:07 host sshd[1814]: input_userauth_request: invalid user test [preauth]
Jan 15 09:08:07 host sshd[1808]: Invalid user test from 104.221.223.82 port 40930
Jan 15 09:08:07 host sshd[1808]: input_userauth_request: invalid user test [preauth]
Jan 15 09:08:07 host sshd[1812]: Invalid user ftpuser from 104.221.223.82 port 41090
Jan 15 09:08:07 host sshd[1812]: input_userauth_request: invalid user ftpuser [preauth]
Jan 15 09:08:07 host sshd[1821]: Invalid user devops from 104.221.223.82 port 41008
Jan 15 09:08:07 host sshd[1821]: input_userauth_request: invalid user devops [preauth]
Jan 15 09:08:07 host sshd[1818]: Invalid user oracle from 104.221.223.82 port 40978
Jan 15 09:08:07 host sshd[1818]: input_userauth_request: invalid user oracle [preauth]
Jan 15 09:08:07 host sshd[1820]: User centos from 104.221.223.82 not allowed because not listed in AllowUsers
Jan 15 09:08:07 host sshd[1820]: input_userauth_request: invalid user centos [preauth]
Jan 15 09:08:07 host sshd[1819]: Invalid user postgres from 104.221.223.82 port 40814
Jan 15 09:08:07 host sshd[1819]: input_userauth_request: invalid user postgres [preauth]
Jan 15 09:08:07 host sshd[1822]: Invalid user admin from 104.221.223.82 port 41084
Jan 15 09:08:07 host sshd[1822]: input_userauth_request: invalid user admin [preauth]
Jan 15 09:08:07 host sshd[1823]: Invalid user test from 104.221.223.82 port 41056
Jan 15 09:08:07 host sshd[1823]: input_userauth_request: invalid user test [preauth]
Jan 15 09:08:07 host sshd[1826]: Invalid user ec2-user from 104.221.223.82 port 40916
Jan 15 09:08:07 host sshd[1826]: input_userauth_request: invalid user ec2-user [preauth]
Jan 15 09:08:07 host sshd[1827]: Invalid user devops from 104.221.223.82 port 41118
Jan 15 09:08:07 host sshd[1827]: input_userauth_request: invalid user devops [preauth]
Jan 15 09:08:07 host sshd[1825]: User root from 104.221.223.82 not allowed because not listed in AllowUsers
Jan 15 09:08:07 host sshd[1825]: input_userauth_request: invalid user root [preauth]
Jan 15 09:08:07 host sshd[1824]: Invalid user testuser from 104.221.223.82 port 40882
Jan 15 09:08:07 host sshd[1824]: input_userauth_request: invalid user testuser [preauth]
Jan 15 09:08:07 host sshd[1831]: Invalid user steam from 104.221.223.82 port 41174
Jan 15 09:08:07 host sshd[1831]: input_userauth_request: invalid user steam [preauth]
Jan 15 09:08:07 host sshd[1830]: Invalid user dev from 104.221.223.82 port 40906
Jan 15 09:08:07 host sshd[1830]: input_userauth_request: invalid user dev [preauth]
Jan 15 09:08:07 host sshd[1805]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1803]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1804]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1807]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1817]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1812]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1808]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1810]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1815]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1816]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1821]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1814]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1818]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1819]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1822]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1823]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host unix_chkpwd[1874]: password check failed for user (root)
Jan 15 09:08:07 host sshd[1813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82 user=root
Jan 15 09:08:07 host sshd[1826]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1813]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:08:07 host sshd[1826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host unix_chkpwd[1879]: password check failed for user (centos)
Jan 15 09:08:07 host sshd[1820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82 user=centos
Jan 15 09:08:07 host unix_chkpwd[1876]: password check failed for user (root)
Jan 15 09:08:07 host sshd[1806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82 user=root
Jan 15 09:08:07 host sshd[1806]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:08:07 host sshd[1827]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1824]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host unix_chkpwd[1877]: password check failed for user (root)
Jan 15 09:08:07 host sshd[1809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82 user=root
Jan 15 09:08:07 host sshd[1809]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:08:07 host unix_chkpwd[1878]: password check failed for user (root)
Jan 15 09:08:07 host sshd[1811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82 user=root
Jan 15 09:08:07 host sshd[1811]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:08:07 host sshd[1831]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host sshd[1830]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:08:07 host sshd[1830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82
Jan 15 09:08:07 host unix_chkpwd[1880]: password check failed for user (root)
Jan 15 09:08:07 host sshd[1825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.221.223.82 user=root
Jan 15 09:08:07 host sshd[1825]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:08:09 host sshd[1805]: Failed password for invalid user steam from 104.221.223.82 port 40836 ssh2
Jan 15 09:08:09 host sshd[1803]: Failed password for invalid user user from 104.221.223.82 port 40802 ssh2
Jan 15 09:08:09 host sshd[1804]: Failed password for invalid user postgres from 104.221.223.82 port 40878 ssh2
Jan 15 09:08:09 host sshd[1807]: Failed password for invalid user vagrant from 104.221.223.82 port 40972 ssh2
Jan 15 09:08:09 host sshd[1817]: Failed password for invalid user pi from 104.221.223.82 port 40800 ssh2
Jan 15 09:08:09 host sshd[1812]: Failed password for invalid user ftpuser from 104.221.223.82 port 41090 ssh2
Jan 15 09:08:09 host sshd[1808]: Failed password for invalid user test from 104.221.223.82 port 40930 ssh2
Jan 15 09:08:09 host sshd[1810]: Failed password for invalid user admin from 104.221.223.82 port 40854 ssh2
Jan 15 09:08:09 host sshd[1815]: Failed password for invalid user testuser from 104.221.223.82 port 41106 ssh2
Jan 15 09:08:09 host sshd[1816]: Failed password for invalid user ubuntu from 104.221.223.82 port 41040 ssh2
Jan 15 09:08:09 host sshd[1821]: Failed password for invalid user devops from 104.221.223.82 port 41008 ssh2
Jan 15 09:08:09 host sshd[1814]: Failed password for invalid user test from 104.221.223.82 port 41144 ssh2
Jan 15 09:08:09 host sshd[1818]: Failed password for invalid user oracle from 104.221.223.82 port 40978 ssh2
Jan 15 09:08:09 host sshd[1819]: Failed password for invalid user postgres from 104.221.223.82 port 40814 ssh2
Jan 15 09:08:09 host sshd[1822]: Failed password for invalid user admin from 104.221.223.82 port 41084 ssh2
Jan 15 09:08:09 host sshd[1823]: Failed password for invalid user test from 104.221.223.82 port 41056 ssh2
Jan 15 09:08:09 host sshd[1813]: Failed password for invalid user root from 104.221.223.82 port 41184 ssh2
Jan 15 09:08:09 host sshd[1826]: Failed password for invalid user ec2-user from 104.221.223.82 port 40916 ssh2
Jan 15 09:08:09 host sshd[1820]: Failed password for invalid user centos from 104.221.223.82 port 41134 ssh2
Jan 15 09:08:09 host sshd[1806]: Failed password for invalid user root from 104.221.223.82 port 41032 ssh2
Jan 15 09:08:09 host sshd[1827]: Failed password for invalid user devops from 104.221.223.82 port 41118 ssh2
Jan 15 09:08:09 host sshd[1824]: Failed password for invalid user testuser from 104.221.223.82 port 40882 ssh2
Jan 15 09:08:09 host sshd[1809]: Failed password for invalid user root from 104.221.223.82 port 41074 ssh2
Jan 15 09:08:09 host sshd[1811]: Failed password for invalid user root from 104.221.223.82 port 41018 ssh2
Jan 15 09:08:09 host sshd[1831]: Failed password for invalid user steam from 104.221.223.82 port 41174 ssh2
Jan 15 09:08:09 host sshd[1830]: Failed password for invalid user dev from 104.221.223.82 port 40906 ssh2
Jan 15 09:08:09 host sshd[1825]: Failed password for invalid user root from 104.221.223.82 port 41046 ssh2
Jan 15 09:08:23 host sshd[1945]: Did not receive identification string from 149.129.220.222 port 61000
Jan 15 09:11:14 host sshd[2387]: User root from 134.17.89.151 not allowed because not listed in AllowUsers
Jan 15 09:11:14 host sshd[2387]: input_userauth_request: invalid user root [preauth]
Jan 15 09:11:14 host unix_chkpwd[2392]: password check failed for user (root)
Jan 15 09:11:14 host sshd[2387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.89.151 user=root
Jan 15 09:11:14 host sshd[2387]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:11:16 host sshd[2387]: Failed password for invalid user root from 134.17.89.151 port 45436 ssh2
Jan 15 09:11:16 host sshd[2387]: Received disconnect from 134.17.89.151 port 45436:11: Bye Bye [preauth]
Jan 15 09:11:16 host sshd[2387]: Disconnected from 134.17.89.151 port 45436 [preauth]
Jan 15 09:11:46 host sshd[2453]: User root from 134.17.89.182 not allowed because not listed in AllowUsers
Jan 15 09:11:46 host sshd[2453]: input_userauth_request: invalid user root [preauth]
Jan 15 09:11:46 host unix_chkpwd[2456]: password check failed for user (root)
Jan 15 09:11:46 host sshd[2453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.89.182 user=root
Jan 15 09:11:46 host sshd[2453]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:11:47 host sshd[2453]: Failed password for invalid user root from 134.17.89.182 port 35404 ssh2
Jan 15 09:11:47 host sshd[2453]: Received disconnect from 134.17.89.182 port 35404:11: Bye Bye [preauth]
Jan 15 09:11:47 host sshd[2453]: Disconnected from 134.17.89.182 port 35404 [preauth]
Jan 15 09:12:05 host sshd[2487]: User root from 103.129.221.188 not allowed because not listed in AllowUsers
Jan 15 09:12:05 host sshd[2487]: input_userauth_request: invalid user root [preauth]
Jan 15 09:12:05 host unix_chkpwd[2489]: password check failed for user (root)
Jan 15 09:12:05 host sshd[2487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.129.221.188 user=root
Jan 15 09:12:05 host sshd[2487]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:12:06 host sshd[2487]: Failed password for invalid user root from 103.129.221.188 port 55336 ssh2
Jan 15 09:12:07 host sshd[2487]: Received disconnect from 103.129.221.188 port 55336:11: Bye Bye [preauth]
Jan 15 09:12:07 host sshd[2487]: Disconnected from 103.129.221.188 port 55336 [preauth]
Jan 15 09:15:06 host sshd[2827]: User root from 134.17.89.151 not allowed because not listed in AllowUsers
Jan 15 09:15:06 host sshd[2827]: input_userauth_request: invalid user root [preauth]
Jan 15 09:15:06 host unix_chkpwd[2832]: password check failed for user (root)
Jan 15 09:15:06 host sshd[2827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.89.151 user=root
Jan 15 09:15:06 host sshd[2827]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:15:08 host sshd[2827]: Failed password for invalid user root from 134.17.89.151 port 60998 ssh2
Jan 15 09:15:08 host sshd[2827]: Received disconnect from 134.17.89.151 port 60998:11: Bye Bye [preauth]
Jan 15 09:15:08 host sshd[2827]: Disconnected from 134.17.89.151 port 60998 [preauth]
Jan 15 09:16:27 host sshd[3108]: User root from 134.17.89.182 not allowed because not listed in AllowUsers
Jan 15 09:16:27 host sshd[3108]: input_userauth_request: invalid user root [preauth]
Jan 15 09:16:27 host unix_chkpwd[3111]: password check failed for user (root)
Jan 15 09:16:27 host sshd[3108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.89.182 user=root
Jan 15 09:16:27 host sshd[3108]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:16:28 host sshd[3108]: Failed password for invalid user root from 134.17.89.182 port 49104 ssh2
Jan 15 09:16:36 host sshd[3170]: User root from 103.129.221.188 not allowed because not listed in AllowUsers
Jan 15 09:16:36 host sshd[3170]: input_userauth_request: invalid user root [preauth]
Jan 15 09:16:36 host unix_chkpwd[3174]: password check failed for user (root)
Jan 15 09:16:36 host sshd[3170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.129.221.188 user=root
Jan 15 09:16:36 host sshd[3170]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:16:39 host sshd[3170]: Failed password for invalid user root from 103.129.221.188 port 40292 ssh2
Jan 15 09:18:37 host sshd[3427]: Invalid user ei from 194.110.203.109 port 48554
Jan 15 09:18:37 host sshd[3427]: input_userauth_request: invalid user ei [preauth]
Jan 15 09:18:37 host sshd[3427]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:18:37 host sshd[3427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 09:18:38 host sshd[3427]: Failed password for invalid user ei from 194.110.203.109 port 48554 ssh2
Jan 15 09:18:42 host sshd[3427]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:18:44 host sshd[3427]: Failed password for invalid user ei from 194.110.203.109 port 48554 ssh2
Jan 15 09:18:47 host sshd[3427]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:18:49 host sshd[3427]: Failed password for invalid user ei from 194.110.203.109 port 48554 ssh2
Jan 15 09:18:52 host sshd[3427]: Connection closed by 194.110.203.109 port 48554 [preauth]
Jan 15 09:18:52 host sshd[3427]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 09:20:53 host sshd[3801]: Invalid user dlxuser from 125.136.160.103 port 63688
Jan 15 09:20:53 host sshd[3801]: input_userauth_request: invalid user dlxuser [preauth]
Jan 15 09:20:53 host sshd[3801]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:20:53 host sshd[3801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.136.160.103
Jan 15 09:20:55 host sshd[3801]: Failed password for invalid user dlxuser from 125.136.160.103 port 63688 ssh2
Jan 15 09:20:56 host sshd[3801]: Connection reset by 125.136.160.103 port 63688 [preauth]
Jan 15 09:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 09:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 09:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 09:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:19 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 09:22:19 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:19 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:19 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 09:22:19 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:19 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:19 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=dartsimp user-2=a2zgroup user-3=laundryboniface user-4=wwwkaretakers user-5=cochintaxi user-6=travelboniface user-7=ugotscom user-8=wwwrmswll user-9=keralaholi user-10=wwwresourcehunte user-11=wwwpmcresource user-12=wwwtestugo user-13=shalinijames user-14=vfmassets user-15=pmcresources user-16=disposeat user-17=remysagr user-18=wwwkmaorg user-19=wwwkapin user-20=woodpeck user-21=kottayamcalldriv user-22=phmetals user-23=gifterman user-24=palco123 user-25=mrsclean user-26=wwwnexidigital user-27=wwwevmhonda user-28=bonifacegroup user-29=straightcurve user-30=wwwletsstalkfood feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 09:22:19 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 09:22:19 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:19 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:19 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 09:22:19 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:19 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:19 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-bt5gxA6EvqETMqkw.~
Jan 15 09:22:19 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:19 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:19 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-bt5gxA6EvqETMqkw.~'
Jan 15 09:22:19 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:19 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:20 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-bt5gxA6EvqETMqkw.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 09:22:20 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:20 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:20 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 09:22:20 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:20 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:20 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 09:22:20 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 09:22:20 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 09:22:21 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 09:22:21 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:21 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:21 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 09:22:21 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:21 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:21 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 09:22:21 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:21 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:21 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 09:22:21 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:21 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:22:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 09:22:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 09:22:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 09:23:51 host sshd[4390]: Invalid user ONTUSER from 14.55.203.133 port 61539
Jan 15 09:23:51 host sshd[4390]: input_userauth_request: invalid user ONTUSER [preauth]
Jan 15 09:23:51 host sshd[4390]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:23:51 host sshd[4390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.55.203.133
Jan 15 09:23:53 host sshd[4390]: Failed password for invalid user ONTUSER from 14.55.203.133 port 61539 ssh2
Jan 15 09:23:53 host sshd[4390]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:23:55 host sshd[4390]: Failed password for invalid user ONTUSER from 14.55.203.133 port 61539 ssh2
Jan 15 09:23:56 host sshd[4390]: Failed password for invalid user ONTUSER from 14.55.203.133 port 61539 ssh2
Jan 15 09:23:56 host sshd[4390]: Connection closed by 14.55.203.133 port 61539 [preauth]
Jan 15 09:23:56 host sshd[4390]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.55.203.133
Jan 15 09:25:01 host sshd[4548]: Connection reset by 220.135.187.20 port 56435 [preauth]
Jan 15 09:25:08 host sshd[4577]: Invalid user steam from 59.126.176.209 port 60210
Jan 15 09:25:08 host sshd[4577]: input_userauth_request: invalid user steam [preauth]
Jan 15 09:25:08 host sshd[4577]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:25:08 host sshd[4577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.176.209
Jan 15 09:25:10 host sshd[4577]: Failed password for invalid user steam from 59.126.176.209 port 60210 ssh2
Jan 15 09:25:12 host sshd[4577]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:25:13 host sshd[4577]: Failed password for invalid user steam from 59.126.176.209 port 60210 ssh2
Jan 15 09:25:14 host sshd[4577]: Failed password for invalid user steam from 59.126.176.209 port 60210 ssh2
Jan 15 09:25:14 host sshd[4577]: Connection closed by 59.126.176.209 port 60210 [preauth]
Jan 15 09:25:14 host sshd[4577]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.176.209
Jan 15 09:28:20 host sshd[4930]: Invalid user admin from 84.255.173.151 port 60063
Jan 15 09:28:20 host sshd[4930]: input_userauth_request: invalid user admin [preauth]
Jan 15 09:28:20 host sshd[4930]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:28:20 host sshd[4930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.255.173.151
Jan 15 09:28:23 host sshd[4930]: Failed password for invalid user admin from 84.255.173.151 port 60063 ssh2
Jan 15 09:28:23 host sshd[4930]: Failed password for invalid user admin from 84.255.173.151 port 60063 ssh2
Jan 15 09:28:24 host sshd[4930]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:28:26 host sshd[4930]: Failed password for invalid user admin from 84.255.173.151 port 60063 ssh2
Jan 15 09:28:26 host sshd[4930]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:28:29 host sshd[4930]: Failed password for invalid user admin from 84.255.173.151 port 60063 ssh2
Jan 15 09:28:29 host sshd[4930]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:28:31 host sshd[4930]: Failed password for invalid user admin from 84.255.173.151 port 60063 ssh2
Jan 15 09:28:34 host sshd[4930]: Connection reset by 84.255.173.151 port 60063 [preauth]
Jan 15 09:28:34 host sshd[4930]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.255.173.151
Jan 15 09:28:34 host sshd[4930]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 15 09:34:44 host sshd[5884]: User root from 159.203.11.165 not allowed because not listed in AllowUsers
Jan 15 09:34:44 host sshd[5884]: input_userauth_request: invalid user root [preauth]
Jan 15 09:34:44 host unix_chkpwd[5891]: password check failed for user (root)
Jan 15 09:34:44 host sshd[5884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.11.165 user=root
Jan 15 09:34:44 host sshd[5884]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:34:46 host sshd[5884]: Failed password for invalid user root from 159.203.11.165 port 33846 ssh2
Jan 15 09:34:47 host sshd[5884]: Received disconnect from 159.203.11.165 port 33846:11: Bye Bye [preauth]
Jan 15 09:34:47 host sshd[5884]: Disconnected from 159.203.11.165 port 33846 [preauth]
Jan 15 09:35:15 host sshd[5955]: User root from 125.229.55.11 not allowed because not listed in AllowUsers
Jan 15 09:35:15 host sshd[5955]: input_userauth_request: invalid user root [preauth]
Jan 15 09:35:15 host unix_chkpwd[5960]: password check failed for user (root)
Jan 15 09:35:15 host sshd[5955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.55.11 user=root
Jan 15 09:35:15 host sshd[5955]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:35:18 host sshd[5955]: Failed password for invalid user root from 125.229.55.11 port 60799 ssh2
Jan 15 09:35:18 host sshd[5955]: Connection reset by 125.229.55.11 port 60799 [preauth]
Jan 15 09:35:25 host sshd[6012]: Invalid user francis from 195.226.194.242 port 29498
Jan 15 09:35:25 host sshd[6012]: input_userauth_request: invalid user francis [preauth]
Jan 15 09:35:25 host sshd[6012]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:35:25 host sshd[6012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 15 09:35:27 host sshd[6012]: Failed password for invalid user francis from 195.226.194.242 port 29498 ssh2
Jan 15 09:35:27 host sshd[6012]: Received disconnect from 195.226.194.242 port 29498:11: Bye Bye [preauth]
Jan 15 09:35:27 host sshd[6012]: Disconnected from 195.226.194.242 port 29498 [preauth]
Jan 15 09:36:45 host sshd[6303]: User root from 51.75.170.189 not allowed because not listed in AllowUsers
Jan 15 09:36:45 host sshd[6303]: input_userauth_request: invalid user root [preauth]
Jan 15 09:36:45 host unix_chkpwd[6306]: password check failed for user (root)
Jan 15 09:36:45 host sshd[6303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.170.189 user=root
Jan 15 09:36:45 host sshd[6303]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:36:47 host sshd[6303]: Failed password for invalid user root from 51.75.170.189 port 41990 ssh2
Jan 15 09:36:47 host sshd[6303]: Received disconnect from 51.75.170.189 port 41990:11: Bye Bye [preauth]
Jan 15 09:36:47 host sshd[6303]: Disconnected from 51.75.170.189 port 41990 [preauth]
Jan 15 09:40:14 host sshd[6755]: User root from 152.228.174.113 not allowed because not listed in AllowUsers
Jan 15 09:40:14 host sshd[6755]: input_userauth_request: invalid user root [preauth]
Jan 15 09:40:14 host unix_chkpwd[6758]: password check failed for user (root)
Jan 15 09:40:14 host sshd[6755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.228.174.113 user=root
Jan 15 09:40:14 host sshd[6755]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:40:17 host sshd[6755]: Failed password for invalid user root from 152.228.174.113 port 34108 ssh2
Jan 15 09:40:17 host sshd[6755]: Received disconnect from 152.228.174.113 port 34108:11: Bye Bye [preauth]
Jan 15 09:40:17 host sshd[6755]: Disconnected from 152.228.174.113 port 34108 [preauth]
Jan 15 09:40:17 host sshd[6760]: User root from 159.203.11.165 not allowed because not listed in AllowUsers
Jan 15 09:40:17 host sshd[6760]: input_userauth_request: invalid user root [preauth]
Jan 15 09:40:17 host unix_chkpwd[6763]: password check failed for user (root)
Jan 15 09:40:17 host sshd[6760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.11.165 user=root
Jan 15 09:40:17 host sshd[6760]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:40:19 host sshd[6760]: Failed password for invalid user root from 159.203.11.165 port 34774 ssh2
Jan 15 09:41:10 host sshd[6892]: User root from 51.75.170.189 not allowed because not listed in AllowUsers
Jan 15 09:41:10 host sshd[6892]: input_userauth_request: invalid user root [preauth]
Jan 15 09:41:10 host unix_chkpwd[6895]: password check failed for user (root)
Jan 15 09:41:10 host sshd[6892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.170.189 user=root
Jan 15 09:41:10 host sshd[6892]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:41:12 host sshd[6892]: Failed password for invalid user root from 51.75.170.189 port 42210 ssh2
Jan 15 09:41:12 host sshd[6892]: Received disconnect from 51.75.170.189 port 42210:11: Bye Bye [preauth]
Jan 15 09:41:12 host sshd[6892]: Disconnected from 51.75.170.189 port 42210 [preauth]
Jan 15 09:41:52 host sshd[7120]: User root from 152.228.174.113 not allowed because not listed in AllowUsers
Jan 15 09:41:52 host sshd[7120]: input_userauth_request: invalid user root [preauth]
Jan 15 09:41:52 host unix_chkpwd[7123]: password check failed for user (root)
Jan 15 09:41:52 host sshd[7120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.228.174.113 user=root
Jan 15 09:41:52 host sshd[7120]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:41:55 host sshd[7120]: Failed password for invalid user root from 152.228.174.113 port 54628 ssh2
Jan 15 09:43:05 host sshd[7316]: User root from 123.240.224.118 not allowed because not listed in AllowUsers
Jan 15 09:43:05 host sshd[7316]: input_userauth_request: invalid user root [preauth]
Jan 15 09:43:05 host unix_chkpwd[7319]: password check failed for user (root)
Jan 15 09:43:05 host sshd[7316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.240.224.118 user=root
Jan 15 09:43:05 host sshd[7316]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:43:07 host sshd[7316]: Failed password for invalid user root from 123.240.224.118 port 45863 ssh2
Jan 15 09:43:11 host unix_chkpwd[7328]: password check failed for user (root)
Jan 15 09:43:11 host sshd[7316]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:43:13 host sshd[7316]: Failed password for invalid user root from 123.240.224.118 port 45863 ssh2
Jan 15 09:43:15 host unix_chkpwd[7335]: password check failed for user (root)
Jan 15 09:43:15 host sshd[7316]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:43:17 host sshd[7316]: Failed password for invalid user root from 123.240.224.118 port 45863 ssh2
Jan 15 09:43:18 host unix_chkpwd[7340]: password check failed for user (root)
Jan 15 09:43:18 host sshd[7316]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:43:20 host sshd[7316]: Failed password for invalid user root from 123.240.224.118 port 45863 ssh2
Jan 15 09:43:26 host sshd[7383]: Invalid user vadmin from 122.117.83.43 port 33065
Jan 15 09:43:26 host sshd[7383]: input_userauth_request: invalid user vadmin [preauth]
Jan 15 09:43:26 host sshd[7383]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:43:26 host sshd[7383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.83.43
Jan 15 09:43:28 host sshd[7383]: Failed password for invalid user vadmin from 122.117.83.43 port 33065 ssh2
Jan 15 09:43:29 host sshd[7383]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:43:31 host sshd[7383]: Failed password for invalid user vadmin from 122.117.83.43 port 33065 ssh2
Jan 15 09:43:32 host sshd[7383]: Failed password for invalid user vadmin from 122.117.83.43 port 33065 ssh2
Jan 15 09:43:32 host sshd[7383]: Connection closed by 122.117.83.43 port 33065 [preauth]
Jan 15 09:43:32 host sshd[7383]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.83.43
Jan 15 09:43:55 host sshd[7460]: Invalid user danny from 107.189.30.59 port 34868
Jan 15 09:43:55 host sshd[7460]: input_userauth_request: invalid user danny [preauth]
Jan 15 09:43:55 host sshd[7460]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:43:55 host sshd[7460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 15 09:43:57 host sshd[7460]: Failed password for invalid user danny from 107.189.30.59 port 34868 ssh2
Jan 15 09:43:58 host sshd[7460]: Connection closed by 107.189.30.59 port 34868 [preauth]
Jan 15 09:48:27 host sshd[8127]: User root from 220.72.248.26 not allowed because not listed in AllowUsers
Jan 15 09:48:27 host sshd[8127]: input_userauth_request: invalid user root [preauth]
Jan 15 09:48:27 host unix_chkpwd[8131]: password check failed for user (root)
Jan 15 09:48:27 host sshd[8127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.72.248.26 user=root
Jan 15 09:48:27 host sshd[8127]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:48:29 host sshd[8127]: Failed password for invalid user root from 220.72.248.26 port 32982 ssh2
Jan 15 09:48:30 host unix_chkpwd[8156]: password check failed for user (root)
Jan 15 09:48:30 host sshd[8127]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:48:32 host sshd[8127]: Failed password for invalid user root from 220.72.248.26 port 32982 ssh2
Jan 15 09:48:32 host unix_chkpwd[8159]: password check failed for user (root)
Jan 15 09:48:32 host sshd[8127]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:48:34 host sshd[8127]: Failed password for invalid user root from 220.72.248.26 port 32982 ssh2
Jan 15 09:48:35 host unix_chkpwd[8162]: password check failed for user (root)
Jan 15 09:48:35 host sshd[8127]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:48:37 host sshd[8127]: Failed password for invalid user root from 220.72.248.26 port 32982 ssh2
Jan 15 09:48:37 host sshd[8163]: Invalid user user from 82.114.228.214 port 53776
Jan 15 09:48:37 host sshd[8163]: input_userauth_request: invalid user user [preauth]
Jan 15 09:48:37 host sshd[8163]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:48:37 host sshd[8163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.114.228.214
Jan 15 09:48:38 host unix_chkpwd[8169]: password check failed for user (root)
Jan 15 09:48:38 host sshd[8127]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:48:39 host sshd[8127]: Failed password for invalid user root from 220.72.248.26 port 32982 ssh2
Jan 15 09:48:40 host sshd[8163]: Failed password for invalid user user from 82.114.228.214 port 53776 ssh2
Jan 15 09:48:41 host sshd[8163]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:48:43 host sshd[8163]: Failed password for invalid user user from 82.114.228.214 port 53776 ssh2
Jan 15 09:48:43 host sshd[8163]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:48:46 host sshd[8163]: Failed password for invalid user user from 82.114.228.214 port 53776 ssh2
Jan 15 09:48:46 host sshd[8163]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:48:49 host sshd[8163]: Failed password for invalid user user from 82.114.228.214 port 53776 ssh2
Jan 15 09:48:49 host sshd[8163]: Connection reset by 82.114.228.214 port 53776 [preauth]
Jan 15 09:48:49 host sshd[8163]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.114.228.214
Jan 15 09:48:49 host sshd[8163]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 15 09:50:04 host sshd[8414]: User root from 43.153.210.18 not allowed because not listed in AllowUsers
Jan 15 09:50:04 host sshd[8414]: input_userauth_request: invalid user root [preauth]
Jan 15 09:50:04 host unix_chkpwd[8416]: password check failed for user (root)
Jan 15 09:50:04 host sshd[8414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.210.18 user=root
Jan 15 09:50:04 host sshd[8414]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:50:06 host sshd[8414]: Failed password for invalid user root from 43.153.210.18 port 33854 ssh2
Jan 15 09:50:06 host sshd[8414]: Received disconnect from 43.153.210.18 port 33854:11: Bye Bye [preauth]
Jan 15 09:50:06 host sshd[8414]: Disconnected from 43.153.210.18 port 33854 [preauth]
Jan 15 09:51:18 host sshd[8533]: User root from 102.129.37.140 not allowed because not listed in AllowUsers
Jan 15 09:51:18 host sshd[8533]: input_userauth_request: invalid user root [preauth]
Jan 15 09:51:18 host unix_chkpwd[8536]: password check failed for user (root)
Jan 15 09:51:18 host sshd[8533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.129.37.140 user=root
Jan 15 09:51:18 host sshd[8533]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:51:19 host sshd[8533]: Failed password for invalid user root from 102.129.37.140 port 40722 ssh2
Jan 15 09:51:19 host sshd[8533]: Received disconnect from 102.129.37.140 port 40722:11: Bye Bye [preauth]
Jan 15 09:51:19 host sshd[8533]: Disconnected from 102.129.37.140 port 40722 [preauth]
Jan 15 09:52:17 host sshd[8664]: User root from 107.173.156.194 not allowed because not listed in AllowUsers
Jan 15 09:52:17 host sshd[8664]: input_userauth_request: invalid user root [preauth]
Jan 15 09:52:17 host unix_chkpwd[8668]: password check failed for user (root)
Jan 15 09:52:17 host sshd[8664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.173.156.194 user=root
Jan 15 09:52:17 host sshd[8664]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:52:19 host sshd[8664]: Failed password for invalid user root from 107.173.156.194 port 59348 ssh2
Jan 15 09:52:20 host sshd[8664]: Received disconnect from 107.173.156.194 port 59348:11: Bye Bye [preauth]
Jan 15 09:52:20 host sshd[8664]: Disconnected from 107.173.156.194 port 59348 [preauth]
Jan 15 09:54:30 host sshd[8881]: Invalid user pi from 119.196.240.71 port 63425
Jan 15 09:54:30 host sshd[8881]: input_userauth_request: invalid user pi [preauth]
Jan 15 09:54:30 host sshd[8881]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:54:30 host sshd[8881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.196.240.71
Jan 15 09:54:31 host sshd[8905]: User root from 107.173.156.194 not allowed because not listed in AllowUsers
Jan 15 09:54:31 host sshd[8905]: input_userauth_request: invalid user root [preauth]
Jan 15 09:54:31 host unix_chkpwd[8909]: password check failed for user (root)
Jan 15 09:54:31 host sshd[8905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.173.156.194 user=root
Jan 15 09:54:31 host sshd[8905]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:54:31 host sshd[8881]: Failed password for invalid user pi from 119.196.240.71 port 63425 ssh2
Jan 15 09:54:32 host sshd[8881]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:54:33 host sshd[8905]: Failed password for invalid user root from 107.173.156.194 port 34012 ssh2
Jan 15 09:54:33 host sshd[8905]: Received disconnect from 107.173.156.194 port 34012:11: Bye Bye [preauth]
Jan 15 09:54:33 host sshd[8905]: Disconnected from 107.173.156.194 port 34012 [preauth]
Jan 15 09:54:34 host sshd[8881]: Failed password for invalid user pi from 119.196.240.71 port 63425 ssh2
Jan 15 09:54:35 host sshd[8881]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:54:37 host sshd[8881]: Failed password for invalid user pi from 119.196.240.71 port 63425 ssh2
Jan 15 09:54:38 host sshd[8881]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:54:40 host sshd[8881]: Failed password for invalid user pi from 119.196.240.71 port 63425 ssh2
Jan 15 09:54:41 host sshd[8881]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:54:42 host sshd[8881]: Failed password for invalid user pi from 119.196.240.71 port 63425 ssh2
Jan 15 09:54:43 host sshd[8881]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:54:46 host sshd[8881]: Failed password for invalid user pi from 119.196.240.71 port 63425 ssh2
Jan 15 09:54:46 host sshd[8881]: error: maximum authentication attempts exceeded for invalid user pi from 119.196.240.71 port 63425 ssh2 [preauth]
Jan 15 09:54:46 host sshd[8881]: Disconnecting: Too many authentication failures [preauth]
Jan 15 09:54:46 host sshd[8881]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.196.240.71
Jan 15 09:54:46 host sshd[8881]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 15 09:55:11 host sshd[9134]: User root from 43.153.210.18 not allowed because not listed in AllowUsers
Jan 15 09:55:11 host sshd[9134]: input_userauth_request: invalid user root [preauth]
Jan 15 09:55:11 host unix_chkpwd[9136]: password check failed for user (root)
Jan 15 09:55:11 host sshd[9134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.210.18 user=root
Jan 15 09:55:11 host sshd[9134]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:55:14 host sshd[9134]: Failed password for invalid user root from 43.153.210.18 port 50768 ssh2
Jan 15 09:55:14 host sshd[9134]: Received disconnect from 43.153.210.18 port 50768:11: Bye Bye [preauth]
Jan 15 09:55:14 host sshd[9134]: Disconnected from 43.153.210.18 port 50768 [preauth]
Jan 15 09:56:17 host sshd[9329]: Invalid user admin from 220.87.209.99 port 60962
Jan 15 09:56:17 host sshd[9329]: input_userauth_request: invalid user admin [preauth]
Jan 15 09:56:17 host sshd[9329]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 09:56:17 host sshd[9329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.87.209.99
Jan 15 09:56:20 host sshd[9329]: Failed password for invalid user admin from 220.87.209.99 port 60962 ssh2
Jan 15 09:56:20 host sshd[9329]: Failed password for invalid user admin from 220.87.209.99 port 60962 ssh2
Jan 15 09:56:21 host sshd[9329]: Connection reset by 220.87.209.99 port 60962 [preauth]
Jan 15 09:57:55 host sshd[9577]: User root from 102.129.37.140 not allowed because not listed in AllowUsers
Jan 15 09:57:55 host sshd[9577]: input_userauth_request: invalid user root [preauth]
Jan 15 09:57:55 host unix_chkpwd[9584]: password check failed for user (root)
Jan 15 09:57:55 host sshd[9577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.129.37.140 user=root
Jan 15 09:57:55 host sshd[9577]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 09:57:57 host sshd[9577]: Failed password for invalid user root from 102.129.37.140 port 40876 ssh2
Jan 15 09:57:57 host sshd[9577]: Received disconnect from 102.129.37.140 port 40876:11: Bye Bye [preauth]
Jan 15 09:57:57 host sshd[9577]: Disconnected from 102.129.37.140 port 40876 [preauth]
Jan 15 10:01:19 host sshd[10212]: User root from 143.198.39.194 not allowed because not listed in AllowUsers
Jan 15 10:01:19 host sshd[10212]: input_userauth_request: invalid user root [preauth]
Jan 15 10:01:19 host unix_chkpwd[10217]: password check failed for user (root)
Jan 15 10:01:19 host sshd[10212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.39.194 user=root
Jan 15 10:01:19 host sshd[10212]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 10:01:21 host sshd[10212]: Failed password for invalid user root from 143.198.39.194 port 59102 ssh2
Jan 15 10:01:22 host sshd[10212]: Received disconnect from 143.198.39.194 port 59102:11: Bye Bye [preauth]
Jan 15 10:01:22 host sshd[10212]: Disconnected from 143.198.39.194 port 59102 [preauth]
Jan 15 10:02:00 host sshd[10281]: User root from 64.227.72.154 not allowed because not listed in AllowUsers
Jan 15 10:02:00 host sshd[10281]: input_userauth_request: invalid user root [preauth]
Jan 15 10:02:00 host unix_chkpwd[10284]: password check failed for user (root)
Jan 15 10:02:00 host sshd[10281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.72.154 user=root
Jan 15 10:02:00 host sshd[10281]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 10:02:02 host sshd[10281]: Failed password for invalid user root from 64.227.72.154 port 39346 ssh2
Jan 15 10:02:02 host sshd[10281]: Received disconnect from 64.227.72.154 port 39346:11: Bye Bye [preauth]
Jan 15 10:02:02 host sshd[10281]: Disconnected from 64.227.72.154 port 39346 [preauth]
Jan 15 10:03:16 host sshd[10424]: Connection reset by 211.250.39.72 port 44498 [preauth]
Jan 15 10:04:18 host sshd[10552]: User root from 203.172.76.4 not allowed because not listed in AllowUsers
Jan 15 10:04:18 host sshd[10552]: input_userauth_request: invalid user root [preauth]
Jan 15 10:04:18 host unix_chkpwd[10555]: password check failed for user (root)
Jan 15 10:04:18 host sshd[10552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.172.76.4 user=root
Jan 15 10:04:18 host sshd[10552]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 10:04:20 host sshd[10552]: Failed password for invalid user root from 203.172.76.4 port 56294 ssh2
Jan 15 10:04:20 host sshd[10552]: Received disconnect from 203.172.76.4 port 56294:11: Bye Bye [preauth]
Jan 15 10:04:20 host sshd[10552]: Disconnected from 203.172.76.4 port 56294 [preauth]
Jan 15 10:04:50 host sshd[10621]: User root from 46.101.244.79 not allowed because not listed in AllowUsers
Jan 15 10:04:50 host sshd[10621]: input_userauth_request: invalid user root [preauth]
Jan 15 10:04:50 host unix_chkpwd[10626]: password check failed for user (root)
Jan 15 10:04:50 host sshd[10621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.244.79 user=root
Jan 15 10:04:50 host sshd[10621]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 10:04:52 host sshd[10621]: Failed password for invalid user root from 46.101.244.79 port 34724 ssh2
Jan 15 10:04:52 host sshd[10621]: Received disconnect from 46.101.244.79 port 34724:11: Bye Bye [preauth]
Jan 15 10:04:52 host sshd[10621]: Disconnected from 46.101.244.79 port 34724 [preauth]
Jan 15 10:05:57 host sshd[10880]: User root from 61.42.20.175 not allowed because not listed in AllowUsers
Jan 15 10:05:57 host sshd[10880]: input_userauth_request: invalid user root [preauth]
Jan 15 10:05:57 host unix_chkpwd[10885]: password check failed for user (root)
Jan 15 10:05:57 host sshd[10880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.42.20.175 user=root
Jan 15 10:05:57 host sshd[10880]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 10:05:59 host sshd[10880]: Failed password for invalid user root from 61.42.20.175 port 48446 ssh2
Jan 15 10:05:59 host sshd[10880]: Received disconnect from 61.42.20.175 port 48446:11: Bye Bye [preauth]
Jan 15 10:05:59 host sshd[10880]: Disconnected from 61.42.20.175 port 48446 [preauth]
Jan 15 10:06:09 host sshd[10911]: Invalid user apagar from 195.226.194.142 port 26866
Jan 15 10:06:09 host sshd[10911]: input_userauth_request: invalid user apagar [preauth]
Jan 15 10:06:09 host sshd[10911]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 10:06:09 host sshd[10911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 15 10:06:11 host sshd[10911]: Failed password for invalid user apagar from 195.226.194.142 port 26866 ssh2
Jan 15 10:06:11 host sshd[10911]: Received disconnect from 195.226.194.142 port 26866:11: Bye Bye [preauth]
Jan 15 10:06:11 host sshd[10911]: Disconnected from 195.226.194.142 port 26866 [preauth]
Jan 15 10:06:43 host sshd[10975]: User root from 143.198.39.194 not allowed because not listed in AllowUsers
Jan 15 10:06:43 host sshd[10975]: input_userauth_request: invalid user root [preauth]
Jan 15 10:06:43 host unix_chkpwd[10979]: password check failed for user (root)
Jan 15 10:06:43 host sshd[10975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.39.194 user=root
Jan 15 10:06:43 host sshd[10975]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 10:06:45 host sshd[10975]: Failed password for invalid user root from 143.198.39.194 port 55534 ssh2
Jan 15 10:07:17 host sshd[11070]: User root from 46.101.244.79 not allowed because not listed in AllowUsers
Jan 15 10:07:17 host sshd[11070]: input_userauth_request: invalid user root [preauth]
Jan 15 10:07:17 host unix_chkpwd[11074]: password check failed for user (root)
Jan 15 10:07:17 host sshd[11070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.244.79 user=root
Jan 15 10:07:17 host sshd[11070]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 10:07:19 host sshd[11070]: Failed password for invalid user root from 46.101.244.79 port 55808 ssh2
Jan 15 10:07:19 host sshd[11070]: Received disconnect from 46.101.244.79 port 55808:11: Bye Bye [preauth]
Jan 15 10:07:19 host sshd[11070]: Disconnected from 46.101.244.79 port 55808 [preauth]
Jan 15 10:08:24 host sshd[11254]: User root from 203.172.76.4 not allowed because not listed in AllowUsers
Jan 15 10:08:24 host sshd[11254]: input_userauth_request: invalid user root [preauth]
Jan 15 10:08:24 host unix_chkpwd[11257]: password check failed for user (root)
Jan 15 10:08:24 host sshd[11254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.172.76.4 user=root
Jan 15 10:08:24 host sshd[11254]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 10:08:26 host sshd[11254]: Failed password for invalid user root from 203.172.76.4 port 41856 ssh2
Jan 15 10:08:36 host sshd[11338]: User root from 61.42.20.175 not allowed because not listed in AllowUsers
Jan 15 10:08:36 host sshd[11338]: input_userauth_request: invalid user root [preauth]
Jan 15 10:08:36 host unix_chkpwd[11341]: password check failed for user (root)
Jan 15 10:08:36 host sshd[11338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.42.20.175 user=root
Jan 15 10:08:36 host sshd[11338]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 10:08:39 host sshd[11338]: Failed password for invalid user root from 61.42.20.175 port 52132 ssh2
Jan 15 10:08:39 host sshd[11338]: Received disconnect from 61.42.20.175 port 52132:11: Bye Bye [preauth]
Jan 15 10:08:39 host sshd[11338]: Disconnected from 61.42.20.175 port 52132 [preauth]
Jan 15 10:09:19 host sshd[11457]: User root from 64.227.72.154 not allowed because not listed in AllowUsers
Jan 15 10:09:19 host sshd[11457]: input_userauth_request: invalid user root [preauth]
Jan 15 10:09:19 host unix_chkpwd[11460]: password check failed for user (root)
Jan 15 10:09:19 host sshd[11457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.72.154 user=root
Jan 15 10:09:19 host sshd[11457]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 10:09:21 host sshd[11457]: Failed password for invalid user root from 64.227.72.154 port 58680 ssh2
Jan 15 10:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 10:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 10:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 10:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 10:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 10:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=pmcresources user-2=vfmassets user-3=shalinijames user-4=wwwtestugo user-5=wwwkapin user-6=woodpeck user-7=remysagr user-8=disposeat user-9=wwwkmaorg user-10=wwwnexidigital user-11=mrsclean user-12=palco123 user-13=gifterman user-14=kottayamcalldriv user-15=phmetals user-16=wwwletsstalkfood user-17=straightcurve user-18=bonifacegroup user-19=wwwevmhonda user-20=laundryboniface user-21=a2zgroup user-22=dartsimp user-23=wwwkaretakers user-24=cochintaxi user-25=wwwresourcehunte user-26=keralaholi user-27=wwwrmswll user-28=ugotscom user-29=travelboniface user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 10:22:02 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 10:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 10:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Arx8MJm8M7GCMl5c.~
Jan 15 10:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Arx8MJm8M7GCMl5c.~'
Jan 15 10:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Arx8MJm8M7GCMl5c.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 10:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 10:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 10:22:03 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 10:22:03 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 10:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 10:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 10:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 10:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 10:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 10:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 10:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 10:23:17 host sshd[13807]: Invalid user admin from 118.37.164.107 port 49006
Jan 15 10:23:17 host sshd[13807]: input_userauth_request: invalid user admin [preauth]
Jan 15 10:23:17 host sshd[13807]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 10:23:17 host sshd[13807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.37.164.107
Jan 15 10:23:20 host sshd[13807]: Failed password for invalid user admin from 118.37.164.107 port 49006 ssh2
Jan 15 10:23:22 host sshd[13807]: Failed password for invalid user admin from 118.37.164.107 port 49006 ssh2
Jan 15 10:23:22 host sshd[13807]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 10:23:25 host sshd[13807]: Failed password for invalid user admin from 118.37.164.107 port 49006 ssh2
Jan 15 10:23:25 host sshd[13807]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 10:23:28 host sshd[13807]: Failed password for invalid user admin from 118.37.164.107 port 49006 ssh2
Jan 15 10:23:28 host sshd[13807]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 10:23:30 host sshd[13807]: Failed password for invalid user admin from 118.37.164.107 port 49006 ssh2
Jan 15 10:36:15 host sshd[15643]: User root from 195.226.194.142 not allowed because not listed in AllowUsers
Jan 15 10:36:15 host sshd[15643]: input_userauth_request: invalid user root [preauth]
Jan 15 10:36:15 host unix_chkpwd[15646]: password check failed for user (root)
Jan 15 10:36:15 host sshd[15643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142 user=root
Jan 15 10:36:15 host sshd[15643]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 10:36:17 host sshd[15643]: Failed password for invalid user root from 195.226.194.142 port 35190 ssh2
Jan 15 10:36:17 host sshd[15643]: Received disconnect from 195.226.194.142 port 35190:11: Bye Bye [preauth]
Jan 15 10:36:17 host sshd[15643]: Disconnected from 195.226.194.142 port 35190 [preauth]
Jan 15 10:43:17 host sshd[16765]: Invalid user admin from 112.172.86.235 port 60413
Jan 15 10:43:17 host sshd[16765]: input_userauth_request: invalid user admin [preauth]
Jan 15 10:43:17 host sshd[16765]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 10:43:17 host sshd[16765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.172.86.235
Jan 15 10:43:19 host sshd[16765]: Failed password for invalid user admin from 112.172.86.235 port 60413 ssh2
Jan 15 10:43:20 host sshd[16765]: Failed password for invalid user admin from 112.172.86.235 port 60413 ssh2
Jan 15 10:43:21 host sshd[16765]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 10:43:23 host sshd[16765]: Failed password for invalid user admin from 112.172.86.235 port 60413 ssh2
Jan 15 10:43:25 host sshd[16765]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 10:43:27 host sshd[16765]: Failed password for invalid user admin from 112.172.86.235 port 60413 ssh2
Jan 15 10:58:19 host sshd[18751]: Invalid user ubnt from 123.240.127.181 port 47068
Jan 15 10:58:19 host sshd[18751]: input_userauth_request: invalid user ubnt [preauth]
Jan 15 10:58:19 host sshd[18751]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 10:58:19 host sshd[18751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.240.127.181
Jan 15 10:58:21 host sshd[18751]: Failed password for invalid user ubnt from 123.240.127.181 port 47068 ssh2
Jan 15 10:58:22 host sshd[18751]: Connection reset by 123.240.127.181 port 47068 [preauth]
Jan 15 11:00:52 host sshd[19149]: Invalid user user from 1.161.227.163 port 40493
Jan 15 11:00:52 host sshd[19149]: input_userauth_request: invalid user user [preauth]
Jan 15 11:00:52 host sshd[19149]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 11:00:52 host sshd[19149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.161.227.163
Jan 15 11:00:53 host sshd[19149]: Failed password for invalid user user from 1.161.227.163 port 40493 ssh2
Jan 15 11:00:54 host sshd[19149]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 11:00:56 host sshd[19149]: Failed password for invalid user user from 1.161.227.163 port 40493 ssh2
Jan 15 11:00:57 host sshd[19149]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 11:00:59 host sshd[19149]: Failed password for invalid user user from 1.161.227.163 port 40493 ssh2
Jan 15 11:00:59 host sshd[19149]: Connection reset by 1.161.227.163 port 40493 [preauth]
Jan 15 11:00:59 host sshd[19149]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.161.227.163
Jan 15 11:10:24 host sshd[20340]: Invalid user ej from 194.110.203.109 port 45098
Jan 15 11:10:24 host sshd[20340]: input_userauth_request: invalid user ej [preauth]
Jan 15 11:10:24 host sshd[20340]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 11:10:24 host sshd[20340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 11:10:26 host sshd[20340]: Failed password for invalid user ej from 194.110.203.109 port 45098 ssh2
Jan 15 11:10:29 host sshd[20340]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 11:10:31 host sshd[20340]: Failed password for invalid user ej from 194.110.203.109 port 45098 ssh2
Jan 15 11:10:34 host sshd[20340]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 11:10:36 host sshd[20340]: Failed password for invalid user ej from 194.110.203.109 port 45098 ssh2
Jan 15 11:10:39 host sshd[20340]: Connection closed by 194.110.203.109 port 45098 [preauth]
Jan 15 11:10:39 host sshd[20340]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 11:13:06 host sshd[20749]: User root from 119.194.114.53 not allowed because not listed in AllowUsers
Jan 15 11:13:06 host sshd[20749]: input_userauth_request: invalid user root [preauth]
Jan 15 11:13:06 host unix_chkpwd[20756]: password check failed for user (root)
Jan 15 11:13:06 host sshd[20749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.194.114.53 user=root
Jan 15 11:13:06 host sshd[20749]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 11:13:08 host sshd[20749]: Failed password for invalid user root from 119.194.114.53 port 63867 ssh2
Jan 15 11:13:09 host unix_chkpwd[20767]: password check failed for user (root)
Jan 15 11:13:09 host sshd[20749]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 11:13:11 host sshd[20749]: Failed password for invalid user root from 119.194.114.53 port 63867 ssh2
Jan 15 11:13:12 host unix_chkpwd[20771]: password check failed for user (root)
Jan 15 11:13:12 host sshd[20749]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 11:13:14 host sshd[20749]: Failed password for invalid user root from 119.194.114.53 port 63867 ssh2
Jan 15 11:13:15 host unix_chkpwd[20775]: password check failed for user (root)
Jan 15 11:13:15 host sshd[20749]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 11:13:17 host sshd[20749]: Failed password for invalid user root from 119.194.114.53 port 63867 ssh2
Jan 15 11:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 11:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 11:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 11:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=pmcresources user-2=shalinijames user-3=wwwtestugo user-4=vfmassets user-5=wwwkapin user-6=woodpeck user-7=remysagr user-8=disposeat user-9=wwwkmaorg user-10=mrsclean user-11=wwwnexidigital user-12=phmetals user-13=kottayamcalldriv user-14=palco123 user-15=gifterman user-16=straightcurve user-17=wwwletsstalkfood user-18=wwwevmhonda user-19=bonifacegroup user-20=laundryboniface user-21=a2zgroup user-22=dartsimp user-23=cochintaxi user-24=wwwkaretakers user-25=ugotscom user-26=wwwresourcehunte user-27=keralaholi user-28=wwwrmswll user-29=travelboniface user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 11:22:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-SoVqPeHI1mCeJhl8.~
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-SoVqPeHI1mCeJhl8.~'
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-SoVqPeHI1mCeJhl8.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 11:22:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 11:22:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 11:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 11:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 11:22:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 11:22:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 11:22:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 11:22:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 11:22:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 11:22:18 host sshd[22105]: User root from 209.141.55.27 not allowed because not listed in AllowUsers
Jan 15 11:22:18 host sshd[22105]: input_userauth_request: invalid user root [preauth]
Jan 15 11:22:18 host unix_chkpwd[22119]: password check failed for user (root)
Jan 15 11:22:18 host sshd[22105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.55.27 user=root
Jan 15 11:22:18 host sshd[22105]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 11:22:20 host sshd[22105]: Failed password for invalid user root from 209.141.55.27 port 36956 ssh2
Jan 15 11:22:20 host sshd[22105]: Received disconnect from 209.141.55.27 port 36956:11: Normal Shutdown, Thank you for playing [preauth]
Jan 15 11:22:20 host sshd[22105]: Disconnected from 209.141.55.27 port 36956 [preauth]
Jan 15 11:40:11 host sshd[24397]: User root from 95.156.96.46 not allowed because not listed in AllowUsers
Jan 15 11:40:11 host sshd[24397]: input_userauth_request: invalid user root [preauth]
Jan 15 11:40:11 host unix_chkpwd[24400]: password check failed for user (root)
Jan 15 11:40:11 host sshd[24397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.156.96.46 user=root
Jan 15 11:40:11 host sshd[24397]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 11:40:13 host sshd[24397]: Failed password for invalid user root from 95.156.96.46 port 52331 ssh2
Jan 15 11:40:13 host sshd[24397]: Received disconnect from 95.156.96.46 port 52331:11: Bye Bye [preauth]
Jan 15 11:40:13 host sshd[24397]: Disconnected from 95.156.96.46 port 52331 [preauth]
Jan 15 11:43:59 host sshd[24941]: User root from 95.156.96.46 not allowed because not listed in AllowUsers
Jan 15 11:43:59 host sshd[24941]: input_userauth_request: invalid user root [preauth]
Jan 15 11:43:59 host unix_chkpwd[24944]: password check failed for user (root)
Jan 15 11:43:59 host sshd[24941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.156.96.46 user=root
Jan 15 11:43:59 host sshd[24941]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 11:44:01 host sshd[24941]: Failed password for invalid user root from 95.156.96.46 port 58541 ssh2
Jan 15 11:44:01 host sshd[24941]: Received disconnect from 95.156.96.46 port 58541:11: Bye Bye [preauth]
Jan 15 11:44:01 host sshd[24941]: Disconnected from 95.156.96.46 port 58541 [preauth]
Jan 15 11:46:47 host sshd[25436]: Invalid user dlxuser from 220.132.161.200 port 40896
Jan 15 11:46:47 host sshd[25436]: input_userauth_request: invalid user dlxuser [preauth]
Jan 15 11:46:47 host sshd[25436]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 11:46:47 host sshd[25436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.161.200
Jan 15 11:46:49 host sshd[25436]: Failed password for invalid user dlxuser from 220.132.161.200 port 40896 ssh2
Jan 15 11:46:49 host sshd[25436]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 11:46:52 host sshd[25436]: Failed password for invalid user dlxuser from 220.132.161.200 port 40896 ssh2
Jan 15 11:46:52 host sshd[25436]: Connection reset by 220.132.161.200 port 40896 [preauth]
Jan 15 11:46:52 host sshd[25436]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.161.200
Jan 15 11:55:35 host sshd[26649]: Invalid user admin from 31.41.244.124 port 44642
Jan 15 11:55:35 host sshd[26649]: input_userauth_request: invalid user admin [preauth]
Jan 15 11:55:35 host sshd[26649]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 11:55:35 host sshd[26649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124
Jan 15 11:55:37 host sshd[26649]: Failed password for invalid user admin from 31.41.244.124 port 44642 ssh2
Jan 15 11:55:37 host sshd[26649]: Received disconnect from 31.41.244.124 port 44642:11: Client disconnecting normally [preauth]
Jan 15 11:55:37 host sshd[26649]: Disconnected from 31.41.244.124 port 44642 [preauth]
Jan 15 11:55:38 host sshd[26656]: User root from 31.41.244.124 not allowed because not listed in AllowUsers
Jan 15 11:55:38 host sshd[26656]: input_userauth_request: invalid user root [preauth]
Jan 15 11:55:38 host unix_chkpwd[26660]: password check failed for user (root)
Jan 15 11:55:38 host sshd[26656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124 user=root
Jan 15 11:55:38 host sshd[26656]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 11:55:40 host sshd[26656]: Failed password for invalid user root from 31.41.244.124 port 48026 ssh2
Jan 15 11:55:41 host sshd[26656]: Received disconnect from 31.41.244.124 port 48026:11: Client disconnecting normally [preauth]
Jan 15 11:55:41 host sshd[26656]: Disconnected from 31.41.244.124 port 48026 [preauth]
Jan 15 11:55:42 host sshd[26666]: Invalid user admin from 31.41.244.124 port 53125
Jan 15 11:55:42 host sshd[26666]: input_userauth_request: invalid user admin [preauth]
Jan 15 11:55:42 host sshd[26666]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 11:55:42 host sshd[26666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124
Jan 15 11:55:44 host sshd[26666]: Failed password for invalid user admin from 31.41.244.124 port 53125 ssh2
Jan 15 11:59:49 host sshd[27467]: Invalid user admin from 189.179.198.245 port 41325
Jan 15 11:59:49 host sshd[27467]: input_userauth_request: invalid user admin [preauth]
Jan 15 11:59:49 host sshd[27467]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 11:59:49 host sshd[27467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.179.198.245
Jan 15 11:59:51 host sshd[27467]: Failed password for invalid user admin from 189.179.198.245 port 41325 ssh2
Jan 15 11:59:53 host sshd[27467]: Failed password for invalid user admin from 189.179.198.245 port 41325 ssh2
Jan 15 11:59:55 host sshd[27467]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 11:59:57 host sshd[27467]: Failed password for invalid user admin from 189.179.198.245 port 41325 ssh2
Jan 15 11:59:58 host sshd[27467]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:00:00 host sshd[27467]: Failed password for invalid user admin from 189.179.198.245 port 41325 ssh2
Jan 15 12:00:01 host sshd[27467]: Connection reset by 189.179.198.245 port 41325 [preauth]
Jan 15 12:00:01 host sshd[27467]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.179.198.245
Jan 15 12:10:51 host sshd[29522]: Invalid user ubuntu from 121.182.36.208 port 62440
Jan 15 12:10:51 host sshd[29522]: input_userauth_request: invalid user ubuntu [preauth]
Jan 15 12:10:51 host sshd[29522]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:10:51 host sshd[29522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.182.36.208
Jan 15 12:10:53 host sshd[29522]: Failed password for invalid user ubuntu from 121.182.36.208 port 62440 ssh2
Jan 15 12:10:54 host sshd[29522]: Connection reset by 121.182.36.208 port 62440 [preauth]
Jan 15 12:16:11 host sshd[30881]: User root from 164.90.172.83 not allowed because not listed in AllowUsers
Jan 15 12:16:11 host sshd[30881]: input_userauth_request: invalid user root [preauth]
Jan 15 12:16:11 host unix_chkpwd[30885]: password check failed for user (root)
Jan 15 12:16:11 host sshd[30881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.172.83 user=root
Jan 15 12:16:11 host sshd[30881]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:16:11 host sshd[30886]: User root from 138.64.139.25 not allowed because not listed in AllowUsers
Jan 15 12:16:11 host sshd[30886]: input_userauth_request: invalid user root [preauth]
Jan 15 12:16:12 host unix_chkpwd[30889]: password check failed for user (root)
Jan 15 12:16:12 host sshd[30886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.64.139.25 user=root
Jan 15 12:16:12 host sshd[30886]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:16:12 host sshd[30881]: Failed password for invalid user root from 164.90.172.83 port 45888 ssh2
Jan 15 12:16:13 host sshd[30881]: Received disconnect from 164.90.172.83 port 45888:11: Bye Bye [preauth]
Jan 15 12:16:13 host sshd[30881]: Disconnected from 164.90.172.83 port 45888 [preauth]
Jan 15 12:16:13 host sshd[30886]: Failed password for invalid user root from 138.64.139.25 port 53714 ssh2
Jan 15 12:16:13 host sshd[30886]: Received disconnect from 138.64.139.25 port 53714:11: Bye Bye [preauth]
Jan 15 12:16:13 host sshd[30886]: Disconnected from 138.64.139.25 port 53714 [preauth]
Jan 15 12:16:31 host sshd[30935]: User root from 1.0.171.2 not allowed because not listed in AllowUsers
Jan 15 12:16:31 host sshd[30935]: input_userauth_request: invalid user root [preauth]
Jan 15 12:16:31 host unix_chkpwd[30938]: password check failed for user (root)
Jan 15 12:16:31 host sshd[30935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.0.171.2 user=root
Jan 15 12:16:31 host sshd[30935]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:16:33 host sshd[30935]: Failed password for invalid user root from 1.0.171.2 port 50158 ssh2
Jan 15 12:16:33 host sshd[30935]: Received disconnect from 1.0.171.2 port 50158:11: Bye Bye [preauth]
Jan 15 12:16:33 host sshd[30935]: Disconnected from 1.0.171.2 port 50158 [preauth]
Jan 15 12:18:27 host sshd[31130]: User root from 79.188.87.194 not allowed because not listed in AllowUsers
Jan 15 12:18:27 host sshd[31130]: input_userauth_request: invalid user root [preauth]
Jan 15 12:18:27 host unix_chkpwd[31135]: password check failed for user (root)
Jan 15 12:18:27 host sshd[31130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.188.87.194 user=root
Jan 15 12:18:27 host sshd[31130]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:18:29 host sshd[31130]: Failed password for invalid user root from 79.188.87.194 port 49860 ssh2
Jan 15 12:18:29 host sshd[31130]: Received disconnect from 79.188.87.194 port 49860:11: Bye Bye [preauth]
Jan 15 12:18:29 host sshd[31130]: Disconnected from 79.188.87.194 port 49860 [preauth]
Jan 15 12:19:26 host sshd[31272]: Invalid user dlxuser from 196.202.58.162 port 45124
Jan 15 12:19:26 host sshd[31272]: input_userauth_request: invalid user dlxuser [preauth]
Jan 15 12:19:26 host sshd[31272]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:19:26 host sshd[31272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.202.58.162
Jan 15 12:19:28 host sshd[31272]: Failed password for invalid user dlxuser from 196.202.58.162 port 45124 ssh2
Jan 15 12:19:28 host sshd[31272]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:19:30 host sshd[31272]: Failed password for invalid user dlxuser from 196.202.58.162 port 45124 ssh2
Jan 15 12:19:31 host sshd[31323]: User root from 123.58.216.78 not allowed because not listed in AllowUsers
Jan 15 12:19:31 host sshd[31323]: input_userauth_request: invalid user root [preauth]
Jan 15 12:19:31 host unix_chkpwd[31328]: password check failed for user (root)
Jan 15 12:19:31 host sshd[31323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.216.78 user=root
Jan 15 12:19:31 host sshd[31323]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:19:32 host sshd[31272]: Failed password for invalid user dlxuser from 196.202.58.162 port 45124 ssh2
Jan 15 12:19:33 host sshd[31323]: Failed password for invalid user root from 123.58.216.78 port 43464 ssh2
Jan 15 12:19:33 host sshd[31323]: Received disconnect from 123.58.216.78 port 43464:11: Bye Bye [preauth]
Jan 15 12:19:33 host sshd[31323]: Disconnected from 123.58.216.78 port 43464 [preauth]
Jan 15 12:19:33 host sshd[31272]: Connection closed by 196.202.58.162 port 45124 [preauth]
Jan 15 12:19:33 host sshd[31272]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.202.58.162
Jan 15 12:20:07 host sshd[31565]: User root from 202.179.191.68 not allowed because not listed in AllowUsers
Jan 15 12:20:07 host sshd[31565]: input_userauth_request: invalid user root [preauth]
Jan 15 12:20:07 host unix_chkpwd[31568]: password check failed for user (root)
Jan 15 12:20:07 host sshd[31565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.191.68 user=root
Jan 15 12:20:07 host sshd[31565]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:20:09 host sshd[31565]: Failed password for invalid user root from 202.179.191.68 port 33770 ssh2
Jan 15 12:20:09 host sshd[31565]: Received disconnect from 202.179.191.68 port 33770:11: Bye Bye [preauth]
Jan 15 12:20:09 host sshd[31565]: Disconnected from 202.179.191.68 port 33770 [preauth]
Jan 15 12:20:45 host sshd[31716]: User root from 167.71.239.134 not allowed because not listed in AllowUsers
Jan 15 12:20:45 host sshd[31716]: input_userauth_request: invalid user root [preauth]
Jan 15 12:20:45 host unix_chkpwd[31718]: password check failed for user (root)
Jan 15 12:20:45 host sshd[31716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.239.134 user=root
Jan 15 12:20:45 host sshd[31716]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:20:47 host sshd[31716]: Failed password for invalid user root from 167.71.239.134 port 42652 ssh2
Jan 15 12:20:47 host sshd[31716]: Received disconnect from 167.71.239.134 port 42652:11: Bye Bye [preauth]
Jan 15 12:20:47 host sshd[31716]: Disconnected from 167.71.239.134 port 42652 [preauth]
Jan 15 12:21:55 host sshd[31972]: User root from 138.64.139.25 not allowed because not listed in AllowUsers
Jan 15 12:21:55 host sshd[31972]: input_userauth_request: invalid user root [preauth]
Jan 15 12:21:55 host unix_chkpwd[31975]: password check failed for user (root)
Jan 15 12:21:55 host sshd[31972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.64.139.25 user=root
Jan 15 12:21:55 host sshd[31972]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:21:57 host sshd[31972]: Failed password for invalid user root from 138.64.139.25 port 32988 ssh2
Jan 15 12:21:58 host sshd[31972]: Received disconnect from 138.64.139.25 port 32988:11: Bye Bye [preauth]
Jan 15 12:21:58 host sshd[31972]: Disconnected from 138.64.139.25 port 32988 [preauth]
Jan 15 12:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 12:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=wwwrmswll user-3=keralaholi user-4=wwwresourcehunte user-5=ugotscom user-6=travelboniface user-7=cochintaxi user-8=wwwkaretakers user-9=laundryboniface user-10=dartsimp user-11=a2zgroup user-12=straightcurve user-13=wwwletsstalkfood user-14=bonifacegroup user-15=wwwevmhonda user-16=mrsclean user-17=wwwnexidigital user-18=gifterman user-19=palco123 user-20=kottayamcalldriv user-21=phmetals user-22=wwwkapin user-23=woodpeck user-24=remysagr user-25=disposeat user-26=wwwkmaorg user-27=pmcresources user-28=vfmassets user-29=wwwtestugo user-30=shalinijames feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 12:22:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-QaM1vsafGPfAKfs8.~
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-QaM1vsafGPfAKfs8.~'
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-QaM1vsafGPfAKfs8.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 12:22:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 12:22:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 12:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 12:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 12:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 12:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 12:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 12:22:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 12:22:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 12:22:32 host sshd[32364]: User root from 1.0.171.2 not allowed because not listed in AllowUsers
Jan 15 12:22:32 host sshd[32364]: input_userauth_request: invalid user root [preauth]
Jan 15 12:22:32 host unix_chkpwd[32368]: password check failed for user (root)
Jan 15 12:22:32 host sshd[32364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.0.171.2 user=root
Jan 15 12:22:32 host sshd[32364]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:22:34 host sshd[32364]: Failed password for invalid user root from 1.0.171.2 port 57386 ssh2
Jan 15 12:22:34 host sshd[32364]: Received disconnect from 1.0.171.2 port 57386:11: Bye Bye [preauth]
Jan 15 12:22:34 host sshd[32364]: Disconnected from 1.0.171.2 port 57386 [preauth]
Jan 15 12:23:11 host sshd[32543]: User root from 202.179.191.68 not allowed because not listed in AllowUsers
Jan 15 12:23:11 host sshd[32543]: input_userauth_request: invalid user root [preauth]
Jan 15 12:23:11 host unix_chkpwd[32545]: password check failed for user (root)
Jan 15 12:23:11 host sshd[32543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.191.68 user=root
Jan 15 12:23:11 host sshd[32543]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:23:12 host sshd[32543]: Failed password for invalid user root from 202.179.191.68 port 52528 ssh2
Jan 15 12:23:12 host sshd[32543]: Received disconnect from 202.179.191.68 port 52528:11: Bye Bye [preauth]
Jan 15 12:23:12 host sshd[32543]: Disconnected from 202.179.191.68 port 52528 [preauth]
Jan 15 12:23:18 host sshd[32593]: User root from 79.188.87.194 not allowed because not listed in AllowUsers
Jan 15 12:23:18 host sshd[32593]: input_userauth_request: invalid user root [preauth]
Jan 15 12:23:18 host unix_chkpwd[32597]: password check failed for user (root)
Jan 15 12:23:18 host sshd[32593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.188.87.194 user=root
Jan 15 12:23:18 host sshd[32593]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:23:20 host sshd[32593]: Failed password for invalid user root from 79.188.87.194 port 45155 ssh2
Jan 15 12:23:21 host sshd[32636]: User root from 167.71.239.134 not allowed because not listed in AllowUsers
Jan 15 12:23:21 host sshd[32636]: input_userauth_request: invalid user root [preauth]
Jan 15 12:23:21 host unix_chkpwd[32638]: password check failed for user (root)
Jan 15 12:23:21 host sshd[32636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.239.134 user=root
Jan 15 12:23:21 host sshd[32636]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:23:23 host sshd[32636]: Failed password for invalid user root from 167.71.239.134 port 48552 ssh2
Jan 15 12:23:23 host sshd[32636]: Received disconnect from 167.71.239.134 port 48552:11: Bye Bye [preauth]
Jan 15 12:23:23 host sshd[32636]: Disconnected from 167.71.239.134 port 48552 [preauth]
Jan 15 12:23:31 host sshd[32717]: User root from 164.90.172.83 not allowed because not listed in AllowUsers
Jan 15 12:23:31 host sshd[32717]: input_userauth_request: invalid user root [preauth]
Jan 15 12:23:31 host unix_chkpwd[32726]: password check failed for user (root)
Jan 15 12:23:31 host sshd[32717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.172.83 user=root
Jan 15 12:23:31 host sshd[32717]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:23:33 host sshd[32717]: Failed password for invalid user root from 164.90.172.83 port 40954 ssh2
Jan 15 12:23:33 host sshd[32717]: Received disconnect from 164.90.172.83 port 40954:11: Bye Bye [preauth]
Jan 15 12:23:33 host sshd[32717]: Disconnected from 164.90.172.83 port 40954 [preauth]
Jan 15 12:24:39 host sshd[527]: User root from 123.58.216.78 not allowed because not listed in AllowUsers
Jan 15 12:24:39 host sshd[527]: input_userauth_request: invalid user root [preauth]
Jan 15 12:24:39 host unix_chkpwd[531]: password check failed for user (root)
Jan 15 12:24:39 host sshd[527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.216.78 user=root
Jan 15 12:24:39 host sshd[527]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:24:41 host sshd[527]: Failed password for invalid user root from 123.58.216.78 port 57596 ssh2
Jan 15 12:24:57 host sshd[621]: User root from 36.110.228.254 not allowed because not listed in AllowUsers
Jan 15 12:24:57 host sshd[621]: input_userauth_request: invalid user root [preauth]
Jan 15 12:24:57 host unix_chkpwd[635]: password check failed for user (root)
Jan 15 12:24:57 host sshd[621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.228.254 user=root
Jan 15 12:24:57 host sshd[621]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:25:00 host sshd[621]: Failed password for invalid user root from 36.110.228.254 port 18423 ssh2
Jan 15 12:25:00 host unix_chkpwd[649]: password check failed for user (root)
Jan 15 12:25:00 host sshd[621]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:25:02 host sshd[621]: Failed password for invalid user root from 36.110.228.254 port 18423 ssh2
Jan 15 12:25:02 host unix_chkpwd[686]: password check failed for user (root)
Jan 15 12:25:02 host sshd[621]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:25:04 host sshd[621]: Failed password for invalid user root from 36.110.228.254 port 18423 ssh2
Jan 15 12:25:05 host unix_chkpwd[699]: password check failed for user (root)
Jan 15 12:25:05 host sshd[621]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:25:07 host sshd[621]: Failed password for invalid user root from 36.110.228.254 port 18423 ssh2
Jan 15 12:26:50 host sshd[1169]: Did not receive identification string from 172.105.128.13 port 51494
Jan 15 12:26:53 host sshd[1175]: Connection closed by 172.105.128.13 port 51496 [preauth]
Jan 15 12:26:54 host sshd[1185]: Did not receive identification string from 172.105.128.13 port 51508
Jan 15 12:29:31 host sshd[1785]: Connection reset by 59.126.144.89 port 53997 [preauth]
Jan 15 12:37:07 host sshd[3601]: Invalid user dlxuser from 111.252.49.217 port 51242
Jan 15 12:37:07 host sshd[3601]: input_userauth_request: invalid user dlxuser [preauth]
Jan 15 12:37:07 host sshd[3601]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:37:07 host sshd[3601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.252.49.217
Jan 15 12:37:09 host sshd[3601]: Failed password for invalid user dlxuser from 111.252.49.217 port 51242 ssh2
Jan 15 12:37:10 host sshd[3601]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:37:12 host sshd[3601]: Failed password for invalid user dlxuser from 111.252.49.217 port 51242 ssh2
Jan 15 12:37:13 host sshd[3601]: Failed password for invalid user dlxuser from 111.252.49.217 port 51242 ssh2
Jan 15 12:37:13 host sshd[3601]: Connection closed by 111.252.49.217 port 51242 [preauth]
Jan 15 12:37:13 host sshd[3601]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.252.49.217
Jan 15 12:44:01 host sshd[4784]: Did not receive identification string from 139.155.253.103 port 36923
Jan 15 12:44:04 host sshd[4797]: User root from 139.155.253.103 not allowed because not listed in AllowUsers
Jan 15 12:44:04 host sshd[4797]: input_userauth_request: invalid user root [preauth]
Jan 15 12:44:04 host sshd[4798]: User root from 139.155.253.103 not allowed because not listed in AllowUsers
Jan 15 12:44:04 host sshd[4798]: input_userauth_request: invalid user root [preauth]
Jan 15 12:44:04 host sshd[4796]: Invalid user ubuntu from 139.155.253.103 port 39115
Jan 15 12:44:04 host sshd[4796]: input_userauth_request: invalid user ubuntu [preauth]
Jan 15 12:44:05 host sshd[4803]: User root from 139.155.253.103 not allowed because not listed in AllowUsers
Jan 15 12:44:05 host sshd[4803]: input_userauth_request: invalid user root [preauth]
Jan 15 12:44:05 host unix_chkpwd[4843]: password check failed for user (root)
Jan 15 12:44:05 host sshd[4797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.155.253.103 user=root
Jan 15 12:44:05 host sshd[4797]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:44:05 host unix_chkpwd[4844]: password check failed for user (root)
Jan 15 12:44:05 host sshd[4798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.155.253.103 user=root
Jan 15 12:44:05 host sshd[4798]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:44:05 host sshd[4796]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:44:05 host sshd[4796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.155.253.103
Jan 15 12:44:05 host sshd[4807]: User root from 139.155.253.103 not allowed because not listed in AllowUsers
Jan 15 12:44:05 host sshd[4807]: input_userauth_request: invalid user root [preauth]
Jan 15 12:44:05 host sshd[4809]: User root from 139.155.253.103 not allowed because not listed in AllowUsers
Jan 15 12:44:05 host sshd[4809]: input_userauth_request: invalid user root [preauth]
Jan 15 12:44:05 host unix_chkpwd[4854]: password check failed for user (root)
Jan 15 12:44:05 host sshd[4803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.155.253.103 user=root
Jan 15 12:44:05 host sshd[4803]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:44:05 host sshd[4822]: Invalid user emqx from 139.155.253.103 port 39163
Jan 15 12:44:05 host sshd[4822]: input_userauth_request: invalid user emqx [preauth]
Jan 15 12:44:07 host sshd[4797]: Failed password for invalid user root from 139.155.253.103 port 39121 ssh2
Jan 15 12:44:07 host sshd[4798]: Failed password for invalid user root from 139.155.253.103 port 39117 ssh2
Jan 15 12:44:07 host sshd[4796]: Failed password for invalid user ubuntu from 139.155.253.103 port 39115 ssh2
Jan 15 12:44:07 host sshd[4803]: Failed password for invalid user root from 139.155.253.103 port 39135 ssh2
Jan 15 12:51:06 host sshd[5844]: Did not receive identification string from 104.167.82.144 port 54266
Jan 15 12:51:08 host sshd[5846]: Invalid user guest from 104.167.82.144 port 54272
Jan 15 12:51:08 host sshd[5846]: input_userauth_request: invalid user guest [preauth]
Jan 15 12:51:08 host sshd[5862]: Invalid user admin from 104.167.82.144 port 54528
Jan 15 12:51:08 host sshd[5862]: input_userauth_request: invalid user admin [preauth]
Jan 15 12:51:08 host sshd[5855]: Invalid user devops from 104.167.82.144 port 54304
Jan 15 12:51:08 host sshd[5855]: input_userauth_request: invalid user devops [preauth]
Jan 15 12:51:08 host sshd[5851]: Invalid user admin from 104.167.82.144 port 54554
Jan 15 12:51:08 host sshd[5865]: Invalid user steam from 104.167.82.144 port 54444
Jan 15 12:51:08 host sshd[5864]: Invalid user zjw from 104.167.82.144 port 54498
Jan 15 12:51:08 host sshd[5851]: input_userauth_request: invalid user admin [preauth]
Jan 15 12:51:08 host sshd[5864]: input_userauth_request: invalid user zjw [preauth]
Jan 15 12:51:08 host sshd[5847]: Invalid user admin from 104.167.82.144 port 54336
Jan 15 12:51:08 host sshd[5847]: input_userauth_request: invalid user admin [preauth]
Jan 15 12:51:08 host sshd[5868]: Invalid user www from 104.167.82.144 port 54548
Jan 15 12:51:08 host sshd[5868]: input_userauth_request: invalid user www [preauth]
Jan 15 12:51:08 host sshd[5870]: Invalid user halo from 104.167.82.144 port 54506
Jan 15 12:51:08 host sshd[5865]: input_userauth_request: invalid user steam [preauth]
Jan 15 12:51:08 host sshd[5870]: input_userauth_request: invalid user halo [preauth]
Jan 15 12:51:08 host sshd[5848]: User root from 104.167.82.144 not allowed because not listed in AllowUsers
Jan 15 12:51:08 host sshd[5850]: Invalid user git from 104.167.82.144 port 54370
Jan 15 12:51:08 host sshd[5850]: input_userauth_request: invalid user git [preauth]
Jan 15 12:51:08 host sshd[5867]: User root from 104.167.82.144 not allowed because not listed in AllowUsers
Jan 15 12:51:08 host sshd[5867]: input_userauth_request: invalid user root [preauth]
Jan 15 12:51:08 host sshd[5848]: input_userauth_request: invalid user root [preauth]
Jan 15 12:51:08 host sshd[5849]: Invalid user esuser from 104.167.82.144 port 54514
Jan 15 12:51:08 host sshd[5849]: input_userauth_request: invalid user esuser [preauth]
Jan 15 12:51:08 host sshd[5852]: User root from 104.167.82.144 not allowed because not listed in AllowUsers
Jan 15 12:51:08 host sshd[5852]: input_userauth_request: invalid user root [preauth]
Jan 15 12:51:08 host sshd[5859]: Invalid user steam from 104.167.82.144 port 54386
Jan 15 12:51:08 host sshd[5854]: Invalid user es from 104.167.82.144 port 54646
Jan 15 12:51:08 host sshd[5859]: input_userauth_request: invalid user steam [preauth]
Jan 15 12:51:08 host sshd[5854]: input_userauth_request: invalid user es [preauth]
Jan 15 12:51:08 host sshd[5856]: User root from 104.167.82.144 not allowed because not listed in AllowUsers
Jan 15 12:51:08 host sshd[5856]: input_userauth_request: invalid user root [preauth]
Jan 15 12:51:08 host sshd[5853]: Invalid user devops from 104.167.82.144 port 54292
Jan 15 12:51:08 host sshd[5866]: Invalid user admin from 104.167.82.144 port 54468
Jan 15 12:51:08 host sshd[5861]: Invalid user steam from 104.167.82.144 port 54458
Jan 15 12:51:08 host sshd[5866]: input_userauth_request: invalid user admin [preauth]
Jan 15 12:51:08 host sshd[5863]: User root from 104.167.82.144 not allowed because not listed in AllowUsers
Jan 15 12:51:08 host sshd[5861]: input_userauth_request: invalid user steam [preauth]
Jan 15 12:51:08 host sshd[5869]: User root from 104.167.82.144 not allowed because not listed in AllowUsers
Jan 15 12:51:08 host sshd[5853]: input_userauth_request: invalid user devops [preauth]
Jan 15 12:51:08 host sshd[5869]: input_userauth_request: invalid user root [preauth]
Jan 15 12:51:08 host sshd[5858]: Invalid user zjw from 104.167.82.144 port 54346
Jan 15 12:51:08 host sshd[5860]: Invalid user admin from 104.167.82.144 port 54480
Jan 15 12:51:08 host sshd[5857]: Invalid user postgres from 104.167.82.144 port 54608
Jan 15 12:51:08 host sshd[5863]: input_userauth_request: invalid user root [preauth]
Jan 15 12:51:08 host sshd[5860]: input_userauth_request: invalid user admin [preauth]
Jan 15 12:51:08 host sshd[5858]: input_userauth_request: invalid user zjw [preauth]
Jan 15 12:51:08 host sshd[5857]: input_userauth_request: invalid user postgres [preauth]
Jan 15 12:51:08 host sshd[5846]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5862]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5855]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5851]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5864]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5847]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5857]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5858]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5849]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5850]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host unix_chkpwd[5902]: password check failed for user (root)
Jan 15 12:51:08 host sshd[5848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144 user=root
Jan 15 12:51:08 host sshd[5848]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:51:08 host sshd[5870]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5861]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host unix_chkpwd[5901]: password check failed for user (root)
Jan 15 12:51:08 host sshd[5853]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5866]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144 user=root
Jan 15 12:51:08 host sshd[5869]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:51:08 host sshd[5859]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5854]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5865]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host unix_chkpwd[5903]: password check failed for user (root)
Jan 15 12:51:08 host sshd[5852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144 user=root
Jan 15 12:51:08 host sshd[5852]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:51:08 host sshd[5868]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host sshd[5860]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 12:51:08 host sshd[5860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144
Jan 15 12:51:08 host unix_chkpwd[5904]: password check failed for user (root)
Jan 15 12:51:08 host sshd[5863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144 user=root
Jan 15 12:51:08 host sshd[5863]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:51:08 host unix_chkpwd[5906]: password check failed for user (root)
Jan 15 12:51:08 host sshd[5856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144 user=root
Jan 15 12:51:08 host sshd[5856]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:51:08 host unix_chkpwd[5907]: password check failed for user (root)
Jan 15 12:51:08 host sshd[5867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.167.82.144 user=root
Jan 15 12:51:08 host sshd[5867]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:51:10 host sshd[5846]: Failed password for invalid user guest from 104.167.82.144 port 54272 ssh2
Jan 15 12:51:10 host sshd[5862]: Failed password for invalid user admin from 104.167.82.144 port 54528 ssh2
Jan 15 12:51:10 host sshd[5855]: Failed password for invalid user devops from 104.167.82.144 port 54304 ssh2
Jan 15 12:51:10 host sshd[5851]: Failed password for invalid user admin from 104.167.82.144 port 54554 ssh2
Jan 15 12:51:10 host sshd[5864]: Failed password for invalid user zjw from 104.167.82.144 port 54498 ssh2
Jan 15 12:51:10 host sshd[5847]: Failed password for invalid user admin from 104.167.82.144 port 54336 ssh2
Jan 15 12:51:10 host sshd[5857]: Failed password for invalid user postgres from 104.167.82.144 port 54608 ssh2
Jan 15 12:51:10 host sshd[5858]: Failed password for invalid user zjw from 104.167.82.144 port 54346 ssh2
Jan 15 12:51:10 host sshd[5849]: Failed password for invalid user esuser from 104.167.82.144 port 54514 ssh2
Jan 15 12:51:10 host sshd[5850]: Failed password for invalid user git from 104.167.82.144 port 54370 ssh2
Jan 15 12:51:10 host sshd[5848]: Failed password for invalid user root from 104.167.82.144 port 54302 ssh2
Jan 15 12:51:10 host sshd[5870]: Failed password for invalid user halo from 104.167.82.144 port 54506 ssh2
Jan 15 12:51:10 host sshd[5861]: Failed password for invalid user steam from 104.167.82.144 port 54458 ssh2
Jan 15 12:51:10 host sshd[5853]: Failed password for invalid user devops from 104.167.82.144 port 54292 ssh2
Jan 15 12:51:10 host sshd[5869]: Failed password for invalid user root from 104.167.82.144 port 54536 ssh2
Jan 15 12:51:10 host sshd[5866]: Failed password for invalid user admin from 104.167.82.144 port 54468 ssh2
Jan 15 12:51:10 host sshd[5859]: Failed password for invalid user steam from 104.167.82.144 port 54386 ssh2
Jan 15 12:51:10 host sshd[5854]: Failed password for invalid user es from 104.167.82.144 port 54646 ssh2
Jan 15 12:51:10 host sshd[5846]: Connection closed by 104.167.82.144 port 54272 [preauth]
Jan 15 12:51:10 host sshd[5865]: Failed password for invalid user steam from 104.167.82.144 port 54444 ssh2
Jan 15 12:51:10 host sshd[5852]: Failed password for invalid user root from 104.167.82.144 port 54402 ssh2
Jan 15 12:51:10 host sshd[5862]: Connection closed by 104.167.82.144 port 54528 [preauth]
Jan 15 12:51:10 host sshd[5855]: Connection closed by 104.167.82.144 port 54304 [preauth]
Jan 15 12:51:10 host sshd[5868]: Failed password for invalid user www from 104.167.82.144 port 54548 ssh2
Jan 15 12:51:10 host sshd[5851]: Connection closed by 104.167.82.144 port 54554 [preauth]
Jan 15 12:51:10 host sshd[5864]: Connection closed by 104.167.82.144 port 54498 [preauth]
Jan 15 12:51:10 host sshd[5860]: Failed password for invalid user admin from 104.167.82.144 port 54480 ssh2
Jan 15 12:51:10 host sshd[5857]: Connection closed by 104.167.82.144 port 54608 [preauth]
Jan 15 12:51:10 host sshd[5858]: Connection closed by 104.167.82.144 port 54346 [preauth]
Jan 15 12:51:10 host sshd[5847]: Connection closed by 104.167.82.144 port 54336 [preauth]
Jan 15 12:51:10 host sshd[5849]: Connection closed by 104.167.82.144 port 54514 [preauth]
Jan 15 12:51:10 host sshd[5850]: Connection closed by 104.167.82.144 port 54370 [preauth]
Jan 15 12:51:10 host sshd[5863]: Failed password for invalid user root from 104.167.82.144 port 54356 ssh2
Jan 15 12:51:10 host sshd[5856]: Failed password for invalid user root from 104.167.82.144 port 54464 ssh2
Jan 15 12:51:10 host sshd[5861]: Connection closed by 104.167.82.144 port 54458 [preauth]
Jan 15 12:51:10 host sshd[5848]: Connection closed by 104.167.82.144 port 54302 [preauth]
Jan 15 12:51:10 host sshd[5854]: Connection closed by 104.167.82.144 port 54646 [preauth]
Jan 15 12:51:10 host sshd[5859]: Connection closed by 104.167.82.144 port 54386 [preauth]
Jan 15 12:51:10 host sshd[5853]: Connection closed by 104.167.82.144 port 54292 [preauth]
Jan 15 12:51:10 host sshd[5869]: Connection closed by 104.167.82.144 port 54536 [preauth]
Jan 15 12:51:10 host sshd[5866]: Connection closed by 104.167.82.144 port 54468 [preauth]
Jan 15 12:51:10 host sshd[5865]: Connection closed by 104.167.82.144 port 54444 [preauth]
Jan 15 12:51:10 host sshd[5852]: Connection closed by 104.167.82.144 port 54402 [preauth]
Jan 15 12:51:10 host sshd[5867]: Failed password for invalid user root from 104.167.82.144 port 54352 ssh2
Jan 15 12:51:10 host sshd[5868]: Connection closed by 104.167.82.144 port 54548 [preauth]
Jan 15 12:51:10 host sshd[5870]: Connection closed by 104.167.82.144 port 54506 [preauth]
Jan 15 12:51:10 host sshd[5860]: Connection closed by 104.167.82.144 port 54480 [preauth]
Jan 15 12:51:10 host sshd[5863]: Connection closed by 104.167.82.144 port 54356 [preauth]
Jan 15 12:51:10 host sshd[5856]: Connection closed by 104.167.82.144 port 54464 [preauth]
Jan 15 12:51:11 host sshd[5867]: Connection closed by 104.167.82.144 port 54352 [preauth]
Jan 15 12:57:55 host sshd[6748]: User root from 194.169.175.102 not allowed because not listed in AllowUsers
Jan 15 12:57:55 host sshd[6748]: input_userauth_request: invalid user root [preauth]
Jan 15 12:57:55 host unix_chkpwd[6752]: password check failed for user (root)
Jan 15 12:57:55 host sshd[6748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 user=root
Jan 15 12:57:55 host sshd[6748]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 12:57:58 host sshd[6748]: Failed password for invalid user root from 194.169.175.102 port 61896 ssh2
Jan 15 12:57:58 host sshd[6748]: Received disconnect from 194.169.175.102 port 61896:11: Client disconnecting normally [preauth]
Jan 15 12:57:58 host sshd[6748]: Disconnected from 194.169.175.102 port 61896 [preauth]
Jan 15 13:02:24 host sshd[7393]: Invalid user ek from 194.110.203.109 port 57830
Jan 15 13:02:24 host sshd[7393]: input_userauth_request: invalid user ek [preauth]
Jan 15 13:02:24 host sshd[7393]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:02:24 host sshd[7393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 13:02:26 host sshd[7393]: Failed password for invalid user ek from 194.110.203.109 port 57830 ssh2
Jan 15 13:02:29 host sshd[7393]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:02:31 host sshd[7393]: Failed password for invalid user ek from 194.110.203.109 port 57830 ssh2
Jan 15 13:02:34 host sshd[7393]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:02:37 host sshd[7393]: Failed password for invalid user ek from 194.110.203.109 port 57830 ssh2
Jan 15 13:02:40 host sshd[7393]: Connection closed by 194.110.203.109 port 57830 [preauth]
Jan 15 13:02:40 host sshd[7393]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 13:03:27 host sshd[7503]: User root from 165.154.242.88 not allowed because not listed in AllowUsers
Jan 15 13:03:27 host sshd[7503]: input_userauth_request: invalid user root [preauth]
Jan 15 13:03:27 host unix_chkpwd[7506]: password check failed for user (root)
Jan 15 13:03:27 host sshd[7503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.242.88 user=root
Jan 15 13:03:27 host sshd[7503]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:03:30 host sshd[7503]: Failed password for invalid user root from 165.154.242.88 port 27494 ssh2
Jan 15 13:03:30 host sshd[7503]: Received disconnect from 165.154.242.88 port 27494:11: Bye Bye [preauth]
Jan 15 13:03:30 host sshd[7503]: Disconnected from 165.154.242.88 port 27494 [preauth]
Jan 15 13:03:37 host sshd[7539]: User root from 143.198.123.124 not allowed because not listed in AllowUsers
Jan 15 13:03:37 host sshd[7539]: input_userauth_request: invalid user root [preauth]
Jan 15 13:03:37 host unix_chkpwd[7545]: password check failed for user (root)
Jan 15 13:03:37 host sshd[7539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.123.124 user=root
Jan 15 13:03:37 host sshd[7539]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:03:38 host sshd[7547]: User root from 170.106.114.160 not allowed because not listed in AllowUsers
Jan 15 13:03:38 host sshd[7547]: input_userauth_request: invalid user root [preauth]
Jan 15 13:03:38 host unix_chkpwd[7552]: password check failed for user (root)
Jan 15 13:03:38 host sshd[7547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.106.114.160 user=root
Jan 15 13:03:38 host sshd[7547]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:03:38 host sshd[7539]: Failed password for invalid user root from 143.198.123.124 port 47886 ssh2
Jan 15 13:03:39 host sshd[7539]: Received disconnect from 143.198.123.124 port 47886:11: Bye Bye [preauth]
Jan 15 13:03:39 host sshd[7539]: Disconnected from 143.198.123.124 port 47886 [preauth]
Jan 15 13:03:39 host sshd[7549]: Invalid user ec2-user from 114.33.143.108 port 49187
Jan 15 13:03:39 host sshd[7549]: input_userauth_request: invalid user ec2-user [preauth]
Jan 15 13:03:39 host sshd[7549]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:03:39 host sshd[7549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.143.108
Jan 15 13:03:40 host sshd[7547]: Failed password for invalid user root from 170.106.114.160 port 40630 ssh2
Jan 15 13:03:40 host sshd[7547]: Received disconnect from 170.106.114.160 port 40630:11: Bye Bye [preauth]
Jan 15 13:03:40 host sshd[7547]: Disconnected from 170.106.114.160 port 40630 [preauth]
Jan 15 13:03:41 host sshd[7549]: Failed password for invalid user ec2-user from 114.33.143.108 port 49187 ssh2
Jan 15 13:03:42 host sshd[7549]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:03:44 host sshd[7549]: Failed password for invalid user ec2-user from 114.33.143.108 port 49187 ssh2
Jan 15 13:03:44 host sshd[7549]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:03:46 host sshd[7549]: Failed password for invalid user ec2-user from 114.33.143.108 port 49187 ssh2
Jan 15 13:03:47 host sshd[7549]: Failed password for invalid user ec2-user from 114.33.143.108 port 49187 ssh2
Jan 15 13:03:47 host sshd[7549]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:03:49 host sshd[7549]: Failed password for invalid user ec2-user from 114.33.143.108 port 49187 ssh2
Jan 15 13:03:50 host sshd[7549]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:03:52 host sshd[7549]: Failed password for invalid user ec2-user from 114.33.143.108 port 49187 ssh2
Jan 15 13:03:52 host sshd[7549]: error: maximum authentication attempts exceeded for invalid user ec2-user from 114.33.143.108 port 49187 ssh2 [preauth]
Jan 15 13:03:52 host sshd[7549]: Disconnecting: Too many authentication failures [preauth]
Jan 15 13:03:52 host sshd[7549]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.143.108
Jan 15 13:03:52 host sshd[7549]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 15 13:05:27 host sshd[7792]: User root from 85.234.125.13 not allowed because not listed in AllowUsers
Jan 15 13:05:27 host sshd[7792]: input_userauth_request: invalid user root [preauth]
Jan 15 13:05:28 host unix_chkpwd[7795]: password check failed for user (root)
Jan 15 13:05:28 host sshd[7792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.234.125.13 user=root
Jan 15 13:05:28 host sshd[7792]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:05:30 host sshd[7792]: Failed password for invalid user root from 85.234.125.13 port 59148 ssh2
Jan 15 13:05:30 host sshd[7792]: Received disconnect from 85.234.125.13 port 59148:11: Bye Bye [preauth]
Jan 15 13:05:30 host sshd[7792]: Disconnected from 85.234.125.13 port 59148 [preauth]
Jan 15 13:05:33 host sshd[7874]: User root from 178.57.195.4 not allowed because not listed in AllowUsers
Jan 15 13:05:33 host sshd[7874]: input_userauth_request: invalid user root [preauth]
Jan 15 13:05:33 host unix_chkpwd[7893]: password check failed for user (root)
Jan 15 13:05:33 host sshd[7874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.57.195.4 user=root
Jan 15 13:05:33 host sshd[7874]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:05:35 host sshd[7874]: Failed password for invalid user root from 178.57.195.4 port 55282 ssh2
Jan 15 13:05:35 host sshd[7874]: Received disconnect from 178.57.195.4 port 55282:11: Bye Bye [preauth]
Jan 15 13:05:35 host sshd[7874]: Disconnected from 178.57.195.4 port 55282 [preauth]
Jan 15 13:06:08 host sshd[7974]: User root from 134.209.74.42 not allowed because not listed in AllowUsers
Jan 15 13:06:08 host sshd[7974]: input_userauth_request: invalid user root [preauth]
Jan 15 13:06:08 host unix_chkpwd[7977]: password check failed for user (root)
Jan 15 13:06:08 host sshd[7974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.74.42 user=root
Jan 15 13:06:08 host sshd[7974]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:06:10 host sshd[7974]: Failed password for invalid user root from 134.209.74.42 port 52962 ssh2
Jan 15 13:06:10 host sshd[7974]: Received disconnect from 134.209.74.42 port 52962:11: Bye Bye [preauth]
Jan 15 13:06:10 host sshd[7974]: Disconnected from 134.209.74.42 port 52962 [preauth]
Jan 15 13:06:44 host sshd[8036]: User root from 20.119.249.229 not allowed because not listed in AllowUsers
Jan 15 13:06:44 host sshd[8036]: input_userauth_request: invalid user root [preauth]
Jan 15 13:06:44 host unix_chkpwd[8039]: password check failed for user (root)
Jan 15 13:06:44 host sshd[8036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.119.249.229 user=root
Jan 15 13:06:44 host sshd[8036]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:06:46 host sshd[8036]: Failed password for invalid user root from 20.119.249.229 port 1024 ssh2
Jan 15 13:06:46 host sshd[8036]: Received disconnect from 20.119.249.229 port 1024:11: Bye Bye [preauth]
Jan 15 13:06:46 host sshd[8036]: Disconnected from 20.119.249.229 port 1024 [preauth]
Jan 15 13:08:01 host sshd[8165]: User root from 189.35.82.41 not allowed because not listed in AllowUsers
Jan 15 13:08:01 host sshd[8165]: input_userauth_request: invalid user root [preauth]
Jan 15 13:08:01 host unix_chkpwd[8168]: password check failed for user (root)
Jan 15 13:08:01 host sshd[8165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.35.82.41 user=root
Jan 15 13:08:01 host sshd[8165]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:08:02 host sshd[8165]: Failed password for invalid user root from 189.35.82.41 port 60263 ssh2
Jan 15 13:08:03 host sshd[8165]: Received disconnect from 189.35.82.41 port 60263:11: Bye Bye [preauth]
Jan 15 13:08:03 host sshd[8165]: Disconnected from 189.35.82.41 port 60263 [preauth]
Jan 15 13:08:59 host sshd[8274]: User root from 143.198.123.124 not allowed because not listed in AllowUsers
Jan 15 13:08:59 host sshd[8274]: input_userauth_request: invalid user root [preauth]
Jan 15 13:08:59 host unix_chkpwd[8281]: password check failed for user (root)
Jan 15 13:08:59 host sshd[8274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.123.124 user=root
Jan 15 13:08:59 host sshd[8274]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:09:01 host sshd[8274]: Failed password for invalid user root from 143.198.123.124 port 47392 ssh2
Jan 15 13:09:01 host sshd[8274]: Received disconnect from 143.198.123.124 port 47392:11: Bye Bye [preauth]
Jan 15 13:09:01 host sshd[8274]: Disconnected from 143.198.123.124 port 47392 [preauth]
Jan 15 13:09:20 host sshd[8356]: User root from 170.106.114.160 not allowed because not listed in AllowUsers
Jan 15 13:09:20 host sshd[8356]: input_userauth_request: invalid user root [preauth]
Jan 15 13:09:20 host unix_chkpwd[8360]: password check failed for user (root)
Jan 15 13:09:20 host sshd[8356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.106.114.160 user=root
Jan 15 13:09:20 host sshd[8356]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:09:22 host sshd[8356]: Failed password for invalid user root from 170.106.114.160 port 41816 ssh2
Jan 15 13:09:44 host sshd[8441]: User root from 134.209.74.42 not allowed because not listed in AllowUsers
Jan 15 13:09:44 host sshd[8441]: input_userauth_request: invalid user root [preauth]
Jan 15 13:09:44 host unix_chkpwd[8444]: password check failed for user (root)
Jan 15 13:09:44 host sshd[8441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.74.42 user=root
Jan 15 13:09:44 host sshd[8441]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:09:46 host sshd[8441]: Failed password for invalid user root from 134.209.74.42 port 41436 ssh2
Jan 15 13:09:57 host sshd[8486]: User root from 178.57.195.4 not allowed because not listed in AllowUsers
Jan 15 13:09:57 host sshd[8486]: input_userauth_request: invalid user root [preauth]
Jan 15 13:09:57 host unix_chkpwd[8489]: password check failed for user (root)
Jan 15 13:09:57 host sshd[8486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.57.195.4 user=root
Jan 15 13:09:57 host sshd[8486]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:09:59 host sshd[8486]: Failed password for invalid user root from 178.57.195.4 port 46232 ssh2
Jan 15 13:09:59 host sshd[8486]: Received disconnect from 178.57.195.4 port 46232:11: Bye Bye [preauth]
Jan 15 13:09:59 host sshd[8486]: Disconnected from 178.57.195.4 port 46232 [preauth]
Jan 15 13:10:00 host sshd[8492]: User root from 85.234.125.13 not allowed because not listed in AllowUsers
Jan 15 13:10:00 host sshd[8492]: input_userauth_request: invalid user root [preauth]
Jan 15 13:10:00 host unix_chkpwd[8495]: password check failed for user (root)
Jan 15 13:10:00 host sshd[8492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.234.125.13 user=root
Jan 15 13:10:00 host sshd[8492]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:10:02 host sshd[8492]: Failed password for invalid user root from 85.234.125.13 port 51470 ssh2
Jan 15 13:10:05 host sshd[8581]: User root from 165.154.242.88 not allowed because not listed in AllowUsers
Jan 15 13:10:05 host sshd[8581]: input_userauth_request: invalid user root [preauth]
Jan 15 13:10:05 host unix_chkpwd[8586]: password check failed for user (root)
Jan 15 13:10:05 host sshd[8581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.242.88 user=root
Jan 15 13:10:05 host sshd[8581]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:10:07 host sshd[8581]: Failed password for invalid user root from 165.154.242.88 port 30442 ssh2
Jan 15 13:10:44 host sshd[8685]: User root from 20.119.249.229 not allowed because not listed in AllowUsers
Jan 15 13:10:44 host sshd[8685]: input_userauth_request: invalid user root [preauth]
Jan 15 13:10:44 host unix_chkpwd[8688]: password check failed for user (root)
Jan 15 13:10:44 host sshd[8685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.119.249.229 user=root
Jan 15 13:10:44 host sshd[8685]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:10:46 host sshd[8685]: Failed password for invalid user root from 20.119.249.229 port 1024 ssh2
Jan 15 13:11:39 host sshd[8930]: User root from 189.35.82.41 not allowed because not listed in AllowUsers
Jan 15 13:11:39 host sshd[8930]: input_userauth_request: invalid user root [preauth]
Jan 15 13:11:40 host unix_chkpwd[8936]: password check failed for user (root)
Jan 15 13:11:40 host sshd[8930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.35.82.41 user=root
Jan 15 13:11:40 host sshd[8930]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:11:41 host sshd[8930]: Failed password for invalid user root from 189.35.82.41 port 52021 ssh2
Jan 15 13:14:25 host sshd[9253]: Invalid user hikvision from 112.157.220.67 port 62004
Jan 15 13:14:25 host sshd[9253]: input_userauth_request: invalid user hikvision [preauth]
Jan 15 13:14:25 host sshd[9253]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:14:25 host sshd[9253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.157.220.67
Jan 15 13:14:28 host sshd[9253]: Failed password for invalid user hikvision from 112.157.220.67 port 62004 ssh2
Jan 15 13:14:29 host sshd[9253]: Connection reset by 112.157.220.67 port 62004 [preauth]
Jan 15 13:15:12 host sshd[9346]: User root from 153.186.42.26 not allowed because not listed in AllowUsers
Jan 15 13:15:12 host sshd[9346]: input_userauth_request: invalid user root [preauth]
Jan 15 13:15:12 host unix_chkpwd[9350]: password check failed for user (root)
Jan 15 13:15:12 host sshd[9346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.186.42.26 user=root
Jan 15 13:15:12 host sshd[9346]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:15:14 host sshd[9346]: Failed password for invalid user root from 153.186.42.26 port 45437 ssh2
Jan 15 13:15:15 host sshd[9346]: Connection reset by 153.186.42.26 port 45437 [preauth]
Jan 15 13:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 13:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 13:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 13:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=cochintaxi user-2=wwwkaretakers user-3=laundryboniface user-4=a2zgroup user-5=dartsimp user-6=wwwpmcresource user-7=keralaholi user-8=wwwresourcehunte user-9=wwwrmswll user-10=ugotscom user-11=travelboniface user-12=wwwkapin user-13=woodpeck user-14=wwwkmaorg user-15=disposeat user-16=remysagr user-17=pmcresources user-18=vfmassets user-19=shalinijames user-20=wwwtestugo user-21=straightcurve user-22=wwwletsstalkfood user-23=bonifacegroup user-24=wwwevmhonda user-25=wwwnexidigital user-26=mrsclean user-27=palco123 user-28=gifterman user-29=phmetals user-30=kottayamcalldriv feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 13:22:02 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 13:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 13:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-5yzADysa2xvnfL0q.~
Jan 15 13:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-5yzADysa2xvnfL0q.~'
Jan 15 13:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-5yzADysa2xvnfL0q.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 13:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 13:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 13:22:03 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 13:22:03 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 13:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 13:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 13:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 13:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 13:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 13:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 13:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 13:22:46 host sshd[10580]: Invalid user super from 220.92.190.81 port 61542
Jan 15 13:22:46 host sshd[10580]: input_userauth_request: invalid user super [preauth]
Jan 15 13:22:46 host sshd[10580]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:22:46 host sshd[10580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.92.190.81
Jan 15 13:22:48 host sshd[10580]: Failed password for invalid user super from 220.92.190.81 port 61542 ssh2
Jan 15 13:22:48 host sshd[10580]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:22:50 host sshd[10580]: Failed password for invalid user super from 220.92.190.81 port 61542 ssh2
Jan 15 13:22:51 host sshd[10580]: Connection reset by 220.92.190.81 port 61542 [preauth]
Jan 15 13:22:51 host sshd[10580]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.92.190.81
Jan 15 13:22:52 host sshd[10585]: User root from 185.122.204.242 not allowed because not listed in AllowUsers
Jan 15 13:22:52 host sshd[10585]: input_userauth_request: invalid user root [preauth]
Jan 15 13:22:52 host unix_chkpwd[10596]: password check failed for user (root)
Jan 15 13:22:52 host sshd[10585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.122.204.242 user=root
Jan 15 13:22:52 host sshd[10585]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:22:54 host sshd[10597]: User root from 185.122.204.242 not allowed because not listed in AllowUsers
Jan 15 13:22:54 host sshd[10597]: input_userauth_request: invalid user root [preauth]
Jan 15 13:22:54 host unix_chkpwd[10600]: password check failed for user (root)
Jan 15 13:22:54 host sshd[10597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.122.204.242 user=root
Jan 15 13:22:54 host sshd[10597]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:22:54 host sshd[10585]: Failed password for invalid user root from 185.122.204.242 port 49658 ssh2
Jan 15 13:22:54 host sshd[10585]: Connection closed by 185.122.204.242 port 49658 [preauth]
Jan 15 13:22:56 host sshd[10597]: Failed password for invalid user root from 185.122.204.242 port 52742 ssh2
Jan 15 13:22:56 host sshd[10597]: Connection closed by 185.122.204.242 port 52742 [preauth]
Jan 15 13:24:11 host sshd[10758]: Invalid user pi from 125.229.164.216 port 58658
Jan 15 13:24:11 host sshd[10758]: input_userauth_request: invalid user pi [preauth]
Jan 15 13:24:11 host sshd[10758]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:24:11 host sshd[10758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.164.216
Jan 15 13:24:12 host sshd[10758]: Failed password for invalid user pi from 125.229.164.216 port 58658 ssh2
Jan 15 13:24:13 host sshd[10758]: Connection reset by 125.229.164.216 port 58658 [preauth]
Jan 15 13:35:34 host sshd[12146]: Connection reset by 175.212.95.239 port 61951 [preauth]
Jan 15 13:36:43 host sshd[12279]: Invalid user admin from 2.231.46.61 port 35866
Jan 15 13:36:43 host sshd[12279]: input_userauth_request: invalid user admin [preauth]
Jan 15 13:36:43 host sshd[12279]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:36:43 host sshd[12279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.231.46.61
Jan 15 13:36:45 host sshd[12279]: Failed password for invalid user admin from 2.231.46.61 port 35866 ssh2
Jan 15 13:36:46 host sshd[12279]: Connection reset by 2.231.46.61 port 35866 [preauth]
Jan 15 13:37:09 host sshd[12324]: Did not receive identification string from 149.129.220.222 port 61000
Jan 15 13:47:59 host sshd[14060]: Connection reset by 5.15.16.209 port 36465 [preauth]
Jan 15 13:50:57 host sshd[14476]: User root from 59.126.149.89 not allowed because not listed in AllowUsers
Jan 15 13:50:57 host sshd[14476]: input_userauth_request: invalid user root [preauth]
Jan 15 13:50:57 host unix_chkpwd[14487]: password check failed for user (root)
Jan 15 13:50:57 host sshd[14476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.149.89 user=root
Jan 15 13:50:57 host sshd[14476]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:51:00 host sshd[14476]: Failed password for invalid user root from 59.126.149.89 port 55271 ssh2
Jan 15 13:51:01 host unix_chkpwd[14492]: password check failed for user (root)
Jan 15 13:51:01 host sshd[14476]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:51:02 host sshd[14476]: Failed password for invalid user root from 59.126.149.89 port 55271 ssh2
Jan 15 13:51:03 host unix_chkpwd[14506]: password check failed for user (root)
Jan 15 13:51:03 host sshd[14476]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:51:05 host sshd[14476]: Failed password for invalid user root from 59.126.149.89 port 55271 ssh2
Jan 15 13:51:06 host unix_chkpwd[14509]: password check failed for user (root)
Jan 15 13:51:06 host sshd[14476]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 13:51:08 host sshd[14476]: Failed password for invalid user root from 59.126.149.89 port 55271 ssh2
Jan 15 13:52:31 host sshd[14779]: Invalid user hikvision from 220.132.53.201 port 35869
Jan 15 13:52:31 host sshd[14779]: input_userauth_request: invalid user hikvision [preauth]
Jan 15 13:52:31 host sshd[14779]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:52:31 host sshd[14779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.53.201
Jan 15 13:52:33 host sshd[14779]: Failed password for invalid user hikvision from 220.132.53.201 port 35869 ssh2
Jan 15 13:52:33 host sshd[14779]: Connection reset by 220.132.53.201 port 35869 [preauth]
Jan 15 13:54:06 host sshd[14928]: Invalid user admin from 220.135.13.109 port 44643
Jan 15 13:54:06 host sshd[14928]: input_userauth_request: invalid user admin [preauth]
Jan 15 13:54:06 host sshd[14928]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:54:06 host sshd[14928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.13.109
Jan 15 13:54:07 host sshd[14928]: Failed password for invalid user admin from 220.135.13.109 port 44643 ssh2
Jan 15 13:54:08 host sshd[14928]: Failed password for invalid user admin from 220.135.13.109 port 44643 ssh2
Jan 15 13:54:09 host sshd[14928]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:54:11 host sshd[14928]: Failed password for invalid user admin from 220.135.13.109 port 44643 ssh2
Jan 15 13:54:11 host sshd[14928]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:54:14 host sshd[14928]: Failed password for invalid user admin from 220.135.13.109 port 44643 ssh2
Jan 15 13:54:14 host sshd[14928]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:54:16 host sshd[14928]: Failed password for invalid user admin from 220.135.13.109 port 44643 ssh2
Jan 15 13:54:17 host sshd[14928]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 13:54:19 host sshd[14928]: Failed password for invalid user admin from 220.135.13.109 port 44643 ssh2
Jan 15 13:54:19 host sshd[14928]: error: maximum authentication attempts exceeded for invalid user admin from 220.135.13.109 port 44643 ssh2 [preauth]
Jan 15 13:54:19 host sshd[14928]: Disconnecting: Too many authentication failures [preauth]
Jan 15 13:54:19 host sshd[14928]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.13.109
Jan 15 13:54:19 host sshd[14928]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 15 14:15:54 host sshd[17766]: Invalid user pi from 175.205.145.158 port 57577
Jan 15 14:15:54 host sshd[17766]: input_userauth_request: invalid user pi [preauth]
Jan 15 14:15:54 host sshd[17766]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:15:54 host sshd[17766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.205.145.158
Jan 15 14:15:56 host sshd[17766]: Failed password for invalid user pi from 175.205.145.158 port 57577 ssh2
Jan 15 14:15:57 host sshd[17766]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:15:59 host sshd[17766]: Failed password for invalid user pi from 175.205.145.158 port 57577 ssh2
Jan 15 14:16:00 host sshd[17766]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:16:01 host sshd[17766]: Failed password for invalid user pi from 175.205.145.158 port 57577 ssh2
Jan 15 14:16:03 host sshd[17766]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:16:05 host sshd[17766]: Failed password for invalid user pi from 175.205.145.158 port 57577 ssh2
Jan 15 14:16:06 host sshd[17766]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:16:08 host sshd[17766]: Failed password for invalid user pi from 175.205.145.158 port 57577 ssh2
Jan 15 14:16:39 host sshd[17991]: User root from 141.98.11.66 not allowed because not listed in AllowUsers
Jan 15 14:16:39 host sshd[17991]: input_userauth_request: invalid user root [preauth]
Jan 15 14:16:39 host unix_chkpwd[17995]: password check failed for user (root)
Jan 15 14:16:39 host sshd[17991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.11.66 user=root
Jan 15 14:16:39 host sshd[17991]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 14:16:42 host sshd[17991]: Failed password for invalid user root from 141.98.11.66 port 37862 ssh2
Jan 15 14:16:42 host sshd[17991]: Received disconnect from 141.98.11.66 port 37862:11: Normal Shutdown, Thank you for playing [preauth]
Jan 15 14:16:42 host sshd[17991]: Disconnected from 141.98.11.66 port 37862 [preauth]
Jan 15 14:20:55 host sshd[18459]: Invalid user emcali from 114.26.170.22 port 53855
Jan 15 14:20:55 host sshd[18459]: input_userauth_request: invalid user emcali [preauth]
Jan 15 14:20:55 host sshd[18459]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:20:55 host sshd[18459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.26.170.22
Jan 15 14:20:57 host sshd[18459]: Failed password for invalid user emcali from 114.26.170.22 port 53855 ssh2
Jan 15 14:20:59 host sshd[18459]: Failed password for invalid user emcali from 114.26.170.22 port 53855 ssh2
Jan 15 14:20:59 host sshd[18459]: Connection closed by 114.26.170.22 port 53855 [preauth]
Jan 15 14:20:59 host sshd[18467]: Invalid user hikvision from 118.41.49.96 port 59119
Jan 15 14:20:59 host sshd[18467]: input_userauth_request: invalid user hikvision [preauth]
Jan 15 14:20:59 host sshd[18467]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:20:59 host sshd[18467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.41.49.96
Jan 15 14:21:01 host sshd[18467]: Failed password for invalid user hikvision from 118.41.49.96 port 59119 ssh2
Jan 15 14:21:02 host sshd[18467]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:21:05 host sshd[18467]: Failed password for invalid user hikvision from 118.41.49.96 port 59119 ssh2
Jan 15 14:21:05 host sshd[18467]: Failed password for invalid user hikvision from 118.41.49.96 port 59119 ssh2
Jan 15 14:21:06 host sshd[18467]: Connection closed by 118.41.49.96 port 59119 [preauth]
Jan 15 14:21:06 host sshd[18467]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.41.49.96
Jan 15 14:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=mrsclean user-2=wwwnexidigital user-3=gifterman user-4=palco123 user-5=phmetals user-6=kottayamcalldriv user-7=straightcurve user-8=wwwletsstalkfood user-9=bonifacegroup user-10=wwwevmhonda user-11=pmcresources user-12=vfmassets user-13=wwwtestugo user-14=shalinijames user-15=woodpeck user-16=wwwkapin user-17=wwwkmaorg user-18=disposeat user-19=remysagr user-20=wwwrmswll user-21=wwwresourcehunte user-22=keralaholi user-23=ugotscom user-24=travelboniface user-25=wwwpmcresource user-26=laundryboniface user-27=dartsimp user-28=a2zgroup user-29=wwwkaretakers user-30=cochintaxi feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 14:22:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-m1h3xwOu59APW56Y.~
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-m1h3xwOu59APW56Y.~'
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-m1h3xwOu59APW56Y.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 14:22:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 14:22:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 14:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 14:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 14:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 14:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 14:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 14:22:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 14:22:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 14:23:47 host sshd[18975]: User root from 141.98.11.66 not allowed because not listed in AllowUsers
Jan 15 14:23:47 host sshd[18975]: input_userauth_request: invalid user root [preauth]
Jan 15 14:23:47 host unix_chkpwd[18979]: password check failed for user (root)
Jan 15 14:23:47 host sshd[18975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.11.66 user=root
Jan 15 14:23:47 host sshd[18975]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 14:23:49 host sshd[18975]: Failed password for invalid user root from 141.98.11.66 port 53144 ssh2
Jan 15 14:23:49 host sshd[18975]: Received disconnect from 141.98.11.66 port 53144:11: Normal Shutdown, Thank you for playing [preauth]
Jan 15 14:23:49 host sshd[18975]: Disconnected from 141.98.11.66 port 53144 [preauth]
Jan 15 14:24:26 host sshd[19174]: Invalid user user from 117.2.67.93 port 59736
Jan 15 14:24:26 host sshd[19174]: input_userauth_request: invalid user user [preauth]
Jan 15 14:24:27 host sshd[19174]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:24:27 host sshd[19174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.2.67.93
Jan 15 14:24:28 host sshd[19174]: Failed password for invalid user user from 117.2.67.93 port 59736 ssh2
Jan 15 14:24:29 host sshd[19174]: Connection closed by 117.2.67.93 port 59736 [preauth]
Jan 15 14:25:37 host sshd[19337]: Connection reset by 59.8.83.147 port 63989 [preauth]
Jan 15 14:33:26 host sshd[20320]: User root from 122.117.59.154 not allowed because not listed in AllowUsers
Jan 15 14:33:26 host sshd[20320]: input_userauth_request: invalid user root [preauth]
Jan 15 14:33:26 host unix_chkpwd[20325]: password check failed for user (root)
Jan 15 14:33:26 host sshd[20320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.59.154 user=root
Jan 15 14:33:26 host sshd[20320]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 14:33:28 host sshd[20320]: Failed password for invalid user root from 122.117.59.154 port 45320 ssh2
Jan 15 14:33:29 host unix_chkpwd[20352]: password check failed for user (root)
Jan 15 14:33:29 host sshd[20320]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 14:33:32 host sshd[20320]: Failed password for invalid user root from 122.117.59.154 port 45320 ssh2
Jan 15 14:33:33 host unix_chkpwd[20360]: password check failed for user (root)
Jan 15 14:33:33 host sshd[20320]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 14:33:35 host sshd[20320]: Failed password for invalid user root from 122.117.59.154 port 45320 ssh2
Jan 15 14:33:36 host unix_chkpwd[20368]: password check failed for user (root)
Jan 15 14:33:36 host sshd[20320]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 14:33:38 host sshd[20320]: Failed password for invalid user root from 122.117.59.154 port 45320 ssh2
Jan 15 14:33:38 host unix_chkpwd[20371]: password check failed for user (root)
Jan 15 14:33:38 host sshd[20320]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 14:33:40 host sshd[20320]: Failed password for invalid user root from 122.117.59.154 port 45320 ssh2
Jan 15 14:34:35 host sshd[20509]: Invalid user oracle from 47.23.31.173 port 34208
Jan 15 14:34:35 host sshd[20509]: input_userauth_request: invalid user oracle [preauth]
Jan 15 14:34:35 host sshd[20509]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:34:35 host sshd[20509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.23.31.173
Jan 15 14:34:38 host sshd[20509]: Failed password for invalid user oracle from 47.23.31.173 port 34208 ssh2
Jan 15 14:34:40 host sshd[20509]: Connection reset by 47.23.31.173 port 34208 [preauth]
Jan 15 14:38:20 host sshd[21030]: Invalid user admin from 121.161.116.161 port 62943
Jan 15 14:38:20 host sshd[21030]: input_userauth_request: invalid user admin [preauth]
Jan 15 14:38:20 host sshd[21030]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:38:20 host sshd[21030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.161.116.161
Jan 15 14:38:21 host sshd[21030]: Failed password for invalid user admin from 121.161.116.161 port 62943 ssh2
Jan 15 14:38:22 host sshd[21030]: Failed password for invalid user admin from 121.161.116.161 port 62943 ssh2
Jan 15 14:38:23 host sshd[21030]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:38:26 host sshd[21030]: Failed password for invalid user admin from 121.161.116.161 port 62943 ssh2
Jan 15 14:38:27 host sshd[21030]: Connection reset by 121.161.116.161 port 62943 [preauth]
Jan 15 14:38:27 host sshd[21030]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.161.116.161
Jan 15 14:49:58 host sshd[22595]: Invalid user bryan from 107.189.30.59 port 49560
Jan 15 14:49:58 host sshd[22595]: input_userauth_request: invalid user bryan [preauth]
Jan 15 14:49:58 host sshd[22595]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:49:58 host sshd[22595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 15 14:50:00 host sshd[22595]: Failed password for invalid user bryan from 107.189.30.59 port 49560 ssh2
Jan 15 14:50:00 host sshd[22595]: Connection closed by 107.189.30.59 port 49560 [preauth]
Jan 15 14:53:24 host sshd[23083]: Connection reset by 59.126.35.101 port 52534 [preauth]
Jan 15 14:54:40 host sshd[23278]: Invalid user el from 194.110.203.109 port 48078
Jan 15 14:54:40 host sshd[23278]: input_userauth_request: invalid user el [preauth]
Jan 15 14:54:40 host sshd[23278]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:54:40 host sshd[23278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 14:54:43 host sshd[23278]: Failed password for invalid user el from 194.110.203.109 port 48078 ssh2
Jan 15 14:54:46 host sshd[23278]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:54:47 host sshd[23278]: Failed password for invalid user el from 194.110.203.109 port 48078 ssh2
Jan 15 14:54:50 host sshd[23278]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:54:52 host sshd[23278]: Failed password for invalid user el from 194.110.203.109 port 48078 ssh2
Jan 15 14:54:55 host sshd[23278]: Connection closed by 194.110.203.109 port 48078 [preauth]
Jan 15 14:54:55 host sshd[23278]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 14:59:24 host sshd[23861]: Invalid user ubnt from 95.181.161.70 port 38944
Jan 15 14:59:24 host sshd[23861]: input_userauth_request: invalid user ubnt [preauth]
Jan 15 14:59:24 host sshd[23861]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:59:24 host sshd[23861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.181.161.70
Jan 15 14:59:25 host sshd[23861]: Failed password for invalid user ubnt from 95.181.161.70 port 38944 ssh2
Jan 15 14:59:26 host sshd[23861]: Received disconnect from 95.181.161.70 port 38944:11: Bye Bye [preauth]
Jan 15 14:59:26 host sshd[23861]: Disconnected from 95.181.161.70 port 38944 [preauth]
Jan 15 14:59:27 host sshd[23866]: Invalid user admin from 95.181.161.70 port 43706
Jan 15 14:59:27 host sshd[23866]: input_userauth_request: invalid user admin [preauth]
Jan 15 14:59:27 host sshd[23866]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:59:27 host sshd[23866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.181.161.70
Jan 15 14:59:29 host sshd[23866]: Failed password for invalid user admin from 95.181.161.70 port 43706 ssh2
Jan 15 14:59:29 host sshd[23866]: Received disconnect from 95.181.161.70 port 43706:11: Bye Bye [preauth]
Jan 15 14:59:29 host sshd[23866]: Disconnected from 95.181.161.70 port 43706 [preauth]
Jan 15 14:59:31 host sshd[23893]: User root from 95.181.161.70 not allowed because not listed in AllowUsers
Jan 15 14:59:31 host sshd[23893]: input_userauth_request: invalid user root [preauth]
Jan 15 14:59:31 host unix_chkpwd[23896]: password check failed for user (root)
Jan 15 14:59:31 host sshd[23893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.181.161.70 user=root
Jan 15 14:59:31 host sshd[23893]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 14:59:33 host sshd[23893]: Failed password for invalid user root from 95.181.161.70 port 49316 ssh2
Jan 15 14:59:33 host sshd[23893]: Received disconnect from 95.181.161.70 port 49316:11: Bye Bye [preauth]
Jan 15 14:59:33 host sshd[23893]: Disconnected from 95.181.161.70 port 49316 [preauth]
Jan 15 14:59:35 host sshd[23899]: Invalid user 1234 from 95.181.161.70 port 54474
Jan 15 14:59:35 host sshd[23899]: input_userauth_request: invalid user 1234 [preauth]
Jan 15 14:59:35 host sshd[23899]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 14:59:35 host sshd[23899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.181.161.70
Jan 15 14:59:36 host sshd[23899]: Failed password for invalid user 1234 from 95.181.161.70 port 54474 ssh2
Jan 15 15:02:10 host sshd[24313]: Did not receive identification string from 51.15.3.135 port 50864
Jan 15 15:02:11 host sshd[24314]: Invalid user pi from 51.15.3.135 port 52850
Jan 15 15:02:11 host sshd[24314]: input_userauth_request: invalid user pi [preauth]
Jan 15 15:02:11 host sshd[24314]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:02:11 host sshd[24314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 15 15:02:13 host sshd[24314]: Failed password for invalid user pi from 51.15.3.135 port 52850 ssh2
Jan 15 15:02:13 host sshd[24314]: Connection closed by 51.15.3.135 port 52850 [preauth]
Jan 15 15:03:44 host sshd[24485]: User root from 197.234.43.131 not allowed because not listed in AllowUsers
Jan 15 15:03:44 host sshd[24485]: input_userauth_request: invalid user root [preauth]
Jan 15 15:03:45 host unix_chkpwd[24495]: password check failed for user (root)
Jan 15 15:03:45 host sshd[24485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.234.43.131 user=root
Jan 15 15:03:45 host sshd[24485]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 15:03:47 host sshd[24485]: Failed password for invalid user root from 197.234.43.131 port 60198 ssh2
Jan 15 15:03:49 host sshd[24485]: Connection closed by 197.234.43.131 port 60198 [preauth]
Jan 15 15:16:12 host sshd[26112]: Connection reset by 121.148.214.171 port 63090 [preauth]
Jan 15 15:17:28 host sshd[26223]: User root from 23.116.82.170 not allowed because not listed in AllowUsers
Jan 15 15:17:28 host sshd[26223]: input_userauth_request: invalid user root [preauth]
Jan 15 15:17:28 host unix_chkpwd[26228]: password check failed for user (root)
Jan 15 15:17:28 host sshd[26223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.116.82.170 user=root
Jan 15 15:17:28 host sshd[26223]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 15:17:30 host sshd[26223]: Failed password for invalid user root from 23.116.82.170 port 38263 ssh2
Jan 15 15:17:31 host unix_chkpwd[26253]: password check failed for user (root)
Jan 15 15:17:31 host sshd[26223]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 15:17:33 host sshd[26223]: Failed password for invalid user root from 23.116.82.170 port 38263 ssh2
Jan 15 15:17:33 host unix_chkpwd[26260]: password check failed for user (root)
Jan 15 15:17:33 host sshd[26223]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 15:17:36 host sshd[26223]: Failed password for invalid user root from 23.116.82.170 port 38263 ssh2
Jan 15 15:17:36 host sshd[26223]: Connection reset by 23.116.82.170 port 38263 [preauth]
Jan 15 15:17:36 host sshd[26223]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.116.82.170 user=root
Jan 15 15:19:37 host sshd[26644]: Invalid user admin from 97.101.208.71 port 57384
Jan 15 15:19:37 host sshd[26644]: input_userauth_request: invalid user admin [preauth]
Jan 15 15:19:38 host sshd[26644]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:19:38 host sshd[26644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.101.208.71
Jan 15 15:19:40 host sshd[26644]: Failed password for invalid user admin from 97.101.208.71 port 57384 ssh2
Jan 15 15:19:40 host sshd[26644]: Received disconnect from 97.101.208.71 port 57384:11: Bye Bye [preauth]
Jan 15 15:19:40 host sshd[26644]: Disconnected from 97.101.208.71 port 57384 [preauth]
Jan 15 15:19:42 host sshd[26651]: Invalid user admin from 97.101.208.71 port 57726
Jan 15 15:19:42 host sshd[26651]: input_userauth_request: invalid user admin [preauth]
Jan 15 15:19:43 host sshd[26651]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:19:43 host sshd[26651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.101.208.71
Jan 15 15:19:45 host sshd[26651]: Failed password for invalid user admin from 97.101.208.71 port 57726 ssh2
Jan 15 15:19:45 host sshd[26651]: Received disconnect from 97.101.208.71 port 57726:11: Bye Bye [preauth]
Jan 15 15:19:45 host sshd[26651]: Disconnected from 97.101.208.71 port 57726 [preauth]
Jan 15 15:19:47 host sshd[26657]: Invalid user admin from 97.101.208.71 port 57776
Jan 15 15:19:47 host sshd[26657]: input_userauth_request: invalid user admin [preauth]
Jan 15 15:19:47 host sshd[26657]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:19:47 host sshd[26657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.101.208.71
Jan 15 15:19:49 host sshd[26657]: Failed password for invalid user admin from 97.101.208.71 port 57776 ssh2
Jan 15 15:19:49 host sshd[26657]: Received disconnect from 97.101.208.71 port 57776:11: Bye Bye [preauth]
Jan 15 15:19:49 host sshd[26657]: Disconnected from 97.101.208.71 port 57776 [preauth]
Jan 15 15:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwrmswll user-2=wwwresourcehunte user-3=keralaholi user-4=ugotscom user-5=travelboniface user-6=wwwpmcresource user-7=laundryboniface user-8=dartsimp user-9=a2zgroup user-10=cochintaxi user-11=wwwkaretakers user-12=wwwnexidigital user-13=mrsclean user-14=gifterman user-15=palco123 user-16=phmetals user-17=kottayamcalldriv user-18=wwwletsstalkfood user-19=straightcurve user-20=bonifacegroup user-21=wwwevmhonda user-22=pmcresources user-23=vfmassets user-24=wwwtestugo user-25=shalinijames user-26=woodpeck user-27=wwwkapin user-28=disposeat user-29=wwwkmaorg user-30=remysagr feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 15:22:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-zin7IvacrCZyB4up.~
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-zin7IvacrCZyB4up.~'
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-zin7IvacrCZyB4up.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 15:22:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 15:22:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 15:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 15:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 15:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 15:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 15:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 15:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 15:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 15:22:22 host sshd[27199]: Invalid user support from 109.193.161.176 port 33492
Jan 15 15:22:22 host sshd[27199]: input_userauth_request: invalid user support [preauth]
Jan 15 15:22:22 host sshd[27199]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:22:22 host sshd[27199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.193.161.176
Jan 15 15:22:24 host sshd[27199]: Failed password for invalid user support from 109.193.161.176 port 33492 ssh2
Jan 15 15:22:24 host sshd[27199]: Connection closed by 109.193.161.176 port 33492 [preauth]
Jan 15 15:25:58 host sshd[27682]: Connection reset by 223.206.49.244 port 50577 [preauth]
Jan 15 15:41:11 host sshd[29602]: User root from 39.75.231.25 not allowed because not listed in AllowUsers
Jan 15 15:41:11 host sshd[29602]: input_userauth_request: invalid user root [preauth]
Jan 15 15:41:12 host unix_chkpwd[29610]: password check failed for user (root)
Jan 15 15:41:12 host sshd[29602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.75.231.25 user=root
Jan 15 15:41:12 host sshd[29602]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 15:41:14 host sshd[29602]: Failed password for invalid user root from 39.75.231.25 port 58778 ssh2
Jan 15 15:41:15 host sshd[29602]: Connection closed by 39.75.231.25 port 58778 [preauth]
Jan 15 15:51:31 host sshd[31083]: Invalid user ubuntu from 211.228.25.108 port 61985
Jan 15 15:51:31 host sshd[31083]: input_userauth_request: invalid user ubuntu [preauth]
Jan 15 15:51:31 host sshd[31083]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:51:31 host sshd[31083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.25.108
Jan 15 15:51:32 host sshd[31083]: Failed password for invalid user ubuntu from 211.228.25.108 port 61985 ssh2
Jan 15 15:51:32 host sshd[31083]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:51:34 host sshd[31083]: Failed password for invalid user ubuntu from 211.228.25.108 port 61985 ssh2
Jan 15 15:51:36 host sshd[31083]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:51:38 host sshd[31083]: Failed password for invalid user ubuntu from 211.228.25.108 port 61985 ssh2
Jan 15 15:51:38 host sshd[31083]: Failed password for invalid user ubuntu from 211.228.25.108 port 61985 ssh2
Jan 15 15:51:38 host sshd[31083]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:51:41 host sshd[31083]: Failed password for invalid user ubuntu from 211.228.25.108 port 61985 ssh2
Jan 15 15:51:41 host sshd[31083]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:51:43 host sshd[31083]: Failed password for invalid user ubuntu from 211.228.25.108 port 61985 ssh2
Jan 15 15:51:43 host sshd[31083]: error: maximum authentication attempts exceeded for invalid user ubuntu from 211.228.25.108 port 61985 ssh2 [preauth]
Jan 15 15:51:43 host sshd[31083]: Disconnecting: Too many authentication failures [preauth]
Jan 15 15:51:43 host sshd[31083]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.228.25.108
Jan 15 15:51:43 host sshd[31083]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 15 15:57:05 host sshd[31771]: Invalid user pi from 223.197.183.126 port 51284
Jan 15 15:57:05 host sshd[31771]: input_userauth_request: invalid user pi [preauth]
Jan 15 15:57:05 host sshd[31771]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:57:05 host sshd[31771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.197.183.126
Jan 15 15:57:07 host sshd[31771]: Failed password for invalid user pi from 223.197.183.126 port 51284 ssh2
Jan 15 15:57:08 host sshd[31771]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:57:10 host sshd[31771]: Failed password for invalid user pi from 223.197.183.126 port 51284 ssh2
Jan 15 15:57:10 host sshd[31771]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:57:12 host sshd[31771]: Failed password for invalid user pi from 223.197.183.126 port 51284 ssh2
Jan 15 15:57:12 host sshd[31771]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:57:14 host sshd[31771]: Failed password for invalid user pi from 223.197.183.126 port 51284 ssh2
Jan 15 15:57:14 host sshd[31771]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:57:16 host sshd[31771]: Failed password for invalid user pi from 223.197.183.126 port 51284 ssh2
Jan 15 15:57:16 host sshd[31771]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:57:19 host sshd[31771]: Failed password for invalid user pi from 223.197.183.126 port 51284 ssh2
Jan 15 15:57:19 host sshd[31771]: error: maximum authentication attempts exceeded for invalid user pi from 223.197.183.126 port 51284 ssh2 [preauth]
Jan 15 15:57:19 host sshd[31771]: Disconnecting: Too many authentication failures [preauth]
Jan 15 15:57:19 host sshd[31771]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.197.183.126
Jan 15 15:57:19 host sshd[31771]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 15 15:58:31 host sshd[32046]: Invalid user vadmin from 220.122.86.187 port 60050
Jan 15 15:58:31 host sshd[32046]: input_userauth_request: invalid user vadmin [preauth]
Jan 15 15:58:31 host sshd[32046]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 15:58:31 host sshd[32046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.122.86.187
Jan 15 15:58:33 host sshd[32046]: Failed password for invalid user vadmin from 220.122.86.187 port 60050 ssh2
Jan 15 15:58:33 host sshd[32046]: Connection reset by 220.122.86.187 port 60050 [preauth]
Jan 15 15:59:22 host sshd[32180]: User root from 180.117.20.20 not allowed because not listed in AllowUsers
Jan 15 15:59:22 host sshd[32180]: input_userauth_request: invalid user root [preauth]
Jan 15 15:59:23 host unix_chkpwd[32184]: password check failed for user (root)
Jan 15 15:59:23 host sshd[32180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.117.20.20 user=root
Jan 15 15:59:23 host sshd[32180]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 15:59:26 host sshd[32180]: Failed password for invalid user root from 180.117.20.20 port 60399 ssh2
Jan 15 15:59:26 host sshd[32180]: Connection closed by 180.117.20.20 port 60399 [preauth]
Jan 15 16:01:39 host sshd[32470]: Connection reset by 119.200.132.123 port 36736 [preauth]
Jan 15 16:09:12 host sshd[1098]: User root from 51.250.1.109 not allowed because not listed in AllowUsers
Jan 15 16:09:12 host sshd[1098]: input_userauth_request: invalid user root [preauth]
Jan 15 16:09:12 host unix_chkpwd[1101]: password check failed for user (root)
Jan 15 16:09:12 host sshd[1098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.1.109 user=root
Jan 15 16:09:12 host sshd[1098]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 16:09:14 host sshd[1103]: User root from 102.176.188.35 not allowed because not listed in AllowUsers
Jan 15 16:09:14 host sshd[1103]: input_userauth_request: invalid user root [preauth]
Jan 15 16:09:14 host unix_chkpwd[1106]: password check failed for user (root)
Jan 15 16:09:14 host sshd[1098]: Failed password for invalid user root from 51.250.1.109 port 36616 ssh2
Jan 15 16:09:14 host sshd[1103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.176.188.35 user=root
Jan 15 16:09:14 host sshd[1103]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 16:09:14 host sshd[1098]: Received disconnect from 51.250.1.109 port 36616:11: Bye Bye [preauth]
Jan 15 16:09:14 host sshd[1098]: Disconnected from 51.250.1.109 port 36616 [preauth]
Jan 15 16:09:16 host sshd[1103]: Failed password for invalid user root from 102.176.188.35 port 54858 ssh2
Jan 15 16:09:16 host sshd[1103]: Received disconnect from 102.176.188.35 port 54858:11: Bye Bye [preauth]
Jan 15 16:09:16 host sshd[1103]: Disconnected from 102.176.188.35 port 54858 [preauth]
Jan 15 16:09:43 host sshd[1166]: User root from 70.45.248.52 not allowed because not listed in AllowUsers
Jan 15 16:09:43 host sshd[1166]: input_userauth_request: invalid user root [preauth]
Jan 15 16:09:43 host unix_chkpwd[1173]: password check failed for user (root)
Jan 15 16:09:43 host sshd[1166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=70.45.248.52 user=root
Jan 15 16:09:43 host sshd[1166]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 16:09:45 host sshd[1166]: Failed password for invalid user root from 70.45.248.52 port 50224 ssh2
Jan 15 16:09:45 host sshd[1166]: Received disconnect from 70.45.248.52 port 50224:11: Bye Bye [preauth]
Jan 15 16:09:45 host sshd[1166]: Disconnected from 70.45.248.52 port 50224 [preauth]
Jan 15 16:12:12 host sshd[1473]: User root from 157.245.156.72 not allowed because not listed in AllowUsers
Jan 15 16:12:12 host sshd[1473]: input_userauth_request: invalid user root [preauth]
Jan 15 16:12:12 host unix_chkpwd[1476]: password check failed for user (root)
Jan 15 16:12:12 host sshd[1473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.156.72 user=root
Jan 15 16:12:12 host sshd[1473]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 16:12:14 host sshd[1473]: Failed password for invalid user root from 157.245.156.72 port 44710 ssh2
Jan 15 16:12:14 host sshd[1473]: Received disconnect from 157.245.156.72 port 44710:11: Bye Bye [preauth]
Jan 15 16:12:14 host sshd[1473]: Disconnected from 157.245.156.72 port 44710 [preauth]
Jan 15 16:12:25 host sshd[1488]: User root from 144.217.243.126 not allowed because not listed in AllowUsers
Jan 15 16:12:25 host sshd[1488]: input_userauth_request: invalid user root [preauth]
Jan 15 16:12:26 host unix_chkpwd[1491]: password check failed for user (root)
Jan 15 16:12:26 host sshd[1488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.217.243.126 user=root
Jan 15 16:12:26 host sshd[1488]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 16:12:27 host sshd[1488]: Failed password for invalid user root from 144.217.243.126 port 34006 ssh2
Jan 15 16:12:27 host sshd[1488]: Received disconnect from 144.217.243.126 port 34006:11: Bye Bye [preauth]
Jan 15 16:12:27 host sshd[1488]: Disconnected from 144.217.243.126 port 34006 [preauth]
Jan 15 16:14:58 host sshd[2004]: User root from 102.176.188.35 not allowed because not listed in AllowUsers
Jan 15 16:14:58 host sshd[2004]: input_userauth_request: invalid user root [preauth]
Jan 15 16:14:58 host unix_chkpwd[2012]: password check failed for user (root)
Jan 15 16:14:58 host sshd[2004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.176.188.35 user=root
Jan 15 16:14:58 host sshd[2004]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 16:14:59 host sshd[2009]: User root from 51.250.1.109 not allowed because not listed in AllowUsers
Jan 15 16:14:59 host sshd[2009]: input_userauth_request: invalid user root [preauth]
Jan 15 16:14:59 host unix_chkpwd[2015]: password check failed for user (root)
Jan 15 16:14:59 host sshd[2009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.1.109 user=root
Jan 15 16:14:59 host sshd[2009]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 16:15:00 host sshd[2004]: Failed password for invalid user root from 102.176.188.35 port 54698 ssh2
Jan 15 16:15:00 host sshd[2004]: Received disconnect from 102.176.188.35 port 54698:11: Bye Bye [preauth]
Jan 15 16:15:00 host sshd[2004]: Disconnected from 102.176.188.35 port 54698 [preauth]
Jan 15 16:15:01 host sshd[2009]: Failed password for invalid user root from 51.250.1.109 port 37160 ssh2
Jan 15 16:15:01 host sshd[2009]: Received disconnect from 51.250.1.109 port 37160:11: Bye Bye [preauth]
Jan 15 16:15:01 host sshd[2009]: Disconnected from 51.250.1.109 port 37160 [preauth]
Jan 15 16:15:18 host sshd[2125]: Connection closed by 70.45.248.52 port 34046 [preauth]
Jan 15 16:15:42 host sshd[2189]: User root from 144.217.243.126 not allowed because not listed in AllowUsers
Jan 15 16:15:42 host sshd[2189]: input_userauth_request: invalid user root [preauth]
Jan 15 16:15:42 host unix_chkpwd[2196]: password check failed for user (root)
Jan 15 16:15:42 host sshd[2189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.217.243.126 user=root
Jan 15 16:15:42 host sshd[2189]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 16:15:45 host sshd[2189]: Failed password for invalid user root from 144.217.243.126 port 41224 ssh2
Jan 15 16:15:45 host sshd[2189]: Received disconnect from 144.217.243.126 port 41224:11: Bye Bye [preauth]
Jan 15 16:15:45 host sshd[2189]: Disconnected from 144.217.243.126 port 41224 [preauth]
Jan 15 16:16:13 host sshd[2281]: User root from 157.245.156.72 not allowed because not listed in AllowUsers
Jan 15 16:16:13 host sshd[2281]: input_userauth_request: invalid user root [preauth]
Jan 15 16:16:13 host unix_chkpwd[2283]: password check failed for user (root)
Jan 15 16:16:13 host sshd[2281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.156.72 user=root
Jan 15 16:16:13 host sshd[2281]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 16:16:15 host sshd[2281]: Failed password for invalid user root from 157.245.156.72 port 46322 ssh2
Jan 15 16:16:15 host sshd[2281]: Received disconnect from 157.245.156.72 port 46322:11: Bye Bye [preauth]
Jan 15 16:16:15 host sshd[2281]: Disconnected from 157.245.156.72 port 46322 [preauth]
Jan 15 16:18:43 host sshd[2721]: Invalid user user from 27.2.115.42 port 42694
Jan 15 16:18:43 host sshd[2721]: input_userauth_request: invalid user user [preauth]
Jan 15 16:18:44 host sshd[2721]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:18:44 host sshd[2721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.2.115.42
Jan 15 16:18:46 host sshd[2721]: Failed password for invalid user user from 27.2.115.42 port 42694 ssh2
Jan 15 16:18:47 host sshd[2721]: Connection closed by 27.2.115.42 port 42694 [preauth]
Jan 15 16:18:57 host sshd[2724]: User root from 70.45.248.52 not allowed because not listed in AllowUsers
Jan 15 16:18:57 host sshd[2724]: input_userauth_request: invalid user root [preauth]
Jan 15 16:18:57 host unix_chkpwd[2752]: password check failed for user (root)
Jan 15 16:18:57 host sshd[2724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=70.45.248.52 user=root
Jan 15 16:18:57 host sshd[2724]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 16:18:59 host sshd[2724]: Failed password for invalid user root from 70.45.248.52 port 34544 ssh2
Jan 15 16:19:00 host sshd[2724]: Received disconnect from 70.45.248.52 port 34544:11: Bye Bye [preauth]
Jan 15 16:19:00 host sshd[2724]: Disconnected from 70.45.248.52 port 34544 [preauth]
Jan 15 16:20:47 host sshd[3031]: Invalid user user from 111.255.32.76 port 60816
Jan 15 16:20:47 host sshd[3031]: input_userauth_request: invalid user user [preauth]
Jan 15 16:20:47 host sshd[3031]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:20:47 host sshd[3031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.255.32.76
Jan 15 16:20:49 host sshd[3031]: Failed password for invalid user user from 111.255.32.76 port 60816 ssh2
Jan 15 16:20:50 host sshd[3031]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:20:53 host sshd[3031]: Failed password for invalid user user from 111.255.32.76 port 60816 ssh2
Jan 15 16:20:53 host sshd[3031]: Connection reset by 111.255.32.76 port 60816 [preauth]
Jan 15 16:20:53 host sshd[3031]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.255.32.76
Jan 15 16:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=pmcresources user-2=shalinijames user-3=wwwtestugo user-4=vfmassets user-5=wwwkapin user-6=woodpeck user-7=disposeat user-8=remysagr user-9=wwwkmaorg user-10=wwwnexidigital user-11=mrsclean user-12=kottayamcalldriv user-13=phmetals user-14=palco123 user-15=gifterman user-16=wwwletsstalkfood user-17=straightcurve user-18=wwwevmhonda user-19=bonifacegroup user-20=laundryboniface user-21=a2zgroup user-22=dartsimp user-23=cochintaxi user-24=wwwkaretakers user-25=ugotscom user-26=wwwresourcehunte user-27=keralaholi user-28=wwwrmswll user-29=travelboniface user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 16:22:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-wszlORISXovg969P.~
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-wszlORISXovg969P.~'
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-wszlORISXovg969P.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 16:22:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 16:22:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 16:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 16:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 16:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 16:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 16:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 16:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 16:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 16:24:00 host sshd[3634]: Invalid user tiara from 205.185.113.129 port 58976
Jan 15 16:24:00 host sshd[3634]: input_userauth_request: invalid user tiara [preauth]
Jan 15 16:24:00 host sshd[3634]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:24:00 host sshd[3634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 15 16:24:02 host sshd[3634]: Failed password for invalid user tiara from 205.185.113.129 port 58976 ssh2
Jan 15 16:24:03 host sshd[3634]: Connection closed by 205.185.113.129 port 58976 [preauth]
Jan 15 16:24:56 host sshd[3806]: User root from 27.147.145.186 not allowed because not listed in AllowUsers
Jan 15 16:24:56 host sshd[3806]: input_userauth_request: invalid user root [preauth]
Jan 15 16:24:56 host unix_chkpwd[3809]: password check failed for user (root)
Jan 15 16:24:56 host sshd[3806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.147.145.186 user=root
Jan 15 16:24:56 host sshd[3806]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 16:24:58 host sshd[3806]: Failed password for invalid user root from 27.147.145.186 port 35448 ssh2
Jan 15 16:24:59 host sshd[3806]: Received disconnect from 27.147.145.186 port 35448:11: Bye Bye [preauth]
Jan 15 16:24:59 host sshd[3806]: Disconnected from 27.147.145.186 port 35448 [preauth]
Jan 15 16:26:31 host sshd[4253]: User root from 122.177.103.214 not allowed because not listed in AllowUsers
Jan 15 16:26:31 host sshd[4253]: input_userauth_request: invalid user root [preauth]
Jan 15 16:26:31 host unix_chkpwd[4255]: password check failed for user (root)
Jan 15 16:26:31 host sshd[4253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.177.103.214 user=root
Jan 15 16:26:31 host sshd[4253]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 16:26:33 host sshd[4253]: Failed password for invalid user root from 122.177.103.214 port 27714 ssh2
Jan 15 16:26:33 host sshd[4253]: Received disconnect from 122.177.103.214 port 27714:11: Bye Bye [preauth]
Jan 15 16:26:33 host sshd[4253]: Disconnected from 122.177.103.214 port 27714 [preauth]
Jan 15 16:27:00 host sshd[4305]: Invalid user ubuntu from 194.180.49.57 port 43440
Jan 15 16:27:00 host sshd[4305]: input_userauth_request: invalid user ubuntu [preauth]
Jan 15 16:27:01 host sshd[4305]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:27:01 host sshd[4305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.180.49.57
Jan 15 16:27:03 host sshd[4305]: Failed password for invalid user ubuntu from 194.180.49.57 port 43440 ssh2
Jan 15 16:27:03 host sshd[4305]: Connection closed by 194.180.49.57 port 43440 [preauth]
Jan 15 16:27:16 host sshd[4344]: Invalid user admin from 210.103.38.230 port 63620
Jan 15 16:27:16 host sshd[4344]: input_userauth_request: invalid user admin [preauth]
Jan 15 16:27:16 host sshd[4344]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:27:16 host sshd[4344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.103.38.230
Jan 15 16:27:18 host sshd[4344]: Failed password for invalid user admin from 210.103.38.230 port 63620 ssh2
Jan 15 16:27:19 host sshd[4344]: Connection reset by 210.103.38.230 port 63620 [preauth]
Jan 15 16:27:30 host sshd[4398]: Invalid user zyfwp from 114.34.194.18 port 45725
Jan 15 16:27:30 host sshd[4398]: input_userauth_request: invalid user zyfwp [preauth]
Jan 15 16:27:30 host sshd[4398]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:27:30 host sshd[4398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.194.18
Jan 15 16:27:32 host sshd[4398]: Failed password for invalid user zyfwp from 114.34.194.18 port 45725 ssh2
Jan 15 16:27:33 host sshd[4398]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:27:35 host sshd[4398]: Failed password for invalid user zyfwp from 114.34.194.18 port 45725 ssh2
Jan 15 16:27:36 host sshd[4398]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:27:38 host sshd[4398]: Failed password for invalid user zyfwp from 114.34.194.18 port 45725 ssh2
Jan 15 16:27:38 host sshd[4398]: Connection closed by 114.34.194.18 port 45725 [preauth]
Jan 15 16:27:38 host sshd[4398]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.194.18
Jan 15 16:28:40 host sshd[4584]: User root from 122.177.103.214 not allowed because not listed in AllowUsers
Jan 15 16:28:40 host sshd[4584]: input_userauth_request: invalid user root [preauth]
Jan 15 16:28:40 host unix_chkpwd[4587]: password check failed for user (root)
Jan 15 16:28:40 host sshd[4584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.177.103.214 user=root
Jan 15 16:28:40 host sshd[4584]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 16:28:42 host sshd[4584]: Failed password for invalid user root from 122.177.103.214 port 32878 ssh2
Jan 15 16:28:42 host sshd[4584]: Received disconnect from 122.177.103.214 port 32878:11: Bye Bye [preauth]
Jan 15 16:28:42 host sshd[4584]: Disconnected from 122.177.103.214 port 32878 [preauth]
Jan 15 16:29:00 host sshd[4666]: User root from 27.147.145.186 not allowed because not listed in AllowUsers
Jan 15 16:29:00 host sshd[4666]: input_userauth_request: invalid user root [preauth]
Jan 15 16:29:00 host unix_chkpwd[4668]: password check failed for user (root)
Jan 15 16:29:00 host sshd[4666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.147.145.186 user=root
Jan 15 16:29:00 host sshd[4666]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 16:29:02 host sshd[4666]: Failed password for invalid user root from 27.147.145.186 port 53680 ssh2
Jan 15 16:29:02 host sshd[4666]: Received disconnect from 27.147.145.186 port 53680:11: Bye Bye [preauth]
Jan 15 16:29:02 host sshd[4666]: Disconnected from 27.147.145.186 port 53680 [preauth]
Jan 15 16:33:51 host sshd[5486]: Invalid user ftpuser from 194.180.49.57 port 45588
Jan 15 16:33:51 host sshd[5486]: input_userauth_request: invalid user ftpuser [preauth]
Jan 15 16:33:52 host sshd[5486]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:33:52 host sshd[5486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.180.49.57
Jan 15 16:33:54 host sshd[5486]: Failed password for invalid user ftpuser from 194.180.49.57 port 45588 ssh2
Jan 15 16:33:54 host sshd[5486]: Connection closed by 194.180.49.57 port 45588 [preauth]
Jan 15 16:38:26 host sshd[6205]: Invalid user admin from 106.51.152.8 port 41070
Jan 15 16:38:26 host sshd[6205]: input_userauth_request: invalid user admin [preauth]
Jan 15 16:38:26 host sshd[6205]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:38:26 host sshd[6205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.152.8
Jan 15 16:38:27 host sshd[6205]: Failed password for invalid user admin from 106.51.152.8 port 41070 ssh2
Jan 15 16:38:28 host sshd[6205]: Connection closed by 106.51.152.8 port 41070 [preauth]
Jan 15 16:39:17 host sshd[6324]: Invalid user em from 194.110.203.109 port 49036
Jan 15 16:39:17 host sshd[6324]: input_userauth_request: invalid user em [preauth]
Jan 15 16:39:17 host sshd[6324]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:39:17 host sshd[6324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 16:39:20 host sshd[6324]: Failed password for invalid user em from 194.110.203.109 port 49036 ssh2
Jan 15 16:39:23 host sshd[6324]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:39:25 host sshd[6324]: Failed password for invalid user em from 194.110.203.109 port 49036 ssh2
Jan 15 16:39:28 host sshd[6324]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:39:30 host sshd[6324]: Failed password for invalid user em from 194.110.203.109 port 49036 ssh2
Jan 15 16:39:34 host sshd[6324]: Connection closed by 194.110.203.109 port 49036 [preauth]
Jan 15 16:39:34 host sshd[6324]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 16:39:46 host sshd[6396]: Invalid user admin from 14.172.134.26 port 42435
Jan 15 16:39:46 host sshd[6396]: input_userauth_request: invalid user admin [preauth]
Jan 15 16:39:46 host sshd[6396]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:39:46 host sshd[6396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.172.134.26
Jan 15 16:39:48 host sshd[6396]: Failed password for invalid user admin from 14.172.134.26 port 42435 ssh2
Jan 15 16:39:49 host sshd[6396]: Failed password for invalid user admin from 14.172.134.26 port 42435 ssh2
Jan 15 16:39:49 host sshd[6396]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:39:51 host sshd[6396]: Failed password for invalid user admin from 14.172.134.26 port 42435 ssh2
Jan 15 16:39:51 host sshd[6396]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:39:53 host sshd[6396]: Failed password for invalid user admin from 14.172.134.26 port 42435 ssh2
Jan 15 16:39:53 host sshd[6396]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:39:55 host sshd[6396]: Failed password for invalid user admin from 14.172.134.26 port 42435 ssh2
Jan 15 16:40:40 host sshd[6574]: Invalid user ftpadmin from 194.180.49.57 port 47716
Jan 15 16:40:40 host sshd[6574]: input_userauth_request: invalid user ftpadmin [preauth]
Jan 15 16:40:40 host sshd[6574]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:40:40 host sshd[6574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.180.49.57
Jan 15 16:40:42 host sshd[6574]: Failed password for invalid user ftpadmin from 194.180.49.57 port 47716 ssh2
Jan 15 16:40:42 host sshd[6574]: Connection closed by 194.180.49.57 port 47716 [preauth]
Jan 15 16:56:45 host sshd[8911]: Did not receive identification string from 5.8.10.202 port 1033
Jan 15 16:56:45 host sshd[8912]: Connection closed by 5.8.10.202 port 43397 [preauth]
Jan 15 16:57:02 host sshd[8938]: User sshd from 62.233.50.248 not allowed because not listed in AllowUsers
Jan 15 16:57:02 host sshd[8938]: input_userauth_request: invalid user sshd [preauth]
Jan 15 16:57:02 host unix_chkpwd[8941]: password check failed for user (sshd)
Jan 15 16:57:02 host sshd[8938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248 user=sshd
Jan 15 16:57:02 host sshd[8938]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd"
Jan 15 16:57:04 host sshd[8938]: Failed password for invalid user sshd from 62.233.50.248 port 10573 ssh2
Jan 15 16:57:04 host sshd[8938]: Received disconnect from 62.233.50.248 port 10573:11: Client disconnecting normally [preauth]
Jan 15 16:57:04 host sshd[8938]: Disconnected from 62.233.50.248 port 10573 [preauth]
Jan 15 16:57:05 host sshd[8946]: Invalid user admin from 62.233.50.248 port 13885
Jan 15 16:57:05 host sshd[8946]: input_userauth_request: invalid user admin [preauth]
Jan 15 16:57:06 host sshd[8946]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:57:06 host sshd[8946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248
Jan 15 16:57:06 host sshd[8942]: Connection reset by 104.191.174.129 port 44018 [preauth]
Jan 15 16:57:08 host sshd[8946]: Failed password for invalid user admin from 62.233.50.248 port 13885 ssh2
Jan 15 16:57:08 host sshd[8946]: Received disconnect from 62.233.50.248 port 13885:11: Client disconnecting normally [preauth]
Jan 15 16:57:08 host sshd[8946]: Disconnected from 62.233.50.248 port 13885 [preauth]
Jan 15 16:57:09 host sshd[8951]: Invalid user admin from 62.233.50.248 port 17166
Jan 15 16:57:09 host sshd[8951]: input_userauth_request: invalid user admin [preauth]
Jan 15 16:57:09 host sshd[8951]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:57:09 host sshd[8951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248
Jan 15 16:57:11 host sshd[8951]: Failed password for invalid user admin from 62.233.50.248 port 17166 ssh2
Jan 15 16:57:46 host sshd[9048]: Invalid user ubnt from 138.75.78.39 port 50358
Jan 15 16:57:46 host sshd[9048]: input_userauth_request: invalid user ubnt [preauth]
Jan 15 16:57:47 host sshd[9048]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 16:57:47 host sshd[9048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.75.78.39
Jan 15 16:57:48 host sshd[9048]: Failed password for invalid user ubnt from 138.75.78.39 port 50358 ssh2
Jan 15 16:57:48 host sshd[9048]: Connection closed by 138.75.78.39 port 50358 [preauth]
Jan 15 17:05:36 host sshd[10087]: Invalid user dnsekakf2$$ from 114.33.213.154 port 53315
Jan 15 17:05:36 host sshd[10087]: input_userauth_request: invalid user dnsekakf2$$ [preauth]
Jan 15 17:05:36 host sshd[10087]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 17:05:36 host sshd[10087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.213.154
Jan 15 17:05:38 host sshd[10087]: Failed password for invalid user dnsekakf2$$ from 114.33.213.154 port 53315 ssh2
Jan 15 17:05:38 host sshd[10087]: Failed password for invalid user dnsekakf2$$ from 114.33.213.154 port 53315 ssh2
Jan 15 17:05:39 host sshd[10087]: Connection closed by 114.33.213.154 port 53315 [preauth]
Jan 15 17:14:51 host sshd[11140]: User root from 103.152.145.14 not allowed because not listed in AllowUsers
Jan 15 17:14:51 host sshd[11140]: input_userauth_request: invalid user root [preauth]
Jan 15 17:14:52 host sshd[11140]: Failed none for invalid user root from 103.152.145.14 port 43736 ssh2
Jan 15 17:14:52 host sshd[11140]: Connection closed by 103.152.145.14 port 43736 [preauth]
Jan 15 17:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 17:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 17:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwevmhonda user-2=bonifacegroup user-3=straightcurve user-4=wwwletsstalkfood user-5=phmetals user-6=kottayamcalldriv user-7=palco123 user-8=gifterman user-9=mrsclean user-10=wwwnexidigital user-11=disposeat user-12=wwwkmaorg user-13=remysagr user-14=wwwkapin user-15=woodpeck user-16=shalinijames user-17=wwwtestugo user-18=vfmassets user-19=pmcresources user-20=wwwpmcresource user-21=travelboniface user-22=ugotscom user-23=keralaholi user-24=wwwresourcehunte user-25=wwwrmswll user-26=cochintaxi user-27=wwwkaretakers user-28=a2zgroup user-29=dartsimp user-30=laundryboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 17:22:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 17:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 17:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-sGwf1oBCGlp22CzX.~
Jan 15 17:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-sGwf1oBCGlp22CzX.~'
Jan 15 17:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-sGwf1oBCGlp22CzX.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 17:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 17:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 17:22:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 17:22:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 17:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 17:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 17:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 17:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 17:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 17:22:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 17:22:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 17:22:58 host sshd[12480]: Invalid user admin from 121.184.215.199 port 62544
Jan 15 17:22:58 host sshd[12480]: input_userauth_request: invalid user admin [preauth]
Jan 15 17:22:58 host sshd[12480]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 17:22:58 host sshd[12480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.215.199
Jan 15 17:23:00 host sshd[12480]: Failed password for invalid user admin from 121.184.215.199 port 62544 ssh2
Jan 15 17:23:01 host sshd[12480]: Connection reset by 121.184.215.199 port 62544 [preauth]
Jan 15 17:35:27 host sshd[14215]: Invalid user admin from 178.18.252.111 port 48732
Jan 15 17:35:27 host sshd[14215]: input_userauth_request: invalid user admin [preauth]
Jan 15 17:35:27 host sshd[14215]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 17:35:27 host sshd[14215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.18.252.111
Jan 15 17:35:29 host sshd[14215]: Failed password for invalid user admin from 178.18.252.111 port 48732 ssh2
Jan 15 17:35:29 host sshd[14215]: Connection closed by 178.18.252.111 port 48732 [preauth]
Jan 15 17:44:29 host sshd[15509]: Connection reset by 122.116.170.221 port 44269 [preauth]
Jan 15 17:44:31 host sshd[15513]: Invalid user admin from 122.116.170.221 port 44277
Jan 15 17:44:31 host sshd[15513]: input_userauth_request: invalid user admin [preauth]
Jan 15 17:44:31 host sshd[15513]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 17:44:31 host sshd[15513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.170.221
Jan 15 17:44:33 host sshd[15513]: Failed password for invalid user admin from 122.116.170.221 port 44277 ssh2
Jan 15 17:44:34 host sshd[15513]: Failed password for invalid user admin from 122.116.170.221 port 44277 ssh2
Jan 15 17:44:35 host sshd[15513]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 17:44:37 host sshd[15513]: Failed password for invalid user admin from 122.116.170.221 port 44277 ssh2
Jan 15 17:44:38 host sshd[15513]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 17:44:40 host sshd[15513]: Failed password for invalid user admin from 122.116.170.221 port 44277 ssh2
Jan 15 17:44:41 host sshd[15513]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 17:44:42 host sshd[15513]: Failed password for invalid user admin from 122.116.170.221 port 44277 ssh2
Jan 15 17:47:54 host sshd[16018]: User root from 121.144.254.36 not allowed because not listed in AllowUsers
Jan 15 17:47:54 host sshd[16018]: input_userauth_request: invalid user root [preauth]
Jan 15 17:47:54 host unix_chkpwd[16023]: password check failed for user (root)
Jan 15 17:47:54 host sshd[16018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.144.254.36 user=root
Jan 15 17:47:54 host sshd[16018]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 17:47:56 host sshd[16018]: Failed password for invalid user root from 121.144.254.36 port 63382 ssh2
Jan 15 17:47:56 host unix_chkpwd[16025]: password check failed for user (root)
Jan 15 17:47:56 host sshd[16018]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 17:47:58 host sshd[16018]: Failed password for invalid user root from 121.144.254.36 port 63382 ssh2
Jan 15 17:47:59 host unix_chkpwd[16029]: password check failed for user (root)
Jan 15 17:47:59 host sshd[16018]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 17:48:01 host sshd[16018]: Failed password for invalid user root from 121.144.254.36 port 63382 ssh2
Jan 15 17:48:19 host sshd[16093]: Connection reset by 220.135.173.28 port 60118 [preauth]
Jan 15 17:50:34 host sshd[16465]: Did not receive identification string from 122.224.235.122 port 50380
Jan 15 17:52:46 host sshd[16711]: Connection closed by 198.199.93.20 port 42822 [preauth]
Jan 15 17:54:30 host sshd[16926]: User root from 189.56.100.42 not allowed because not listed in AllowUsers
Jan 15 17:54:30 host sshd[16926]: input_userauth_request: invalid user root [preauth]
Jan 15 17:54:30 host unix_chkpwd[16930]: password check failed for user (root)
Jan 15 17:54:30 host sshd[16926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.56.100.42 user=root
Jan 15 17:54:30 host sshd[16926]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 17:54:32 host sshd[16926]: Failed password for invalid user root from 189.56.100.42 port 56067 ssh2
Jan 15 17:54:32 host sshd[16926]: Received disconnect from 189.56.100.42 port 56067:11: Bye Bye [preauth]
Jan 15 17:54:32 host sshd[16926]: Disconnected from 189.56.100.42 port 56067 [preauth]
Jan 15 17:55:53 host sshd[17218]: User root from 204.195.72.196 not allowed because not listed in AllowUsers
Jan 15 17:55:53 host sshd[17218]: input_userauth_request: invalid user root [preauth]
Jan 15 17:55:53 host unix_chkpwd[17224]: password check failed for user (root)
Jan 15 17:55:53 host sshd[17218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=204.195.72.196 user=root
Jan 15 17:55:53 host sshd[17218]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 17:55:55 host sshd[17218]: Failed password for invalid user root from 204.195.72.196 port 35032 ssh2
Jan 15 17:55:56 host sshd[17218]: Connection closed by 204.195.72.196 port 35032 [preauth]
Jan 15 17:57:59 host sshd[17451]: Invalid user pi from 68.7.89.165 port 54784
Jan 15 17:57:59 host sshd[17451]: input_userauth_request: invalid user pi [preauth]
Jan 15 17:57:59 host sshd[17453]: Invalid user pi from 68.7.89.165 port 54790
Jan 15 17:57:59 host sshd[17453]: input_userauth_request: invalid user pi [preauth]
Jan 15 17:57:59 host sshd[17451]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 17:57:59 host sshd[17451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.7.89.165
Jan 15 17:57:59 host sshd[17453]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 17:57:59 host sshd[17453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.7.89.165
Jan 15 17:58:01 host sshd[17451]: Failed password for invalid user pi from 68.7.89.165 port 54784 ssh2
Jan 15 17:58:01 host sshd[17453]: Failed password for invalid user pi from 68.7.89.165 port 54790 ssh2
Jan 15 17:58:02 host sshd[17451]: Connection closed by 68.7.89.165 port 54784 [preauth]
Jan 15 17:58:02 host sshd[17453]: Connection closed by 68.7.89.165 port 54790 [preauth]
Jan 15 18:00:52 host sshd[17820]: User root from 189.56.100.42 not allowed because not listed in AllowUsers
Jan 15 18:00:52 host sshd[17820]: input_userauth_request: invalid user root [preauth]
Jan 15 18:00:52 host unix_chkpwd[17825]: password check failed for user (root)
Jan 15 18:00:52 host sshd[17820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.56.100.42 user=root
Jan 15 18:00:52 host sshd[17820]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:00:54 host sshd[17820]: Failed password for invalid user root from 189.56.100.42 port 57671 ssh2
Jan 15 18:00:54 host sshd[17820]: Received disconnect from 189.56.100.42 port 57671:11: Bye Bye [preauth]
Jan 15 18:00:54 host sshd[17820]: Disconnected from 189.56.100.42 port 57671 [preauth]
Jan 15 18:04:51 host sshd[18396]: Did not receive identification string from 92.255.85.115 port 65189
Jan 15 18:14:58 host sshd[19730]: Invalid user bzrx1098ui from 92.255.85.115 port 29029
Jan 15 18:14:58 host sshd[19730]: input_userauth_request: invalid user bzrx1098ui [preauth]
Jan 15 18:14:58 host sshd[19730]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:14:58 host sshd[19730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.255.85.115
Jan 15 18:15:00 host sshd[19730]: Failed password for invalid user bzrx1098ui from 92.255.85.115 port 29029 ssh2
Jan 15 18:15:00 host sshd[19730]: Connection reset by 92.255.85.115 port 29029 [preauth]
Jan 15 18:15:52 host sshd[20017]: Invalid user 1234 from 177.99.235.37 port 47402
Jan 15 18:15:52 host sshd[20017]: input_userauth_request: invalid user 1234 [preauth]
Jan 15 18:15:53 host sshd[20017]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:15:53 host sshd[20017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.99.235.37
Jan 15 18:15:54 host sshd[20017]: Failed password for invalid user 1234 from 177.99.235.37 port 47402 ssh2
Jan 15 18:15:55 host sshd[20017]: Connection closed by 177.99.235.37 port 47402 [preauth]
Jan 15 18:18:49 host sshd[20402]: Invalid user ec2-user from 80.13.12.200 port 61040
Jan 15 18:18:49 host sshd[20402]: input_userauth_request: invalid user ec2-user [preauth]
Jan 15 18:18:49 host sshd[20402]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:18:49 host sshd[20402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.13.12.200
Jan 15 18:18:52 host sshd[20402]: Failed password for invalid user ec2-user from 80.13.12.200 port 61040 ssh2
Jan 15 18:18:53 host sshd[20402]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:18:54 host sshd[20402]: Failed password for invalid user ec2-user from 80.13.12.200 port 61040 ssh2
Jan 15 18:18:55 host sshd[20402]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:18:57 host sshd[20402]: Failed password for invalid user ec2-user from 80.13.12.200 port 61040 ssh2
Jan 15 18:19:04 host sshd[20434]: Invalid user ubuntu from 114.35.162.184 port 50191
Jan 15 18:19:04 host sshd[20434]: input_userauth_request: invalid user ubuntu [preauth]
Jan 15 18:19:04 host sshd[20434]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:19:04 host sshd[20434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.162.184
Jan 15 18:19:07 host sshd[20434]: Failed password for invalid user ubuntu from 114.35.162.184 port 50191 ssh2
Jan 15 18:19:07 host sshd[20434]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:19:09 host sshd[20434]: Failed password for invalid user ubuntu from 114.35.162.184 port 50191 ssh2
Jan 15 18:19:10 host sshd[20434]: Connection reset by 114.35.162.184 port 50191 [preauth]
Jan 15 18:19:10 host sshd[20434]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.162.184
Jan 15 18:21:20 host sshd[20762]: Invalid user admin from 92.255.85.115 port 12704
Jan 15 18:21:20 host sshd[20762]: input_userauth_request: invalid user admin [preauth]
Jan 15 18:21:20 host sshd[20762]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:21:20 host sshd[20762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.255.85.115
Jan 15 18:21:22 host sshd[20762]: Failed password for invalid user admin from 92.255.85.115 port 12704 ssh2
Jan 15 18:21:22 host sshd[20762]: Connection reset by 92.255.85.115 port 12704 [preauth]
Jan 15 18:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 18:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=wwwresourcehunte user-4=keralaholi user-5=wwwrmswll user-6=ugotscom user-7=cochintaxi user-8=wwwkaretakers user-9=a2zgroup user-10=dartsimp user-11=laundryboniface user-12=bonifacegroup user-13=wwwevmhonda user-14=straightcurve user-15=wwwletsstalkfood user-16=palco123 user-17=gifterman user-18=phmetals user-19=kottayamcalldriv user-20=wwwnexidigital user-21=mrsclean user-22=wwwkmaorg user-23=disposeat user-24=remysagr user-25=wwwkapin user-26=woodpeck user-27=vfmassets user-28=shalinijames user-29=wwwtestugo user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 18:22:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-b2F7STY7VJ3WIFRE.~
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-b2F7STY7VJ3WIFRE.~'
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-b2F7STY7VJ3WIFRE.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 18:22:03 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 18:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 18:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 18:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 18:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 18:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 18:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 18:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 18:24:09 host sshd[21476]: Connection closed by 45.79.181.223 port 55892 [preauth]
Jan 15 18:24:10 host sshd[21483]: Did not receive identification string from 45.79.181.223 port 55908
Jan 15 18:24:13 host sshd[21487]: Connection closed by 45.79.181.223 port 55916 [preauth]
Jan 15 18:26:35 host sshd[21777]: Invalid user en from 194.110.203.109 port 45228
Jan 15 18:26:35 host sshd[21777]: input_userauth_request: invalid user en [preauth]
Jan 15 18:26:35 host sshd[21777]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:26:35 host sshd[21777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 18:26:37 host sshd[21777]: Failed password for invalid user en from 194.110.203.109 port 45228 ssh2
Jan 15 18:26:40 host sshd[21777]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:26:43 host sshd[21777]: Failed password for invalid user en from 194.110.203.109 port 45228 ssh2
Jan 15 18:26:46 host sshd[21777]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:26:49 host sshd[21777]: Failed password for invalid user en from 194.110.203.109 port 45228 ssh2
Jan 15 18:26:52 host sshd[21777]: Connection closed by 194.110.203.109 port 45228 [preauth]
Jan 15 18:26:52 host sshd[21777]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 18:30:40 host sshd[22340]: Invalid user zyfwp from 223.204.8.94 port 55608
Jan 15 18:30:40 host sshd[22340]: input_userauth_request: invalid user zyfwp [preauth]
Jan 15 18:30:40 host sshd[22340]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:30:40 host sshd[22340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.204.8.94
Jan 15 18:30:41 host sshd[22340]: Failed password for invalid user zyfwp from 223.204.8.94 port 55608 ssh2
Jan 15 18:30:42 host sshd[22340]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:30:43 host sshd[22340]: Failed password for invalid user zyfwp from 223.204.8.94 port 55608 ssh2
Jan 15 18:30:44 host sshd[22340]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:30:46 host sshd[22340]: Failed password for invalid user zyfwp from 223.204.8.94 port 55608 ssh2
Jan 15 18:30:47 host sshd[22340]: Connection closed by 223.204.8.94 port 55608 [preauth]
Jan 15 18:30:47 host sshd[22340]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.204.8.94
Jan 15 18:34:36 host sshd[22770]: Invalid user steam from 125.228.151.252 port 50099
Jan 15 18:34:36 host sshd[22770]: input_userauth_request: invalid user steam [preauth]
Jan 15 18:34:36 host sshd[22770]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:34:36 host sshd[22770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.151.252
Jan 15 18:34:38 host sshd[22770]: Failed password for invalid user steam from 125.228.151.252 port 50099 ssh2
Jan 15 18:34:39 host sshd[22770]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:34:40 host sshd[22770]: Failed password for invalid user steam from 125.228.151.252 port 50099 ssh2
Jan 15 18:34:42 host sshd[22770]: Failed password for invalid user steam from 125.228.151.252 port 50099 ssh2
Jan 15 18:34:42 host sshd[22770]: Connection closed by 125.228.151.252 port 50099 [preauth]
Jan 15 18:34:42 host sshd[22770]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.151.252
Jan 15 18:36:38 host sshd[23117]: Invalid user admin from 173.95.235.227 port 55000
Jan 15 18:36:38 host sshd[23117]: input_userauth_request: invalid user admin [preauth]
Jan 15 18:36:38 host sshd[23117]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 18:36:38 host sshd[23117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.95.235.227
Jan 15 18:36:40 host sshd[23117]: Failed password for invalid user admin from 173.95.235.227 port 55000 ssh2
Jan 15 18:36:41 host sshd[23117]: Connection closed by 173.95.235.227 port 55000 [preauth]
Jan 15 18:37:29 host sshd[23209]: User root from 77.40.0.17 not allowed because not listed in AllowUsers
Jan 15 18:37:29 host sshd[23209]: input_userauth_request: invalid user root [preauth]
Jan 15 18:37:29 host unix_chkpwd[23212]: password check failed for user (root)
Jan 15 18:37:29 host sshd[23209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.40.0.17 user=root
Jan 15 18:37:29 host sshd[23209]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:37:31 host sshd[23209]: Failed password for invalid user root from 77.40.0.17 port 41525 ssh2
Jan 15 18:37:32 host sshd[23209]: Received disconnect from 77.40.0.17 port 41525:11: Bye Bye [preauth]
Jan 15 18:37:32 host sshd[23209]: Disconnected from 77.40.0.17 port 41525 [preauth]
Jan 15 18:38:21 host sshd[23285]: User root from 211.46.4.196 not allowed because not listed in AllowUsers
Jan 15 18:38:21 host sshd[23285]: input_userauth_request: invalid user root [preauth]
Jan 15 18:38:22 host unix_chkpwd[23289]: password check failed for user (root)
Jan 15 18:38:22 host sshd[23285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.46.4.196 user=root
Jan 15 18:38:22 host sshd[23285]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:38:23 host sshd[23285]: Failed password for invalid user root from 211.46.4.196 port 50886 ssh2
Jan 15 18:38:24 host sshd[23285]: Received disconnect from 211.46.4.196 port 50886:11: Bye Bye [preauth]
Jan 15 18:38:24 host sshd[23285]: Disconnected from 211.46.4.196 port 50886 [preauth]
Jan 15 18:38:31 host sshd[23328]: User root from 188.173.136.132 not allowed because not listed in AllowUsers
Jan 15 18:38:31 host sshd[23328]: input_userauth_request: invalid user root [preauth]
Jan 15 18:38:31 host unix_chkpwd[23331]: password check failed for user (root)
Jan 15 18:38:31 host sshd[23328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.173.136.132 user=root
Jan 15 18:38:31 host sshd[23328]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:38:33 host sshd[23328]: Failed password for invalid user root from 188.173.136.132 port 36221 ssh2
Jan 15 18:38:33 host sshd[23328]: Received disconnect from 188.173.136.132 port 36221:11: Bye Bye [preauth]
Jan 15 18:38:33 host sshd[23328]: Disconnected from 188.173.136.132 port 36221 [preauth]
Jan 15 18:38:37 host sshd[23341]: User root from 158.160.6.234 not allowed because not listed in AllowUsers
Jan 15 18:38:37 host sshd[23341]: input_userauth_request: invalid user root [preauth]
Jan 15 18:38:37 host unix_chkpwd[23344]: password check failed for user (root)
Jan 15 18:38:37 host sshd[23341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.160.6.234 user=root
Jan 15 18:38:37 host sshd[23341]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:38:39 host sshd[23341]: Failed password for invalid user root from 158.160.6.234 port 42448 ssh2
Jan 15 18:38:39 host sshd[23341]: Received disconnect from 158.160.6.234 port 42448:11: Bye Bye [preauth]
Jan 15 18:38:39 host sshd[23341]: Disconnected from 158.160.6.234 port 42448 [preauth]
Jan 15 18:39:28 host sshd[23439]: User root from 146.4.92.212 not allowed because not listed in AllowUsers
Jan 15 18:39:28 host sshd[23439]: input_userauth_request: invalid user root [preauth]
Jan 15 18:39:28 host unix_chkpwd[23443]: password check failed for user (root)
Jan 15 18:39:28 host sshd[23439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.4.92.212 user=root
Jan 15 18:39:28 host sshd[23439]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:39:30 host sshd[23439]: Failed password for invalid user root from 146.4.92.212 port 36906 ssh2
Jan 15 18:39:30 host sshd[23439]: Received disconnect from 146.4.92.212 port 36906:11: Bye Bye [preauth]
Jan 15 18:39:30 host sshd[23439]: Disconnected from 146.4.92.212 port 36906 [preauth]
Jan 15 18:40:32 host sshd[23594]: User root from 159.65.231.164 not allowed because not listed in AllowUsers
Jan 15 18:40:32 host sshd[23594]: input_userauth_request: invalid user root [preauth]
Jan 15 18:40:32 host unix_chkpwd[23597]: password check failed for user (root)
Jan 15 18:40:32 host sshd[23594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.231.164 user=root
Jan 15 18:40:32 host sshd[23594]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:40:33 host sshd[23594]: Failed password for invalid user root from 159.65.231.164 port 46320 ssh2
Jan 15 18:40:34 host sshd[23594]: Received disconnect from 159.65.231.164 port 46320:11: Bye Bye [preauth]
Jan 15 18:40:34 host sshd[23594]: Disconnected from 159.65.231.164 port 46320 [preauth]
Jan 15 18:41:29 host sshd[23803]: User root from 159.203.60.67 not allowed because not listed in AllowUsers
Jan 15 18:41:29 host sshd[23803]: input_userauth_request: invalid user root [preauth]
Jan 15 18:41:29 host unix_chkpwd[23806]: password check failed for user (root)
Jan 15 18:41:29 host sshd[23803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.60.67 user=root
Jan 15 18:41:29 host sshd[23803]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:41:32 host sshd[23803]: Failed password for invalid user root from 159.203.60.67 port 38990 ssh2
Jan 15 18:41:32 host sshd[23803]: Received disconnect from 159.203.60.67 port 38990:11: Bye Bye [preauth]
Jan 15 18:41:32 host sshd[23803]: Disconnected from 159.203.60.67 port 38990 [preauth]
Jan 15 18:42:42 host sshd[23939]: User root from 77.40.0.17 not allowed because not listed in AllowUsers
Jan 15 18:42:42 host sshd[23939]: input_userauth_request: invalid user root [preauth]
Jan 15 18:42:42 host unix_chkpwd[23942]: password check failed for user (root)
Jan 15 18:42:42 host sshd[23939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.40.0.17 user=root
Jan 15 18:42:42 host sshd[23939]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:42:44 host sshd[23939]: Failed password for invalid user root from 77.40.0.17 port 40594 ssh2
Jan 15 18:42:48 host sshd[23984]: User root from 146.4.92.212 not allowed because not listed in AllowUsers
Jan 15 18:42:48 host sshd[23984]: input_userauth_request: invalid user root [preauth]
Jan 15 18:42:48 host unix_chkpwd[23987]: password check failed for user (root)
Jan 15 18:42:48 host sshd[23984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.4.92.212 user=root
Jan 15 18:42:48 host sshd[23984]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:42:50 host sshd[23984]: Failed password for invalid user root from 146.4.92.212 port 45004 ssh2
Jan 15 18:42:50 host sshd[23984]: Received disconnect from 146.4.92.212 port 45004:11: Bye Bye [preauth]
Jan 15 18:42:50 host sshd[23984]: Disconnected from 146.4.92.212 port 45004 [preauth]
Jan 15 18:42:56 host sshd[24029]: User root from 159.65.231.164 not allowed because not listed in AllowUsers
Jan 15 18:42:56 host sshd[24029]: input_userauth_request: invalid user root [preauth]
Jan 15 18:42:56 host unix_chkpwd[24038]: password check failed for user (root)
Jan 15 18:42:56 host sshd[24029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.231.164 user=root
Jan 15 18:42:56 host sshd[24029]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:42:58 host sshd[24029]: Failed password for invalid user root from 159.65.231.164 port 53486 ssh2
Jan 15 18:42:58 host sshd[24029]: Received disconnect from 159.65.231.164 port 53486:11: Bye Bye [preauth]
Jan 15 18:42:58 host sshd[24029]: Disconnected from 159.65.231.164 port 53486 [preauth]
Jan 15 18:43:18 host sshd[24108]: User root from 159.203.60.67 not allowed because not listed in AllowUsers
Jan 15 18:43:18 host sshd[24108]: input_userauth_request: invalid user root [preauth]
Jan 15 18:43:18 host unix_chkpwd[24111]: password check failed for user (root)
Jan 15 18:43:18 host sshd[24108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.60.67 user=root
Jan 15 18:43:18 host sshd[24108]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:43:21 host sshd[24108]: Failed password for invalid user root from 159.203.60.67 port 45850 ssh2
Jan 15 18:43:21 host sshd[24108]: Received disconnect from 159.203.60.67 port 45850:11: Bye Bye [preauth]
Jan 15 18:43:21 host sshd[24108]: Disconnected from 159.203.60.67 port 45850 [preauth]
Jan 15 18:43:27 host sshd[24150]: User root from 211.46.4.196 not allowed because not listed in AllowUsers
Jan 15 18:43:27 host sshd[24150]: input_userauth_request: invalid user root [preauth]
Jan 15 18:43:27 host unix_chkpwd[24153]: password check failed for user (root)
Jan 15 18:43:27 host sshd[24150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.46.4.196 user=root
Jan 15 18:43:27 host sshd[24150]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:43:30 host sshd[24150]: Failed password for invalid user root from 211.46.4.196 port 42934 ssh2
Jan 15 18:43:37 host sshd[24217]: User root from 158.160.6.234 not allowed because not listed in AllowUsers
Jan 15 18:43:37 host sshd[24217]: input_userauth_request: invalid user root [preauth]
Jan 15 18:43:37 host unix_chkpwd[24220]: password check failed for user (root)
Jan 15 18:43:37 host sshd[24217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.160.6.234 user=root
Jan 15 18:43:37 host sshd[24217]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:43:39 host sshd[24217]: Failed password for invalid user root from 158.160.6.234 port 36386 ssh2
Jan 15 18:43:55 host sshd[24274]: User root from 188.173.136.132 not allowed because not listed in AllowUsers
Jan 15 18:43:55 host sshd[24274]: input_userauth_request: invalid user root [preauth]
Jan 15 18:43:55 host unix_chkpwd[24277]: password check failed for user (root)
Jan 15 18:43:55 host sshd[24274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.173.136.132 user=root
Jan 15 18:43:55 host sshd[24274]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 18:43:57 host sshd[24274]: Failed password for invalid user root from 188.173.136.132 port 59959 ssh2
Jan 15 18:43:57 host sshd[24274]: Received disconnect from 188.173.136.132 port 59959:11: Bye Bye [preauth]
Jan 15 18:43:57 host sshd[24274]: Disconnected from 188.173.136.132 port 59959 [preauth]
Jan 15 19:05:08 host sshd[27187]: User root from 1.34.100.72 not allowed because not listed in AllowUsers
Jan 15 19:05:08 host sshd[27187]: input_userauth_request: invalid user root [preauth]
Jan 15 19:05:08 host unix_chkpwd[27190]: password check failed for user (root)
Jan 15 19:05:08 host sshd[27187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.100.72 user=root
Jan 15 19:05:08 host sshd[27187]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 19:05:10 host sshd[27187]: Failed password for invalid user root from 1.34.100.72 port 56822 ssh2
Jan 15 19:05:10 host unix_chkpwd[27192]: password check failed for user (root)
Jan 15 19:05:10 host sshd[27187]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 19:05:12 host sshd[27187]: Failed password for invalid user root from 1.34.100.72 port 56822 ssh2
Jan 15 19:05:13 host sshd[27187]: Connection reset by 1.34.100.72 port 56822 [preauth]
Jan 15 19:05:13 host sshd[27187]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.100.72 user=root
Jan 15 19:16:27 host sshd[28793]: Invalid user admin from 177.85.254.2 port 56837
Jan 15 19:16:27 host sshd[28793]: input_userauth_request: invalid user admin [preauth]
Jan 15 19:16:27 host sshd[28793]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:16:27 host sshd[28793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.85.254.2
Jan 15 19:16:29 host sshd[28793]: Failed password for invalid user admin from 177.85.254.2 port 56837 ssh2
Jan 15 19:16:30 host sshd[28793]: Connection closed by 177.85.254.2 port 56837 [preauth]
Jan 15 19:18:49 host sshd[29076]: Bad protocol version identification '\026\003\001\001\t\001' from 137.220.228.87 port 42560
Jan 15 19:19:26 host sshd[29107]: Did not receive identification string from 137.220.228.87 port 50728
Jan 15 19:19:31 host sshd[29142]: Connection closed by 137.220.228.87 port 58840 [preauth]
Jan 15 19:19:31 host sshd[29170]: Protocol major versions differ for 137.220.228.87 port 60946: SSH-2.0-OpenSSH_7.4 vs. SSH-1.5-Server
Jan 15 19:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=gifterman user-2=palco123 user-3=kottayamcalldriv user-4=phmetals user-5=wwwnexidigital user-6=mrsclean user-7=bonifacegroup user-8=wwwevmhonda user-9=wwwletsstalkfood user-10=straightcurve user-11=vfmassets user-12=wwwtestugo user-13=shalinijames user-14=pmcresources user-15=disposeat user-16=remysagr user-17=wwwkmaorg user-18=wwwkapin user-19=woodpeck user-20=travelboniface user-21=wwwrmswll user-22=wwwresourcehunte user-23=keralaholi user-24=ugotscom user-25=wwwpmcresource user-26=dartsimp user-27=a2zgroup user-28=laundryboniface user-29=cochintaxi user-30=wwwkaretakers feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 19:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-1HBhofs3lh0rhgsj.~
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-1HBhofs3lh0rhgsj.~'
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-1HBhofs3lh0rhgsj.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 19:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 19:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 19:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 19:21:50 host sshd[29818]: Invalid user pi from 183.102.168.178 port 60379
Jan 15 19:21:50 host sshd[29818]: input_userauth_request: invalid user pi [preauth]
Jan 15 19:21:50 host sshd[29818]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:21:50 host sshd[29818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.102.168.178
Jan 15 19:21:52 host sshd[29818]: Failed password for invalid user pi from 183.102.168.178 port 60379 ssh2
Jan 15 19:21:53 host sshd[29818]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:21:56 host sshd[29818]: Failed password for invalid user pi from 183.102.168.178 port 60379 ssh2
Jan 15 19:21:56 host sshd[29829]: Invalid user usr from 121.150.180.187 port 62426
Jan 15 19:21:56 host sshd[29829]: input_userauth_request: invalid user usr [preauth]
Jan 15 19:21:56 host sshd[29829]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:21:56 host sshd[29829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.150.180.187
Jan 15 19:21:58 host sshd[29829]: Failed password for invalid user usr from 121.150.180.187 port 62426 ssh2
Jan 15 19:21:58 host sshd[29829]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:22:00 host sshd[29829]: Failed password for invalid user usr from 121.150.180.187 port 62426 ssh2
Jan 15 19:22:01 host sshd[29829]: Connection reset by 121.150.180.187 port 62426 [preauth]
Jan 15 19:22:01 host sshd[29829]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.150.180.187
Jan 15 19:22:02 host sshd[29818]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:22:05 host sshd[29818]: Failed password for invalid user pi from 183.102.168.178 port 60379 ssh2
Jan 15 19:22:06 host sshd[29818]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:22:08 host sshd[29818]: Failed password for invalid user pi from 183.102.168.178 port 60379 ssh2
Jan 15 19:22:08 host sshd[29818]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:22:10 host sshd[29818]: Failed password for invalid user pi from 183.102.168.178 port 60379 ssh2
Jan 15 19:24:02 host sshd[30107]: Connection reset by 222.103.54.183 port 61716 [preauth]
Jan 15 19:36:11 host sshd[31756]: Invalid user guest from 24.130.164.51 port 56468
Jan 15 19:36:11 host sshd[31756]: input_userauth_request: invalid user guest [preauth]
Jan 15 19:36:11 host sshd[31756]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:36:11 host sshd[31756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.130.164.51
Jan 15 19:36:13 host sshd[31756]: Failed password for invalid user guest from 24.130.164.51 port 56468 ssh2
Jan 15 19:36:14 host sshd[31756]: Connection closed by 24.130.164.51 port 56468 [preauth]
Jan 15 19:36:14 host sshd[31761]: Invalid user ubnt from 122.117.18.207 port 38033
Jan 15 19:36:14 host sshd[31761]: input_userauth_request: invalid user ubnt [preauth]
Jan 15 19:36:14 host sshd[31761]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:36:14 host sshd[31761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.18.207
Jan 15 19:36:15 host sshd[31761]: Failed password for invalid user ubnt from 122.117.18.207 port 38033 ssh2
Jan 15 19:36:16 host sshd[31761]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:36:18 host sshd[31761]: Failed password for invalid user ubnt from 122.117.18.207 port 38033 ssh2
Jan 15 19:36:18 host sshd[31761]: Failed password for invalid user ubnt from 122.117.18.207 port 38033 ssh2
Jan 15 19:36:19 host sshd[31761]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:36:21 host sshd[31761]: Failed password for invalid user ubnt from 122.117.18.207 port 38033 ssh2
Jan 15 19:36:21 host sshd[31761]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:36:23 host sshd[31761]: Failed password for invalid user ubnt from 122.117.18.207 port 38033 ssh2
Jan 15 19:36:23 host sshd[31761]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:36:25 host sshd[31761]: Failed password for invalid user ubnt from 122.117.18.207 port 38033 ssh2
Jan 15 19:36:25 host sshd[31761]: error: maximum authentication attempts exceeded for invalid user ubnt from 122.117.18.207 port 38033 ssh2 [preauth]
Jan 15 19:36:25 host sshd[31761]: Disconnecting: Too many authentication failures [preauth]
Jan 15 19:36:25 host sshd[31761]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.18.207
Jan 15 19:36:25 host sshd[31761]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 15 19:39:44 host sshd[32329]: Invalid user oracle from 222.97.244.117 port 63561
Jan 15 19:39:44 host sshd[32329]: input_userauth_request: invalid user oracle [preauth]
Jan 15 19:39:44 host sshd[32329]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:39:44 host sshd[32329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.97.244.117
Jan 15 19:39:45 host sshd[32329]: Failed password for invalid user oracle from 222.97.244.117 port 63561 ssh2
Jan 15 19:39:45 host sshd[32329]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:39:48 host sshd[32329]: Failed password for invalid user oracle from 222.97.244.117 port 63561 ssh2
Jan 15 19:39:49 host sshd[32329]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:39:51 host sshd[32329]: Failed password for invalid user oracle from 222.97.244.117 port 63561 ssh2
Jan 15 19:39:52 host sshd[32329]: Failed password for invalid user oracle from 222.97.244.117 port 63561 ssh2
Jan 15 19:39:53 host sshd[32329]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:39:54 host sshd[32329]: Failed password for invalid user oracle from 222.97.244.117 port 63561 ssh2
Jan 15 19:39:55 host sshd[32329]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:39:57 host sshd[32329]: Failed password for invalid user oracle from 222.97.244.117 port 63561 ssh2
Jan 15 19:39:57 host sshd[32329]: error: maximum authentication attempts exceeded for invalid user oracle from 222.97.244.117 port 63561 ssh2 [preauth]
Jan 15 19:39:57 host sshd[32329]: Disconnecting: Too many authentication failures [preauth]
Jan 15 19:39:57 host sshd[32329]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.97.244.117
Jan 15 19:39:57 host sshd[32329]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 15 19:53:58 host sshd[2239]: Invalid user pi from 182.176.169.180 port 41326
Jan 15 19:53:58 host sshd[2239]: input_userauth_request: invalid user pi [preauth]
Jan 15 19:53:58 host sshd[2239]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:53:58 host sshd[2239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.176.169.180
Jan 15 19:54:00 host sshd[2239]: Failed password for invalid user pi from 182.176.169.180 port 41326 ssh2
Jan 15 19:54:01 host sshd[2239]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:54:03 host sshd[2239]: Failed password for invalid user pi from 182.176.169.180 port 41326 ssh2
Jan 15 19:54:03 host sshd[2239]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:54:05 host sshd[2239]: Failed password for invalid user pi from 182.176.169.180 port 41326 ssh2
Jan 15 19:54:06 host sshd[2239]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:54:07 host sshd[2239]: Failed password for invalid user pi from 182.176.169.180 port 41326 ssh2
Jan 15 19:54:07 host sshd[2239]: Connection reset by 182.176.169.180 port 41326 [preauth]
Jan 15 19:54:07 host sshd[2239]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.176.169.180
Jan 15 19:54:07 host sshd[2239]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 15 19:55:16 host sshd[2571]: Invalid user squid from 111.220.87.91 port 36164
Jan 15 19:55:16 host sshd[2571]: input_userauth_request: invalid user squid [preauth]
Jan 15 19:55:16 host sshd[2571]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:55:16 host sshd[2571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.220.87.91
Jan 15 19:55:18 host sshd[2571]: Failed password for invalid user squid from 111.220.87.91 port 36164 ssh2
Jan 15 19:55:19 host sshd[2571]: Connection closed by 111.220.87.91 port 36164 [preauth]
Jan 15 19:55:38 host sshd[2626]: Invalid user tony from 107.189.30.59 port 36020
Jan 15 19:55:38 host sshd[2626]: input_userauth_request: invalid user tony [preauth]
Jan 15 19:55:38 host sshd[2626]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 19:55:38 host sshd[2626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 15 19:55:40 host sshd[2626]: Failed password for invalid user tony from 107.189.30.59 port 36020 ssh2
Jan 15 19:55:41 host sshd[2626]: Connection closed by 107.189.30.59 port 36020 [preauth]
Jan 15 20:09:09 host sshd[4547]: Invalid user vadmin from 183.98.9.246 port 61209
Jan 15 20:09:09 host sshd[4547]: input_userauth_request: invalid user vadmin [preauth]
Jan 15 20:09:09 host sshd[4547]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 20:09:09 host sshd[4547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.98.9.246
Jan 15 20:09:11 host sshd[4547]: Failed password for invalid user vadmin from 183.98.9.246 port 61209 ssh2
Jan 15 20:09:12 host sshd[4547]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 20:09:14 host sshd[4547]: Failed password for invalid user vadmin from 183.98.9.246 port 61209 ssh2
Jan 15 20:09:35 host sshd[4547]: Failed password for invalid user vadmin from 183.98.9.246 port 61209 ssh2
Jan 15 20:14:36 host sshd[5261]: Invalid user ubnt from 61.216.171.176 port 33621
Jan 15 20:14:36 host sshd[5261]: input_userauth_request: invalid user ubnt [preauth]
Jan 15 20:14:36 host sshd[5261]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 20:14:36 host sshd[5261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.216.171.176
Jan 15 20:14:38 host sshd[5261]: Failed password for invalid user ubnt from 61.216.171.176 port 33621 ssh2
Jan 15 20:14:39 host sshd[5261]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 20:14:40 host sshd[5261]: Failed password for invalid user ubnt from 61.216.171.176 port 33621 ssh2
Jan 15 20:14:41 host sshd[5261]: Failed password for invalid user ubnt from 61.216.171.176 port 33621 ssh2
Jan 15 20:14:41 host sshd[5261]: Connection reset by 61.216.171.176 port 33621 [preauth]
Jan 15 20:14:41 host sshd[5261]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.216.171.176
Jan 15 20:14:52 host sshd[5281]: Invalid user nginx from 220.132.40.160 port 54805
Jan 15 20:14:52 host sshd[5281]: input_userauth_request: invalid user nginx [preauth]
Jan 15 20:14:52 host sshd[5281]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 20:14:52 host sshd[5281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.40.160
Jan 15 20:14:54 host sshd[5281]: Failed password for invalid user nginx from 220.132.40.160 port 54805 ssh2
Jan 15 20:14:55 host sshd[5281]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 20:14:58 host sshd[5281]: Failed password for invalid user nginx from 220.132.40.160 port 54805 ssh2
Jan 15 20:15:00 host sshd[5281]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 20:15:02 host sshd[5281]: Failed password for invalid user nginx from 220.132.40.160 port 54805 ssh2
Jan 15 20:15:03 host sshd[5281]: Connection reset by 220.132.40.160 port 54805 [preauth]
Jan 15 20:15:03 host sshd[5281]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.40.160
Jan 15 20:16:03 host sshd[5523]: User root from 186.238.33.62 not allowed because not listed in AllowUsers
Jan 15 20:16:03 host sshd[5523]: input_userauth_request: invalid user root [preauth]
Jan 15 20:16:03 host unix_chkpwd[5539]: password check failed for user (root)
Jan 15 20:16:03 host sshd[5523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.238.33.62 user=root
Jan 15 20:16:03 host sshd[5523]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 20:16:05 host sshd[5523]: Failed password for invalid user root from 186.238.33.62 port 57429 ssh2
Jan 15 20:16:06 host sshd[5523]: Connection closed by 186.238.33.62 port 57429 [preauth]
Jan 15 20:16:06 host sshd[5537]: Invalid user usr from 36.232.14.60 port 42549
Jan 15 20:16:06 host sshd[5537]: input_userauth_request: invalid user usr [preauth]
Jan 15 20:16:06 host sshd[5537]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 20:16:06 host sshd[5537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.232.14.60
Jan 15 20:16:08 host sshd[5537]: Failed password for invalid user usr from 36.232.14.60 port 42549 ssh2
Jan 15 20:16:09 host sshd[5537]: Connection reset by 36.232.14.60 port 42549 [preauth]
Jan 15 20:17:57 host sshd[5726]: Invalid user eo from 194.110.203.109 port 40784
Jan 15 20:17:57 host sshd[5726]: input_userauth_request: invalid user eo [preauth]
Jan 15 20:17:57 host sshd[5726]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 20:17:57 host sshd[5726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 20:17:59 host sshd[5726]: Failed password for invalid user eo from 194.110.203.109 port 40784 ssh2
Jan 15 20:18:02 host sshd[5726]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 20:18:04 host sshd[5726]: Failed password for invalid user eo from 194.110.203.109 port 40784 ssh2
Jan 15 20:18:07 host sshd[5726]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 20:18:09 host sshd[5726]: Failed password for invalid user eo from 194.110.203.109 port 40784 ssh2
Jan 15 20:18:12 host sshd[5726]: Connection closed by 194.110.203.109 port 40784 [preauth]
Jan 15 20:18:12 host sshd[5726]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 20:20:26 host sshd[6014]: Invalid user admin from 114.34.102.49 port 51016
Jan 15 20:20:26 host sshd[6014]: input_userauth_request: invalid user admin [preauth]
Jan 15 20:20:26 host sshd[6014]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 20:20:26 host sshd[6014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.102.49
Jan 15 20:20:27 host sshd[6014]: Failed password for invalid user admin from 114.34.102.49 port 51016 ssh2
Jan 15 20:20:28 host sshd[6014]: Failed password for invalid user admin from 114.34.102.49 port 51016 ssh2
Jan 15 20:20:29 host sshd[6014]: Connection reset by 114.34.102.49 port 51016 [preauth]
Jan 15 20:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=laundryboniface user-2=dartsimp user-3=a2zgroup user-4=cochintaxi user-5=wwwkaretakers user-6=ugotscom user-7=wwwrmswll user-8=keralaholi user-9=wwwresourcehunte user-10=travelboniface user-11=wwwpmcresource user-12=pmcresources user-13=wwwtestugo user-14=shalinijames user-15=vfmassets user-16=wwwkapin user-17=woodpeck user-18=wwwkmaorg user-19=disposeat user-20=remysagr user-21=wwwnexidigital user-22=mrsclean user-23=kottayamcalldriv user-24=phmetals user-25=gifterman user-26=palco123 user-27=straightcurve user-28=wwwletsstalkfood user-29=wwwevmhonda user-30=bonifacegroup feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 20:21:02 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-5cdfFsmtTndoe7Y9.~
Jan 15 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-5cdfFsmtTndoe7Y9.~'
Jan 15 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-5cdfFsmtTndoe7Y9.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 20:21:03 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 20:21:03 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 20:23:36 host sshd[6745]: User root from 119.196.144.232 not allowed because not listed in AllowUsers
Jan 15 20:23:36 host sshd[6745]: input_userauth_request: invalid user root [preauth]
Jan 15 20:23:36 host unix_chkpwd[6761]: password check failed for user (root)
Jan 15 20:23:36 host sshd[6745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.196.144.232 user=root
Jan 15 20:23:36 host sshd[6745]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 20:23:38 host sshd[6745]: Failed password for invalid user root from 119.196.144.232 port 60684 ssh2
Jan 15 20:35:50 host sshd[8395]: User ftp from 198.59.178.7 not allowed because not listed in AllowUsers
Jan 15 20:35:50 host sshd[8395]: input_userauth_request: invalid user ftp [preauth]
Jan 15 20:35:51 host unix_chkpwd[8418]: password check failed for user (ftp)
Jan 15 20:35:51 host sshd[8395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.59.178.7 user=ftp
Jan 15 20:35:51 host sshd[8395]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 15 20:35:53 host sshd[8395]: Failed password for invalid user ftp from 198.59.178.7 port 58606 ssh2
Jan 15 20:35:54 host sshd[8395]: Connection closed by 198.59.178.7 port 58606 [preauth]
Jan 15 20:37:36 host sshd[8625]: Invalid user stunnel4 from 205.185.113.129 port 45436
Jan 15 20:37:36 host sshd[8625]: input_userauth_request: invalid user stunnel4 [preauth]
Jan 15 20:37:36 host sshd[8625]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 20:37:36 host sshd[8625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 15 20:37:38 host sshd[8625]: Failed password for invalid user stunnel4 from 205.185.113.129 port 45436 ssh2
Jan 15 20:37:39 host sshd[8625]: Connection closed by 205.185.113.129 port 45436 [preauth]
Jan 15 20:55:14 host sshd[11147]: Invalid user admin from 186.151.211.125 port 49080
Jan 15 20:55:14 host sshd[11147]: input_userauth_request: invalid user admin [preauth]
Jan 15 20:55:14 host sshd[11147]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 20:55:14 host sshd[11147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.151.211.125
Jan 15 20:55:17 host sshd[11147]: Failed password for invalid user admin from 186.151.211.125 port 49080 ssh2
Jan 15 20:55:17 host sshd[11147]: Connection closed by 186.151.211.125 port 49080 [preauth]
Jan 15 21:02:22 host sshd[12037]: User root from 61.72.79.196 not allowed because not listed in AllowUsers
Jan 15 21:02:22 host sshd[12037]: input_userauth_request: invalid user root [preauth]
Jan 15 21:02:22 host unix_chkpwd[12040]: password check failed for user (root)
Jan 15 21:02:22 host sshd[12037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.72.79.196 user=root
Jan 15 21:02:22 host sshd[12037]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:02:24 host sshd[12037]: Failed password for invalid user root from 61.72.79.196 port 63674 ssh2
Jan 15 21:02:24 host unix_chkpwd[12044]: password check failed for user (root)
Jan 15 21:02:24 host sshd[12037]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:02:26 host sshd[12037]: Failed password for invalid user root from 61.72.79.196 port 63674 ssh2
Jan 15 21:02:27 host unix_chkpwd[12048]: password check failed for user (root)
Jan 15 21:02:27 host sshd[12037]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:02:29 host sshd[12037]: Failed password for invalid user root from 61.72.79.196 port 63674 ssh2
Jan 15 21:02:29 host sshd[12037]: Connection reset by 61.72.79.196 port 63674 [preauth]
Jan 15 21:02:29 host sshd[12037]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.72.79.196 user=root
Jan 15 21:03:09 host sshd[12158]: User root from 183.103.65.181 not allowed because not listed in AllowUsers
Jan 15 21:03:09 host sshd[12158]: input_userauth_request: invalid user root [preauth]
Jan 15 21:03:09 host unix_chkpwd[12162]: password check failed for user (root)
Jan 15 21:03:09 host sshd[12158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.103.65.181 user=root
Jan 15 21:03:09 host sshd[12158]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:03:10 host sshd[12158]: Failed password for invalid user root from 183.103.65.181 port 63563 ssh2
Jan 15 21:03:11 host sshd[12158]: Connection reset by 183.103.65.181 port 63563 [preauth]
Jan 15 21:09:58 host sshd[13065]: Did not receive identification string from 165.227.87.78 port 47290
Jan 15 21:13:25 host sshd[13564]: Invalid user admin from 80.94.248.11 port 53982
Jan 15 21:13:25 host sshd[13564]: input_userauth_request: invalid user admin [preauth]
Jan 15 21:13:26 host sshd[13564]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 21:13:26 host sshd[13564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.248.11
Jan 15 21:13:28 host sshd[13564]: Failed password for invalid user admin from 80.94.248.11 port 53982 ssh2
Jan 15 21:13:29 host sshd[13564]: Connection closed by 80.94.248.11 port 53982 [preauth]
Jan 15 21:16:43 host sshd[13936]: Connection reset by 177.32.113.138 port 59501 [preauth]
Jan 15 21:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=ugotscom user-4=wwwrmswll user-5=keralaholi user-6=wwwresourcehunte user-7=wwwkaretakers user-8=cochintaxi user-9=dartsimp user-10=a2zgroup user-11=laundryboniface user-12=wwwevmhonda user-13=bonifacegroup user-14=straightcurve user-15=wwwletsstalkfood user-16=kottayamcalldriv user-17=phmetals user-18=gifterman user-19=palco123 user-20=wwwnexidigital user-21=mrsclean user-22=disposeat user-23=wwwkmaorg user-24=remysagr user-25=woodpeck user-26=wwwkapin user-27=wwwtestugo user-28=shalinijames user-29=vfmassets user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 21:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-cvhNYeHVae75n2uq.~
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-cvhNYeHVae75n2uq.~'
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-cvhNYeHVae75n2uq.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 21:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 21:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 21:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 21:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 21:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 21:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 21:27:11 host sshd[15487]: Bad protocol version identification 'MGLNDD_167.71.234.10_22' from 107.170.227.9 port 54514
Jan 15 21:31:40 host sshd[15980]: Invalid user test from 178.219.126.205 port 55732
Jan 15 21:31:40 host sshd[15980]: input_userauth_request: invalid user test [preauth]
Jan 15 21:31:40 host sshd[15980]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 21:31:40 host sshd[15980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.219.126.205
Jan 15 21:31:43 host sshd[15980]: Failed password for invalid user test from 178.219.126.205 port 55732 ssh2
Jan 15 21:31:43 host sshd[15980]: Connection closed by 178.219.126.205 port 55732 [preauth]
Jan 15 21:37:02 host sshd[16684]: User root from 121.161.122.176 not allowed because not listed in AllowUsers
Jan 15 21:37:02 host sshd[16684]: input_userauth_request: invalid user root [preauth]
Jan 15 21:37:02 host unix_chkpwd[16697]: password check failed for user (root)
Jan 15 21:37:02 host sshd[16684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.161.122.176 user=root
Jan 15 21:37:02 host sshd[16684]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:37:03 host sshd[16684]: Failed password for invalid user root from 121.161.122.176 port 42116 ssh2
Jan 15 21:37:04 host sshd[16684]: Received disconnect from 121.161.122.176 port 42116:11: Bye Bye [preauth]
Jan 15 21:37:04 host sshd[16684]: Disconnected from 121.161.122.176 port 42116 [preauth]
Jan 15 21:37:57 host sshd[16901]: User root from 51.250.4.112 not allowed because not listed in AllowUsers
Jan 15 21:37:57 host sshd[16901]: input_userauth_request: invalid user root [preauth]
Jan 15 21:37:57 host unix_chkpwd[16904]: password check failed for user (root)
Jan 15 21:37:57 host sshd[16901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.4.112 user=root
Jan 15 21:37:57 host sshd[16901]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:37:59 host sshd[16901]: Failed password for invalid user root from 51.250.4.112 port 35956 ssh2
Jan 15 21:38:00 host sshd[16901]: Received disconnect from 51.250.4.112 port 35956:11: Bye Bye [preauth]
Jan 15 21:38:00 host sshd[16901]: Disconnected from 51.250.4.112 port 35956 [preauth]
Jan 15 21:39:25 host sshd[17062]: User root from 143.137.235.42 not allowed because not listed in AllowUsers
Jan 15 21:39:25 host sshd[17062]: input_userauth_request: invalid user root [preauth]
Jan 15 21:39:25 host unix_chkpwd[17068]: password check failed for user (root)
Jan 15 21:39:25 host sshd[17062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.137.235.42 user=root
Jan 15 21:39:25 host sshd[17062]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:39:27 host sshd[17062]: Failed password for invalid user root from 143.137.235.42 port 56860 ssh2
Jan 15 21:39:28 host sshd[17062]: Received disconnect from 143.137.235.42 port 56860:11: Bye Bye [preauth]
Jan 15 21:39:28 host sshd[17062]: Disconnected from 143.137.235.42 port 56860 [preauth]
Jan 15 21:40:26 host sshd[17196]: User root from 138.3.240.178 not allowed because not listed in AllowUsers
Jan 15 21:40:26 host sshd[17196]: input_userauth_request: invalid user root [preauth]
Jan 15 21:40:26 host unix_chkpwd[17200]: password check failed for user (root)
Jan 15 21:40:26 host sshd[17196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.3.240.178 user=root
Jan 15 21:40:26 host sshd[17196]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:40:28 host sshd[17196]: Failed password for invalid user root from 138.3.240.178 port 45294 ssh2
Jan 15 21:40:28 host sshd[17196]: Received disconnect from 138.3.240.178 port 45294:11: Bye Bye [preauth]
Jan 15 21:40:28 host sshd[17196]: Disconnected from 138.3.240.178 port 45294 [preauth]
Jan 15 21:41:04 host sshd[17275]: Invalid user admin from 175.213.142.102 port 62541
Jan 15 21:41:04 host sshd[17275]: input_userauth_request: invalid user admin [preauth]
Jan 15 21:41:04 host sshd[17275]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 21:41:04 host sshd[17275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.213.142.102
Jan 15 21:41:06 host sshd[17275]: Failed password for invalid user admin from 175.213.142.102 port 62541 ssh2
Jan 15 21:41:07 host sshd[17275]: Failed password for invalid user admin from 175.213.142.102 port 62541 ssh2
Jan 15 21:41:08 host sshd[17275]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 21:41:11 host sshd[17275]: Failed password for invalid user admin from 175.213.142.102 port 62541 ssh2
Jan 15 21:41:16 host sshd[17275]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 21:41:18 host sshd[17275]: Failed password for invalid user admin from 175.213.142.102 port 62541 ssh2
Jan 15 21:41:19 host sshd[17275]: Connection reset by 175.213.142.102 port 62541 [preauth]
Jan 15 21:41:19 host sshd[17275]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.213.142.102
Jan 15 21:41:44 host sshd[17395]: User root from 185.137.24.110 not allowed because not listed in AllowUsers
Jan 15 21:41:44 host sshd[17395]: input_userauth_request: invalid user root [preauth]
Jan 15 21:41:44 host unix_chkpwd[17398]: password check failed for user (root)
Jan 15 21:41:44 host sshd[17395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.137.24.110 user=root
Jan 15 21:41:44 host sshd[17395]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:41:46 host sshd[17395]: Failed password for invalid user root from 185.137.24.110 port 42396 ssh2
Jan 15 21:41:46 host sshd[17395]: Received disconnect from 185.137.24.110 port 42396:11: Bye Bye [preauth]
Jan 15 21:41:46 host sshd[17395]: Disconnected from 185.137.24.110 port 42396 [preauth]
Jan 15 21:42:49 host sshd[17609]: User root from 51.250.4.112 not allowed because not listed in AllowUsers
Jan 15 21:42:49 host sshd[17609]: input_userauth_request: invalid user root [preauth]
Jan 15 21:42:49 host unix_chkpwd[17612]: password check failed for user (root)
Jan 15 21:42:49 host sshd[17609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.4.112 user=root
Jan 15 21:42:49 host sshd[17609]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:42:52 host sshd[17609]: Failed password for invalid user root from 51.250.4.112 port 58726 ssh2
Jan 15 21:42:53 host sshd[17651]: User root from 163.172.160.152 not allowed because not listed in AllowUsers
Jan 15 21:42:53 host sshd[17651]: input_userauth_request: invalid user root [preauth]
Jan 15 21:42:53 host unix_chkpwd[17653]: password check failed for user (root)
Jan 15 21:42:53 host sshd[17651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.160.152 user=root
Jan 15 21:42:53 host sshd[17651]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:42:55 host sshd[17651]: Failed password for invalid user root from 163.172.160.152 port 47906 ssh2
Jan 15 21:42:55 host sshd[17651]: Received disconnect from 163.172.160.152 port 47906:11: Bye Bye [preauth]
Jan 15 21:42:55 host sshd[17651]: Disconnected from 163.172.160.152 port 47906 [preauth]
Jan 15 21:43:29 host sshd[17707]: User root from 121.161.122.176 not allowed because not listed in AllowUsers
Jan 15 21:43:29 host sshd[17707]: input_userauth_request: invalid user root [preauth]
Jan 15 21:43:29 host unix_chkpwd[17733]: password check failed for user (root)
Jan 15 21:43:29 host sshd[17707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.161.122.176 user=root
Jan 15 21:43:29 host sshd[17707]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:43:31 host sshd[17707]: Failed password for invalid user root from 121.161.122.176 port 43190 ssh2
Jan 15 21:43:50 host sshd[17790]: User root from 143.137.235.42 not allowed because not listed in AllowUsers
Jan 15 21:43:50 host sshd[17790]: input_userauth_request: invalid user root [preauth]
Jan 15 21:43:50 host unix_chkpwd[17798]: password check failed for user (root)
Jan 15 21:43:50 host sshd[17790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.137.235.42 user=root
Jan 15 21:43:50 host sshd[17790]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:43:52 host sshd[17790]: Failed password for invalid user root from 143.137.235.42 port 50048 ssh2
Jan 15 21:43:52 host sshd[17790]: Received disconnect from 143.137.235.42 port 50048:11: Bye Bye [preauth]
Jan 15 21:43:52 host sshd[17790]: Disconnected from 143.137.235.42 port 50048 [preauth]
Jan 15 21:44:23 host sshd[17872]: User root from 206.189.87.115 not allowed because not listed in AllowUsers
Jan 15 21:44:23 host sshd[17872]: input_userauth_request: invalid user root [preauth]
Jan 15 21:44:23 host unix_chkpwd[17875]: password check failed for user (root)
Jan 15 21:44:23 host sshd[17872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.87.115 user=root
Jan 15 21:44:23 host sshd[17872]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:44:25 host sshd[17872]: Failed password for invalid user root from 206.189.87.115 port 55060 ssh2
Jan 15 21:44:25 host sshd[17872]: Received disconnect from 206.189.87.115 port 55060:11: Bye Bye [preauth]
Jan 15 21:44:25 host sshd[17872]: Disconnected from 206.189.87.115 port 55060 [preauth]
Jan 15 21:44:29 host sshd[17886]: User root from 163.172.160.152 not allowed because not listed in AllowUsers
Jan 15 21:44:29 host sshd[17886]: input_userauth_request: invalid user root [preauth]
Jan 15 21:44:29 host unix_chkpwd[17908]: password check failed for user (root)
Jan 15 21:44:29 host sshd[17886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.160.152 user=root
Jan 15 21:44:29 host sshd[17886]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:44:31 host sshd[17886]: Failed password for invalid user root from 163.172.160.152 port 48948 ssh2
Jan 15 21:44:54 host sshd[17981]: User root from 185.137.24.110 not allowed because not listed in AllowUsers
Jan 15 21:44:54 host sshd[17981]: input_userauth_request: invalid user root [preauth]
Jan 15 21:44:54 host unix_chkpwd[17984]: password check failed for user (root)
Jan 15 21:44:54 host sshd[17981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.137.24.110 user=root
Jan 15 21:44:54 host sshd[17981]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:44:56 host sshd[17981]: Failed password for invalid user root from 185.137.24.110 port 45536 ssh2
Jan 15 21:45:01 host sshd[18025]: User root from 138.3.240.178 not allowed because not listed in AllowUsers
Jan 15 21:45:01 host sshd[18025]: input_userauth_request: invalid user root [preauth]
Jan 15 21:45:01 host unix_chkpwd[18032]: password check failed for user (root)
Jan 15 21:45:01 host sshd[18025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.3.240.178 user=root
Jan 15 21:45:01 host sshd[18025]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:45:03 host sshd[18025]: Failed password for invalid user root from 138.3.240.178 port 38668 ssh2
Jan 15 21:45:03 host sshd[18025]: Received disconnect from 138.3.240.178 port 38668:11: Bye Bye [preauth]
Jan 15 21:45:03 host sshd[18025]: Disconnected from 138.3.240.178 port 38668 [preauth]
Jan 15 21:45:32 host sshd[18152]: User root from 141.145.201.209 not allowed because not listed in AllowUsers
Jan 15 21:45:32 host sshd[18152]: input_userauth_request: invalid user root [preauth]
Jan 15 21:45:32 host unix_chkpwd[18155]: password check failed for user (root)
Jan 15 21:45:32 host sshd[18152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.145.201.209 user=root
Jan 15 21:45:32 host sshd[18152]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:45:35 host sshd[18152]: Failed password for invalid user root from 141.145.201.209 port 35576 ssh2
Jan 15 21:45:35 host sshd[18152]: Received disconnect from 141.145.201.209 port 35576:11: Bye Bye [preauth]
Jan 15 21:45:35 host sshd[18152]: Disconnected from 141.145.201.209 port 35576 [preauth]
Jan 15 21:46:06 host sshd[18238]: Bad protocol version identification 'GET / HTTP/1.1' from 81.95.124.10 port 39886
Jan 15 21:46:07 host sshd[18239]: User root from 81.95.124.10 not allowed because not listed in AllowUsers
Jan 15 21:46:07 host sshd[18239]: input_userauth_request: invalid user root [preauth]
Jan 15 21:46:07 host unix_chkpwd[18243]: password check failed for user (root)
Jan 15 21:46:07 host sshd[18239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.95.124.10 user=root
Jan 15 21:46:07 host sshd[18239]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:46:09 host sshd[18239]: Failed password for invalid user root from 81.95.124.10 port 40090 ssh2
Jan 15 21:46:10 host sshd[18239]: Connection closed by 81.95.124.10 port 40090 [preauth]
Jan 15 21:46:11 host sshd[18249]: User root from 81.95.124.10 not allowed because not listed in AllowUsers
Jan 15 21:46:11 host sshd[18249]: input_userauth_request: invalid user root [preauth]
Jan 15 21:46:11 host unix_chkpwd[18253]: password check failed for user (root)
Jan 15 21:46:11 host sshd[18249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.95.124.10 user=root
Jan 15 21:46:11 host sshd[18249]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:46:13 host sshd[18249]: Failed password for invalid user root from 81.95.124.10 port 41092 ssh2
Jan 15 21:46:13 host sshd[18249]: Connection closed by 81.95.124.10 port 41092 [preauth]
Jan 15 21:46:14 host sshd[18257]: User root from 81.95.124.10 not allowed because not listed in AllowUsers
Jan 15 21:46:14 host sshd[18257]: input_userauth_request: invalid user root [preauth]
Jan 15 21:46:14 host unix_chkpwd[18261]: password check failed for user (root)
Jan 15 21:46:14 host sshd[18257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.95.124.10 user=root
Jan 15 21:46:14 host sshd[18257]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:46:17 host sshd[18257]: Failed password for invalid user root from 81.95.124.10 port 42432 ssh2
Jan 15 21:46:17 host sshd[18257]: Connection closed by 81.95.124.10 port 42432 [preauth]
Jan 15 21:46:44 host sshd[18367]: User root from 2.42.138.122 not allowed because not listed in AllowUsers
Jan 15 21:46:44 host sshd[18367]: input_userauth_request: invalid user root [preauth]
Jan 15 21:46:44 host unix_chkpwd[18370]: password check failed for user (root)
Jan 15 21:46:44 host sshd[18367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.42.138.122 user=root
Jan 15 21:46:44 host sshd[18367]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:46:47 host sshd[18367]: Failed password for invalid user root from 2.42.138.122 port 41921 ssh2
Jan 15 21:46:47 host sshd[18367]: Received disconnect from 2.42.138.122 port 41921:11: Bye Bye [preauth]
Jan 15 21:46:47 host sshd[18367]: Disconnected from 2.42.138.122 port 41921 [preauth]
Jan 15 21:47:36 host sshd[18565]: User root from 61.216.157.13 not allowed because not listed in AllowUsers
Jan 15 21:47:36 host sshd[18565]: input_userauth_request: invalid user root [preauth]
Jan 15 21:47:36 host unix_chkpwd[18610]: password check failed for user (root)
Jan 15 21:47:36 host sshd[18565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.216.157.13 user=root
Jan 15 21:47:36 host sshd[18565]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:47:38 host sshd[18565]: Failed password for invalid user root from 61.216.157.13 port 50173 ssh2
Jan 15 21:47:38 host unix_chkpwd[18614]: password check failed for user (root)
Jan 15 21:47:38 host sshd[18565]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:47:40 host sshd[18565]: Failed password for invalid user root from 61.216.157.13 port 50173 ssh2
Jan 15 21:47:40 host sshd[18565]: Connection reset by 61.216.157.13 port 50173 [preauth]
Jan 15 21:47:40 host sshd[18565]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.216.157.13 user=root
Jan 15 21:49:48 host sshd[18926]: User root from 103.172.204.12 not allowed because not listed in AllowUsers
Jan 15 21:49:48 host sshd[18926]: input_userauth_request: invalid user root [preauth]
Jan 15 21:49:48 host unix_chkpwd[18928]: password check failed for user (root)
Jan 15 21:49:48 host sshd[18926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.204.12 user=root
Jan 15 21:49:48 host sshd[18926]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:49:50 host sshd[18926]: Failed password for invalid user root from 103.172.204.12 port 44410 ssh2
Jan 15 21:49:50 host sshd[18926]: Received disconnect from 103.172.204.12 port 44410:11: Bye Bye [preauth]
Jan 15 21:49:50 host sshd[18926]: Disconnected from 103.172.204.12 port 44410 [preauth]
Jan 15 21:50:21 host sshd[19036]: User root from 141.145.201.209 not allowed because not listed in AllowUsers
Jan 15 21:50:21 host sshd[19036]: input_userauth_request: invalid user root [preauth]
Jan 15 21:50:21 host unix_chkpwd[19042]: password check failed for user (root)
Jan 15 21:50:21 host sshd[19036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.145.201.209 user=root
Jan 15 21:50:21 host sshd[19036]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:50:22 host sshd[19036]: Failed password for invalid user root from 141.145.201.209 port 37736 ssh2
Jan 15 21:50:23 host sshd[19036]: Received disconnect from 141.145.201.209 port 37736:11: Bye Bye [preauth]
Jan 15 21:50:23 host sshd[19036]: Disconnected from 141.145.201.209 port 37736 [preauth]
Jan 15 21:50:47 host sshd[19141]: User root from 2.42.138.122 not allowed because not listed in AllowUsers
Jan 15 21:50:47 host sshd[19141]: input_userauth_request: invalid user root [preauth]
Jan 15 21:50:47 host unix_chkpwd[19144]: password check failed for user (root)
Jan 15 21:50:47 host sshd[19141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.42.138.122 user=root
Jan 15 21:50:47 host sshd[19141]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:50:49 host sshd[19141]: Failed password for invalid user root from 2.42.138.122 port 35582 ssh2
Jan 15 21:50:49 host sshd[19141]: Received disconnect from 2.42.138.122 port 35582:11: Bye Bye [preauth]
Jan 15 21:50:49 host sshd[19141]: Disconnected from 2.42.138.122 port 35582 [preauth]
Jan 15 21:50:52 host sshd[19177]: Invalid user admin from 24.98.180.156 port 41808
Jan 15 21:50:52 host sshd[19177]: input_userauth_request: invalid user admin [preauth]
Jan 15 21:50:52 host sshd[19177]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 21:50:52 host sshd[19177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.98.180.156
Jan 15 21:50:54 host sshd[19177]: Failed password for invalid user admin from 24.98.180.156 port 41808 ssh2
Jan 15 21:50:54 host sshd[19177]: Connection closed by 24.98.180.156 port 41808 [preauth]
Jan 15 21:51:34 host sshd[19319]: User root from 206.189.87.115 not allowed because not listed in AllowUsers
Jan 15 21:51:34 host sshd[19319]: input_userauth_request: invalid user root [preauth]
Jan 15 21:51:34 host unix_chkpwd[19323]: password check failed for user (root)
Jan 15 21:51:34 host sshd[19319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.87.115 user=root
Jan 15 21:51:34 host sshd[19319]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:51:36 host sshd[19319]: Failed password for invalid user root from 206.189.87.115 port 56086 ssh2
Jan 15 21:51:37 host sshd[19358]: User root from 103.172.204.12 not allowed because not listed in AllowUsers
Jan 15 21:51:37 host sshd[19358]: input_userauth_request: invalid user root [preauth]
Jan 15 21:51:37 host unix_chkpwd[19360]: password check failed for user (root)
Jan 15 21:51:37 host sshd[19358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.204.12 user=root
Jan 15 21:51:37 host sshd[19358]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 21:51:39 host sshd[19358]: Failed password for invalid user root from 103.172.204.12 port 50470 ssh2
Jan 15 21:51:39 host sshd[19358]: Received disconnect from 103.172.204.12 port 50470:11: Bye Bye [preauth]
Jan 15 21:51:39 host sshd[19358]: Disconnected from 103.172.204.12 port 50470 [preauth]
Jan 15 21:56:09 host sshd[20034]: Connection reset by 114.34.222.138 port 37669 [preauth]
Jan 15 22:02:51 host sshd[20880]: User root from 209.141.55.27 not allowed because not listed in AllowUsers
Jan 15 22:02:51 host sshd[20880]: input_userauth_request: invalid user root [preauth]
Jan 15 22:02:51 host unix_chkpwd[20889]: password check failed for user (root)
Jan 15 22:02:51 host sshd[20880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.55.27 user=root
Jan 15 22:02:51 host sshd[20880]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 22:02:52 host sshd[20880]: Failed password for invalid user root from 209.141.55.27 port 33572 ssh2
Jan 15 22:02:52 host sshd[20880]: Received disconnect from 209.141.55.27 port 33572:11: Normal Shutdown, Thank you for playing [preauth]
Jan 15 22:02:52 host sshd[20880]: Disconnected from 209.141.55.27 port 33572 [preauth]
Jan 15 22:04:09 host sshd[21034]: Invalid user ep from 194.110.203.109 port 58002
Jan 15 22:04:09 host sshd[21034]: input_userauth_request: invalid user ep [preauth]
Jan 15 22:04:09 host sshd[21034]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:04:09 host sshd[21034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 22:04:10 host sshd[21034]: Failed password for invalid user ep from 194.110.203.109 port 58002 ssh2
Jan 15 22:04:13 host sshd[21034]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:04:16 host sshd[21034]: Failed password for invalid user ep from 194.110.203.109 port 58002 ssh2
Jan 15 22:04:19 host sshd[21034]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:04:20 host sshd[21034]: Failed password for invalid user ep from 194.110.203.109 port 58002 ssh2
Jan 15 22:04:23 host sshd[21034]: Connection closed by 194.110.203.109 port 58002 [preauth]
Jan 15 22:04:23 host sshd[21034]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 22:05:46 host sshd[21322]: Invalid user pi from 122.117.62.76 port 38733
Jan 15 22:05:46 host sshd[21322]: input_userauth_request: invalid user pi [preauth]
Jan 15 22:05:46 host sshd[21322]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:05:46 host sshd[21322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.62.76
Jan 15 22:05:48 host sshd[21322]: Failed password for invalid user pi from 122.117.62.76 port 38733 ssh2
Jan 15 22:05:49 host sshd[21322]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:05:51 host sshd[21322]: Failed password for invalid user pi from 122.117.62.76 port 38733 ssh2
Jan 15 22:05:52 host sshd[21322]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:05:54 host sshd[21322]: Failed password for invalid user pi from 122.117.62.76 port 38733 ssh2
Jan 15 22:05:55 host sshd[21322]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:05:56 host sshd[21322]: Failed password for invalid user pi from 122.117.62.76 port 38733 ssh2
Jan 15 22:05:57 host sshd[21322]: Connection reset by 122.117.62.76 port 38733 [preauth]
Jan 15 22:05:57 host sshd[21322]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.62.76
Jan 15 22:05:57 host sshd[21322]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 15 22:09:58 host sshd[21827]: Invalid user username from 190.149.196.65 port 36063
Jan 15 22:09:58 host sshd[21827]: input_userauth_request: invalid user username [preauth]
Jan 15 22:09:59 host sshd[21827]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:09:59 host sshd[21827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.149.196.65
Jan 15 22:10:01 host sshd[21827]: Failed password for invalid user username from 190.149.196.65 port 36063 ssh2
Jan 15 22:10:01 host sshd[21827]: Connection closed by 190.149.196.65 port 36063 [preauth]
Jan 15 22:11:19 host sshd[22085]: Invalid user zyfwp from 218.148.7.152 port 63431
Jan 15 22:11:19 host sshd[22085]: input_userauth_request: invalid user zyfwp [preauth]
Jan 15 22:11:19 host sshd[22085]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:11:19 host sshd[22085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.148.7.152
Jan 15 22:11:21 host sshd[22085]: Failed password for invalid user zyfwp from 218.148.7.152 port 63431 ssh2
Jan 15 22:11:23 host sshd[22085]: Connection reset by 218.148.7.152 port 63431 [preauth]
Jan 15 22:16:27 host sshd[22649]: Invalid user admin from 221.157.44.193 port 60516
Jan 15 22:16:27 host sshd[22649]: input_userauth_request: invalid user admin [preauth]
Jan 15 22:16:27 host sshd[22649]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:16:27 host sshd[22649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.157.44.193
Jan 15 22:16:29 host sshd[22649]: Failed password for invalid user admin from 221.157.44.193 port 60516 ssh2
Jan 15 22:16:29 host sshd[22649]: Failed password for invalid user admin from 221.157.44.193 port 60516 ssh2
Jan 15 22:16:30 host sshd[22649]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:16:32 host sshd[22649]: Failed password for invalid user admin from 221.157.44.193 port 60516 ssh2
Jan 15 22:16:33 host sshd[22649]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:16:34 host sshd[22649]: Failed password for invalid user admin from 221.157.44.193 port 60516 ssh2
Jan 15 22:16:35 host sshd[22649]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:16:37 host sshd[22649]: Failed password for invalid user admin from 221.157.44.193 port 60516 ssh2
Jan 15 22:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=travelboniface user-2=wwwrmswll user-3=keralaholi user-4=wwwresourcehunte user-5=ugotscom user-6=wwwpmcresource user-7=dartsimp user-8=a2zgroup user-9=laundryboniface user-10=cochintaxi user-11=wwwkaretakers user-12=gifterman user-13=palco123 user-14=phmetals user-15=kottayamcalldriv user-16=wwwnexidigital user-17=mrsclean user-18=bonifacegroup user-19=wwwevmhonda user-20=wwwletsstalkfood user-21=straightcurve user-22=vfmassets user-23=wwwtestugo user-24=shalinijames user-25=pmcresources user-26=remysagr user-27=disposeat user-28=wwwkmaorg user-29=wwwkapin user-30=woodpeck feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 22:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ci8Na1ZcTCfATeeU.~
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ci8Na1ZcTCfATeeU.~'
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ci8Na1ZcTCfATeeU.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 22:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 22:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 22:28:52 host sshd[24475]: User root from 129.126.115.190 not allowed because not listed in AllowUsers
Jan 15 22:28:52 host sshd[24475]: input_userauth_request: invalid user root [preauth]
Jan 15 22:28:53 host unix_chkpwd[24486]: password check failed for user (root)
Jan 15 22:28:53 host sshd[24475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.126.115.190 user=root
Jan 15 22:28:53 host sshd[24475]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 22:28:55 host sshd[24475]: Failed password for invalid user root from 129.126.115.190 port 59429 ssh2
Jan 15 22:28:55 host sshd[24475]: Connection closed by 129.126.115.190 port 59429 [preauth]
Jan 15 22:31:57 host sshd[24956]: User root from 121.151.142.37 not allowed because not listed in AllowUsers
Jan 15 22:31:57 host sshd[24956]: input_userauth_request: invalid user root [preauth]
Jan 15 22:31:57 host unix_chkpwd[24963]: password check failed for user (root)
Jan 15 22:31:57 host sshd[24956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.151.142.37 user=root
Jan 15 22:31:57 host sshd[24956]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 22:31:59 host sshd[24956]: Failed password for invalid user root from 121.151.142.37 port 55270 ssh2
Jan 15 22:32:01 host unix_chkpwd[24980]: password check failed for user (root)
Jan 15 22:32:01 host sshd[24956]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 22:32:03 host sshd[24956]: Failed password for invalid user root from 121.151.142.37 port 55270 ssh2
Jan 15 22:42:21 host sshd[26223]: Invalid user sFTPUser from 121.134.98.135 port 60190
Jan 15 22:42:21 host sshd[26223]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 15 22:42:21 host sshd[26223]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:42:21 host sshd[26223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.134.98.135
Jan 15 22:42:23 host sshd[26223]: Failed password for invalid user sFTPUser from 121.134.98.135 port 60190 ssh2
Jan 15 22:42:24 host sshd[26223]: Connection reset by 121.134.98.135 port 60190 [preauth]
Jan 15 22:44:53 host sshd[26487]: Invalid user admin from 121.129.93.181 port 50655
Jan 15 22:44:53 host sshd[26487]: input_userauth_request: invalid user admin [preauth]
Jan 15 22:44:53 host sshd[26487]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:44:53 host sshd[26487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.129.93.181
Jan 15 22:44:56 host sshd[26487]: Failed password for invalid user admin from 121.129.93.181 port 50655 ssh2
Jan 15 22:44:57 host sshd[26487]: Failed password for invalid user admin from 121.129.93.181 port 50655 ssh2
Jan 15 22:44:57 host sshd[26487]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:44:59 host sshd[26487]: Failed password for invalid user admin from 121.129.93.181 port 50655 ssh2
Jan 15 22:44:59 host sshd[26487]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:45:01 host sshd[26487]: Failed password for invalid user admin from 121.129.93.181 port 50655 ssh2
Jan 15 22:45:02 host sshd[26487]: Connection reset by 121.129.93.181 port 50655 [preauth]
Jan 15 22:45:02 host sshd[26487]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.129.93.181
Jan 15 22:47:09 host sshd[26942]: Invalid user ubnt from 178.219.122.73 port 50128
Jan 15 22:47:09 host sshd[26942]: input_userauth_request: invalid user ubnt [preauth]
Jan 15 22:47:09 host sshd[26942]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:47:09 host sshd[26942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.219.122.73
Jan 15 22:47:11 host sshd[26942]: Failed password for invalid user ubnt from 178.219.122.73 port 50128 ssh2
Jan 15 22:47:12 host sshd[26942]: Connection closed by 178.219.122.73 port 50128 [preauth]
Jan 15 22:48:23 host sshd[27068]: User root from 188.166.228.226 not allowed because not listed in AllowUsers
Jan 15 22:48:23 host sshd[27068]: input_userauth_request: invalid user root [preauth]
Jan 15 22:48:23 host unix_chkpwd[27071]: password check failed for user (root)
Jan 15 22:48:23 host sshd[27068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.228.226 user=root
Jan 15 22:48:23 host sshd[27068]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 22:48:25 host sshd[27068]: Failed password for invalid user root from 188.166.228.226 port 60210 ssh2
Jan 15 22:48:25 host sshd[27068]: Received disconnect from 188.166.228.226 port 60210:11: Bye Bye [preauth]
Jan 15 22:48:25 host sshd[27068]: Disconnected from 188.166.228.226 port 60210 [preauth]
Jan 15 22:52:05 host sshd[27616]: User root from 159.223.50.39 not allowed because not listed in AllowUsers
Jan 15 22:52:05 host sshd[27616]: input_userauth_request: invalid user root [preauth]
Jan 15 22:52:05 host unix_chkpwd[27618]: password check failed for user (root)
Jan 15 22:52:05 host sshd[27616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.50.39 user=root
Jan 15 22:52:05 host sshd[27616]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 22:52:07 host sshd[27616]: Failed password for invalid user root from 159.223.50.39 port 54494 ssh2
Jan 15 22:52:07 host sshd[27616]: Received disconnect from 159.223.50.39 port 54494:11: Bye Bye [preauth]
Jan 15 22:52:07 host sshd[27616]: Disconnected from 159.223.50.39 port 54494 [preauth]
Jan 15 22:52:17 host sshd[27632]: User root from 187.111.28.131 not allowed because not listed in AllowUsers
Jan 15 22:52:17 host sshd[27632]: input_userauth_request: invalid user root [preauth]
Jan 15 22:52:17 host unix_chkpwd[27638]: password check failed for user (root)
Jan 15 22:52:17 host sshd[27632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.111.28.131 user=root
Jan 15 22:52:17 host sshd[27632]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 22:52:18 host sshd[27635]: User root from 158.69.84.149 not allowed because not listed in AllowUsers
Jan 15 22:52:18 host sshd[27635]: input_userauth_request: invalid user root [preauth]
Jan 15 22:52:18 host unix_chkpwd[27639]: password check failed for user (root)
Jan 15 22:52:18 host sshd[27635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.84.149 user=root
Jan 15 22:52:18 host sshd[27635]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 22:52:19 host sshd[27632]: Failed password for invalid user root from 187.111.28.131 port 44576 ssh2
Jan 15 22:52:19 host sshd[27632]: Received disconnect from 187.111.28.131 port 44576:11: Bye Bye [preauth]
Jan 15 22:52:19 host sshd[27632]: Disconnected from 187.111.28.131 port 44576 [preauth]
Jan 15 22:52:20 host sshd[27635]: Failed password for invalid user root from 158.69.84.149 port 42492 ssh2
Jan 15 22:52:20 host sshd[27635]: Received disconnect from 158.69.84.149 port 42492:11: Bye Bye [preauth]
Jan 15 22:52:20 host sshd[27635]: Disconnected from 158.69.84.149 port 42492 [preauth]
Jan 15 22:52:46 host sshd[27689]: Invalid user pi from 211.220.55.2 port 60595
Jan 15 22:52:46 host sshd[27689]: input_userauth_request: invalid user pi [preauth]
Jan 15 22:52:46 host sshd[27689]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:52:46 host sshd[27689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.220.55.2
Jan 15 22:52:48 host sshd[27689]: Failed password for invalid user pi from 211.220.55.2 port 60595 ssh2
Jan 15 22:52:49 host sshd[27689]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 22:52:51 host sshd[27689]: Failed password for invalid user pi from 211.220.55.2 port 60595 ssh2
Jan 15 22:52:51 host sshd[27689]: Connection reset by 211.220.55.2 port 60595 [preauth]
Jan 15 22:52:51 host sshd[27689]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.220.55.2
Jan 15 22:54:32 host sshd[27870]: User root from 158.69.84.149 not allowed because not listed in AllowUsers
Jan 15 22:54:32 host sshd[27870]: input_userauth_request: invalid user root [preauth]
Jan 15 22:54:32 host unix_chkpwd[27873]: password check failed for user (root)
Jan 15 22:54:32 host sshd[27870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.84.149 user=root
Jan 15 22:54:32 host sshd[27870]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 22:54:34 host sshd[27870]: Failed password for invalid user root from 158.69.84.149 port 49192 ssh2
Jan 15 22:54:37 host sshd[27907]: User root from 188.166.228.226 not allowed because not listed in AllowUsers
Jan 15 22:54:37 host sshd[27907]: input_userauth_request: invalid user root [preauth]
Jan 15 22:54:37 host unix_chkpwd[27910]: password check failed for user (root)
Jan 15 22:54:37 host sshd[27907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.228.226 user=root
Jan 15 22:54:37 host sshd[27907]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 22:54:38 host sshd[27907]: Failed password for invalid user root from 188.166.228.226 port 35306 ssh2
Jan 15 22:55:21 host sshd[28029]: User root from 159.223.50.39 not allowed because not listed in AllowUsers
Jan 15 22:55:21 host sshd[28029]: input_userauth_request: invalid user root [preauth]
Jan 15 22:55:21 host unix_chkpwd[28032]: password check failed for user (root)
Jan 15 22:55:21 host sshd[28029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.50.39 user=root
Jan 15 22:55:21 host sshd[28029]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 22:55:23 host sshd[28029]: Failed password for invalid user root from 159.223.50.39 port 37448 ssh2
Jan 15 22:55:35 host sshd[28116]: User root from 187.111.28.131 not allowed because not listed in AllowUsers
Jan 15 22:55:35 host sshd[28116]: input_userauth_request: invalid user root [preauth]
Jan 15 22:55:35 host unix_chkpwd[28120]: password check failed for user (root)
Jan 15 22:55:35 host sshd[28116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.111.28.131 user=root
Jan 15 22:55:35 host sshd[28116]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 22:55:37 host sshd[28116]: Failed password for invalid user root from 187.111.28.131 port 44578 ssh2
Jan 15 22:55:37 host sshd[28116]: Received disconnect from 187.111.28.131 port 44578:11: Bye Bye [preauth]
Jan 15 22:55:37 host sshd[28116]: Disconnected from 187.111.28.131 port 44578 [preauth]
Jan 15 22:59:51 host sshd[28818]: Did not receive identification string from 8.219.76.192 port 61000
Jan 15 23:05:18 host sshd[29554]: Invalid user admin from 49.73.6.189 port 39400
Jan 15 23:05:18 host sshd[29554]: input_userauth_request: invalid user admin [preauth]
Jan 15 23:05:18 host sshd[29554]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 23:05:18 host sshd[29554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.73.6.189
Jan 15 23:05:21 host sshd[29554]: Failed password for invalid user admin from 49.73.6.189 port 39400 ssh2
Jan 15 23:05:22 host sshd[29554]: Connection closed by 49.73.6.189 port 39400 [preauth]
Jan 15 23:06:38 host sshd[29727]: User root from 220.135.173.116 not allowed because not listed in AllowUsers
Jan 15 23:06:38 host sshd[29727]: input_userauth_request: invalid user root [preauth]
Jan 15 23:06:38 host unix_chkpwd[29730]: password check failed for user (root)
Jan 15 23:06:38 host sshd[29727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.173.116 user=root
Jan 15 23:06:38 host sshd[29727]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:06:41 host sshd[29727]: Failed password for invalid user root from 220.135.173.116 port 55524 ssh2
Jan 15 23:06:41 host unix_chkpwd[29736]: password check failed for user (root)
Jan 15 23:06:41 host sshd[29727]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:06:43 host sshd[29727]: Failed password for invalid user root from 220.135.173.116 port 55524 ssh2
Jan 15 23:06:43 host unix_chkpwd[29743]: password check failed for user (root)
Jan 15 23:06:43 host sshd[29727]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:06:45 host sshd[29727]: Failed password for invalid user root from 220.135.173.116 port 55524 ssh2
Jan 15 23:06:46 host sshd[29727]: Connection reset by 220.135.173.116 port 55524 [preauth]
Jan 15 23:06:46 host sshd[29727]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.173.116 user=root
Jan 15 23:08:26 host sshd[30040]: Connection closed by 106.10.122.53 port 36264 [preauth]
Jan 15 23:08:45 host sshd[30080]: Invalid user ubnt from 183.99.124.33 port 63853
Jan 15 23:08:45 host sshd[30080]: input_userauth_request: invalid user ubnt [preauth]
Jan 15 23:08:45 host sshd[30080]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 23:08:45 host sshd[30080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.99.124.33
Jan 15 23:08:46 host sshd[30080]: Failed password for invalid user ubnt from 183.99.124.33 port 63853 ssh2
Jan 15 23:08:47 host sshd[30080]: Connection reset by 183.99.124.33 port 63853 [preauth]
Jan 15 23:09:54 host sshd[30222]: User root from 106.10.122.53 not allowed because not listed in AllowUsers
Jan 15 23:09:54 host sshd[30222]: input_userauth_request: invalid user root [preauth]
Jan 15 23:09:54 host unix_chkpwd[30224]: password check failed for user (root)
Jan 15 23:09:54 host sshd[30222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53 user=root
Jan 15 23:09:54 host sshd[30222]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:09:57 host sshd[30222]: Failed password for invalid user root from 106.10.122.53 port 56432 ssh2
Jan 15 23:09:57 host sshd[30222]: Connection closed by 106.10.122.53 port 56432 [preauth]
Jan 15 23:11:28 host sshd[30439]: Invalid user a from 106.10.122.53 port 44018
Jan 15 23:11:28 host sshd[30439]: input_userauth_request: invalid user a [preauth]
Jan 15 23:11:28 host sshd[30439]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 23:11:28 host sshd[30439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 15 23:11:29 host sshd[30439]: Failed password for invalid user a from 106.10.122.53 port 44018 ssh2
Jan 15 23:11:29 host sshd[30439]: Connection closed by 106.10.122.53 port 44018 [preauth]
Jan 15 23:12:11 host sshd[30572]: User root from 49.36.43.167 not allowed because not listed in AllowUsers
Jan 15 23:12:11 host sshd[30572]: input_userauth_request: invalid user root [preauth]
Jan 15 23:12:11 host unix_chkpwd[30575]: password check failed for user (root)
Jan 15 23:12:11 host sshd[30572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.36.43.167 user=root
Jan 15 23:12:11 host sshd[30572]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:12:13 host sshd[30572]: Failed password for invalid user root from 49.36.43.167 port 32972 ssh2
Jan 15 23:12:13 host sshd[30572]: Received disconnect from 49.36.43.167 port 32972:11: Bye Bye [preauth]
Jan 15 23:12:13 host sshd[30572]: Disconnected from 49.36.43.167 port 32972 [preauth]
Jan 15 23:13:24 host sshd[30703]: User root from 143.110.224.148 not allowed because not listed in AllowUsers
Jan 15 23:13:24 host sshd[30703]: input_userauth_request: invalid user root [preauth]
Jan 15 23:13:24 host unix_chkpwd[30710]: password check failed for user (root)
Jan 15 23:13:24 host sshd[30703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.224.148 user=root
Jan 15 23:13:24 host sshd[30703]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:13:26 host sshd[30703]: Failed password for invalid user root from 143.110.224.148 port 33850 ssh2
Jan 15 23:13:26 host sshd[30703]: Received disconnect from 143.110.224.148 port 33850:11: Bye Bye [preauth]
Jan 15 23:13:26 host sshd[30703]: Disconnected from 143.110.224.148 port 33850 [preauth]
Jan 15 23:13:46 host sshd[30749]: User root from 190.144.51.254 not allowed because not listed in AllowUsers
Jan 15 23:13:46 host sshd[30749]: input_userauth_request: invalid user root [preauth]
Jan 15 23:13:46 host unix_chkpwd[30752]: password check failed for user (root)
Jan 15 23:13:46 host sshd[30749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.144.51.254 user=root
Jan 15 23:13:46 host sshd[30749]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:13:47 host sshd[30749]: Failed password for invalid user root from 190.144.51.254 port 41576 ssh2
Jan 15 23:13:48 host sshd[30749]: Received disconnect from 190.144.51.254 port 41576:11: Bye Bye [preauth]
Jan 15 23:13:48 host sshd[30749]: Disconnected from 190.144.51.254 port 41576 [preauth]
Jan 15 23:15:20 host sshd[31027]: User root from 208.109.34.15 not allowed because not listed in AllowUsers
Jan 15 23:15:20 host sshd[31027]: input_userauth_request: invalid user root [preauth]
Jan 15 23:15:20 host unix_chkpwd[31030]: password check failed for user (root)
Jan 15 23:15:20 host sshd[31027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.109.34.15 user=root
Jan 15 23:15:20 host sshd[31027]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:15:23 host sshd[31027]: Failed password for invalid user root from 208.109.34.15 port 46884 ssh2
Jan 15 23:15:23 host sshd[31027]: Received disconnect from 208.109.34.15 port 46884:11: Bye Bye [preauth]
Jan 15 23:15:23 host sshd[31027]: Disconnected from 208.109.34.15 port 46884 [preauth]
Jan 15 23:16:34 host sshd[31179]: User root from 165.22.101.75 not allowed because not listed in AllowUsers
Jan 15 23:16:34 host sshd[31179]: input_userauth_request: invalid user root [preauth]
Jan 15 23:16:35 host unix_chkpwd[31181]: password check failed for user (root)
Jan 15 23:16:35 host sshd[31179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.101.75 user=root
Jan 15 23:16:35 host sshd[31179]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:16:36 host sshd[31179]: Failed password for invalid user root from 165.22.101.75 port 44894 ssh2
Jan 15 23:16:37 host sshd[31179]: Received disconnect from 165.22.101.75 port 44894:11: Bye Bye [preauth]
Jan 15 23:16:37 host sshd[31179]: Disconnected from 165.22.101.75 port 44894 [preauth]
Jan 15 23:17:45 host sshd[31302]: User root from 43.155.165.118 not allowed because not listed in AllowUsers
Jan 15 23:17:45 host sshd[31302]: input_userauth_request: invalid user root [preauth]
Jan 15 23:17:45 host unix_chkpwd[31305]: password check failed for user (root)
Jan 15 23:17:45 host sshd[31302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.155.165.118 user=root
Jan 15 23:17:45 host sshd[31302]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:17:46 host sshd[31302]: Failed password for invalid user root from 43.155.165.118 port 43984 ssh2
Jan 15 23:17:47 host sshd[31302]: Received disconnect from 43.155.165.118 port 43984:11: Bye Bye [preauth]
Jan 15 23:17:47 host sshd[31302]: Disconnected from 43.155.165.118 port 43984 [preauth]
Jan 15 23:18:11 host sshd[31351]: User root from 201.149.20.162 not allowed because not listed in AllowUsers
Jan 15 23:18:11 host sshd[31351]: input_userauth_request: invalid user root [preauth]
Jan 15 23:18:11 host unix_chkpwd[31355]: password check failed for user (root)
Jan 15 23:18:11 host sshd[31351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.20.162 user=root
Jan 15 23:18:11 host sshd[31351]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:18:13 host sshd[31351]: Failed password for invalid user root from 201.149.20.162 port 44334 ssh2
Jan 15 23:18:13 host sshd[31351]: Received disconnect from 201.149.20.162 port 44334:11: Bye Bye [preauth]
Jan 15 23:18:13 host sshd[31351]: Disconnected from 201.149.20.162 port 44334 [preauth]
Jan 15 23:18:36 host sshd[31401]: User root from 143.110.224.148 not allowed because not listed in AllowUsers
Jan 15 23:18:36 host sshd[31401]: input_userauth_request: invalid user root [preauth]
Jan 15 23:18:36 host unix_chkpwd[31406]: password check failed for user (root)
Jan 15 23:18:36 host sshd[31401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.224.148 user=root
Jan 15 23:18:36 host sshd[31401]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:18:38 host sshd[31401]: Failed password for invalid user root from 143.110.224.148 port 56342 ssh2
Jan 15 23:18:38 host sshd[31401]: Received disconnect from 143.110.224.148 port 56342:11: Bye Bye [preauth]
Jan 15 23:18:38 host sshd[31401]: Disconnected from 143.110.224.148 port 56342 [preauth]
Jan 15 23:18:53 host sshd[31452]: User root from 49.36.43.167 not allowed because not listed in AllowUsers
Jan 15 23:18:53 host sshd[31452]: input_userauth_request: invalid user root [preauth]
Jan 15 23:18:53 host unix_chkpwd[31454]: password check failed for user (root)
Jan 15 23:18:53 host sshd[31452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.36.43.167 user=root
Jan 15 23:18:53 host sshd[31452]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:18:55 host sshd[31452]: Failed password for invalid user root from 49.36.43.167 port 60542 ssh2
Jan 15 23:19:11 host sshd[31542]: User root from 208.109.34.15 not allowed because not listed in AllowUsers
Jan 15 23:19:11 host sshd[31542]: input_userauth_request: invalid user root [preauth]
Jan 15 23:19:11 host unix_chkpwd[31545]: password check failed for user (root)
Jan 15 23:19:11 host sshd[31542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.109.34.15 user=root
Jan 15 23:19:11 host sshd[31542]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:19:13 host sshd[31542]: Failed password for invalid user root from 208.109.34.15 port 55156 ssh2
Jan 15 23:19:13 host sshd[31542]: Received disconnect from 208.109.34.15 port 55156:11: Bye Bye [preauth]
Jan 15 23:19:13 host sshd[31542]: Disconnected from 208.109.34.15 port 55156 [preauth]
Jan 15 23:19:15 host sshd[31574]: User root from 190.144.51.254 not allowed because not listed in AllowUsers
Jan 15 23:19:15 host sshd[31574]: input_userauth_request: invalid user root [preauth]
Jan 15 23:19:15 host unix_chkpwd[31582]: password check failed for user (root)
Jan 15 23:19:15 host sshd[31574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.144.51.254 user=root
Jan 15 23:19:15 host sshd[31574]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:19:17 host sshd[31574]: Failed password for invalid user root from 190.144.51.254 port 49544 ssh2
Jan 15 23:19:17 host sshd[31574]: Received disconnect from 190.144.51.254 port 49544:11: Bye Bye [preauth]
Jan 15 23:19:17 host sshd[31574]: Disconnected from 190.144.51.254 port 49544 [preauth]
Jan 15 23:19:25 host sshd[31727]: User root from 165.22.101.75 not allowed because not listed in AllowUsers
Jan 15 23:19:25 host sshd[31727]: input_userauth_request: invalid user root [preauth]
Jan 15 23:19:26 host unix_chkpwd[31730]: password check failed for user (root)
Jan 15 23:19:26 host sshd[31727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.101.75 user=root
Jan 15 23:19:26 host sshd[31727]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:19:27 host sshd[31727]: Failed password for invalid user root from 165.22.101.75 port 49916 ssh2
Jan 15 23:19:27 host sshd[31727]: Received disconnect from 165.22.101.75 port 49916:11: Bye Bye [preauth]
Jan 15 23:19:27 host sshd[31727]: Disconnected from 165.22.101.75 port 49916 [preauth]
Jan 15 23:19:32 host sshd[31786]: User root from 124.160.96.242 not allowed because not listed in AllowUsers
Jan 15 23:19:32 host sshd[31786]: input_userauth_request: invalid user root [preauth]
Jan 15 23:19:32 host unix_chkpwd[31792]: password check failed for user (root)
Jan 15 23:19:32 host sshd[31786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.160.96.242 user=root
Jan 15 23:19:32 host sshd[31786]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:19:34 host sshd[31786]: Failed password for invalid user root from 124.160.96.242 port 11189 ssh2
Jan 15 23:19:34 host sshd[31786]: Received disconnect from 124.160.96.242 port 11189:11: Bye Bye [preauth]
Jan 15 23:19:34 host sshd[31786]: Disconnected from 124.160.96.242 port 11189 [preauth]
Jan 15 23:19:36 host sshd[31797]: User root from 43.155.165.118 not allowed because not listed in AllowUsers
Jan 15 23:19:36 host sshd[31797]: input_userauth_request: invalid user root [preauth]
Jan 15 23:19:36 host unix_chkpwd[31800]: password check failed for user (root)
Jan 15 23:19:36 host sshd[31797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.155.165.118 user=root
Jan 15 23:19:36 host sshd[31797]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:19:38 host sshd[31797]: Failed password for invalid user root from 43.155.165.118 port 45284 ssh2
Jan 15 23:19:38 host sshd[31797]: Received disconnect from 43.155.165.118 port 45284:11: Bye Bye [preauth]
Jan 15 23:19:38 host sshd[31797]: Disconnected from 43.155.165.118 port 45284 [preauth]
Jan 15 23:20:40 host sshd[31968]: User root from 201.149.20.162 not allowed because not listed in AllowUsers
Jan 15 23:20:40 host sshd[31968]: input_userauth_request: invalid user root [preauth]
Jan 15 23:20:40 host unix_chkpwd[31971]: password check failed for user (root)
Jan 15 23:20:40 host sshd[31968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.20.162 user=root
Jan 15 23:20:40 host sshd[31968]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:20:42 host sshd[31968]: Failed password for invalid user root from 201.149.20.162 port 18868 ssh2
Jan 15 23:20:42 host sshd[31968]: Received disconnect from 201.149.20.162 port 18868:11: Bye Bye [preauth]
Jan 15 23:20:42 host sshd[31968]: Disconnected from 201.149.20.162 port 18868 [preauth]
Jan 15 23:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 15 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=vfmassets user-2=shalinijames user-3=wwwtestugo user-4=pmcresources user-5=disposeat user-6=remysagr user-7=wwwkmaorg user-8=woodpeck user-9=wwwkapin user-10=palco123 user-11=gifterman user-12=phmetals user-13=kottayamcalldriv user-14=wwwnexidigital user-15=mrsclean user-16=bonifacegroup user-17=wwwevmhonda user-18=straightcurve user-19=wwwletsstalkfood user-20=a2zgroup user-21=dartsimp user-22=laundryboniface user-23=cochintaxi user-24=wwwkaretakers user-25=travelboniface user-26=wwwresourcehunte user-27=keralaholi user-28=wwwrmswll user-29=ugotscom user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 15 23:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 15 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ctu3OZmUktV9bsxg.~
Jan 15 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ctu3OZmUktV9bsxg.~'
Jan 15 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ctu3OZmUktV9bsxg.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 15 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 15 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 15 23:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 15 23:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 15 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 15 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 15 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 15 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 15 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 15 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 15 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 15 23:24:06 host sshd[32587]: Bad protocol version identification '\376\b\001adminSSH-2.0-PuTTY_Release_0.77' from 5.53.136.135 port 46265
Jan 15 23:25:41 host sshd[32766]: User root from 124.160.96.242 not allowed because not listed in AllowUsers
Jan 15 23:25:41 host sshd[32766]: input_userauth_request: invalid user root [preauth]
Jan 15 23:25:41 host unix_chkpwd[302]: password check failed for user (root)
Jan 15 23:25:41 host sshd[32766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.160.96.242 user=root
Jan 15 23:25:41 host sshd[32766]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:25:43 host sshd[32766]: Failed password for invalid user root from 124.160.96.242 port 21814 ssh2
Jan 15 23:25:43 host sshd[32766]: Received disconnect from 124.160.96.242 port 21814:11: Bye Bye [preauth]
Jan 15 23:25:43 host sshd[32766]: Disconnected from 124.160.96.242 port 21814 [preauth]
Jan 15 23:27:16 host sshd[630]: Did not receive identification string from 37.187.88.37 port 49925
Jan 15 23:28:03 host sshd[735]: User root from 45.191.205.197 not allowed because not listed in AllowUsers
Jan 15 23:28:03 host sshd[735]: input_userauth_request: invalid user root [preauth]
Jan 15 23:28:04 host unix_chkpwd[741]: password check failed for user (root)
Jan 15 23:28:04 host sshd[735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.191.205.197 user=root
Jan 15 23:28:04 host sshd[735]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:28:05 host sshd[735]: Failed password for invalid user root from 45.191.205.197 port 20988 ssh2
Jan 15 23:28:06 host sshd[735]: Received disconnect from 45.191.205.197 port 20988:11: Bye Bye [preauth]
Jan 15 23:28:06 host sshd[735]: Disconnected from 45.191.205.197 port 20988 [preauth]
Jan 15 23:29:36 host sshd[916]: User root from 188.166.217.179 not allowed because not listed in AllowUsers
Jan 15 23:29:36 host sshd[916]: input_userauth_request: invalid user root [preauth]
Jan 15 23:29:36 host unix_chkpwd[918]: password check failed for user (root)
Jan 15 23:29:36 host sshd[916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.179 user=root
Jan 15 23:29:36 host sshd[916]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:29:38 host sshd[916]: Failed password for invalid user root from 188.166.217.179 port 56164 ssh2
Jan 15 23:29:38 host sshd[916]: Received disconnect from 188.166.217.179 port 56164:11: Bye Bye [preauth]
Jan 15 23:29:38 host sshd[916]: Disconnected from 188.166.217.179 port 56164 [preauth]
Jan 15 23:32:23 host sshd[1365]: Invalid user admin from 115.22.201.63 port 60290
Jan 15 23:32:23 host sshd[1365]: input_userauth_request: invalid user admin [preauth]
Jan 15 23:32:23 host sshd[1365]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 23:32:23 host sshd[1365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.22.201.63
Jan 15 23:32:26 host sshd[1365]: Failed password for invalid user admin from 115.22.201.63 port 60290 ssh2
Jan 15 23:32:26 host sshd[1365]: Connection reset by 115.22.201.63 port 60290 [preauth]
Jan 15 23:33:37 host sshd[1513]: User root from 119.64.60.106 not allowed because not listed in AllowUsers
Jan 15 23:33:37 host sshd[1513]: input_userauth_request: invalid user root [preauth]
Jan 15 23:33:37 host unix_chkpwd[1515]: password check failed for user (root)
Jan 15 23:33:37 host sshd[1513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.64.60.106 user=root
Jan 15 23:33:37 host sshd[1513]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:33:39 host sshd[1513]: Failed password for invalid user root from 119.64.60.106 port 59844 ssh2
Jan 15 23:33:39 host sshd[1513]: Received disconnect from 119.64.60.106 port 59844:11: Bye Bye [preauth]
Jan 15 23:33:39 host sshd[1513]: Disconnected from 119.64.60.106 port 59844 [preauth]
Jan 15 23:34:17 host sshd[1589]: User root from 188.166.217.179 not allowed because not listed in AllowUsers
Jan 15 23:34:17 host sshd[1589]: input_userauth_request: invalid user root [preauth]
Jan 15 23:34:17 host unix_chkpwd[1593]: password check failed for user (root)
Jan 15 23:34:17 host sshd[1589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.179 user=root
Jan 15 23:34:17 host sshd[1589]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:34:19 host sshd[1589]: Failed password for invalid user root from 188.166.217.179 port 38586 ssh2
Jan 15 23:34:19 host sshd[1589]: Received disconnect from 188.166.217.179 port 38586:11: Bye Bye [preauth]
Jan 15 23:34:19 host sshd[1589]: Disconnected from 188.166.217.179 port 38586 [preauth]
Jan 15 23:34:44 host sshd[1674]: User root from 45.191.205.197 not allowed because not listed in AllowUsers
Jan 15 23:34:44 host sshd[1674]: input_userauth_request: invalid user root [preauth]
Jan 15 23:34:44 host unix_chkpwd[1680]: password check failed for user (root)
Jan 15 23:34:44 host sshd[1674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.191.205.197 user=root
Jan 15 23:34:44 host sshd[1674]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:34:46 host sshd[1674]: Failed password for invalid user root from 45.191.205.197 port 44150 ssh2
Jan 15 23:34:46 host sshd[1674]: Received disconnect from 45.191.205.197 port 44150:11: Bye Bye [preauth]
Jan 15 23:34:46 host sshd[1674]: Disconnected from 45.191.205.197 port 44150 [preauth]
Jan 15 23:35:36 host sshd[1845]: User root from 119.64.60.106 not allowed because not listed in AllowUsers
Jan 15 23:35:36 host sshd[1845]: input_userauth_request: invalid user root [preauth]
Jan 15 23:35:36 host unix_chkpwd[1848]: password check failed for user (root)
Jan 15 23:35:36 host sshd[1845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.64.60.106 user=root
Jan 15 23:35:36 host sshd[1845]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:35:39 host sshd[1845]: Failed password for invalid user root from 119.64.60.106 port 44056 ssh2
Jan 15 23:35:39 host sshd[1845]: Received disconnect from 119.64.60.106 port 44056:11: Bye Bye [preauth]
Jan 15 23:35:39 host sshd[1845]: Disconnected from 119.64.60.106 port 44056 [preauth]
Jan 15 23:42:39 host sshd[2941]: User root from 200.6.218.173 not allowed because not listed in AllowUsers
Jan 15 23:42:39 host sshd[2941]: input_userauth_request: invalid user root [preauth]
Jan 15 23:42:39 host unix_chkpwd[2946]: password check failed for user (root)
Jan 15 23:42:39 host sshd[2941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.6.218.173 user=root
Jan 15 23:42:39 host sshd[2941]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:42:41 host sshd[2941]: Failed password for invalid user root from 200.6.218.173 port 35072 ssh2
Jan 15 23:42:41 host sshd[2941]: Connection closed by 200.6.218.173 port 35072 [preauth]
Jan 15 23:48:28 host sshd[3521]: Invalid user eq from 194.110.203.109 port 45768
Jan 15 23:48:28 host sshd[3521]: input_userauth_request: invalid user eq [preauth]
Jan 15 23:48:28 host sshd[3521]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 23:48:28 host sshd[3521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 23:48:30 host sshd[3521]: Failed password for invalid user eq from 194.110.203.109 port 45768 ssh2
Jan 15 23:48:34 host sshd[3521]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 23:48:35 host sshd[3521]: Failed password for invalid user eq from 194.110.203.109 port 45768 ssh2
Jan 15 23:48:38 host sshd[3521]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 23:48:41 host sshd[3521]: Failed password for invalid user eq from 194.110.203.109 port 45768 ssh2
Jan 15 23:48:44 host sshd[3521]: Connection closed by 194.110.203.109 port 45768 [preauth]
Jan 15 23:48:44 host sshd[3521]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 15 23:51:45 host sshd[4027]: User root from 152.32.226.121 not allowed because not listed in AllowUsers
Jan 15 23:51:45 host sshd[4027]: input_userauth_request: invalid user root [preauth]
Jan 15 23:51:45 host unix_chkpwd[4029]: password check failed for user (root)
Jan 15 23:51:45 host sshd[4027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.226.121 user=root
Jan 15 23:51:45 host sshd[4027]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:51:47 host sshd[4027]: Failed password for invalid user root from 152.32.226.121 port 21688 ssh2
Jan 15 23:51:47 host sshd[4027]: Received disconnect from 152.32.226.121 port 21688:11: Bye Bye [preauth]
Jan 15 23:51:47 host sshd[4027]: Disconnected from 152.32.226.121 port 21688 [preauth]
Jan 15 23:54:18 host sshd[4294]: User root from 152.32.226.121 not allowed because not listed in AllowUsers
Jan 15 23:54:18 host sshd[4294]: input_userauth_request: invalid user root [preauth]
Jan 15 23:54:18 host unix_chkpwd[4296]: password check failed for user (root)
Jan 15 23:54:18 host sshd[4294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.226.121 user=root
Jan 15 23:54:18 host sshd[4294]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:54:20 host sshd[4294]: Failed password for invalid user root from 152.32.226.121 port 14144 ssh2
Jan 15 23:54:30 host sshd[4361]: User root from 173.201.188.226 not allowed because not listed in AllowUsers
Jan 15 23:54:30 host sshd[4361]: input_userauth_request: invalid user root [preauth]
Jan 15 23:54:31 host unix_chkpwd[4365]: password check failed for user (root)
Jan 15 23:54:31 host sshd[4361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.201.188.226 user=root
Jan 15 23:54:31 host sshd[4361]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:54:33 host sshd[4361]: Failed password for invalid user root from 173.201.188.226 port 37788 ssh2
Jan 15 23:54:33 host sshd[4361]: Received disconnect from 173.201.188.226 port 37788:11: Bye Bye [preauth]
Jan 15 23:54:33 host sshd[4361]: Disconnected from 173.201.188.226 port 37788 [preauth]
Jan 15 23:55:01 host sshd[4397]: User root from 189.225.33.149 not allowed because not listed in AllowUsers
Jan 15 23:55:01 host sshd[4397]: input_userauth_request: invalid user root [preauth]
Jan 15 23:55:01 host unix_chkpwd[4417]: password check failed for user (root)
Jan 15 23:55:01 host sshd[4397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.225.33.149 user=root
Jan 15 23:55:01 host sshd[4397]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:55:04 host sshd[4397]: Failed password for invalid user root from 189.225.33.149 port 54054 ssh2
Jan 15 23:55:04 host sshd[4397]: Received disconnect from 189.225.33.149 port 54054:11: Bye Bye [preauth]
Jan 15 23:55:04 host sshd[4397]: Disconnected from 189.225.33.149 port 54054 [preauth]
Jan 15 23:55:18 host sshd[4441]: User root from 164.70.92.9 not allowed because not listed in AllowUsers
Jan 15 23:55:18 host sshd[4441]: input_userauth_request: invalid user root [preauth]
Jan 15 23:55:18 host unix_chkpwd[4444]: password check failed for user (root)
Jan 15 23:55:18 host sshd[4441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.70.92.9 user=root
Jan 15 23:55:18 host sshd[4441]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:55:20 host sshd[4441]: Failed password for invalid user root from 164.70.92.9 port 47572 ssh2
Jan 15 23:55:20 host sshd[4441]: Received disconnect from 164.70.92.9 port 47572:11: Bye Bye [preauth]
Jan 15 23:55:20 host sshd[4441]: Disconnected from 164.70.92.9 port 47572 [preauth]
Jan 15 23:55:26 host sshd[4458]: User root from 211.224.105.95 not allowed because not listed in AllowUsers
Jan 15 23:55:26 host sshd[4458]: input_userauth_request: invalid user root [preauth]
Jan 15 23:55:26 host unix_chkpwd[4464]: password check failed for user (root)
Jan 15 23:55:26 host sshd[4458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.224.105.95 user=root
Jan 15 23:55:26 host sshd[4458]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:55:29 host sshd[4458]: Failed password for invalid user root from 211.224.105.95 port 61094 ssh2
Jan 15 23:55:30 host sshd[4458]: Connection reset by 211.224.105.95 port 61094 [preauth]
Jan 15 23:55:35 host sshd[4494]: Invalid user telnet from 220.135.78.157 port 38640
Jan 15 23:55:35 host sshd[4494]: input_userauth_request: invalid user telnet [preauth]
Jan 15 23:55:35 host sshd[4494]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 23:55:35 host sshd[4494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.78.157
Jan 15 23:55:36 host sshd[4494]: Failed password for invalid user telnet from 220.135.78.157 port 38640 ssh2
Jan 15 23:55:38 host sshd[4494]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 23:55:40 host sshd[4494]: Failed password for invalid user telnet from 220.135.78.157 port 38640 ssh2
Jan 15 23:55:41 host sshd[4494]: Connection reset by 220.135.78.157 port 38640 [preauth]
Jan 15 23:55:41 host sshd[4494]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.78.157
Jan 15 23:55:55 host sshd[4551]: User root from 174.138.18.192 not allowed because not listed in AllowUsers
Jan 15 23:55:55 host sshd[4551]: input_userauth_request: invalid user root [preauth]
Jan 15 23:55:55 host unix_chkpwd[4570]: password check failed for user (root)
Jan 15 23:55:55 host sshd[4551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.18.192 user=root
Jan 15 23:55:55 host sshd[4551]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:55:57 host sshd[4551]: Failed password for invalid user root from 174.138.18.192 port 48516 ssh2
Jan 15 23:55:57 host sshd[4551]: Received disconnect from 174.138.18.192 port 48516:11: Bye Bye [preauth]
Jan 15 23:55:57 host sshd[4551]: Disconnected from 174.138.18.192 port 48516 [preauth]
Jan 15 23:56:00 host sshd[4650]: User root from 103.165.78.179 not allowed because not listed in AllowUsers
Jan 15 23:56:00 host sshd[4650]: input_userauth_request: invalid user root [preauth]
Jan 15 23:56:00 host unix_chkpwd[4652]: password check failed for user (root)
Jan 15 23:56:00 host sshd[4650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.165.78.179 user=root
Jan 15 23:56:00 host sshd[4650]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:56:03 host sshd[4650]: Failed password for invalid user root from 103.165.78.179 port 37768 ssh2
Jan 15 23:56:03 host sshd[4650]: Received disconnect from 103.165.78.179 port 37768:11: Bye Bye [preauth]
Jan 15 23:56:03 host sshd[4650]: Disconnected from 103.165.78.179 port 37768 [preauth]
Jan 15 23:56:05 host sshd[4673]: User root from 41.185.26.240 not allowed because not listed in AllowUsers
Jan 15 23:56:05 host sshd[4673]: input_userauth_request: invalid user root [preauth]
Jan 15 23:56:05 host unix_chkpwd[4677]: password check failed for user (root)
Jan 15 23:56:05 host sshd[4673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.185.26.240 user=root
Jan 15 23:56:05 host sshd[4673]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:56:07 host sshd[4673]: Failed password for invalid user root from 41.185.26.240 port 53172 ssh2
Jan 15 23:56:07 host sshd[4673]: Received disconnect from 41.185.26.240 port 53172:11: Bye Bye [preauth]
Jan 15 23:56:07 host sshd[4673]: Disconnected from 41.185.26.240 port 53172 [preauth]
Jan 15 23:56:09 host sshd[4680]: User root from 139.59.146.144 not allowed because not listed in AllowUsers
Jan 15 23:56:09 host sshd[4680]: input_userauth_request: invalid user root [preauth]
Jan 15 23:56:09 host unix_chkpwd[4683]: password check failed for user (root)
Jan 15 23:56:09 host sshd[4680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.146.144 user=root
Jan 15 23:56:09 host sshd[4680]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:56:12 host sshd[4680]: Failed password for invalid user root from 139.59.146.144 port 59246 ssh2
Jan 15 23:56:12 host sshd[4680]: Received disconnect from 139.59.146.144 port 59246:11: Bye Bye [preauth]
Jan 15 23:56:12 host sshd[4680]: Disconnected from 139.59.146.144 port 59246 [preauth]
Jan 15 23:57:11 host sshd[4795]: User root from 160.153.252.142 not allowed because not listed in AllowUsers
Jan 15 23:57:11 host sshd[4795]: input_userauth_request: invalid user root [preauth]
Jan 15 23:57:11 host unix_chkpwd[4798]: password check failed for user (root)
Jan 15 23:57:11 host sshd[4795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.153.252.142 user=root
Jan 15 23:57:11 host sshd[4795]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:57:11 host sshd[4791]: User root from 173.201.188.226 not allowed because not listed in AllowUsers
Jan 15 23:57:11 host sshd[4791]: input_userauth_request: invalid user root [preauth]
Jan 15 23:57:11 host unix_chkpwd[4799]: password check failed for user (root)
Jan 15 23:57:11 host sshd[4791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.201.188.226 user=root
Jan 15 23:57:11 host sshd[4791]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:57:13 host sshd[4795]: Failed password for invalid user root from 160.153.252.142 port 58676 ssh2
Jan 15 23:57:13 host sshd[4791]: Failed password for invalid user root from 173.201.188.226 port 40602 ssh2
Jan 15 23:57:13 host sshd[4795]: Received disconnect from 160.153.252.142 port 58676:11: Bye Bye [preauth]
Jan 15 23:57:13 host sshd[4795]: Disconnected from 160.153.252.142 port 58676 [preauth]
Jan 15 23:57:13 host sshd[4791]: Received disconnect from 173.201.188.226 port 40602:11: Bye Bye [preauth]
Jan 15 23:57:13 host sshd[4791]: Disconnected from 173.201.188.226 port 40602 [preauth]
Jan 15 23:58:42 host sshd[4981]: User root from 160.153.252.142 not allowed because not listed in AllowUsers
Jan 15 23:58:42 host sshd[4981]: input_userauth_request: invalid user root [preauth]
Jan 15 23:58:42 host unix_chkpwd[4986]: password check failed for user (root)
Jan 15 23:58:42 host sshd[4981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.153.252.142 user=root
Jan 15 23:58:42 host sshd[4981]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:58:42 host sshd[4984]: User root from 164.70.92.9 not allowed because not listed in AllowUsers
Jan 15 23:58:42 host sshd[4984]: input_userauth_request: invalid user root [preauth]
Jan 15 23:58:42 host unix_chkpwd[4987]: password check failed for user (root)
Jan 15 23:58:42 host sshd[4984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.70.92.9 user=root
Jan 15 23:58:42 host sshd[4984]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:58:43 host sshd[4981]: Failed password for invalid user root from 160.153.252.142 port 55264 ssh2
Jan 15 23:58:43 host sshd[4984]: Failed password for invalid user root from 164.70.92.9 port 60584 ssh2
Jan 15 23:58:44 host sshd[4981]: Received disconnect from 160.153.252.142 port 55264:11: Bye Bye [preauth]
Jan 15 23:58:44 host sshd[4981]: Disconnected from 160.153.252.142 port 55264 [preauth]
Jan 15 23:58:44 host sshd[4984]: Received disconnect from 164.70.92.9 port 60584:11: Bye Bye [preauth]
Jan 15 23:58:44 host sshd[4984]: Disconnected from 164.70.92.9 port 60584 [preauth]
Jan 15 23:58:50 host sshd[5065]: User root from 189.225.33.149 not allowed because not listed in AllowUsers
Jan 15 23:58:50 host sshd[5065]: input_userauth_request: invalid user root [preauth]
Jan 15 23:58:50 host unix_chkpwd[5070]: password check failed for user (root)
Jan 15 23:58:50 host sshd[5065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.225.33.149 user=root
Jan 15 23:58:50 host sshd[5065]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:58:52 host sshd[5065]: Failed password for invalid user root from 189.225.33.149 port 41382 ssh2
Jan 15 23:58:53 host sshd[5065]: Received disconnect from 189.225.33.149 port 41382:11: Bye Bye [preauth]
Jan 15 23:58:53 host sshd[5065]: Disconnected from 189.225.33.149 port 41382 [preauth]
Jan 15 23:59:26 host sshd[5155]: User root from 103.165.78.179 not allowed because not listed in AllowUsers
Jan 15 23:59:26 host sshd[5155]: input_userauth_request: invalid user root [preauth]
Jan 15 23:59:26 host unix_chkpwd[5157]: password check failed for user (root)
Jan 15 23:59:26 host sshd[5155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.165.78.179 user=root
Jan 15 23:59:26 host sshd[5155]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:59:26 host sshd[5153]: User root from 139.59.146.144 not allowed because not listed in AllowUsers
Jan 15 23:59:26 host sshd[5153]: input_userauth_request: invalid user root [preauth]
Jan 15 23:59:26 host unix_chkpwd[5159]: password check failed for user (root)
Jan 15 23:59:26 host sshd[5153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.146.144 user=root
Jan 15 23:59:26 host sshd[5153]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:59:28 host sshd[5155]: Failed password for invalid user root from 103.165.78.179 port 37910 ssh2
Jan 15 23:59:28 host sshd[5155]: Received disconnect from 103.165.78.179 port 37910:11: Bye Bye [preauth]
Jan 15 23:59:28 host sshd[5155]: Disconnected from 103.165.78.179 port 37910 [preauth]
Jan 15 23:59:28 host sshd[5153]: Failed password for invalid user root from 139.59.146.144 port 53494 ssh2
Jan 15 23:59:28 host sshd[5153]: Received disconnect from 139.59.146.144 port 53494:11: Bye Bye [preauth]
Jan 15 23:59:28 host sshd[5153]: Disconnected from 139.59.146.144 port 53494 [preauth]
Jan 15 23:59:31 host sshd[5183]: User root from 41.185.26.240 not allowed because not listed in AllowUsers
Jan 15 23:59:31 host sshd[5183]: input_userauth_request: invalid user root [preauth]
Jan 15 23:59:31 host unix_chkpwd[5247]: password check failed for user (root)
Jan 15 23:59:31 host sshd[5183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.185.26.240 user=root
Jan 15 23:59:31 host sshd[5183]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 15 23:59:32 host sshd[5183]: Failed password for invalid user root from 41.185.26.240 port 60782 ssh2
Jan 15 23:59:33 host sshd[5183]: Received disconnect from 41.185.26.240 port 60782:11: Bye Bye [preauth]
Jan 15 23:59:33 host sshd[5183]: Disconnected from 41.185.26.240 port 60782 [preauth]
Jan 16 00:00:57 host sshd[5471]: Invalid user admin from 103.147.142.204 port 60904
Jan 16 00:00:57 host sshd[5471]: input_userauth_request: invalid user admin [preauth]
Jan 16 00:00:59 host sshd[5471]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:00:59 host sshd[5471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.147.142.204
Jan 16 00:01:01 host sshd[5471]: Failed password for invalid user admin from 103.147.142.204 port 60904 ssh2
Jan 16 00:01:04 host sshd[5471]: Connection closed by 103.147.142.204 port 60904 [preauth]
Jan 16 00:01:42 host sshd[5698]: Invalid user vadmin from 60.249.95.90 port 33591
Jan 16 00:01:42 host sshd[5698]: input_userauth_request: invalid user vadmin [preauth]
Jan 16 00:01:42 host sshd[5698]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:01:42 host sshd[5698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.249.95.90
Jan 16 00:01:44 host sshd[5698]: Failed password for invalid user vadmin from 60.249.95.90 port 33591 ssh2
Jan 16 00:01:44 host sshd[5698]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:01:46 host sshd[5698]: Failed password for invalid user vadmin from 60.249.95.90 port 33591 ssh2
Jan 16 00:01:47 host sshd[5698]: Failed password for invalid user vadmin from 60.249.95.90 port 33591 ssh2
Jan 16 00:02:03 host sshd[5698]: Connection closed by 60.249.95.90 port 33591 [preauth]
Jan 16 00:02:03 host sshd[5698]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.249.95.90
Jan 16 00:05:05 host sshd[6090]: User root from 146.19.24.89 not allowed because not listed in AllowUsers
Jan 16 00:05:05 host sshd[6090]: input_userauth_request: invalid user root [preauth]
Jan 16 00:05:05 host unix_chkpwd[6094]: password check failed for user (root)
Jan 16 00:05:05 host sshd[6090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.19.24.89 user=root
Jan 16 00:05:05 host sshd[6090]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:05:07 host sshd[6090]: Failed password for invalid user root from 146.19.24.89 port 52806 ssh2
Jan 16 00:05:07 host sshd[6090]: Received disconnect from 146.19.24.89 port 52806:11: Bye Bye [preauth]
Jan 16 00:05:07 host sshd[6090]: Disconnected from 146.19.24.89 port 52806 [preauth]
Jan 16 00:05:11 host sshd[6099]: User root from 196.11.86.104 not allowed because not listed in AllowUsers
Jan 16 00:05:11 host sshd[6099]: input_userauth_request: invalid user root [preauth]
Jan 16 00:05:11 host unix_chkpwd[6103]: password check failed for user (root)
Jan 16 00:05:11 host sshd[6099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.11.86.104 user=root
Jan 16 00:05:11 host sshd[6099]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:05:13 host sshd[6099]: Failed password for invalid user root from 196.11.86.104 port 2943 ssh2
Jan 16 00:05:13 host sshd[6099]: Received disconnect from 196.11.86.104 port 2943:11: Bye Bye [preauth]
Jan 16 00:05:13 host sshd[6099]: Disconnected from 196.11.86.104 port 2943 [preauth]
Jan 16 00:06:21 host sshd[6323]: User root from 159.89.194.160 not allowed because not listed in AllowUsers
Jan 16 00:06:21 host sshd[6323]: input_userauth_request: invalid user root [preauth]
Jan 16 00:06:21 host unix_chkpwd[6325]: password check failed for user (root)
Jan 16 00:06:21 host sshd[6323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.194.160 user=root
Jan 16 00:06:21 host sshd[6323]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:06:23 host sshd[6323]: Failed password for invalid user root from 159.89.194.160 port 47812 ssh2
Jan 16 00:06:23 host sshd[6323]: Received disconnect from 159.89.194.160 port 47812:11: Bye Bye [preauth]
Jan 16 00:06:23 host sshd[6323]: Disconnected from 159.89.194.160 port 47812 [preauth]
Jan 16 00:07:12 host sshd[6422]: User root from 84.201.156.194 not allowed because not listed in AllowUsers
Jan 16 00:07:12 host sshd[6422]: input_userauth_request: invalid user root [preauth]
Jan 16 00:07:12 host unix_chkpwd[6425]: password check failed for user (root)
Jan 16 00:07:12 host sshd[6422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.201.156.194 user=root
Jan 16 00:07:12 host sshd[6422]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:07:15 host sshd[6427]: User root from 137.184.0.243 not allowed because not listed in AllowUsers
Jan 16 00:07:15 host sshd[6427]: input_userauth_request: invalid user root [preauth]
Jan 16 00:07:15 host sshd[6422]: Failed password for invalid user root from 84.201.156.194 port 48908 ssh2
Jan 16 00:07:15 host unix_chkpwd[6432]: password check failed for user (root)
Jan 16 00:07:15 host sshd[6427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.0.243 user=root
Jan 16 00:07:15 host sshd[6427]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:07:15 host sshd[6422]: Received disconnect from 84.201.156.194 port 48908:11: Bye Bye [preauth]
Jan 16 00:07:15 host sshd[6422]: Disconnected from 84.201.156.194 port 48908 [preauth]
Jan 16 00:07:16 host sshd[6427]: Failed password for invalid user root from 137.184.0.243 port 40688 ssh2
Jan 16 00:07:17 host sshd[6427]: Received disconnect from 137.184.0.243 port 40688:11: Bye Bye [preauth]
Jan 16 00:07:17 host sshd[6427]: Disconnected from 137.184.0.243 port 40688 [preauth]
Jan 16 00:07:17 host sshd[6437]: User root from 51.91.254.109 not allowed because not listed in AllowUsers
Jan 16 00:07:17 host sshd[6437]: input_userauth_request: invalid user root [preauth]
Jan 16 00:07:17 host unix_chkpwd[6440]: password check failed for user (root)
Jan 16 00:07:17 host sshd[6437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.254.109 user=root
Jan 16 00:07:17 host sshd[6437]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:07:19 host sshd[6437]: Failed password for invalid user root from 51.91.254.109 port 43974 ssh2
Jan 16 00:07:20 host sshd[6437]: Received disconnect from 51.91.254.109 port 43974:11: Bye Bye [preauth]
Jan 16 00:07:20 host sshd[6437]: Disconnected from 51.91.254.109 port 43974 [preauth]
Jan 16 00:07:25 host sshd[6434]: Connection closed by 157.245.252.5 port 37438 [preauth]
Jan 16 00:07:35 host sshd[6476]: User root from 51.68.94.192 not allowed because not listed in AllowUsers
Jan 16 00:07:35 host sshd[6476]: input_userauth_request: invalid user root [preauth]
Jan 16 00:07:35 host unix_chkpwd[6480]: password check failed for user (root)
Jan 16 00:07:35 host sshd[6476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.94.192 user=root
Jan 16 00:07:35 host sshd[6476]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:07:37 host sshd[6476]: Failed password for invalid user root from 51.68.94.192 port 38452 ssh2
Jan 16 00:07:37 host sshd[6476]: Received disconnect from 51.68.94.192 port 38452:11: Bye Bye [preauth]
Jan 16 00:07:37 host sshd[6476]: Disconnected from 51.68.94.192 port 38452 [preauth]
Jan 16 00:07:39 host sshd[6484]: User root from 51.75.124.212 not allowed because not listed in AllowUsers
Jan 16 00:07:39 host sshd[6484]: input_userauth_request: invalid user root [preauth]
Jan 16 00:07:39 host unix_chkpwd[6488]: password check failed for user (root)
Jan 16 00:07:39 host sshd[6484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.124.212 user=root
Jan 16 00:07:39 host sshd[6484]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:07:41 host sshd[6484]: Failed password for invalid user root from 51.75.124.212 port 58082 ssh2
Jan 16 00:07:41 host sshd[6484]: Received disconnect from 51.75.124.212 port 58082:11: Bye Bye [preauth]
Jan 16 00:07:41 host sshd[6484]: Disconnected from 51.75.124.212 port 58082 [preauth]
Jan 16 00:08:18 host sshd[6544]: User root from 149.7.16.55 not allowed because not listed in AllowUsers
Jan 16 00:08:18 host sshd[6544]: input_userauth_request: invalid user root [preauth]
Jan 16 00:08:18 host unix_chkpwd[6549]: password check failed for user (root)
Jan 16 00:08:18 host sshd[6544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.7.16.55 user=root
Jan 16 00:08:18 host sshd[6544]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:08:21 host sshd[6544]: Failed password for invalid user root from 149.7.16.55 port 36428 ssh2
Jan 16 00:08:21 host sshd[6544]: Received disconnect from 149.7.16.55 port 36428:11: Bye Bye [preauth]
Jan 16 00:08:21 host sshd[6544]: Disconnected from 149.7.16.55 port 36428 [preauth]
Jan 16 00:08:28 host sshd[6567]: User root from 103.161.150.82 not allowed because not listed in AllowUsers
Jan 16 00:08:28 host sshd[6567]: input_userauth_request: invalid user root [preauth]
Jan 16 00:08:28 host unix_chkpwd[6570]: password check failed for user (root)
Jan 16 00:08:28 host sshd[6567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.161.150.82 user=root
Jan 16 00:08:28 host sshd[6567]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:08:30 host sshd[6567]: Failed password for invalid user root from 103.161.150.82 port 46846 ssh2
Jan 16 00:08:30 host sshd[6567]: Received disconnect from 103.161.150.82 port 46846:11: Bye Bye [preauth]
Jan 16 00:08:30 host sshd[6567]: Disconnected from 103.161.150.82 port 46846 [preauth]
Jan 16 00:08:44 host sshd[6614]: User root from 51.83.27.205 not allowed because not listed in AllowUsers
Jan 16 00:08:44 host sshd[6614]: input_userauth_request: invalid user root [preauth]
Jan 16 00:08:44 host unix_chkpwd[6616]: password check failed for user (root)
Jan 16 00:08:44 host sshd[6614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.27.205 user=root
Jan 16 00:08:44 host sshd[6614]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:08:46 host sshd[6614]: Failed password for invalid user root from 51.83.27.205 port 50668 ssh2
Jan 16 00:08:46 host sshd[6614]: Received disconnect from 51.83.27.205 port 50668:11: Bye Bye [preauth]
Jan 16 00:08:46 host sshd[6614]: Disconnected from 51.83.27.205 port 50668 [preauth]
Jan 16 00:08:47 host sshd[6620]: User root from 203.113.167.3 not allowed because not listed in AllowUsers
Jan 16 00:08:47 host sshd[6620]: input_userauth_request: invalid user root [preauth]
Jan 16 00:08:47 host unix_chkpwd[6623]: password check failed for user (root)
Jan 16 00:08:47 host sshd[6620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.113.167.3 user=root
Jan 16 00:08:47 host sshd[6620]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:08:48 host sshd[6618]: User root from 218.150.239.195 not allowed because not listed in AllowUsers
Jan 16 00:08:48 host sshd[6618]: input_userauth_request: invalid user root [preauth]
Jan 16 00:08:48 host unix_chkpwd[6625]: password check failed for user (root)
Jan 16 00:08:48 host sshd[6618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.150.239.195 user=root
Jan 16 00:08:48 host sshd[6618]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:08:49 host sshd[6620]: Failed password for invalid user root from 203.113.167.3 port 59208 ssh2
Jan 16 00:08:49 host sshd[6620]: Received disconnect from 203.113.167.3 port 59208:11: Bye Bye [preauth]
Jan 16 00:08:49 host sshd[6620]: Disconnected from 203.113.167.3 port 59208 [preauth]
Jan 16 00:08:50 host sshd[6618]: Failed password for invalid user root from 218.150.239.195 port 60430 ssh2
Jan 16 00:08:50 host unix_chkpwd[6629]: password check failed for user (root)
Jan 16 00:08:50 host sshd[6618]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:08:52 host sshd[6618]: Failed password for invalid user root from 218.150.239.195 port 60430 ssh2
Jan 16 00:08:53 host sshd[6618]: Connection reset by 218.150.239.195 port 60430 [preauth]
Jan 16 00:08:53 host sshd[6618]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.150.239.195 user=root
Jan 16 00:09:46 host sshd[6723]: User root from 138.2.123.176 not allowed because not listed in AllowUsers
Jan 16 00:09:46 host sshd[6723]: input_userauth_request: invalid user root [preauth]
Jan 16 00:09:46 host unix_chkpwd[6725]: password check failed for user (root)
Jan 16 00:09:46 host sshd[6723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.2.123.176 user=root
Jan 16 00:09:46 host sshd[6723]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:09:48 host sshd[6723]: Failed password for invalid user root from 138.2.123.176 port 43654 ssh2
Jan 16 00:09:48 host sshd[6723]: Received disconnect from 138.2.123.176 port 43654:11: Bye Bye [preauth]
Jan 16 00:09:48 host sshd[6723]: Disconnected from 138.2.123.176 port 43654 [preauth]
Jan 16 00:10:45 host sshd[6861]: User root from 145.239.90.141 not allowed because not listed in AllowUsers
Jan 16 00:10:45 host sshd[6861]: input_userauth_request: invalid user root [preauth]
Jan 16 00:10:45 host unix_chkpwd[6864]: password check failed for user (root)
Jan 16 00:10:45 host sshd[6861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.90.141 user=root
Jan 16 00:10:45 host sshd[6861]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:10:46 host sshd[6861]: Failed password for invalid user root from 145.239.90.141 port 48986 ssh2
Jan 16 00:10:46 host sshd[6861]: Received disconnect from 145.239.90.141 port 48986:11: Bye Bye [preauth]
Jan 16 00:10:46 host sshd[6861]: Disconnected from 145.239.90.141 port 48986 [preauth]
Jan 16 00:10:56 host sshd[6877]: User root from 146.19.24.89 not allowed because not listed in AllowUsers
Jan 16 00:10:56 host sshd[6877]: input_userauth_request: invalid user root [preauth]
Jan 16 00:10:56 host unix_chkpwd[6884]: password check failed for user (root)
Jan 16 00:10:56 host sshd[6877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.19.24.89 user=root
Jan 16 00:10:56 host sshd[6877]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:10:57 host sshd[6879]: User root from 69.49.245.238 not allowed because not listed in AllowUsers
Jan 16 00:10:57 host sshd[6879]: input_userauth_request: invalid user root [preauth]
Jan 16 00:10:57 host sshd[6881]: User root from 70.37.75.157 not allowed because not listed in AllowUsers
Jan 16 00:10:57 host sshd[6881]: input_userauth_request: invalid user root [preauth]
Jan 16 00:10:57 host unix_chkpwd[6885]: password check failed for user (root)
Jan 16 00:10:57 host sshd[6879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.49.245.238 user=root
Jan 16 00:10:57 host sshd[6879]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:10:57 host unix_chkpwd[6886]: password check failed for user (root)
Jan 16 00:10:57 host sshd[6881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=70.37.75.157 user=root
Jan 16 00:10:57 host sshd[6881]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:10:58 host sshd[6877]: Failed password for invalid user root from 146.19.24.89 port 55272 ssh2
Jan 16 00:10:58 host sshd[6877]: Received disconnect from 146.19.24.89 port 55272:11: Bye Bye [preauth]
Jan 16 00:10:58 host sshd[6877]: Disconnected from 146.19.24.89 port 55272 [preauth]
Jan 16 00:10:59 host sshd[6879]: Failed password for invalid user root from 69.49.245.238 port 46630 ssh2
Jan 16 00:10:59 host sshd[6881]: Failed password for invalid user root from 70.37.75.157 port 58482 ssh2
Jan 16 00:10:59 host sshd[6879]: Received disconnect from 69.49.245.238 port 46630:11: Bye Bye [preauth]
Jan 16 00:10:59 host sshd[6879]: Disconnected from 69.49.245.238 port 46630 [preauth]
Jan 16 00:10:59 host sshd[6881]: Received disconnect from 70.37.75.157 port 58482:11: Bye Bye [preauth]
Jan 16 00:10:59 host sshd[6881]: Disconnected from 70.37.75.157 port 58482 [preauth]
Jan 16 00:11:20 host sshd[7053]: User root from 51.68.94.192 not allowed because not listed in AllowUsers
Jan 16 00:11:20 host sshd[7053]: input_userauth_request: invalid user root [preauth]
Jan 16 00:11:20 host unix_chkpwd[7055]: password check failed for user (root)
Jan 16 00:11:20 host sshd[7053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.94.192 user=root
Jan 16 00:11:20 host sshd[7053]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:11:22 host sshd[7053]: Failed password for invalid user root from 51.68.94.192 port 60074 ssh2
Jan 16 00:11:22 host sshd[7053]: Received disconnect from 51.68.94.192 port 60074:11: Bye Bye [preauth]
Jan 16 00:11:22 host sshd[7053]: Disconnected from 51.68.94.192 port 60074 [preauth]
Jan 16 00:11:35 host sshd[7128]: User root from 51.91.254.109 not allowed because not listed in AllowUsers
Jan 16 00:11:35 host sshd[7128]: input_userauth_request: invalid user root [preauth]
Jan 16 00:11:35 host unix_chkpwd[7131]: password check failed for user (root)
Jan 16 00:11:35 host sshd[7128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.254.109 user=root
Jan 16 00:11:35 host sshd[7128]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:11:37 host sshd[7128]: Failed password for invalid user root from 51.91.254.109 port 56778 ssh2
Jan 16 00:11:37 host sshd[7128]: Received disconnect from 51.91.254.109 port 56778:11: Bye Bye [preauth]
Jan 16 00:11:37 host sshd[7128]: Disconnected from 51.91.254.109 port 56778 [preauth]
Jan 16 00:11:39 host sshd[7135]: User root from 149.7.16.55 not allowed because not listed in AllowUsers
Jan 16 00:11:39 host sshd[7135]: input_userauth_request: invalid user root [preauth]
Jan 16 00:11:39 host unix_chkpwd[7156]: password check failed for user (root)
Jan 16 00:11:39 host sshd[7135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.7.16.55 user=root
Jan 16 00:11:39 host sshd[7135]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:11:42 host sshd[7135]: Failed password for invalid user root from 149.7.16.55 port 47566 ssh2
Jan 16 00:11:42 host sshd[7135]: Received disconnect from 149.7.16.55 port 47566:11: Bye Bye [preauth]
Jan 16 00:11:42 host sshd[7135]: Disconnected from 149.7.16.55 port 47566 [preauth]
Jan 16 00:11:45 host sshd[7176]: User root from 196.11.86.104 not allowed because not listed in AllowUsers
Jan 16 00:11:45 host sshd[7176]: input_userauth_request: invalid user root [preauth]
Jan 16 00:11:45 host unix_chkpwd[7201]: password check failed for user (root)
Jan 16 00:11:45 host sshd[7176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.11.86.104 user=root
Jan 16 00:11:45 host sshd[7176]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:11:45 host sshd[7184]: User root from 51.83.27.205 not allowed because not listed in AllowUsers
Jan 16 00:11:45 host sshd[7184]: input_userauth_request: invalid user root [preauth]
Jan 16 00:11:45 host unix_chkpwd[7208]: password check failed for user (root)
Jan 16 00:11:45 host sshd[7184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.27.205 user=root
Jan 16 00:11:45 host sshd[7184]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:11:47 host sshd[7176]: Failed password for invalid user root from 196.11.86.104 port 1830 ssh2
Jan 16 00:11:47 host sshd[7184]: Failed password for invalid user root from 51.83.27.205 port 51956 ssh2
Jan 16 00:11:47 host sshd[7184]: Received disconnect from 51.83.27.205 port 51956:11: Bye Bye [preauth]
Jan 16 00:11:47 host sshd[7184]: Disconnected from 51.83.27.205 port 51956 [preauth]
Jan 16 00:11:47 host sshd[7176]: Received disconnect from 196.11.86.104 port 1830:11: Bye Bye [preauth]
Jan 16 00:11:47 host sshd[7176]: Disconnected from 196.11.86.104 port 1830 [preauth]
Jan 16 00:12:02 host sshd[7306]: User root from 84.201.156.194 not allowed because not listed in AllowUsers
Jan 16 00:12:02 host sshd[7306]: input_userauth_request: invalid user root [preauth]
Jan 16 00:12:02 host unix_chkpwd[7311]: password check failed for user (root)
Jan 16 00:12:02 host sshd[7306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.201.156.194 user=root
Jan 16 00:12:02 host sshd[7306]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:12:04 host sshd[7306]: Failed password for invalid user root from 84.201.156.194 port 42296 ssh2
Jan 16 00:12:04 host sshd[7306]: Received disconnect from 84.201.156.194 port 42296:11: Bye Bye [preauth]
Jan 16 00:12:04 host sshd[7306]: Disconnected from 84.201.156.194 port 42296 [preauth]
Jan 16 00:12:18 host sshd[7367]: User root from 51.75.124.212 not allowed because not listed in AllowUsers
Jan 16 00:12:18 host sshd[7367]: input_userauth_request: invalid user root [preauth]
Jan 16 00:12:18 host unix_chkpwd[7370]: password check failed for user (root)
Jan 16 00:12:18 host sshd[7367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.124.212 user=root
Jan 16 00:12:18 host sshd[7367]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:12:20 host sshd[7367]: Failed password for invalid user root from 51.75.124.212 port 47740 ssh2
Jan 16 00:12:27 host sshd[7408]: User root from 159.89.194.160 not allowed because not listed in AllowUsers
Jan 16 00:12:27 host sshd[7408]: input_userauth_request: invalid user root [preauth]
Jan 16 00:12:27 host unix_chkpwd[7410]: password check failed for user (root)
Jan 16 00:12:27 host sshd[7408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.194.160 user=root
Jan 16 00:12:27 host sshd[7408]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:12:29 host sshd[7408]: Failed password for invalid user root from 159.89.194.160 port 44986 ssh2
Jan 16 00:12:29 host sshd[7408]: Received disconnect from 159.89.194.160 port 44986:11: Bye Bye [preauth]
Jan 16 00:12:29 host sshd[7408]: Disconnected from 159.89.194.160 port 44986 [preauth]
Jan 16 00:12:36 host sshd[7472]: User root from 203.113.167.3 not allowed because not listed in AllowUsers
Jan 16 00:12:36 host sshd[7472]: input_userauth_request: invalid user root [preauth]
Jan 16 00:12:36 host unix_chkpwd[7475]: password check failed for user (root)
Jan 16 00:12:36 host sshd[7472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.113.167.3 user=root
Jan 16 00:12:36 host sshd[7472]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:12:38 host sshd[7472]: Failed password for invalid user root from 203.113.167.3 port 34906 ssh2
Jan 16 00:12:38 host sshd[7472]: Received disconnect from 203.113.167.3 port 34906:11: Bye Bye [preauth]
Jan 16 00:12:38 host sshd[7472]: Disconnected from 203.113.167.3 port 34906 [preauth]
Jan 16 00:12:44 host sshd[7521]: User root from 103.161.150.82 not allowed because not listed in AllowUsers
Jan 16 00:12:44 host sshd[7521]: input_userauth_request: invalid user root [preauth]
Jan 16 00:12:44 host unix_chkpwd[7523]: password check failed for user (root)
Jan 16 00:12:44 host sshd[7521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.161.150.82 user=root
Jan 16 00:12:44 host sshd[7521]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:12:46 host sshd[7521]: Failed password for invalid user root from 103.161.150.82 port 40740 ssh2
Jan 16 00:12:46 host sshd[7521]: Received disconnect from 103.161.150.82 port 40740:11: Bye Bye [preauth]
Jan 16 00:12:46 host sshd[7521]: Disconnected from 103.161.150.82 port 40740 [preauth]
Jan 16 00:12:51 host sshd[7547]: User root from 137.184.0.243 not allowed because not listed in AllowUsers
Jan 16 00:12:51 host sshd[7547]: input_userauth_request: invalid user root [preauth]
Jan 16 00:12:51 host unix_chkpwd[7562]: password check failed for user (root)
Jan 16 00:12:51 host sshd[7547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.0.243 user=root
Jan 16 00:12:51 host sshd[7547]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:12:53 host sshd[7547]: Failed password for invalid user root from 137.184.0.243 port 55080 ssh2
Jan 16 00:12:53 host sshd[7547]: Received disconnect from 137.184.0.243 port 55080:11: Bye Bye [preauth]
Jan 16 00:12:53 host sshd[7547]: Disconnected from 137.184.0.243 port 55080 [preauth]
Jan 16 00:12:55 host sshd[7567]: User root from 69.49.245.238 not allowed because not listed in AllowUsers
Jan 16 00:12:55 host sshd[7567]: input_userauth_request: invalid user root [preauth]
Jan 16 00:12:55 host unix_chkpwd[7591]: password check failed for user (root)
Jan 16 00:12:55 host sshd[7567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.49.245.238 user=root
Jan 16 00:12:55 host sshd[7567]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:12:55 host sshd[7575]: User root from 145.239.90.141 not allowed because not listed in AllowUsers
Jan 16 00:12:55 host sshd[7575]: input_userauth_request: invalid user root [preauth]
Jan 16 00:12:55 host unix_chkpwd[7603]: password check failed for user (root)
Jan 16 00:12:55 host sshd[7575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.90.141 user=root
Jan 16 00:12:55 host sshd[7575]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:12:57 host sshd[7567]: Failed password for invalid user root from 69.49.245.238 port 46350 ssh2
Jan 16 00:12:57 host sshd[7567]: Received disconnect from 69.49.245.238 port 46350:11: Bye Bye [preauth]
Jan 16 00:12:57 host sshd[7567]: Disconnected from 69.49.245.238 port 46350 [preauth]
Jan 16 00:12:57 host sshd[7575]: Failed password for invalid user root from 145.239.90.141 port 49102 ssh2
Jan 16 00:12:58 host sshd[7575]: Received disconnect from 145.239.90.141 port 49102:11: Bye Bye [preauth]
Jan 16 00:12:58 host sshd[7575]: Disconnected from 145.239.90.141 port 49102 [preauth]
Jan 16 00:14:24 host sshd[7962]: User root from 138.2.123.176 not allowed because not listed in AllowUsers
Jan 16 00:14:24 host sshd[7962]: input_userauth_request: invalid user root [preauth]
Jan 16 00:14:24 host unix_chkpwd[7965]: password check failed for user (root)
Jan 16 00:14:24 host sshd[7962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.2.123.176 user=root
Jan 16 00:14:24 host sshd[7962]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:14:26 host sshd[7962]: Failed password for invalid user root from 138.2.123.176 port 52092 ssh2
Jan 16 00:14:26 host sshd[7962]: Received disconnect from 138.2.123.176 port 52092:11: Bye Bye [preauth]
Jan 16 00:14:26 host sshd[7962]: Disconnected from 138.2.123.176 port 52092 [preauth]
Jan 16 00:14:30 host sshd[7981]: User root from 70.37.75.157 not allowed because not listed in AllowUsers
Jan 16 00:14:30 host sshd[7981]: input_userauth_request: invalid user root [preauth]
Jan 16 00:14:30 host unix_chkpwd[8047]: password check failed for user (root)
Jan 16 00:14:30 host sshd[7981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=70.37.75.157 user=root
Jan 16 00:14:30 host sshd[7981]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:14:31 host sshd[7981]: Failed password for invalid user root from 70.37.75.157 port 47088 ssh2
Jan 16 00:14:32 host sshd[7981]: Received disconnect from 70.37.75.157 port 47088:11: Bye Bye [preauth]
Jan 16 00:14:32 host sshd[7981]: Disconnected from 70.37.75.157 port 47088 [preauth]
Jan 16 00:16:45 host sshd[9148]: Connection reset by 118.169.137.92 port 33425 [preauth]
Jan 16 00:17:08 host sshd[9194]: User root from 61.93.240.18 not allowed because not listed in AllowUsers
Jan 16 00:17:08 host sshd[9194]: input_userauth_request: invalid user root [preauth]
Jan 16 00:17:08 host unix_chkpwd[9196]: password check failed for user (root)
Jan 16 00:17:08 host sshd[9194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.93.240.18 user=root
Jan 16 00:17:08 host sshd[9194]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:17:10 host sshd[9194]: Failed password for invalid user root from 61.93.240.18 port 53844 ssh2
Jan 16 00:17:10 host sshd[9194]: Received disconnect from 61.93.240.18 port 53844:11: Bye Bye [preauth]
Jan 16 00:17:10 host sshd[9194]: Disconnected from 61.93.240.18 port 53844 [preauth]
Jan 16 00:17:25 host sshd[9211]: User root from 27.50.54.52 not allowed because not listed in AllowUsers
Jan 16 00:17:25 host sshd[9211]: input_userauth_request: invalid user root [preauth]
Jan 16 00:17:25 host unix_chkpwd[9213]: password check failed for user (root)
Jan 16 00:17:25 host sshd[9211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.50.54.52 user=root
Jan 16 00:17:25 host sshd[9211]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:17:27 host sshd[9215]: User root from 211.20.14.156 not allowed because not listed in AllowUsers
Jan 16 00:17:27 host sshd[9215]: input_userauth_request: invalid user root [preauth]
Jan 16 00:17:27 host unix_chkpwd[9219]: password check failed for user (root)
Jan 16 00:17:27 host sshd[9215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.20.14.156 user=root
Jan 16 00:17:27 host sshd[9215]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:17:27 host sshd[9211]: Failed password for invalid user root from 27.50.54.52 port 39100 ssh2
Jan 16 00:17:27 host sshd[9211]: Received disconnect from 27.50.54.52 port 39100:11: Bye Bye [preauth]
Jan 16 00:17:27 host sshd[9211]: Disconnected from 27.50.54.52 port 39100 [preauth]
Jan 16 00:17:28 host sshd[9215]: Failed password for invalid user root from 211.20.14.156 port 51688 ssh2
Jan 16 00:17:28 host sshd[9215]: Received disconnect from 211.20.14.156 port 51688:11: Bye Bye [preauth]
Jan 16 00:17:28 host sshd[9215]: Disconnected from 211.20.14.156 port 51688 [preauth]
Jan 16 00:18:18 host sshd[9310]: User root from 140.207.232.13 not allowed because not listed in AllowUsers
Jan 16 00:18:18 host sshd[9310]: input_userauth_request: invalid user root [preauth]
Jan 16 00:18:18 host unix_chkpwd[9313]: password check failed for user (root)
Jan 16 00:18:18 host sshd[9310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.207.232.13 user=root
Jan 16 00:18:18 host sshd[9310]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:18:20 host sshd[9310]: Failed password for invalid user root from 140.207.232.13 port 41108 ssh2
Jan 16 00:18:20 host sshd[9310]: Received disconnect from 140.207.232.13 port 41108:11: Bye Bye [preauth]
Jan 16 00:18:20 host sshd[9310]: Disconnected from 140.207.232.13 port 41108 [preauth]
Jan 16 00:19:09 host sshd[9516]: Invalid user admin from 107.211.202.196 port 60153
Jan 16 00:19:09 host sshd[9516]: input_userauth_request: invalid user admin [preauth]
Jan 16 00:19:09 host sshd[9516]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:19:09 host sshd[9516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.211.202.196
Jan 16 00:19:11 host sshd[9516]: Failed password for invalid user admin from 107.211.202.196 port 60153 ssh2
Jan 16 00:19:11 host sshd[9516]: Connection closed by 107.211.202.196 port 60153 [preauth]
Jan 16 00:19:12 host sshd[9522]: Connection closed by 172.105.128.12 port 51944 [preauth]
Jan 16 00:19:14 host sshd[9526]: Connection closed by 172.105.128.12 port 51960 [preauth]
Jan 16 00:19:15 host sshd[9530]: Connection closed by 172.105.128.12 port 51966 [preauth]
Jan 16 00:19:25 host sshd[9542]: User root from 89.40.72.31 not allowed because not listed in AllowUsers
Jan 16 00:19:25 host sshd[9542]: input_userauth_request: invalid user root [preauth]
Jan 16 00:19:25 host unix_chkpwd[9545]: password check failed for user (root)
Jan 16 00:19:25 host sshd[9542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.40.72.31 user=root
Jan 16 00:19:25 host sshd[9542]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:19:28 host sshd[9542]: Failed password for invalid user root from 89.40.72.31 port 43852 ssh2
Jan 16 00:19:28 host sshd[9542]: Received disconnect from 89.40.72.31 port 43852:11: Bye Bye [preauth]
Jan 16 00:19:28 host sshd[9542]: Disconnected from 89.40.72.31 port 43852 [preauth]
Jan 16 00:21:11 host sshd[9770]: User root from 61.93.240.18 not allowed because not listed in AllowUsers
Jan 16 00:21:11 host sshd[9770]: input_userauth_request: invalid user root [preauth]
Jan 16 00:21:11 host unix_chkpwd[9773]: password check failed for user (root)
Jan 16 00:21:11 host sshd[9770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.93.240.18 user=root
Jan 16 00:21:11 host sshd[9770]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:21:14 host sshd[9770]: Failed password for invalid user root from 61.93.240.18 port 46834 ssh2
Jan 16 00:21:14 host sshd[9770]: Received disconnect from 61.93.240.18 port 46834:11: Bye Bye [preauth]
Jan 16 00:21:14 host sshd[9770]: Disconnected from 61.93.240.18 port 46834 [preauth]
Jan 16 00:21:30 host sshd[9845]: User root from 42.200.11.54 not allowed because not listed in AllowUsers
Jan 16 00:21:30 host sshd[9845]: input_userauth_request: invalid user root [preauth]
Jan 16 00:21:30 host unix_chkpwd[9847]: password check failed for user (root)
Jan 16 00:21:30 host sshd[9845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.200.11.54 user=root
Jan 16 00:21:30 host sshd[9845]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:21:32 host sshd[9845]: Failed password for invalid user root from 42.200.11.54 port 57370 ssh2
Jan 16 00:21:32 host sshd[9845]: Received disconnect from 42.200.11.54 port 57370:11: Bye Bye [preauth]
Jan 16 00:21:32 host sshd[9845]: Disconnected from 42.200.11.54 port 57370 [preauth]
Jan 16 00:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 00:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 00:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=keralaholi user-3=wwwresourcehunte user-4=wwwrmswll user-5=ugotscom user-6=travelboniface user-7=cochintaxi user-8=wwwkaretakers user-9=laundryboniface user-10=a2zgroup user-11=dartsimp user-12=straightcurve user-13=wwwletsstalkfood user-14=bonifacegroup user-15=wwwevmhonda user-16=wwwnexidigital user-17=mrsclean user-18=palco123 user-19=gifterman user-20=phmetals user-21=kottayamcalldriv user-22=wwwkapin user-23=woodpeck user-24=disposeat user-25=remysagr user-26=wwwkmaorg user-27=pmcresources user-28=vfmassets user-29=shalinijames user-30=wwwtestugo feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 00:22:02 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 00:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 00:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-A0Nv2Sdp7qf3OvK0.~
Jan 16 00:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-A0Nv2Sdp7qf3OvK0.~'
Jan 16 00:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-A0Nv2Sdp7qf3OvK0.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 00:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 00:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 00:22:03 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 00:22:03 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 00:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 00:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 00:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 00:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 00:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 00:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 00:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 00:22:41 host sshd[10222]: User root from 27.50.54.52 not allowed because not listed in AllowUsers
Jan 16 00:22:41 host sshd[10222]: input_userauth_request: invalid user root [preauth]
Jan 16 00:22:41 host unix_chkpwd[10224]: password check failed for user (root)
Jan 16 00:22:41 host sshd[10222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.50.54.52 user=root
Jan 16 00:22:41 host sshd[10222]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:22:42 host sshd[10222]: Failed password for invalid user root from 27.50.54.52 port 36592 ssh2
Jan 16 00:22:42 host sshd[10222]: Received disconnect from 27.50.54.52 port 36592:11: Bye Bye [preauth]
Jan 16 00:22:42 host sshd[10222]: Disconnected from 27.50.54.52 port 36592 [preauth]
Jan 16 00:22:48 host sshd[10262]: User root from 162.243.116.41 not allowed because not listed in AllowUsers
Jan 16 00:22:48 host sshd[10262]: input_userauth_request: invalid user root [preauth]
Jan 16 00:22:48 host unix_chkpwd[10267]: password check failed for user (root)
Jan 16 00:22:48 host sshd[10262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.243.116.41 user=root
Jan 16 00:22:48 host sshd[10262]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:22:51 host sshd[10262]: Failed password for invalid user root from 162.243.116.41 port 53526 ssh2
Jan 16 00:22:51 host sshd[10262]: Received disconnect from 162.243.116.41 port 53526:11: Bye Bye [preauth]
Jan 16 00:22:51 host sshd[10262]: Disconnected from 162.243.116.41 port 53526 [preauth]
Jan 16 00:23:05 host sshd[10294]: User root from 164.163.98.49 not allowed because not listed in AllowUsers
Jan 16 00:23:05 host sshd[10294]: input_userauth_request: invalid user root [preauth]
Jan 16 00:23:05 host unix_chkpwd[10306]: password check failed for user (root)
Jan 16 00:23:05 host sshd[10294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.163.98.49 user=root
Jan 16 00:23:05 host sshd[10294]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:23:07 host sshd[10294]: Failed password for invalid user root from 164.163.98.49 port 56806 ssh2
Jan 16 00:23:07 host sshd[10294]: Received disconnect from 164.163.98.49 port 56806:11: Bye Bye [preauth]
Jan 16 00:23:07 host sshd[10294]: Disconnected from 164.163.98.49 port 56806 [preauth]
Jan 16 00:23:07 host sshd[10308]: User root from 207.154.215.181 not allowed because not listed in AllowUsers
Jan 16 00:23:07 host sshd[10308]: input_userauth_request: invalid user root [preauth]
Jan 16 00:23:07 host unix_chkpwd[10312]: password check failed for user (root)
Jan 16 00:23:07 host sshd[10308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.215.181 user=root
Jan 16 00:23:07 host sshd[10308]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:23:10 host sshd[10308]: Failed password for invalid user root from 207.154.215.181 port 50988 ssh2
Jan 16 00:23:10 host sshd[10308]: Received disconnect from 207.154.215.181 port 50988:11: Bye Bye [preauth]
Jan 16 00:23:10 host sshd[10308]: Disconnected from 207.154.215.181 port 50988 [preauth]
Jan 16 00:23:27 host sshd[10338]: User root from 89.40.72.31 not allowed because not listed in AllowUsers
Jan 16 00:23:27 host sshd[10338]: input_userauth_request: invalid user root [preauth]
Jan 16 00:23:27 host unix_chkpwd[10362]: password check failed for user (root)
Jan 16 00:23:27 host sshd[10338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.40.72.31 user=root
Jan 16 00:23:27 host sshd[10338]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:23:29 host sshd[10338]: Failed password for invalid user root from 89.40.72.31 port 33618 ssh2
Jan 16 00:23:29 host sshd[10338]: Received disconnect from 89.40.72.31 port 33618:11: Bye Bye [preauth]
Jan 16 00:23:29 host sshd[10338]: Disconnected from 89.40.72.31 port 33618 [preauth]
Jan 16 00:23:36 host sshd[10502]: User root from 42.200.11.54 not allowed because not listed in AllowUsers
Jan 16 00:23:36 host sshd[10502]: input_userauth_request: invalid user root [preauth]
Jan 16 00:23:36 host unix_chkpwd[10508]: password check failed for user (root)
Jan 16 00:23:36 host sshd[10502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.200.11.54 user=root
Jan 16 00:23:36 host sshd[10502]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:23:38 host sshd[10502]: Failed password for invalid user root from 42.200.11.54 port 59486 ssh2
Jan 16 00:23:38 host sshd[10502]: Received disconnect from 42.200.11.54 port 59486:11: Bye Bye [preauth]
Jan 16 00:23:38 host sshd[10502]: Disconnected from 42.200.11.54 port 59486 [preauth]
Jan 16 00:23:47 host sshd[10556]: User root from 211.20.14.156 not allowed because not listed in AllowUsers
Jan 16 00:23:47 host sshd[10556]: input_userauth_request: invalid user root [preauth]
Jan 16 00:23:47 host unix_chkpwd[10560]: password check failed for user (root)
Jan 16 00:23:47 host sshd[10556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.20.14.156 user=root
Jan 16 00:23:47 host sshd[10556]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:23:48 host sshd[10562]: User root from 220.130.54.196 not allowed because not listed in AllowUsers
Jan 16 00:23:48 host sshd[10562]: input_userauth_request: invalid user root [preauth]
Jan 16 00:23:48 host unix_chkpwd[10565]: password check failed for user (root)
Jan 16 00:23:48 host sshd[10562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.130.54.196 user=root
Jan 16 00:23:48 host sshd[10562]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:23:49 host sshd[10556]: Failed password for invalid user root from 211.20.14.156 port 54297 ssh2
Jan 16 00:23:49 host sshd[10556]: Received disconnect from 211.20.14.156 port 54297:11: Bye Bye [preauth]
Jan 16 00:23:49 host sshd[10556]: Disconnected from 211.20.14.156 port 54297 [preauth]
Jan 16 00:23:50 host sshd[10562]: Failed password for invalid user root from 220.130.54.196 port 33057 ssh2
Jan 16 00:23:50 host sshd[10597]: User root from 103.115.24.11 not allowed because not listed in AllowUsers
Jan 16 00:23:50 host sshd[10597]: input_userauth_request: invalid user root [preauth]
Jan 16 00:23:50 host unix_chkpwd[10600]: password check failed for user (root)
Jan 16 00:23:50 host sshd[10597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.24.11 user=root
Jan 16 00:23:50 host sshd[10597]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:23:51 host unix_chkpwd[10601]: password check failed for user (root)
Jan 16 00:23:51 host sshd[10562]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:23:52 host sshd[10562]: Failed password for invalid user root from 220.130.54.196 port 33057 ssh2
Jan 16 00:23:53 host unix_chkpwd[10606]: password check failed for user (root)
Jan 16 00:23:53 host sshd[10562]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:23:53 host sshd[10597]: Failed password for invalid user root from 103.115.24.11 port 47298 ssh2
Jan 16 00:23:53 host sshd[10597]: Received disconnect from 103.115.24.11 port 47298:11: Bye Bye [preauth]
Jan 16 00:23:53 host sshd[10597]: Disconnected from 103.115.24.11 port 47298 [preauth]
Jan 16 00:23:55 host sshd[10562]: Failed password for invalid user root from 220.130.54.196 port 33057 ssh2
Jan 16 00:23:57 host sshd[10562]: Connection reset by 220.130.54.196 port 33057 [preauth]
Jan 16 00:23:57 host sshd[10562]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.130.54.196 user=root
Jan 16 00:24:26 host sshd[10723]: User root from 162.243.116.41 not allowed because not listed in AllowUsers
Jan 16 00:24:26 host sshd[10723]: input_userauth_request: invalid user root [preauth]
Jan 16 00:24:26 host unix_chkpwd[10727]: password check failed for user (root)
Jan 16 00:24:26 host sshd[10723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.243.116.41 user=root
Jan 16 00:24:26 host sshd[10723]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:24:28 host sshd[10723]: Failed password for invalid user root from 162.243.116.41 port 51568 ssh2
Jan 16 00:24:28 host sshd[10723]: Received disconnect from 162.243.116.41 port 51568:11: Bye Bye [preauth]
Jan 16 00:24:28 host sshd[10723]: Disconnected from 162.243.116.41 port 51568 [preauth]
Jan 16 00:24:39 host sshd[10814]: User root from 207.154.215.181 not allowed because not listed in AllowUsers
Jan 16 00:24:39 host sshd[10814]: input_userauth_request: invalid user root [preauth]
Jan 16 00:24:39 host unix_chkpwd[10817]: password check failed for user (root)
Jan 16 00:24:39 host sshd[10814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.215.181 user=root
Jan 16 00:24:39 host sshd[10814]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:24:40 host sshd[10814]: Failed password for invalid user root from 207.154.215.181 port 51128 ssh2
Jan 16 00:24:46 host sshd[10855]: User root from 164.163.98.49 not allowed because not listed in AllowUsers
Jan 16 00:24:46 host sshd[10855]: input_userauth_request: invalid user root [preauth]
Jan 16 00:24:46 host unix_chkpwd[10863]: password check failed for user (root)
Jan 16 00:24:46 host sshd[10855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.163.98.49 user=root
Jan 16 00:24:46 host sshd[10855]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:24:48 host sshd[10855]: Failed password for invalid user root from 164.163.98.49 port 42381 ssh2
Jan 16 00:24:48 host sshd[10855]: Received disconnect from 164.163.98.49 port 42381:11: Bye Bye [preauth]
Jan 16 00:24:48 host sshd[10855]: Disconnected from 164.163.98.49 port 42381 [preauth]
Jan 16 00:25:16 host sshd[10979]: User sshd from 194.169.175.102 not allowed because not listed in AllowUsers
Jan 16 00:25:16 host sshd[10979]: input_userauth_request: invalid user sshd [preauth]
Jan 16 00:25:16 host unix_chkpwd[10983]: password check failed for user (sshd)
Jan 16 00:25:16 host sshd[10979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 user=sshd
Jan 16 00:25:16 host sshd[10979]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd"
Jan 16 00:25:18 host sshd[10979]: Failed password for invalid user sshd from 194.169.175.102 port 59523 ssh2
Jan 16 00:25:18 host sshd[10979]: Received disconnect from 194.169.175.102 port 59523:11: Client disconnecting normally [preauth]
Jan 16 00:25:18 host sshd[10979]: Disconnected from 194.169.175.102 port 59523 [preauth]
Jan 16 00:26:07 host sshd[11139]: User root from 103.115.24.11 not allowed because not listed in AllowUsers
Jan 16 00:26:07 host sshd[11139]: input_userauth_request: invalid user root [preauth]
Jan 16 00:26:08 host unix_chkpwd[11141]: password check failed for user (root)
Jan 16 00:26:08 host sshd[11139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.24.11 user=root
Jan 16 00:26:08 host sshd[11139]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:26:10 host sshd[11139]: Failed password for invalid user root from 103.115.24.11 port 52210 ssh2
Jan 16 00:26:10 host sshd[11139]: Received disconnect from 103.115.24.11 port 52210:11: Bye Bye [preauth]
Jan 16 00:26:10 host sshd[11139]: Disconnected from 103.115.24.11 port 52210 [preauth]
Jan 16 00:28:29 host sshd[11648]: User root from 140.207.232.13 not allowed because not listed in AllowUsers
Jan 16 00:28:29 host sshd[11648]: input_userauth_request: invalid user root [preauth]
Jan 16 00:28:29 host unix_chkpwd[11654]: password check failed for user (root)
Jan 16 00:28:29 host sshd[11648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.207.232.13 user=root
Jan 16 00:28:29 host sshd[11648]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:28:31 host sshd[11648]: Failed password for invalid user root from 140.207.232.13 port 48478 ssh2
Jan 16 00:38:15 host sshd[13603]: Invalid user engineer from 103.70.46.12 port 51875
Jan 16 00:38:15 host sshd[13603]: input_userauth_request: invalid user engineer [preauth]
Jan 16 00:38:15 host sshd[13603]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:38:15 host sshd[13603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.46.12
Jan 16 00:38:17 host sshd[13603]: Failed password for invalid user engineer from 103.70.46.12 port 51875 ssh2
Jan 16 00:38:18 host sshd[13603]: Connection closed by 103.70.46.12 port 51875 [preauth]
Jan 16 00:38:34 host sshd[13657]: Did not receive identification string from 3.38.214.0 port 37372
Jan 16 00:38:43 host sshd[13665]: Invalid user ubuntu from 3.38.214.0 port 37900
Jan 16 00:38:43 host sshd[13665]: input_userauth_request: invalid user ubuntu [preauth]
Jan 16 00:38:43 host sshd[13673]: Invalid user user from 3.38.214.0 port 37890
Jan 16 00:38:43 host sshd[13673]: input_userauth_request: invalid user user [preauth]
Jan 16 00:38:43 host sshd[13666]: Invalid user esuser from 3.38.214.0 port 37888
Jan 16 00:38:43 host sshd[13668]: Invalid user pi from 3.38.214.0 port 37904
Jan 16 00:38:43 host sshd[13671]: Invalid user pi from 3.38.214.0 port 37902
Jan 16 00:38:43 host sshd[13668]: input_userauth_request: invalid user pi [preauth]
Jan 16 00:38:43 host sshd[13671]: input_userauth_request: invalid user pi [preauth]
Jan 16 00:38:43 host sshd[13670]: Invalid user admin from 3.38.214.0 port 37886
Jan 16 00:38:43 host sshd[13670]: input_userauth_request: invalid user admin [preauth]
Jan 16 00:38:43 host sshd[13666]: input_userauth_request: invalid user esuser [preauth]
Jan 16 00:38:43 host sshd[13682]: Invalid user user from 3.38.214.0 port 37918
Jan 16 00:38:43 host sshd[13679]: Invalid user postgres from 3.38.214.0 port 37914
Jan 16 00:38:43 host sshd[13679]: input_userauth_request: invalid user postgres [preauth]
Jan 16 00:38:43 host sshd[13685]: Invalid user test from 3.38.214.0 port 37912
Jan 16 00:38:43 host sshd[13686]: Invalid user esuser from 3.38.214.0 port 37954
Jan 16 00:38:43 host sshd[13684]: User root from 3.38.214.0 not allowed because not listed in AllowUsers
Jan 16 00:38:43 host sshd[13686]: input_userauth_request: invalid user esuser [preauth]
Jan 16 00:38:43 host sshd[13682]: input_userauth_request: invalid user user [preauth]
Jan 16 00:38:43 host sshd[13680]: Invalid user test from 3.38.214.0 port 37908
Jan 16 00:38:43 host sshd[13680]: input_userauth_request: invalid user test [preauth]
Jan 16 00:38:43 host sshd[13683]: Invalid user testuser from 3.38.214.0 port 37940
Jan 16 00:38:43 host sshd[13683]: input_userauth_request: invalid user testuser [preauth]
Jan 16 00:38:43 host sshd[13685]: input_userauth_request: invalid user test [preauth]
Jan 16 00:38:43 host sshd[13684]: input_userauth_request: invalid user root [preauth]
Jan 16 00:38:43 host sshd[13689]: Invalid user tester from 3.38.214.0 port 37920
Jan 16 00:38:43 host sshd[13687]: User centos from 3.38.214.0 not allowed because not listed in AllowUsers
Jan 16 00:38:43 host sshd[13689]: input_userauth_request: invalid user tester [preauth]
Jan 16 00:38:43 host sshd[13687]: input_userauth_request: invalid user centos [preauth]
Jan 16 00:38:44 host sshd[13667]: Invalid user hadoop from 3.38.214.0 port 37898
Jan 16 00:38:44 host sshd[13667]: input_userauth_request: invalid user hadoop [preauth]
Jan 16 00:38:44 host sshd[13664]: Invalid user admin from 3.38.214.0 port 37892
Jan 16 00:38:44 host sshd[13672]: User root from 3.38.214.0 not allowed because not listed in AllowUsers
Jan 16 00:38:44 host sshd[13664]: input_userauth_request: invalid user admin [preauth]
Jan 16 00:38:44 host sshd[13672]: input_userauth_request: invalid user root [preauth]
Jan 16 00:38:45 host sshd[13681]: Invalid user ec2-user from 3.38.214.0 port 37938
Jan 16 00:38:45 host sshd[13681]: input_userauth_request: invalid user ec2-user [preauth]
Jan 16 00:38:45 host sshd[13675]: Invalid user devops from 3.38.214.0 port 37896
Jan 16 00:38:45 host sshd[13675]: input_userauth_request: invalid user devops [preauth]
Jan 16 00:38:45 host sshd[13668]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:38:45 host sshd[13673]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:38:45 host sshd[13673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0
Jan 16 00:38:45 host sshd[13668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0
Jan 16 00:38:45 host sshd[13665]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:38:45 host sshd[13666]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:38:45 host sshd[13665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0
Jan 16 00:38:45 host sshd[13666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0
Jan 16 00:38:45 host sshd[13671]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:38:45 host sshd[13670]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:38:45 host sshd[13671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0
Jan 16 00:38:45 host sshd[13670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0
Jan 16 00:38:45 host sshd[13680]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:38:45 host sshd[13679]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:38:45 host sshd[13680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0
Jan 16 00:38:45 host sshd[13679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0
Jan 16 00:38:45 host sshd[13677]: Invalid user user from 3.38.214.0 port 37924
Jan 16 00:38:45 host sshd[13677]: input_userauth_request: invalid user user [preauth]
Jan 16 00:38:45 host sshd[13676]: User root from 3.38.214.0 not allowed because not listed in AllowUsers
Jan 16 00:38:45 host sshd[13683]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:38:45 host sshd[13683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0
Jan 16 00:38:45 host sshd[13682]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:38:45 host sshd[13682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0
Jan 16 00:38:45 host sshd[13686]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:38:45 host sshd[13686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0
Jan 16 00:38:45 host sshd[13689]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:38:45 host sshd[13689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0
Jan 16 00:38:45 host sshd[13676]: input_userauth_request: invalid user root [preauth]
Jan 16 00:38:45 host sshd[13685]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:38:45 host sshd[13685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0
Jan 16 00:38:45 host unix_chkpwd[13753]: password check failed for user (centos)
Jan 16 00:38:45 host sshd[13687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0 user=centos
Jan 16 00:38:45 host unix_chkpwd[13754]: password check failed for user (root)
Jan 16 00:38:45 host sshd[13684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.38.214.0 user=root
Jan 16 00:38:45 host sshd[13684]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:38:48 host sshd[13668]: Failed password for invalid user pi from 3.38.214.0 port 37904 ssh2
Jan 16 00:38:48 host sshd[13673]: Failed password for invalid user user from 3.38.214.0 port 37890 ssh2
Jan 16 00:38:48 host sshd[13665]: Failed password for invalid user ubuntu from 3.38.214.0 port 37900 ssh2
Jan 16 00:38:48 host sshd[13666]: Failed password for invalid user esuser from 3.38.214.0 port 37888 ssh2
Jan 16 00:38:48 host sshd[13671]: Failed password for invalid user pi from 3.38.214.0 port 37902 ssh2
Jan 16 00:38:48 host sshd[13670]: Failed password for invalid user admin from 3.38.214.0 port 37886 ssh2
Jan 16 00:38:48 host sshd[13680]: Failed password for invalid user test from 3.38.214.0 port 37908 ssh2
Jan 16 00:38:48 host sshd[13679]: Failed password for invalid user postgres from 3.38.214.0 port 37914 ssh2
Jan 16 00:38:48 host sshd[13683]: Failed password for invalid user testuser from 3.38.214.0 port 37940 ssh2
Jan 16 00:38:48 host sshd[13682]: Failed password for invalid user user from 3.38.214.0 port 37918 ssh2
Jan 16 00:38:48 host sshd[13689]: Failed password for invalid user tester from 3.38.214.0 port 37920 ssh2
Jan 16 00:38:48 host sshd[13686]: Failed password for invalid user esuser from 3.38.214.0 port 37954 ssh2
Jan 16 00:38:48 host sshd[13685]: Failed password for invalid user test from 3.38.214.0 port 37912 ssh2
Jan 16 00:38:48 host sshd[13687]: Failed password for invalid user centos from 3.38.214.0 port 37910 ssh2
Jan 16 00:38:48 host sshd[13684]: Failed password for invalid user root from 3.38.214.0 port 37960 ssh2
Jan 16 00:40:39 host sshd[14213]: Invalid user gropher from 205.185.113.129 port 60128
Jan 16 00:40:39 host sshd[14213]: input_userauth_request: invalid user gropher [preauth]
Jan 16 00:40:39 host sshd[14213]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:40:39 host sshd[14213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 16 00:40:42 host sshd[14213]: Failed password for invalid user gropher from 205.185.113.129 port 60128 ssh2
Jan 16 00:40:43 host sshd[14213]: Connection closed by 205.185.113.129 port 60128 [preauth]
Jan 16 00:43:33 host sshd[14733]: Invalid user luis from 107.189.30.59 port 50712
Jan 16 00:43:33 host sshd[14733]: input_userauth_request: invalid user luis [preauth]
Jan 16 00:43:33 host sshd[14733]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:43:33 host sshd[14733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 16 00:43:35 host sshd[14733]: Failed password for invalid user luis from 107.189.30.59 port 50712 ssh2
Jan 16 00:43:35 host sshd[14733]: Connection closed by 107.189.30.59 port 50712 [preauth]
Jan 16 00:48:32 host sshd[15710]: Invalid user default from 175.139.95.181 port 44243
Jan 16 00:48:32 host sshd[15710]: input_userauth_request: invalid user default [preauth]
Jan 16 00:48:32 host sshd[15710]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:48:32 host sshd[15710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.139.95.181
Jan 16 00:48:34 host sshd[15710]: Failed password for invalid user default from 175.139.95.181 port 44243 ssh2
Jan 16 00:48:34 host sshd[15710]: Connection reset by 175.139.95.181 port 44243 [preauth]
Jan 16 00:52:09 host sshd[16364]: User root from 59.127.128.18 not allowed because not listed in AllowUsers
Jan 16 00:52:09 host sshd[16364]: input_userauth_request: invalid user root [preauth]
Jan 16 00:52:09 host unix_chkpwd[16371]: password check failed for user (root)
Jan 16 00:52:09 host sshd[16364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.128.18 user=root
Jan 16 00:52:09 host sshd[16364]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:52:10 host sshd[16364]: Failed password for invalid user root from 59.127.128.18 port 56319 ssh2
Jan 16 00:52:11 host unix_chkpwd[16377]: password check failed for user (root)
Jan 16 00:52:11 host sshd[16364]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 00:52:14 host sshd[16364]: Failed password for invalid user root from 59.127.128.18 port 56319 ssh2
Jan 16 00:52:14 host sshd[16364]: Connection reset by 59.127.128.18 port 56319 [preauth]
Jan 16 00:52:14 host sshd[16364]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.128.18 user=root
Jan 16 00:54:34 host sshd[16727]: Invalid user pi from 174.105.178.110 port 55552
Jan 16 00:54:34 host sshd[16727]: input_userauth_request: invalid user pi [preauth]
Jan 16 00:54:34 host sshd[16728]: Invalid user pi from 174.105.178.110 port 55556
Jan 16 00:54:34 host sshd[16728]: input_userauth_request: invalid user pi [preauth]
Jan 16 00:54:34 host sshd[16727]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:54:34 host sshd[16727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.105.178.110
Jan 16 00:54:34 host sshd[16728]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:54:34 host sshd[16728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.105.178.110
Jan 16 00:54:36 host sshd[16727]: Failed password for invalid user pi from 174.105.178.110 port 55552 ssh2
Jan 16 00:54:36 host sshd[16728]: Failed password for invalid user pi from 174.105.178.110 port 55556 ssh2
Jan 16 00:54:36 host sshd[16727]: Connection closed by 174.105.178.110 port 55552 [preauth]
Jan 16 00:54:36 host sshd[16728]: Connection closed by 174.105.178.110 port 55556 [preauth]
Jan 16 00:57:32 host sshd[17179]: Invalid user admin from 162.255.125.71 port 57739
Jan 16 00:57:32 host sshd[17179]: input_userauth_request: invalid user admin [preauth]
Jan 16 00:57:32 host sshd[17179]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 00:57:32 host sshd[17179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.255.125.71
Jan 16 00:57:35 host sshd[17179]: Failed password for invalid user admin from 162.255.125.71 port 57739 ssh2
Jan 16 00:57:38 host sshd[17179]: Connection closed by 162.255.125.71 port 57739 [preauth]
Jan 16 01:00:21 host sshd[17717]: User root from 123.30.249.87 not allowed because not listed in AllowUsers
Jan 16 01:00:21 host sshd[17717]: input_userauth_request: invalid user root [preauth]
Jan 16 01:00:21 host unix_chkpwd[17720]: password check failed for user (root)
Jan 16 01:00:21 host sshd[17717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.249.87 user=root
Jan 16 01:00:21 host sshd[17717]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:00:24 host sshd[17717]: Failed password for invalid user root from 123.30.249.87 port 45394 ssh2
Jan 16 01:00:24 host sshd[17717]: Received disconnect from 123.30.249.87 port 45394:11: Bye Bye [preauth]
Jan 16 01:00:24 host sshd[17717]: Disconnected from 123.30.249.87 port 45394 [preauth]
Jan 16 01:00:52 host sshd[17786]: User root from 44.201.7.47 not allowed because not listed in AllowUsers
Jan 16 01:00:52 host sshd[17786]: input_userauth_request: invalid user root [preauth]
Jan 16 01:00:52 host unix_chkpwd[17790]: password check failed for user (root)
Jan 16 01:00:52 host sshd[17786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=44.201.7.47 user=root
Jan 16 01:00:52 host sshd[17786]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:00:53 host sshd[17786]: Failed password for invalid user root from 44.201.7.47 port 54002 ssh2
Jan 16 01:00:54 host sshd[17786]: Received disconnect from 44.201.7.47 port 54002:11: Bye Bye [preauth]
Jan 16 01:00:54 host sshd[17786]: Disconnected from 44.201.7.47 port 54002 [preauth]
Jan 16 01:01:25 host sshd[17881]: User root from 8.213.197.49 not allowed because not listed in AllowUsers
Jan 16 01:01:25 host sshd[17881]: input_userauth_request: invalid user root [preauth]
Jan 16 01:01:25 host unix_chkpwd[17883]: password check failed for user (root)
Jan 16 01:01:25 host sshd[17881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49 user=root
Jan 16 01:01:25 host sshd[17881]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:01:27 host sshd[17881]: Failed password for invalid user root from 8.213.197.49 port 35892 ssh2
Jan 16 01:01:27 host sshd[17881]: Received disconnect from 8.213.197.49 port 35892:11: Bye Bye [preauth]
Jan 16 01:01:27 host sshd[17881]: Disconnected from 8.213.197.49 port 35892 [preauth]
Jan 16 01:02:12 host sshd[18000]: User root from 58.27.134.52 not allowed because not listed in AllowUsers
Jan 16 01:02:12 host sshd[18000]: input_userauth_request: invalid user root [preauth]
Jan 16 01:02:12 host unix_chkpwd[18006]: password check failed for user (root)
Jan 16 01:02:12 host sshd[18000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.27.134.52 user=root
Jan 16 01:02:12 host sshd[18000]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:02:14 host sshd[18000]: Failed password for invalid user root from 58.27.134.52 port 55562 ssh2
Jan 16 01:02:15 host sshd[18000]: Received disconnect from 58.27.134.52 port 55562:11: Bye Bye [preauth]
Jan 16 01:02:15 host sshd[18000]: Disconnected from 58.27.134.52 port 55562 [preauth]
Jan 16 01:03:04 host sshd[18123]: User root from 20.61.112.208 not allowed because not listed in AllowUsers
Jan 16 01:03:04 host sshd[18123]: input_userauth_request: invalid user root [preauth]
Jan 16 01:03:04 host unix_chkpwd[18126]: password check failed for user (root)
Jan 16 01:03:04 host sshd[18123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.61.112.208 user=root
Jan 16 01:03:04 host sshd[18123]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:03:06 host sshd[18123]: Failed password for invalid user root from 20.61.112.208 port 1024 ssh2
Jan 16 01:03:06 host sshd[18123]: Received disconnect from 20.61.112.208 port 1024:11: Bye Bye [preauth]
Jan 16 01:03:06 host sshd[18123]: Disconnected from 20.61.112.208 port 1024 [preauth]
Jan 16 01:03:41 host sshd[18191]: User root from 124.43.10.224 not allowed because not listed in AllowUsers
Jan 16 01:03:41 host sshd[18191]: input_userauth_request: invalid user root [preauth]
Jan 16 01:03:41 host unix_chkpwd[18193]: password check failed for user (root)
Jan 16 01:03:41 host sshd[18191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.43.10.224 user=root
Jan 16 01:03:41 host sshd[18191]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:03:43 host sshd[18191]: Failed password for invalid user root from 124.43.10.224 port 58026 ssh2
Jan 16 01:03:44 host sshd[18191]: Received disconnect from 124.43.10.224 port 58026:11: Bye Bye [preauth]
Jan 16 01:03:44 host sshd[18191]: Disconnected from 124.43.10.224 port 58026 [preauth]
Jan 16 01:03:59 host sshd[18227]: Invalid user sFTPUser from 114.33.2.29 port 37136
Jan 16 01:03:59 host sshd[18227]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 16 01:03:59 host sshd[18227]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:03:59 host sshd[18227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.2.29
Jan 16 01:04:01 host sshd[18227]: Failed password for invalid user sFTPUser from 114.33.2.29 port 37136 ssh2
Jan 16 01:04:02 host sshd[18227]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:04:04 host sshd[18227]: Failed password for invalid user sFTPUser from 114.33.2.29 port 37136 ssh2
Jan 16 01:04:06 host sshd[18227]: Connection reset by 114.33.2.29 port 37136 [preauth]
Jan 16 01:04:06 host sshd[18227]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.2.29
Jan 16 01:04:32 host sshd[18332]: User root from 206.189.119.230 not allowed because not listed in AllowUsers
Jan 16 01:04:32 host sshd[18332]: input_userauth_request: invalid user root [preauth]
Jan 16 01:04:32 host unix_chkpwd[18335]: password check failed for user (root)
Jan 16 01:04:32 host sshd[18332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.119.230 user=root
Jan 16 01:04:32 host sshd[18332]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:04:35 host sshd[18332]: Failed password for invalid user root from 206.189.119.230 port 56536 ssh2
Jan 16 01:04:35 host sshd[18332]: Received disconnect from 206.189.119.230 port 56536:11: Bye Bye [preauth]
Jan 16 01:04:35 host sshd[18332]: Disconnected from 206.189.119.230 port 56536 [preauth]
Jan 16 01:04:49 host sshd[18359]: User root from 129.154.216.175 not allowed because not listed in AllowUsers
Jan 16 01:04:49 host sshd[18359]: input_userauth_request: invalid user root [preauth]
Jan 16 01:04:49 host unix_chkpwd[18362]: password check failed for user (root)
Jan 16 01:04:49 host sshd[18359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.154.216.175 user=root
Jan 16 01:04:49 host sshd[18359]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:04:51 host sshd[18359]: Failed password for invalid user root from 129.154.216.175 port 48696 ssh2
Jan 16 01:04:51 host sshd[18359]: Received disconnect from 129.154.216.175 port 48696:11: Bye Bye [preauth]
Jan 16 01:04:51 host sshd[18359]: Disconnected from 129.154.216.175 port 48696 [preauth]
Jan 16 01:05:03 host sshd[18401]: User root from 167.71.108.81 not allowed because not listed in AllowUsers
Jan 16 01:05:03 host sshd[18401]: input_userauth_request: invalid user root [preauth]
Jan 16 01:05:03 host unix_chkpwd[18404]: password check failed for user (root)
Jan 16 01:05:03 host sshd[18401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.108.81 user=root
Jan 16 01:05:03 host sshd[18401]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:05:05 host sshd[18401]: Failed password for invalid user root from 167.71.108.81 port 51358 ssh2
Jan 16 01:05:05 host sshd[18401]: Received disconnect from 167.71.108.81 port 51358:11: Bye Bye [preauth]
Jan 16 01:05:05 host sshd[18401]: Disconnected from 167.71.108.81 port 51358 [preauth]
Jan 16 01:06:24 host sshd[18661]: User root from 58.27.134.52 not allowed because not listed in AllowUsers
Jan 16 01:06:24 host sshd[18661]: input_userauth_request: invalid user root [preauth]
Jan 16 01:06:24 host unix_chkpwd[18665]: password check failed for user (root)
Jan 16 01:06:24 host sshd[18661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.27.134.52 user=root
Jan 16 01:06:24 host sshd[18661]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:06:26 host sshd[18661]: Failed password for invalid user root from 58.27.134.52 port 43312 ssh2
Jan 16 01:06:32 host sshd[18725]: User root from 44.201.7.47 not allowed because not listed in AllowUsers
Jan 16 01:06:32 host sshd[18725]: input_userauth_request: invalid user root [preauth]
Jan 16 01:06:32 host unix_chkpwd[18731]: password check failed for user (root)
Jan 16 01:06:32 host sshd[18725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=44.201.7.47 user=root
Jan 16 01:06:32 host sshd[18725]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:06:34 host sshd[18725]: Failed password for invalid user root from 44.201.7.47 port 54010 ssh2
Jan 16 01:06:34 host sshd[18725]: Received disconnect from 44.201.7.47 port 54010:11: Bye Bye [preauth]
Jan 16 01:06:34 host sshd[18725]: Disconnected from 44.201.7.47 port 54010 [preauth]
Jan 16 01:07:02 host sshd[18839]: User root from 206.189.119.230 not allowed because not listed in AllowUsers
Jan 16 01:07:02 host sshd[18839]: input_userauth_request: invalid user root [preauth]
Jan 16 01:07:02 host unix_chkpwd[18843]: password check failed for user (root)
Jan 16 01:07:02 host sshd[18839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.119.230 user=root
Jan 16 01:07:02 host sshd[18839]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:07:04 host sshd[18842]: User root from 167.71.108.81 not allowed because not listed in AllowUsers
Jan 16 01:07:04 host sshd[18842]: input_userauth_request: invalid user root [preauth]
Jan 16 01:07:04 host unix_chkpwd[18846]: password check failed for user (root)
Jan 16 01:07:04 host sshd[18842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.108.81 user=root
Jan 16 01:07:04 host sshd[18842]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:07:04 host sshd[18839]: Failed password for invalid user root from 206.189.119.230 port 35052 ssh2
Jan 16 01:07:05 host sshd[18839]: Received disconnect from 206.189.119.230 port 35052:11: Bye Bye [preauth]
Jan 16 01:07:05 host sshd[18839]: Disconnected from 206.189.119.230 port 35052 [preauth]
Jan 16 01:07:05 host sshd[18842]: Failed password for invalid user root from 167.71.108.81 port 33380 ssh2
Jan 16 01:07:06 host sshd[18842]: Received disconnect from 167.71.108.81 port 33380:11: Bye Bye [preauth]
Jan 16 01:07:06 host sshd[18842]: Disconnected from 167.71.108.81 port 33380 [preauth]
Jan 16 01:07:07 host sshd[18849]: User root from 124.43.10.224 not allowed because not listed in AllowUsers
Jan 16 01:07:07 host sshd[18849]: input_userauth_request: invalid user root [preauth]
Jan 16 01:07:07 host unix_chkpwd[18912]: password check failed for user (root)
Jan 16 01:07:07 host sshd[18849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.43.10.224 user=root
Jan 16 01:07:07 host sshd[18849]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:07:08 host sshd[18849]: Failed password for invalid user root from 124.43.10.224 port 39564 ssh2
Jan 16 01:07:08 host sshd[18849]: Received disconnect from 124.43.10.224 port 39564:11: Bye Bye [preauth]
Jan 16 01:07:08 host sshd[18849]: Disconnected from 124.43.10.224 port 39564 [preauth]
Jan 16 01:07:14 host sshd[18957]: User root from 123.30.249.87 not allowed because not listed in AllowUsers
Jan 16 01:07:14 host sshd[18957]: input_userauth_request: invalid user root [preauth]
Jan 16 01:07:14 host unix_chkpwd[18959]: password check failed for user (root)
Jan 16 01:07:14 host sshd[18957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.249.87 user=root
Jan 16 01:07:14 host sshd[18957]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:07:14 host sshd[18729]: Connection closed by 8.213.197.49 port 35648 [preauth]
Jan 16 01:07:16 host sshd[18957]: Failed password for invalid user root from 123.30.249.87 port 48024 ssh2
Jan 16 01:07:16 host sshd[18957]: Received disconnect from 123.30.249.87 port 48024:11: Bye Bye [preauth]
Jan 16 01:07:16 host sshd[18957]: Disconnected from 123.30.249.87 port 48024 [preauth]
Jan 16 01:09:14 host sshd[19255]: User root from 8.213.197.49 not allowed because not listed in AllowUsers
Jan 16 01:09:14 host sshd[19255]: input_userauth_request: invalid user root [preauth]
Jan 16 01:09:14 host unix_chkpwd[19262]: password check failed for user (root)
Jan 16 01:09:14 host sshd[19255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49 user=root
Jan 16 01:09:14 host sshd[19255]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:09:17 host sshd[19255]: Failed password for invalid user root from 8.213.197.49 port 60306 ssh2
Jan 16 01:09:21 host sshd[19303]: User root from 20.61.112.208 not allowed because not listed in AllowUsers
Jan 16 01:09:21 host sshd[19303]: input_userauth_request: invalid user root [preauth]
Jan 16 01:09:21 host unix_chkpwd[19307]: password check failed for user (root)
Jan 16 01:09:21 host sshd[19303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.61.112.208 user=root
Jan 16 01:09:21 host sshd[19303]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:09:23 host sshd[19303]: Failed password for invalid user root from 20.61.112.208 port 1024 ssh2
Jan 16 01:09:23 host sshd[19303]: Received disconnect from 20.61.112.208 port 1024:11: Bye Bye [preauth]
Jan 16 01:09:23 host sshd[19303]: Disconnected from 20.61.112.208 port 1024 [preauth]
Jan 16 01:09:24 host sshd[19310]: User root from 129.154.216.175 not allowed because not listed in AllowUsers
Jan 16 01:09:24 host sshd[19310]: input_userauth_request: invalid user root [preauth]
Jan 16 01:09:24 host unix_chkpwd[19313]: password check failed for user (root)
Jan 16 01:09:24 host sshd[19310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.154.216.175 user=root
Jan 16 01:09:24 host sshd[19310]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:09:26 host sshd[19310]: Failed password for invalid user root from 129.154.216.175 port 55802 ssh2
Jan 16 01:09:26 host sshd[19310]: Received disconnect from 129.154.216.175 port 55802:11: Bye Bye [preauth]
Jan 16 01:09:26 host sshd[19310]: Disconnected from 129.154.216.175 port 55802 [preauth]
Jan 16 01:10:57 host sshd[19571]: Invalid user gopher from 104.244.74.6 port 41082
Jan 16 01:10:57 host sshd[19571]: input_userauth_request: invalid user gopher [preauth]
Jan 16 01:10:57 host sshd[19571]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:10:57 host sshd[19571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 16 01:11:00 host sshd[19571]: Failed password for invalid user gopher from 104.244.74.6 port 41082 ssh2
Jan 16 01:11:00 host sshd[19571]: Connection closed by 104.244.74.6 port 41082 [preauth]
Jan 16 01:14:56 host sshd[20206]: Invalid user gopher from 104.244.74.6 port 54646
Jan 16 01:14:56 host sshd[20206]: input_userauth_request: invalid user gopher [preauth]
Jan 16 01:14:56 host sshd[20206]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:14:56 host sshd[20206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 16 01:14:58 host sshd[20206]: Failed password for invalid user gopher from 104.244.74.6 port 54646 ssh2
Jan 16 01:14:58 host sshd[20206]: Connection closed by 104.244.74.6 port 54646 [preauth]
Jan 16 01:15:14 host sshd[20257]: Invalid user sFTPUser from 122.117.61.138 port 46533
Jan 16 01:15:14 host sshd[20257]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 16 01:15:14 host sshd[20257]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:15:14 host sshd[20257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.61.138
Jan 16 01:15:17 host sshd[20257]: Failed password for invalid user sFTPUser from 122.117.61.138 port 46533 ssh2
Jan 16 01:15:17 host sshd[20257]: Connection reset by 122.117.61.138 port 46533 [preauth]
Jan 16 01:16:42 host sshd[20447]: Invalid user admin from 178.183.68.178 port 49818
Jan 16 01:16:42 host sshd[20447]: input_userauth_request: invalid user admin [preauth]
Jan 16 01:16:42 host sshd[20447]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:16:42 host sshd[20447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.183.68.178
Jan 16 01:16:44 host sshd[20447]: Failed password for invalid user admin from 178.183.68.178 port 49818 ssh2
Jan 16 01:16:45 host sshd[20447]: Connection closed by 178.183.68.178 port 49818 [preauth]
Jan 16 01:21:25 host sshd[21283]: Invalid user user from 118.173.200.196 port 46538
Jan 16 01:21:25 host sshd[21283]: input_userauth_request: invalid user user [preauth]
Jan 16 01:21:25 host sshd[21283]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:21:25 host sshd[21283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.173.200.196
Jan 16 01:21:26 host sshd[21283]: Failed password for invalid user user from 118.173.200.196 port 46538 ssh2
Jan 16 01:21:27 host sshd[21283]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:21:29 host sshd[21283]: Failed password for invalid user user from 118.173.200.196 port 46538 ssh2
Jan 16 01:21:30 host sshd[21283]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:21:32 host sshd[21283]: Failed password for invalid user user from 118.173.200.196 port 46538 ssh2
Jan 16 01:21:32 host sshd[21283]: Connection reset by 118.173.200.196 port 46538 [preauth]
Jan 16 01:21:32 host sshd[21283]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.173.200.196
Jan 16 01:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 01:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 01:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:21:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=laundryboniface user-2=a2zgroup user-3=dartsimp user-4=wwwkaretakers user-5=cochintaxi user-6=keralaholi user-7=wwwresourcehunte user-8=wwwrmswll user-9=ugotscom user-10=travelboniface user-11=wwwpmcresource user-12=pmcresources user-13=vfmassets user-14=shalinijames user-15=wwwtestugo user-16=woodpeck user-17=wwwkapin user-18=remysagr user-19=disposeat user-20=wwwkmaorg user-21=wwwnexidigital user-22=mrsclean user-23=palco123 user-24=gifterman user-25=phmetals user-26=kottayamcalldriv user-27=wwwletsstalkfood user-28=straightcurve user-29=bonifacegroup user-30=wwwevmhonda feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 01:22:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-GpB2yaQcWLg9Vj4n.~
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-GpB2yaQcWLg9Vj4n.~'
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-GpB2yaQcWLg9Vj4n.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 01:22:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 01:22:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 01:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 01:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 01:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 01:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 01:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 01:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 01:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 01:33:23 host sshd[23609]: Invalid user er from 194.110.203.109 port 50946
Jan 16 01:33:23 host sshd[23609]: input_userauth_request: invalid user er [preauth]
Jan 16 01:33:23 host sshd[23609]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:33:23 host sshd[23609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 01:33:24 host sshd[23609]: Failed password for invalid user er from 194.110.203.109 port 50946 ssh2
Jan 16 01:33:28 host sshd[23609]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:33:30 host sshd[23609]: Failed password for invalid user er from 194.110.203.109 port 50946 ssh2
Jan 16 01:33:33 host sshd[23609]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:33:35 host sshd[23609]: Failed password for invalid user er from 194.110.203.109 port 50946 ssh2
Jan 16 01:33:38 host sshd[23609]: Connection closed by 194.110.203.109 port 50946 [preauth]
Jan 16 01:33:38 host sshd[23609]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 01:34:26 host sshd[23900]: User root from 134.122.19.182 not allowed because not listed in AllowUsers
Jan 16 01:34:26 host sshd[23900]: input_userauth_request: invalid user root [preauth]
Jan 16 01:34:26 host unix_chkpwd[23904]: password check failed for user (root)
Jan 16 01:34:26 host sshd[23900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.19.182 user=root
Jan 16 01:34:26 host sshd[23900]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:34:27 host sshd[23900]: Failed password for invalid user root from 134.122.19.182 port 58874 ssh2
Jan 16 01:34:28 host sshd[23900]: Received disconnect from 134.122.19.182 port 58874:11: Bye Bye [preauth]
Jan 16 01:34:28 host sshd[23900]: Disconnected from 134.122.19.182 port 58874 [preauth]
Jan 16 01:34:38 host sshd[23942]: User root from 69.49.230.44 not allowed because not listed in AllowUsers
Jan 16 01:34:38 host sshd[23942]: input_userauth_request: invalid user root [preauth]
Jan 16 01:34:38 host unix_chkpwd[23948]: password check failed for user (root)
Jan 16 01:34:38 host sshd[23942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.49.230.44 user=root
Jan 16 01:34:38 host sshd[23942]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:34:40 host sshd[23942]: Failed password for invalid user root from 69.49.230.44 port 45048 ssh2
Jan 16 01:34:40 host sshd[23942]: Received disconnect from 69.49.230.44 port 45048:11: Bye Bye [preauth]
Jan 16 01:34:40 host sshd[23942]: Disconnected from 69.49.230.44 port 45048 [preauth]
Jan 16 01:35:09 host sshd[24077]: User root from 198.199.119.203 not allowed because not listed in AllowUsers
Jan 16 01:35:09 host sshd[24077]: input_userauth_request: invalid user root [preauth]
Jan 16 01:35:10 host unix_chkpwd[24089]: password check failed for user (root)
Jan 16 01:35:10 host sshd[24077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.119.203 user=root
Jan 16 01:35:10 host sshd[24077]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:35:11 host sshd[24077]: Failed password for invalid user root from 198.199.119.203 port 45690 ssh2
Jan 16 01:35:12 host sshd[24077]: Received disconnect from 198.199.119.203 port 45690:11: Bye Bye [preauth]
Jan 16 01:35:12 host sshd[24077]: Disconnected from 198.199.119.203 port 45690 [preauth]
Jan 16 01:35:51 host sshd[24209]: User root from 213.114.119.132 not allowed because not listed in AllowUsers
Jan 16 01:35:51 host sshd[24209]: input_userauth_request: invalid user root [preauth]
Jan 16 01:35:52 host unix_chkpwd[24212]: password check failed for user (root)
Jan 16 01:35:52 host sshd[24209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.114.119.132 user=root
Jan 16 01:35:52 host sshd[24209]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:35:54 host sshd[24209]: Failed password for invalid user root from 213.114.119.132 port 59443 ssh2
Jan 16 01:35:54 host sshd[24209]: Connection closed by 213.114.119.132 port 59443 [preauth]
Jan 16 01:37:46 host sshd[24412]: User root from 67.207.85.118 not allowed because not listed in AllowUsers
Jan 16 01:37:46 host sshd[24412]: input_userauth_request: invalid user root [preauth]
Jan 16 01:37:46 host unix_chkpwd[24415]: password check failed for user (root)
Jan 16 01:37:46 host sshd[24412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.85.118 user=root
Jan 16 01:37:46 host sshd[24412]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:37:47 host sshd[24412]: Failed password for invalid user root from 67.207.85.118 port 41992 ssh2
Jan 16 01:37:48 host sshd[24412]: Received disconnect from 67.207.85.118 port 41992:11: Bye Bye [preauth]
Jan 16 01:37:48 host sshd[24412]: Disconnected from 67.207.85.118 port 41992 [preauth]
Jan 16 01:38:13 host sshd[24460]: User root from 178.128.220.159 not allowed because not listed in AllowUsers
Jan 16 01:38:13 host sshd[24460]: input_userauth_request: invalid user root [preauth]
Jan 16 01:38:13 host unix_chkpwd[24463]: password check failed for user (root)
Jan 16 01:38:13 host sshd[24460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.220.159 user=root
Jan 16 01:38:13 host sshd[24460]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:38:15 host sshd[24460]: Failed password for invalid user root from 178.128.220.159 port 48202 ssh2
Jan 16 01:38:15 host sshd[24460]: Received disconnect from 178.128.220.159 port 48202:11: Bye Bye [preauth]
Jan 16 01:38:15 host sshd[24460]: Disconnected from 178.128.220.159 port 48202 [preauth]
Jan 16 01:38:56 host sshd[24549]: User root from 122.116.194.28 not allowed because not listed in AllowUsers
Jan 16 01:38:56 host sshd[24549]: input_userauth_request: invalid user root [preauth]
Jan 16 01:38:56 host unix_chkpwd[24553]: password check failed for user (root)
Jan 16 01:38:56 host sshd[24549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.194.28 user=root
Jan 16 01:38:56 host sshd[24549]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:38:58 host sshd[24549]: Failed password for invalid user root from 122.116.194.28 port 40896 ssh2
Jan 16 01:38:58 host sshd[24549]: Connection reset by 122.116.194.28 port 40896 [preauth]
Jan 16 01:38:59 host sshd[24556]: User root from 139.59.31.142 not allowed because not listed in AllowUsers
Jan 16 01:38:59 host sshd[24556]: input_userauth_request: invalid user root [preauth]
Jan 16 01:38:59 host unix_chkpwd[24558]: password check failed for user (root)
Jan 16 01:38:59 host sshd[24556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.31.142 user=root
Jan 16 01:38:59 host sshd[24556]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:39:01 host sshd[24556]: Failed password for invalid user root from 139.59.31.142 port 55602 ssh2
Jan 16 01:39:01 host sshd[24556]: Received disconnect from 139.59.31.142 port 55602:11: Bye Bye [preauth]
Jan 16 01:39:01 host sshd[24556]: Disconnected from 139.59.31.142 port 55602 [preauth]
Jan 16 01:39:06 host sshd[24583]: User root from 165.232.185.4 not allowed because not listed in AllowUsers
Jan 16 01:39:06 host sshd[24583]: input_userauth_request: invalid user root [preauth]
Jan 16 01:39:06 host unix_chkpwd[24585]: password check failed for user (root)
Jan 16 01:39:06 host sshd[24583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.232.185.4 user=root
Jan 16 01:39:06 host sshd[24583]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:39:08 host sshd[24583]: Failed password for invalid user root from 165.232.185.4 port 57446 ssh2
Jan 16 01:39:08 host sshd[24583]: Received disconnect from 165.232.185.4 port 57446:11: Bye Bye [preauth]
Jan 16 01:39:08 host sshd[24583]: Disconnected from 165.232.185.4 port 57446 [preauth]
Jan 16 01:39:53 host sshd[24661]: User root from 12.53.178.254 not allowed because not listed in AllowUsers
Jan 16 01:39:53 host sshd[24661]: input_userauth_request: invalid user root [preauth]
Jan 16 01:39:53 host unix_chkpwd[24664]: password check failed for user (root)
Jan 16 01:39:53 host sshd[24661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.53.178.254 user=root
Jan 16 01:39:53 host sshd[24661]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:39:55 host sshd[24661]: Failed password for invalid user root from 12.53.178.254 port 38532 ssh2
Jan 16 01:39:55 host sshd[24661]: Received disconnect from 12.53.178.254 port 38532:11: Bye Bye [preauth]
Jan 16 01:39:55 host sshd[24661]: Disconnected from 12.53.178.254 port 38532 [preauth]
Jan 16 01:40:12 host sshd[24718]: User root from 134.122.19.182 not allowed because not listed in AllowUsers
Jan 16 01:40:12 host sshd[24718]: input_userauth_request: invalid user root [preauth]
Jan 16 01:40:12 host unix_chkpwd[24721]: password check failed for user (root)
Jan 16 01:40:12 host sshd[24718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.19.182 user=root
Jan 16 01:40:12 host sshd[24718]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:40:14 host sshd[24718]: Failed password for invalid user root from 134.122.19.182 port 56158 ssh2
Jan 16 01:40:40 host sshd[24899]: User root from 198.199.119.203 not allowed because not listed in AllowUsers
Jan 16 01:40:40 host sshd[24899]: input_userauth_request: invalid user root [preauth]
Jan 16 01:40:40 host unix_chkpwd[24902]: password check failed for user (root)
Jan 16 01:40:40 host sshd[24899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.119.203 user=root
Jan 16 01:40:40 host sshd[24899]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:40:42 host sshd[24899]: Failed password for invalid user root from 198.199.119.203 port 56966 ssh2
Jan 16 01:40:42 host sshd[24899]: Received disconnect from 198.199.119.203 port 56966:11: Bye Bye [preauth]
Jan 16 01:40:42 host sshd[24899]: Disconnected from 198.199.119.203 port 56966 [preauth]
Jan 16 01:41:05 host sshd[24969]: User root from 69.49.230.44 not allowed because not listed in AllowUsers
Jan 16 01:41:05 host sshd[24969]: input_userauth_request: invalid user root [preauth]
Jan 16 01:41:05 host unix_chkpwd[24974]: password check failed for user (root)
Jan 16 01:41:05 host sshd[24969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.49.230.44 user=root
Jan 16 01:41:05 host sshd[24969]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:41:07 host sshd[24969]: Failed password for invalid user root from 69.49.230.44 port 47320 ssh2
Jan 16 01:41:07 host sshd[24969]: Received disconnect from 69.49.230.44 port 47320:11: Bye Bye [preauth]
Jan 16 01:41:07 host sshd[24969]: Disconnected from 69.49.230.44 port 47320 [preauth]
Jan 16 01:41:25 host sshd[25038]: User root from 165.232.185.4 not allowed because not listed in AllowUsers
Jan 16 01:41:25 host sshd[25038]: input_userauth_request: invalid user root [preauth]
Jan 16 01:41:25 host unix_chkpwd[25040]: password check failed for user (root)
Jan 16 01:41:25 host sshd[25038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.232.185.4 user=root
Jan 16 01:41:25 host sshd[25038]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:41:27 host sshd[25038]: Failed password for invalid user root from 165.232.185.4 port 33652 ssh2
Jan 16 01:41:27 host sshd[25038]: Received disconnect from 165.232.185.4 port 33652:11: Bye Bye [preauth]
Jan 16 01:41:27 host sshd[25038]: Disconnected from 165.232.185.4 port 33652 [preauth]
Jan 16 01:41:30 host sshd[25098]: User root from 67.207.85.118 not allowed because not listed in AllowUsers
Jan 16 01:41:30 host sshd[25098]: input_userauth_request: invalid user root [preauth]
Jan 16 01:41:30 host unix_chkpwd[25101]: password check failed for user (root)
Jan 16 01:41:30 host sshd[25098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.207.85.118 user=root
Jan 16 01:41:30 host sshd[25098]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:41:32 host sshd[25098]: Failed password for invalid user root from 67.207.85.118 port 50442 ssh2
Jan 16 01:41:32 host sshd[25098]: Received disconnect from 67.207.85.118 port 50442:11: Bye Bye [preauth]
Jan 16 01:41:32 host sshd[25098]: Disconnected from 67.207.85.118 port 50442 [preauth]
Jan 16 01:41:47 host sshd[25161]: User root from 178.128.220.159 not allowed because not listed in AllowUsers
Jan 16 01:41:47 host sshd[25161]: input_userauth_request: invalid user root [preauth]
Jan 16 01:41:47 host unix_chkpwd[25166]: password check failed for user (root)
Jan 16 01:41:47 host sshd[25161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.220.159 user=root
Jan 16 01:41:47 host sshd[25161]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:41:50 host sshd[25172]: User root from 139.59.31.142 not allowed because not listed in AllowUsers
Jan 16 01:41:50 host sshd[25172]: input_userauth_request: invalid user root [preauth]
Jan 16 01:41:50 host unix_chkpwd[25175]: password check failed for user (root)
Jan 16 01:41:50 host sshd[25172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.31.142 user=root
Jan 16 01:41:50 host sshd[25172]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:41:50 host sshd[25161]: Failed password for invalid user root from 178.128.220.159 port 56726 ssh2
Jan 16 01:41:50 host sshd[25161]: Received disconnect from 178.128.220.159 port 56726:11: Bye Bye [preauth]
Jan 16 01:41:50 host sshd[25161]: Disconnected from 178.128.220.159 port 56726 [preauth]
Jan 16 01:41:52 host sshd[25172]: Failed password for invalid user root from 139.59.31.142 port 59348 ssh2
Jan 16 01:41:52 host sshd[25172]: Received disconnect from 139.59.31.142 port 59348:11: Bye Bye [preauth]
Jan 16 01:41:52 host sshd[25172]: Disconnected from 139.59.31.142 port 59348 [preauth]
Jan 16 01:42:08 host sshd[25269]: User root from 12.53.178.254 not allowed because not listed in AllowUsers
Jan 16 01:42:08 host sshd[25269]: input_userauth_request: invalid user root [preauth]
Jan 16 01:42:08 host unix_chkpwd[25279]: password check failed for user (root)
Jan 16 01:42:08 host sshd[25269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.53.178.254 user=root
Jan 16 01:42:08 host sshd[25269]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:42:10 host sshd[25269]: Failed password for invalid user root from 12.53.178.254 port 49808 ssh2
Jan 16 01:42:10 host sshd[25269]: Received disconnect from 12.53.178.254 port 49808:11: Bye Bye [preauth]
Jan 16 01:42:10 host sshd[25269]: Disconnected from 12.53.178.254 port 49808 [preauth]
Jan 16 01:44:43 host sshd[25660]: Invalid user ubnt from 112.160.9.96 port 60860
Jan 16 01:44:43 host sshd[25660]: input_userauth_request: invalid user ubnt [preauth]
Jan 16 01:44:43 host sshd[25660]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:44:43 host sshd[25660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.160.9.96
Jan 16 01:44:45 host sshd[25660]: Failed password for invalid user ubnt from 112.160.9.96 port 60860 ssh2
Jan 16 01:44:45 host sshd[25690]: Invalid user gopher from 104.244.74.6 port 59464
Jan 16 01:44:45 host sshd[25690]: input_userauth_request: invalid user gopher [preauth]
Jan 16 01:44:45 host sshd[25690]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:44:45 host sshd[25690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 16 01:44:46 host sshd[25660]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:44:46 host sshd[25693]: Invalid user admin from 59.126.19.247 port 49717
Jan 16 01:44:46 host sshd[25693]: input_userauth_request: invalid user admin [preauth]
Jan 16 01:44:46 host sshd[25693]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:44:46 host sshd[25693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.19.247
Jan 16 01:44:47 host sshd[25690]: Failed password for invalid user gopher from 104.244.74.6 port 59464 ssh2
Jan 16 01:44:47 host sshd[25690]: Connection closed by 104.244.74.6 port 59464 [preauth]
Jan 16 01:44:47 host sshd[25660]: Failed password for invalid user ubnt from 112.160.9.96 port 60860 ssh2
Jan 16 01:44:48 host sshd[25693]: Failed password for invalid user admin from 59.126.19.247 port 49717 ssh2
Jan 16 01:44:48 host sshd[25660]: Failed password for invalid user ubnt from 112.160.9.96 port 60860 ssh2
Jan 16 01:44:48 host sshd[25693]: Connection reset by 59.126.19.247 port 49717 [preauth]
Jan 16 01:44:48 host sshd[25660]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:44:50 host sshd[25660]: Failed password for invalid user ubnt from 112.160.9.96 port 60860 ssh2
Jan 16 01:44:51 host sshd[25660]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:44:52 host sshd[25660]: Failed password for invalid user ubnt from 112.160.9.96 port 60860 ssh2
Jan 16 01:50:15 host sshd[26800]: User root from 209.97.132.66 not allowed because not listed in AllowUsers
Jan 16 01:50:15 host sshd[26800]: input_userauth_request: invalid user root [preauth]
Jan 16 01:50:15 host unix_chkpwd[26803]: password check failed for user (root)
Jan 16 01:50:15 host sshd[26800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.97.132.66 user=root
Jan 16 01:50:15 host sshd[26800]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:50:17 host sshd[26800]: Failed password for invalid user root from 209.97.132.66 port 35858 ssh2
Jan 16 01:50:17 host sshd[26800]: Connection closed by 209.97.132.66 port 35858 [preauth]
Jan 16 01:53:36 host sshd[27248]: User root from 118.161.136.63 not allowed because not listed in AllowUsers
Jan 16 01:53:36 host sshd[27248]: input_userauth_request: invalid user root [preauth]
Jan 16 01:53:36 host unix_chkpwd[27252]: password check failed for user (root)
Jan 16 01:53:36 host sshd[27248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.161.136.63 user=root
Jan 16 01:53:36 host sshd[27248]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:53:37 host sshd[27248]: Failed password for invalid user root from 118.161.136.63 port 41173 ssh2
Jan 16 01:53:38 host unix_chkpwd[27258]: password check failed for user (root)
Jan 16 01:53:38 host sshd[27248]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:53:40 host sshd[27248]: Failed password for invalid user root from 118.161.136.63 port 41173 ssh2
Jan 16 01:53:41 host unix_chkpwd[27261]: password check failed for user (root)
Jan 16 01:53:41 host sshd[27248]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:53:43 host sshd[27248]: Failed password for invalid user root from 118.161.136.63 port 41173 ssh2
Jan 16 01:53:44 host unix_chkpwd[27269]: password check failed for user (root)
Jan 16 01:53:44 host sshd[27248]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:53:46 host sshd[27248]: Failed password for invalid user root from 118.161.136.63 port 41173 ssh2
Jan 16 01:53:47 host unix_chkpwd[27272]: password check failed for user (root)
Jan 16 01:53:47 host sshd[27248]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:53:49 host sshd[27248]: Failed password for invalid user root from 118.161.136.63 port 41173 ssh2
Jan 16 01:55:30 host sshd[27657]: Invalid user ftpuser from 121.202.201.247 port 41211
Jan 16 01:55:30 host sshd[27657]: input_userauth_request: invalid user ftpuser [preauth]
Jan 16 01:55:30 host sshd[27657]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 01:55:30 host sshd[27657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.202.201.247
Jan 16 01:55:32 host sshd[27657]: Failed password for invalid user ftpuser from 121.202.201.247 port 41211 ssh2
Jan 16 01:55:32 host sshd[27657]: Connection closed by 121.202.201.247 port 41211 [preauth]
Jan 16 01:56:27 host sshd[27759]: User root from 209.97.132.66 not allowed because not listed in AllowUsers
Jan 16 01:56:27 host sshd[27759]: input_userauth_request: invalid user root [preauth]
Jan 16 01:56:27 host unix_chkpwd[27763]: password check failed for user (root)
Jan 16 01:56:27 host sshd[27759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.97.132.66 user=root
Jan 16 01:56:27 host sshd[27759]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 01:56:29 host sshd[27759]: Failed password for invalid user root from 209.97.132.66 port 41424 ssh2
Jan 16 02:01:33 host sshd[28639]: Invalid user default from 211.210.50.166 port 63622
Jan 16 02:01:33 host sshd[28639]: input_userauth_request: invalid user default [preauth]
Jan 16 02:01:33 host sshd[28639]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:01:33 host sshd[28639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.210.50.166
Jan 16 02:01:35 host sshd[28639]: Failed password for invalid user default from 211.210.50.166 port 63622 ssh2
Jan 16 02:01:36 host sshd[28639]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:01:38 host sshd[28639]: Failed password for invalid user default from 211.210.50.166 port 63622 ssh2
Jan 16 02:01:39 host sshd[28639]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:01:41 host sshd[28639]: Failed password for invalid user default from 211.210.50.166 port 63622 ssh2
Jan 16 02:01:42 host sshd[28639]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:01:43 host sshd[28639]: Failed password for invalid user default from 211.210.50.166 port 63622 ssh2
Jan 16 02:01:44 host sshd[28639]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:01:46 host sshd[28639]: Failed password for invalid user default from 211.210.50.166 port 63622 ssh2
Jan 16 02:01:46 host sshd[28639]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:01:47 host sshd[28639]: Failed password for invalid user default from 211.210.50.166 port 63622 ssh2
Jan 16 02:01:47 host sshd[28639]: error: maximum authentication attempts exceeded for invalid user default from 211.210.50.166 port 63622 ssh2 [preauth]
Jan 16 02:01:47 host sshd[28639]: Disconnecting: Too many authentication failures [preauth]
Jan 16 02:01:47 host sshd[28639]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.210.50.166
Jan 16 02:01:47 host sshd[28639]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 16 02:06:19 host sshd[29403]: Invalid user super from 122.117.122.47 port 53060
Jan 16 02:06:19 host sshd[29403]: input_userauth_request: invalid user super [preauth]
Jan 16 02:06:19 host sshd[29403]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:06:19 host sshd[29403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.122.47
Jan 16 02:06:21 host sshd[29403]: Failed password for invalid user super from 122.117.122.47 port 53060 ssh2
Jan 16 02:06:22 host sshd[29403]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:06:24 host sshd[29403]: Failed password for invalid user super from 122.117.122.47 port 53060 ssh2
Jan 16 02:06:24 host sshd[29403]: Connection reset by 122.117.122.47 port 53060 [preauth]
Jan 16 02:06:24 host sshd[29403]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.122.47
Jan 16 02:10:15 host sshd[29851]: Invalid user nginx from 220.80.142.228 port 60732
Jan 16 02:10:15 host sshd[29851]: input_userauth_request: invalid user nginx [preauth]
Jan 16 02:10:15 host sshd[29851]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:10:15 host sshd[29851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.80.142.228
Jan 16 02:10:17 host sshd[29851]: Failed password for invalid user nginx from 220.80.142.228 port 60732 ssh2
Jan 16 02:10:17 host sshd[29851]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:10:19 host sshd[29851]: Failed password for invalid user nginx from 220.80.142.228 port 60732 ssh2
Jan 16 02:10:21 host sshd[29851]: Connection reset by 220.80.142.228 port 60732 [preauth]
Jan 16 02:10:21 host sshd[29851]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.80.142.228
Jan 16 02:15:10 host sshd[30503]: Invalid user uucp from 175.101.101.250 port 53594
Jan 16 02:15:10 host sshd[30503]: input_userauth_request: invalid user uucp [preauth]
Jan 16 02:15:12 host sshd[30503]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:15:12 host sshd[30503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.101.101.250
Jan 16 02:15:14 host sshd[30503]: Failed password for invalid user uucp from 175.101.101.250 port 53594 ssh2
Jan 16 02:15:17 host sshd[30503]: Connection closed by 175.101.101.250 port 53594 [preauth]
Jan 16 02:21:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 02:21:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 02:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 02:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=laundryboniface user-2=a2zgroup user-3=dartsimp user-4=cochintaxi user-5=wwwkaretakers user-6=keralaholi user-7=wwwresourcehunte user-8=wwwrmswll user-9=ugotscom user-10=travelboniface user-11=wwwpmcresource user-12=pmcresources user-13=vfmassets user-14=shalinijames user-15=wwwtestugo user-16=wwwkapin user-17=woodpeck user-18=disposeat user-19=remysagr user-20=wwwkmaorg user-21=wwwnexidigital user-22=mrsclean user-23=palco123 user-24=gifterman user-25=phmetals user-26=kottayamcalldriv user-27=straightcurve user-28=wwwletsstalkfood user-29=bonifacegroup user-30=wwwevmhonda feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 02:22:02 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 02:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 02:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-uua2LlTJnsebcVlN.~
Jan 16 02:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-uua2LlTJnsebcVlN.~'
Jan 16 02:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-uua2LlTJnsebcVlN.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 02:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 02:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 02:22:03 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 02:22:03 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 02:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 02:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 02:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 02:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 02:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 02:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 02:30:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 02:30:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 02:30:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 02:30:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 02:30:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=a2zgroup user-2=dartsimp user-3=laundryboniface user-4=cochintaxi user-5=wwwkaretakers user-6=travelboniface user-7=ugotscom user-8=keralaholi user-9=wwwresourcehunte user-10=wwwrmswll user-11=wwwpmcresource user-12=shalinijames user-13=wwwtestugo user-14=vfmassets user-15=pmcresources user-16=disposeat user-17=wwwkmaorg user-18=remysagr user-19=woodpeck user-20=wwwkapin user-21=phmetals user-22=kottayamcalldriv user-23=palco123 user-24=gifterman user-25=wwwnexidigital user-26=mrsclean user-27=wwwevmhonda user-28=bonifacegroup user-29=straightcurve user-30=wwwletsstalkfood feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 02:30:00 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 02:30:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwevmhonda --output=json
Jan 16 02:30:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/sh -c cd /home/wwwevmhonda/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 16 02:30:09 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 16 02:30:09 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 16 02:30:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwevmhonda LangPHP php_get_vhost_versions --output=json
Jan 16 02:30:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 package_manager_get_package_info package-0=ea-php72 --output=json
Jan 16 02:30:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwletsstalkfood --output=json
Jan 16 02:30:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/sh -c cd /home/wwwletsstalkfood/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 16 02:30:42 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 16 02:30:42 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 16 02:30:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood LangPHP php_get_vhost_versions --output=json
Jan 16 02:30:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood DomainInfo single_domain_data domain=letsstalkfood.com return_https_redirect_status=1 --output=json
Jan 16 02:30:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 fetch_vhost_ssl_components --output=json
Jan 16 02:30:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 fetch_ssl_vhosts --output=json
Jan 16 02:30:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:30:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood Mime list_redirects --output=json
Jan 16 02:30:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:30:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:31:07 host sshd[584]: Invalid user pi from 114.35.11.92 port 44395
Jan 16 02:31:07 host sshd[584]: input_userauth_request: invalid user pi [preauth]
Jan 16 02:31:07 host sshd[584]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:31:07 host sshd[584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.11.92
Jan 16 02:31:09 host sshd[584]: Failed password for invalid user pi from 114.35.11.92 port 44395 ssh2
Jan 16 02:31:11 host sshd[584]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:31:13 host sshd[584]: Failed password for invalid user pi from 114.35.11.92 port 44395 ssh2
Jan 16 02:31:13 host sshd[584]: Connection reset by 114.35.11.92 port 44395 [preauth]
Jan 16 02:31:13 host sshd[584]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.11.92
Jan 16 02:31:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood DirectoryPrivacy is_directory_protected dir=/home/wwwletsstalkfood/public_html --output=json
Jan 16 02:31:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:31:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:31:35 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=mrsclean --output=json
Jan 16 02:31:35 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:31:35 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:31:35 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean DomainInfo single_domain_data domain=mrsclean.co.in return_https_redirect_status=1 --output=json
Jan 16 02:31:35 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:31:35 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:31:35 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean Mime list_redirects --output=json
Jan 16 02:31:35 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:31:35 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:31:36 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/sh -c cd /home/mrsclean/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 16 02:31:36 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 16 02:31:36 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 16 02:31:36 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean LangPHP php_get_vhost_versions --output=json
Jan 16 02:31:36 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:31:36 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:31:36 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 02:31:36 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 02:31:36 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 02:31:36 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/sh -c cd /home/mrsclean/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 16 02:31:36 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 16 02:31:36 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 16 02:31:36 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=shalinijames --output=json
Jan 16 02:31:36 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:31:36 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:31:44 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/sh -c cd /home/shalinijames/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 16 02:31:44 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 16 02:31:44 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 16 02:31:44 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames LangPHP php_get_vhost_versions --output=json
Jan 16 02:31:44 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:31:44 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:31:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames DomainInfo single_domain_data domain=shalinijames.com return_https_redirect_status=1 --output=json
Jan 16 02:31:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:31:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:31:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames Mime list_redirects --output=json
Jan 16 02:31:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:31:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:31:53 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames DirectoryPrivacy is_directory_protected dir=/home/shalinijames/public_html --output=json
Jan 16 02:31:53 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:31:53 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:31:57 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwtestugo --output=json
Jan 16 02:31:57 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:31:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:32:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 16 02:32:04 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 16 02:32:04 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 16 02:32:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo LangPHP php_get_vhost_versions --output=json
Jan 16 02:32:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:32:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:32:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DomainInfo single_domain_data domain=testugo.in return_https_redirect_status=1 --output=json
Jan 16 02:32:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:32:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:32:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo Mime list_redirects --output=json
Jan 16 02:32:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:32:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:32:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/tt1 --output=json
Jan 16 02:32:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:32:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:32:21 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 16 02:32:21 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 16 02:32:22 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 16 02:32:28 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/tt --output=json
Jan 16 02:32:28 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:32:28 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:32:38 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 16 02:32:38 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 16 02:32:38 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 16 02:32:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/HYPE --output=json
Jan 16 02:32:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:32:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:32:49 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=ugotscom --output=json
Jan 16 02:32:49 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:32:49 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:32:50 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DomainInfo single_domain_data domain=ugotechnologies.com return_https_redirect_status=1 --output=json
Jan 16 02:32:50 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:32:50 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:32:50 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom Mime list_redirects --output=json
Jan 16 02:32:50 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:32:50 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:32:50 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 16 02:32:50 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 02:32:50 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 02:32:50 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom LangPHP php_get_vhost_versions --output=json
Jan 16 02:32:50 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:32:50 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 16 02:32:59 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 02:32:59 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 02:33:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DirectoryPrivacy is_directory_protected dir=/home/ugotscom/public_html/old/UGOCRM/ugo_blg --output=json
Jan 16 02:33:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:33:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:33:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 16 02:33:15 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 02:33:15 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 02:33:19 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DirectoryPrivacy is_directory_protected dir=/home/ugotscom/public_html/old/site --output=json
Jan 16 02:33:19 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:33:20 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:33:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=woodpeck --output=json
Jan 16 02:33:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:33:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:33:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck DomainInfo single_domain_data domain=woodpeckerindia.com return_https_redirect_status=1 --output=json
Jan 16 02:33:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:33:24 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:33:24 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck Mime list_redirects --output=json
Jan 16 02:33:24 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:33:24 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:33:24 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/sh -c cd /home/woodpeck/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 16 02:33:24 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 16 02:33:24 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 16 02:33:24 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck LangPHP php_get_vhost_versions --output=json
Jan 16 02:33:24 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:33:24 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:33:24 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=palco123 --output=json
Jan 16 02:33:24 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:33:24 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:33:38 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/sh -c cd /home/palco123/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 16 02:33:38 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 16 02:33:38 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 16 02:33:38 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 LangPHP php_get_vhost_versions --output=json
Jan 16 02:33:38 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:33:38 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:33:39 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 DomainInfo single_domain_data domain=panlys.com return_https_redirect_status=1 --output=json
Jan 16 02:33:39 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:33:39 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:33:39 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 Mime list_redirects --output=json
Jan 16 02:33:39 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:33:39 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:33:52 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 DirectoryPrivacy is_directory_protected dir=/home/palco123/public_html --output=json
Jan 16 02:33:52 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:33:53 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:33:57 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwresourcehunte --output=json
Jan 16 02:33:57 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:33:57 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/sh -c cd /home/wwwresourcehunte/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 16 02:34:04 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 16 02:34:04 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 16 02:34:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte LangPHP php_get_vhost_versions --output=json
Jan 16 02:34:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte DomainInfo single_domain_data domain=resourcehunters.com return_https_redirect_status=1 --output=json
Jan 16 02:34:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte Mime list_redirects --output=json
Jan 16 02:34:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte DirectoryPrivacy is_directory_protected dir=/home/wwwresourcehunte/public_html --output=json
Jan 16 02:34:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=a2zgroup WpToolkitNotification send_admin_auto_updates_notification available_updates_text= available_updates_list= installed_updates_text= installed_updates_list= 'failure_updates_text=Updates were not installed for the following items:<br/><br/>' 'failure_updates_list=1. Website "EVM Honda Cochin" (http://www.evmhonda.com): Failed to reset cache for the instance #1: Fatal error: Uncaught Error: Call to undefined function cardealer_is_wpml_active() in /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-options.php:1041#012Stack trace:#012#0 /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-init.php(22): require_once()#012#1 /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/cardealer-helper-library.php(183):
Jan 16 02:34:15 host sudo: wp-toolkit : (command continued) require_once('"'"'/home/wwwevmhon...'"'"')#012#2 /home/wwwevmhonda/public_html/wp-includes/class-wp-hook.php(287): cdhl_include_admin_files('"'"''"'"')#012#3 /home/wwwevmhonda/public_html/wp-includes/class-wp-hook.php(311): WP_Hook->apply_filters(NULL, Array)#012#4 /home/wwwevmhonda/public_html/wp-includes/plugin.php(478): WP_Hook->do_action(Array)#012#5 /home/wwwevmhonda/public_html/wp-settings.php(546): do_action('"'"'init'"'"')#012#6 /usr/local/cpanel/3rdparty/wp-toolkit/plib/vendor/wp-cli/vendor/wp-cli/wp-cli/php/WP_CLI/Runner.php(1356): require('"'"'/home/wwwevmhon...'"'"')#012#7 /usr/local/cpanel/3rdparty/wp-toolkit/plib/ve in /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-options.php on line 1041#012Error: There has been a critical error on your website.Learn more about debugging in WordPress. There has been a critical error on your website.#012[error]FailedToExecuteWpCliCommand:
Jan 16 02:34:15 host sudo: wp-toolkit : (command continued) exit status 1[/error]#012<br/><br/>2. Website "/home/mrsclean/public_html/backup" (http://mrsclean.co.in/backup): Failed to reset cache for the instance #5: Error: Error establishing a database connection. This either means that the username and password information in your `wp-config.php` file is incorrect or we can’t contact the database server at `localhost`. This could mean your host’s database server is down.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>3. Website "/home/mrsclean/public_html/blog" (http://mrsclean.co.in/blog): Failed to reset cache for the instance #6: Error: Error establishing a database connection. This either means that the username and password information in your `wp-config.php` file is incorrect or we can’t contact the database server at `localhost`. This could mean your host’s database server is down.#012[error]FailedToExecuteWpCliCommand: exit status
Jan 16 02:34:15 host sudo: wp-toolkit : (command continued) 1[/error]#012<br/><br/>4. Website "/home/ugotscom/public_html/boniface/blog" (http://ugotechnologies.com/boniface/blog): Failed to reset cache for the instance #13: Error: Error establishing a database connection.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>5. Website "/home/woodpeck/public_html/wp" (http://woodpeckerindia.com/wp): Failed to reset cache for the instance #16: [error]FailedToExecuteWpCliCommand: chdir /home/woodpeck/public_html/wp: no such file or directory[/error]#012<br/><br/>' --output=json
Jan 16 02:34:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c httpd -v
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/palco123/panlys.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/palco123/panlys.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/palco123/panlys.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/palco123/panlys.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 02:34:38 host sshd[3611]: User root from 114.32.145.23 not allowed because not listed in AllowUsers
Jan 16 02:34:38 host sshd[3611]: input_userauth_request: invalid user root [preauth]
Jan 16 02:34:38 host unix_chkpwd[3615]: password check failed for user (root)
Jan 16 02:34:38 host sshd[3611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.145.23 user=root
Jan 16 02:34:38 host sshd[3611]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 02:34:39 host sshd[3611]: Failed password for invalid user root from 114.32.145.23 port 50839 ssh2
Jan 16 02:34:40 host sshd[3611]: Connection reset by 114.32.145.23 port 50839 [preauth]
Jan 16 02:36:04 host sshd[3875]: Invalid user admin from 59.126.117.83 port 33974
Jan 16 02:36:04 host sshd[3875]: input_userauth_request: invalid user admin [preauth]
Jan 16 02:36:04 host sshd[3875]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:36:04 host sshd[3875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.117.83
Jan 16 02:36:05 host sshd[3875]: Failed password for invalid user admin from 59.126.117.83 port 33974 ssh2
Jan 16 02:36:07 host sshd[3875]: Failed password for invalid user admin from 59.126.117.83 port 33974 ssh2
Jan 16 02:36:07 host sshd[3875]: Connection reset by 59.126.117.83 port 33974 [preauth]
Jan 16 02:40:33 host sshd[4501]: Invalid user operations@woodpeckerindia.com from 1.0.138.24 port 55133
Jan 16 02:40:33 host sshd[4501]: input_userauth_request: invalid user operations@woodpeckerindia.com [preauth]
Jan 16 02:40:33 host sshd[4501]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:40:33 host sshd[4501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.0.138.24
Jan 16 02:40:35 host sshd[4501]: Failed password for invalid user operations@woodpeckerindia.com from 1.0.138.24 port 55133 ssh2
Jan 16 02:40:36 host sshd[4501]: Connection closed by 1.0.138.24 port 55133 [preauth]
Jan 16 02:40:36 host sshd[4508]: User root from 1.0.138.24 not allowed because not listed in AllowUsers
Jan 16 02:40:36 host sshd[4508]: input_userauth_request: invalid user root [preauth]
Jan 16 02:40:37 host unix_chkpwd[4510]: password check failed for user (root)
Jan 16 02:40:37 host sshd[4508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.0.138.24 user=root
Jan 16 02:40:37 host sshd[4508]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 02:40:39 host sshd[4508]: Failed password for invalid user root from 1.0.138.24 port 55697 ssh2
Jan 16 02:40:39 host sshd[4508]: Connection closed by 1.0.138.24 port 55697 [preauth]
Jan 16 02:40:40 host sshd[4518]: Invalid user operations from 1.0.138.24 port 56249
Jan 16 02:40:40 host sshd[4518]: input_userauth_request: invalid user operations [preauth]
Jan 16 02:40:40 host sshd[4518]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 02:40:40 host sshd[4518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.0.138.24
Jan 16 02:40:42 host sshd[4518]: Failed password for invalid user operations from 1.0.138.24 port 56249 ssh2
Jan 16 02:49:24 host sshd[5860]: User root from 125.229.31.42 not allowed because not listed in AllowUsers
Jan 16 02:49:24 host sshd[5860]: input_userauth_request: invalid user root [preauth]
Jan 16 02:49:24 host unix_chkpwd[5865]: password check failed for user (root)
Jan 16 02:49:24 host sshd[5860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.31.42 user=root
Jan 16 02:49:24 host sshd[5860]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 02:49:26 host sshd[5860]: Failed password for invalid user root from 125.229.31.42 port 53901 ssh2
Jan 16 02:49:26 host sshd[5860]: Connection reset by 125.229.31.42 port 53901 [preauth]
Jan 16 03:11:05 host sshd[8779]: Connection reset by 66.168.178.193 port 40791 [preauth]
Jan 16 03:12:24 host sshd[8939]: User root from 218.152.37.209 not allowed because not listed in AllowUsers
Jan 16 03:12:24 host sshd[8939]: input_userauth_request: invalid user root [preauth]
Jan 16 03:12:25 host unix_chkpwd[8943]: password check failed for user (root)
Jan 16 03:12:25 host sshd[8939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.152.37.209 user=root
Jan 16 03:12:25 host sshd[8939]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 03:12:27 host sshd[8939]: Failed password for invalid user root from 218.152.37.209 port 62921 ssh2
Jan 16 03:12:27 host unix_chkpwd[8952]: password check failed for user (root)
Jan 16 03:12:27 host sshd[8939]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 03:12:30 host sshd[8939]: Failed password for invalid user root from 218.152.37.209 port 62921 ssh2
Jan 16 03:12:30 host unix_chkpwd[8970]: password check failed for user (root)
Jan 16 03:12:30 host sshd[8939]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 03:12:32 host sshd[8939]: Failed password for invalid user root from 218.152.37.209 port 62921 ssh2
Jan 16 03:12:32 host unix_chkpwd[8973]: password check failed for user (root)
Jan 16 03:12:32 host sshd[8939]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 03:12:34 host sshd[8939]: Failed password for invalid user root from 218.152.37.209 port 62921 ssh2
Jan 16 03:12:35 host unix_chkpwd[8976]: password check failed for user (root)
Jan 16 03:12:35 host sshd[8939]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 03:12:37 host sshd[8939]: Failed password for invalid user root from 218.152.37.209 port 62921 ssh2
Jan 16 03:18:34 host sshd[9804]: Invalid user user from 122.116.80.142 port 35524
Jan 16 03:18:34 host sshd[9804]: input_userauth_request: invalid user user [preauth]
Jan 16 03:18:34 host sshd[9804]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:18:34 host sshd[9804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.80.142
Jan 16 03:18:36 host sshd[9804]: Failed password for invalid user user from 122.116.80.142 port 35524 ssh2
Jan 16 03:18:36 host sshd[9804]: Connection reset by 122.116.80.142 port 35524 [preauth]
Jan 16 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=laundryboniface user-2=dartsimp user-3=a2zgroup user-4=wwwkaretakers user-5=cochintaxi user-6=wwwrmswll user-7=wwwresourcehunte user-8=keralaholi user-9=ugotscom user-10=travelboniface user-11=wwwpmcresource user-12=pmcresources user-13=vfmassets user-14=wwwtestugo user-15=shalinijames user-16=woodpeck user-17=wwwkapin user-18=wwwkmaorg user-19=disposeat user-20=remysagr user-21=mrsclean user-22=wwwnexidigital user-23=gifterman user-24=palco123 user-25=phmetals user-26=kottayamcalldriv user-27=wwwletsstalkfood user-28=straightcurve user-29=bonifacegroup user-30=wwwevmhonda feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 03:21:02 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Wy0GXrIeqDkOBrKF.~
Jan 16 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Wy0GXrIeqDkOBrKF.~'
Jan 16 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Wy0GXrIeqDkOBrKF.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 03:21:03 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 03:21:03 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 03:22:35 host sshd[10596]: Invalid user pi from 118.140.120.198 port 49830
Jan 16 03:22:35 host sshd[10596]: input_userauth_request: invalid user pi [preauth]
Jan 16 03:22:35 host sshd[10596]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:22:35 host sshd[10596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.140.120.198
Jan 16 03:22:37 host sshd[10596]: Failed password for invalid user pi from 118.140.120.198 port 49830 ssh2
Jan 16 03:22:37 host sshd[10596]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:22:40 host sshd[10596]: Failed password for invalid user pi from 118.140.120.198 port 49830 ssh2
Jan 16 03:22:40 host sshd[10596]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:22:42 host sshd[10596]: Failed password for invalid user pi from 118.140.120.198 port 49830 ssh2
Jan 16 03:22:43 host sshd[10596]: Connection reset by 118.140.120.198 port 49830 [preauth]
Jan 16 03:22:43 host sshd[10596]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.140.120.198
Jan 16 03:23:13 host sshd[10651]: Invalid user admin from 61.74.52.146 port 60460
Jan 16 03:23:13 host sshd[10651]: input_userauth_request: invalid user admin [preauth]
Jan 16 03:23:13 host sshd[10651]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:23:13 host sshd[10651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.74.52.146
Jan 16 03:23:16 host sshd[10651]: Failed password for invalid user admin from 61.74.52.146 port 60460 ssh2
Jan 16 03:23:16 host sshd[10651]: Connection reset by 61.74.52.146 port 60460 [preauth]
Jan 16 03:23:37 host sshd[10706]: Invalid user et from 194.110.203.109 port 41334
Jan 16 03:23:37 host sshd[10706]: input_userauth_request: invalid user et [preauth]
Jan 16 03:23:37 host sshd[10706]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:23:37 host sshd[10706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 03:23:39 host sshd[10706]: Failed password for invalid user et from 194.110.203.109 port 41334 ssh2
Jan 16 03:23:42 host sshd[10706]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:23:44 host sshd[10706]: Failed password for invalid user et from 194.110.203.109 port 41334 ssh2
Jan 16 03:23:47 host sshd[10706]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:23:49 host sshd[10706]: Failed password for invalid user et from 194.110.203.109 port 41334 ssh2
Jan 16 03:23:52 host sshd[10706]: Connection closed by 194.110.203.109 port 41334 [preauth]
Jan 16 03:23:52 host sshd[10706]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 03:26:44 host sshd[11150]: Invalid user admin from 121.181.51.34 port 57422
Jan 16 03:26:44 host sshd[11150]: input_userauth_request: invalid user admin [preauth]
Jan 16 03:26:44 host sshd[11150]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:26:44 host sshd[11150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.181.51.34
Jan 16 03:26:45 host sshd[11150]: Failed password for invalid user admin from 121.181.51.34 port 57422 ssh2
Jan 16 03:26:48 host sshd[11150]: Failed password for invalid user admin from 121.181.51.34 port 57422 ssh2
Jan 16 03:26:48 host sshd[11150]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:26:50 host sshd[11150]: Failed password for invalid user admin from 121.181.51.34 port 57422 ssh2
Jan 16 03:26:51 host sshd[11150]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:26:53 host sshd[11150]: Failed password for invalid user admin from 121.181.51.34 port 57422 ssh2
Jan 16 03:26:54 host sshd[11150]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:26:56 host sshd[11150]: Failed password for invalid user admin from 121.181.51.34 port 57422 ssh2
Jan 16 03:44:39 host sshd[14102]: Invalid user admin from 222.109.92.68 port 37778
Jan 16 03:44:39 host sshd[14102]: input_userauth_request: invalid user admin [preauth]
Jan 16 03:44:39 host sshd[14102]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:44:39 host sshd[14102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.109.92.68
Jan 16 03:44:41 host sshd[14102]: Failed password for invalid user admin from 222.109.92.68 port 37778 ssh2
Jan 16 03:44:42 host sshd[14102]: Failed password for invalid user admin from 222.109.92.68 port 37778 ssh2
Jan 16 03:44:42 host sshd[14102]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:44:44 host sshd[14102]: Failed password for invalid user admin from 222.109.92.68 port 37778 ssh2
Jan 16 03:44:45 host sshd[14102]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:44:47 host sshd[14102]: Failed password for invalid user admin from 222.109.92.68 port 37778 ssh2
Jan 16 03:44:47 host sshd[14102]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:44:49 host sshd[14102]: Failed password for invalid user admin from 222.109.92.68 port 37778 ssh2
Jan 16 03:47:10 host sshd[14490]: Invalid user ec2-user from 84.1.29.223 port 53690
Jan 16 03:47:10 host sshd[14490]: input_userauth_request: invalid user ec2-user [preauth]
Jan 16 03:47:10 host sshd[14490]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:47:10 host sshd[14490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.1.29.223
Jan 16 03:47:12 host sshd[14490]: Failed password for invalid user ec2-user from 84.1.29.223 port 53690 ssh2
Jan 16 03:47:13 host sshd[14490]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:47:15 host sshd[14490]: Failed password for invalid user ec2-user from 84.1.29.223 port 53690 ssh2
Jan 16 03:47:15 host sshd[14490]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:47:18 host sshd[14490]: Failed password for invalid user ec2-user from 84.1.29.223 port 53690 ssh2
Jan 16 03:47:18 host sshd[14490]: Failed password for invalid user ec2-user from 84.1.29.223 port 53690 ssh2
Jan 16 03:47:19 host sshd[14490]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:47:21 host sshd[14490]: Failed password for invalid user ec2-user from 84.1.29.223 port 53690 ssh2
Jan 16 03:47:21 host sshd[14490]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:47:24 host sshd[14490]: Failed password for invalid user ec2-user from 84.1.29.223 port 53690 ssh2
Jan 16 03:47:24 host sshd[14490]: error: maximum authentication attempts exceeded for invalid user ec2-user from 84.1.29.223 port 53690 ssh2 [preauth]
Jan 16 03:47:24 host sshd[14490]: Disconnecting: Too many authentication failures [preauth]
Jan 16 03:47:24 host sshd[14490]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.1.29.223
Jan 16 03:47:24 host sshd[14490]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 16 03:49:17 host sshd[14798]: Invalid user pi from 203.232.71.113 port 44715
Jan 16 03:49:17 host sshd[14798]: input_userauth_request: invalid user pi [preauth]
Jan 16 03:49:17 host sshd[14798]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:49:17 host sshd[14798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.232.71.113
Jan 16 03:49:19 host sshd[14798]: Failed password for invalid user pi from 203.232.71.113 port 44715 ssh2
Jan 16 03:49:20 host sshd[14798]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:49:22 host sshd[14798]: Failed password for invalid user pi from 203.232.71.113 port 44715 ssh2
Jan 16 03:49:23 host sshd[14798]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:49:24 host sshd[14798]: Failed password for invalid user pi from 203.232.71.113 port 44715 ssh2
Jan 16 03:49:26 host sshd[14798]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:49:28 host sshd[14798]: Failed password for invalid user pi from 203.232.71.113 port 44715 ssh2
Jan 16 03:49:30 host sshd[14798]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:49:32 host sshd[14798]: Failed password for invalid user pi from 203.232.71.113 port 44715 ssh2
Jan 16 03:49:33 host sshd[14798]: Connection reset by 203.232.71.113 port 44715 [preauth]
Jan 16 03:49:33 host sshd[14798]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.232.71.113
Jan 16 03:49:33 host sshd[14798]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 16 03:50:15 host sshd[15094]: Invalid user pi from 114.34.167.227 port 44320
Jan 16 03:50:15 host sshd[15094]: input_userauth_request: invalid user pi [preauth]
Jan 16 03:50:15 host sshd[15094]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:50:15 host sshd[15094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.167.227
Jan 16 03:50:18 host sshd[15094]: Failed password for invalid user pi from 114.34.167.227 port 44320 ssh2
Jan 16 03:50:19 host sshd[15094]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:50:21 host sshd[15094]: Failed password for invalid user pi from 114.34.167.227 port 44320 ssh2
Jan 16 03:50:22 host sshd[15094]: Connection reset by 114.34.167.227 port 44320 [preauth]
Jan 16 03:50:22 host sshd[15094]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.167.227
Jan 16 03:53:33 host sshd[15628]: Invalid user admin from 219.74.237.153 port 55184
Jan 16 03:53:33 host sshd[15628]: input_userauth_request: invalid user admin [preauth]
Jan 16 03:53:33 host sshd[15628]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:53:33 host sshd[15628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.74.237.153
Jan 16 03:53:36 host sshd[15628]: Failed password for invalid user admin from 219.74.237.153 port 55184 ssh2
Jan 16 03:53:36 host sshd[15628]: Failed password for invalid user admin from 219.74.237.153 port 55184 ssh2
Jan 16 03:53:36 host sshd[15628]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:53:38 host sshd[15628]: Failed password for invalid user admin from 219.74.237.153 port 55184 ssh2
Jan 16 03:54:33 host sshd[15777]: Invalid user usr from 190.249.148.118 port 36845
Jan 16 03:54:33 host sshd[15777]: input_userauth_request: invalid user usr [preauth]
Jan 16 03:54:33 host sshd[15777]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:54:33 host sshd[15777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.249.148.118
Jan 16 03:54:36 host sshd[15777]: Failed password for invalid user usr from 190.249.148.118 port 36845 ssh2
Jan 16 03:54:36 host sshd[15777]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:54:38 host sshd[15777]: Failed password for invalid user usr from 190.249.148.118 port 36845 ssh2
Jan 16 03:54:40 host sshd[15777]: Connection reset by 190.249.148.118 port 36845 [preauth]
Jan 16 03:54:40 host sshd[15777]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.249.148.118
Jan 16 03:55:41 host sshd[16080]: Invalid user admin from 1.34.76.249 port 53352
Jan 16 03:55:41 host sshd[16080]: input_userauth_request: invalid user admin [preauth]
Jan 16 03:55:41 host sshd[16080]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:55:41 host sshd[16080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.76.249
Jan 16 03:55:43 host sshd[16080]: Failed password for invalid user admin from 1.34.76.249 port 53352 ssh2
Jan 16 03:55:44 host sshd[16080]: Failed password for invalid user admin from 1.34.76.249 port 53352 ssh2
Jan 16 03:55:44 host sshd[16080]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:55:46 host sshd[16080]: Failed password for invalid user admin from 1.34.76.249 port 53352 ssh2
Jan 16 03:55:46 host sshd[16080]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 03:55:48 host sshd[16080]: Failed password for invalid user admin from 1.34.76.249 port 53352 ssh2
Jan 16 03:55:48 host sshd[16080]: Connection reset by 1.34.76.249 port 53352 [preauth]
Jan 16 03:55:48 host sshd[16080]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.76.249
Jan 16 04:00:33 host sshd[16939]: User root from 202.83.17.160 not allowed because not listed in AllowUsers
Jan 16 04:00:33 host sshd[16939]: input_userauth_request: invalid user root [preauth]
Jan 16 04:00:33 host unix_chkpwd[16941]: password check failed for user (root)
Jan 16 04:00:33 host sshd[16939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.17.160 user=root
Jan 16 04:00:33 host sshd[16939]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:00:36 host sshd[16939]: Failed password for invalid user root from 202.83.17.160 port 40768 ssh2
Jan 16 04:00:36 host sshd[16939]: Received disconnect from 202.83.17.160 port 40768:11: Bye Bye [preauth]
Jan 16 04:00:36 host sshd[16939]: Disconnected from 202.83.17.160 port 40768 [preauth]
Jan 16 04:03:17 host sshd[17472]: User root from 202.83.17.160 not allowed because not listed in AllowUsers
Jan 16 04:03:17 host sshd[17472]: input_userauth_request: invalid user root [preauth]
Jan 16 04:03:17 host unix_chkpwd[17474]: password check failed for user (root)
Jan 16 04:03:17 host sshd[17472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.17.160 user=root
Jan 16 04:03:17 host sshd[17472]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:03:19 host sshd[17472]: Failed password for invalid user root from 202.83.17.160 port 58505 ssh2
Jan 16 04:09:51 host sshd[18489]: Invalid user admin from 103.163.178.37 port 38501
Jan 16 04:09:51 host sshd[18489]: input_userauth_request: invalid user admin [preauth]
Jan 16 04:09:51 host sshd[18489]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 04:09:51 host sshd[18489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.163.178.37
Jan 16 04:09:53 host sshd[18489]: Failed password for invalid user admin from 103.163.178.37 port 38501 ssh2
Jan 16 04:09:54 host sshd[18489]: Failed password for invalid user admin from 103.163.178.37 port 38501 ssh2
Jan 16 04:09:54 host sshd[18489]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 04:09:56 host sshd[18489]: Failed password for invalid user admin from 103.163.178.37 port 38501 ssh2
Jan 16 04:09:57 host sshd[18489]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 04:09:59 host sshd[18489]: Failed password for invalid user admin from 103.163.178.37 port 38501 ssh2
Jan 16 04:09:59 host sshd[18489]: Connection reset by 103.163.178.37 port 38501 [preauth]
Jan 16 04:09:59 host sshd[18489]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.163.178.37
Jan 16 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=straightcurve user-2=wwwletsstalkfood user-3=wwwevmhonda user-4=bonifacegroup user-5=wwwnexidigital user-6=mrsclean user-7=kottayamcalldriv user-8=phmetals user-9=palco123 user-10=gifterman user-11=wwwkapin user-12=woodpeck user-13=disposeat user-14=remysagr user-15=wwwkmaorg user-16=pmcresources user-17=shalinijames user-18=wwwtestugo user-19=vfmassets user-20=wwwpmcresource user-21=ugotscom user-22=keralaholi user-23=wwwresourcehunte user-24=wwwrmswll user-25=travelboniface user-26=wwwkaretakers user-27=cochintaxi user-28=laundryboniface user-29=a2zgroup user-30=dartsimp feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 04:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-GFONN28mqyYtIBWN.~
Jan 16 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-GFONN28mqyYtIBWN.~'
Jan 16 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-GFONN28mqyYtIBWN.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 04:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 04:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 04:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 04:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 04:25:54 host sshd[21626]: Connection reset by 67.49.87.239 port 61653 [preauth]
Jan 16 04:26:37 host sshd[21785]: User root from 118.41.29.149 not allowed because not listed in AllowUsers
Jan 16 04:26:37 host sshd[21785]: input_userauth_request: invalid user root [preauth]
Jan 16 04:26:37 host unix_chkpwd[21790]: password check failed for user (root)
Jan 16 04:26:37 host sshd[21785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.41.29.149 user=root
Jan 16 04:26:37 host sshd[21785]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:26:39 host sshd[21785]: Failed password for invalid user root from 118.41.29.149 port 55082 ssh2
Jan 16 04:26:40 host unix_chkpwd[21794]: password check failed for user (root)
Jan 16 04:26:40 host sshd[21785]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:26:41 host sshd[21785]: Failed password for invalid user root from 118.41.29.149 port 55082 ssh2
Jan 16 04:26:42 host sshd[21785]: Connection reset by 118.41.29.149 port 55082 [preauth]
Jan 16 04:26:42 host sshd[21785]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.41.29.149 user=root
Jan 16 04:33:43 host sshd[23029]: User root from 191.241.32.246 not allowed because not listed in AllowUsers
Jan 16 04:33:43 host sshd[23029]: input_userauth_request: invalid user root [preauth]
Jan 16 04:33:44 host unix_chkpwd[23033]: password check failed for user (root)
Jan 16 04:33:44 host sshd[23029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.241.32.246 user=root
Jan 16 04:33:44 host sshd[23029]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:33:46 host sshd[23029]: Failed password for invalid user root from 191.241.32.246 port 27780 ssh2
Jan 16 04:33:46 host sshd[23029]: Received disconnect from 191.241.32.246 port 27780:11: Bye Bye [preauth]
Jan 16 04:33:46 host sshd[23029]: Disconnected from 191.241.32.246 port 27780 [preauth]
Jan 16 04:34:15 host sshd[23078]: User root from 213.6.203.226 not allowed because not listed in AllowUsers
Jan 16 04:34:15 host sshd[23078]: input_userauth_request: invalid user root [preauth]
Jan 16 04:34:15 host unix_chkpwd[23089]: password check failed for user (root)
Jan 16 04:34:15 host sshd[23078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.6.203.226 user=root
Jan 16 04:34:15 host sshd[23078]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:34:17 host sshd[23078]: Failed password for invalid user root from 213.6.203.226 port 64197 ssh2
Jan 16 04:34:17 host sshd[23078]: Received disconnect from 213.6.203.226 port 64197:11: Bye Bye [preauth]
Jan 16 04:34:17 host sshd[23078]: Disconnected from 213.6.203.226 port 64197 [preauth]
Jan 16 04:34:28 host sshd[23102]: User root from 165.227.175.44 not allowed because not listed in AllowUsers
Jan 16 04:34:28 host sshd[23102]: input_userauth_request: invalid user root [preauth]
Jan 16 04:34:28 host unix_chkpwd[23126]: password check failed for user (root)
Jan 16 04:34:28 host sshd[23102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.175.44 user=root
Jan 16 04:34:28 host sshd[23102]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:34:30 host sshd[23102]: Failed password for invalid user root from 165.227.175.44 port 54552 ssh2
Jan 16 04:34:30 host sshd[23102]: Received disconnect from 165.227.175.44 port 54552:11: Bye Bye [preauth]
Jan 16 04:34:30 host sshd[23102]: Disconnected from 165.227.175.44 port 54552 [preauth]
Jan 16 04:34:44 host sshd[23145]: User root from 72.240.125.133 not allowed because not listed in AllowUsers
Jan 16 04:34:44 host sshd[23145]: input_userauth_request: invalid user root [preauth]
Jan 16 04:34:44 host unix_chkpwd[23148]: password check failed for user (root)
Jan 16 04:34:44 host sshd[23145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.240.125.133 user=root
Jan 16 04:34:44 host sshd[23145]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:34:46 host sshd[23145]: Failed password for invalid user root from 72.240.125.133 port 39722 ssh2
Jan 16 04:34:47 host sshd[23145]: Received disconnect from 72.240.125.133 port 39722:11: Bye Bye [preauth]
Jan 16 04:34:47 host sshd[23145]: Disconnected from 72.240.125.133 port 39722 [preauth]
Jan 16 04:36:09 host sshd[23374]: User root from 144.22.161.37 not allowed because not listed in AllowUsers
Jan 16 04:36:09 host sshd[23374]: input_userauth_request: invalid user root [preauth]
Jan 16 04:36:09 host unix_chkpwd[23378]: password check failed for user (root)
Jan 16 04:36:09 host sshd[23374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.22.161.37 user=root
Jan 16 04:36:09 host sshd[23374]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:36:10 host sshd[23374]: Failed password for invalid user root from 144.22.161.37 port 36324 ssh2
Jan 16 04:36:11 host sshd[23374]: Received disconnect from 144.22.161.37 port 36324:11: Bye Bye [preauth]
Jan 16 04:36:11 host sshd[23374]: Disconnected from 144.22.161.37 port 36324 [preauth]
Jan 16 04:37:09 host sshd[23495]: User root from 91.66.4.163 not allowed because not listed in AllowUsers
Jan 16 04:37:09 host sshd[23495]: input_userauth_request: invalid user root [preauth]
Jan 16 04:37:09 host unix_chkpwd[23499]: password check failed for user (root)
Jan 16 04:37:09 host sshd[23495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.66.4.163 user=root
Jan 16 04:37:09 host sshd[23495]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:37:11 host sshd[23495]: Failed password for invalid user root from 91.66.4.163 port 65241 ssh2
Jan 16 04:37:11 host sshd[23495]: Received disconnect from 91.66.4.163 port 65241:11: Bye Bye [preauth]
Jan 16 04:37:11 host sshd[23495]: Disconnected from 91.66.4.163 port 65241 [preauth]
Jan 16 04:37:41 host sshd[23566]: User root from 157.230.36.91 not allowed because not listed in AllowUsers
Jan 16 04:37:41 host sshd[23566]: input_userauth_request: invalid user root [preauth]
Jan 16 04:37:41 host unix_chkpwd[23568]: password check failed for user (root)
Jan 16 04:37:41 host sshd[23566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.36.91 user=root
Jan 16 04:37:41 host sshd[23566]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:37:43 host sshd[23566]: Failed password for invalid user root from 157.230.36.91 port 42324 ssh2
Jan 16 04:37:43 host sshd[23566]: Received disconnect from 157.230.36.91 port 42324:11: Bye Bye [preauth]
Jan 16 04:37:43 host sshd[23566]: Disconnected from 157.230.36.91 port 42324 [preauth]
Jan 16 04:37:48 host sshd[23576]: User root from 165.227.175.44 not allowed because not listed in AllowUsers
Jan 16 04:37:48 host sshd[23576]: input_userauth_request: invalid user root [preauth]
Jan 16 04:37:48 host unix_chkpwd[23579]: password check failed for user (root)
Jan 16 04:37:48 host sshd[23576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.175.44 user=root
Jan 16 04:37:48 host sshd[23576]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:37:50 host sshd[23576]: Failed password for invalid user root from 165.227.175.44 port 40176 ssh2
Jan 16 04:37:50 host sshd[23576]: Received disconnect from 165.227.175.44 port 40176:11: Bye Bye [preauth]
Jan 16 04:37:50 host sshd[23576]: Disconnected from 165.227.175.44 port 40176 [preauth]
Jan 16 04:38:30 host sshd[23804]: User root from 72.240.125.133 not allowed because not listed in AllowUsers
Jan 16 04:38:30 host sshd[23804]: input_userauth_request: invalid user root [preauth]
Jan 16 04:38:30 host unix_chkpwd[23811]: password check failed for user (root)
Jan 16 04:38:30 host sshd[23804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.240.125.133 user=root
Jan 16 04:38:30 host sshd[23804]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:38:31 host sshd[23806]: User root from 191.241.32.246 not allowed because not listed in AllowUsers
Jan 16 04:38:31 host sshd[23806]: input_userauth_request: invalid user root [preauth]
Jan 16 04:38:31 host unix_chkpwd[23813]: password check failed for user (root)
Jan 16 04:38:31 host sshd[23806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.241.32.246 user=root
Jan 16 04:38:31 host sshd[23806]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:38:32 host sshd[23804]: Failed password for invalid user root from 72.240.125.133 port 54302 ssh2
Jan 16 04:38:32 host sshd[23804]: Received disconnect from 72.240.125.133 port 54302:11: Bye Bye [preauth]
Jan 16 04:38:32 host sshd[23804]: Disconnected from 72.240.125.133 port 54302 [preauth]
Jan 16 04:38:32 host sshd[23806]: Failed password for invalid user root from 191.241.32.246 port 63533 ssh2
Jan 16 04:38:33 host sshd[23806]: Received disconnect from 191.241.32.246 port 63533:11: Bye Bye [preauth]
Jan 16 04:38:33 host sshd[23806]: Disconnected from 191.241.32.246 port 63533 [preauth]
Jan 16 04:39:00 host sshd[23912]: User root from 213.6.203.226 not allowed because not listed in AllowUsers
Jan 16 04:39:00 host sshd[23912]: input_userauth_request: invalid user root [preauth]
Jan 16 04:39:00 host unix_chkpwd[23916]: password check failed for user (root)
Jan 16 04:39:00 host sshd[23912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.6.203.226 user=root
Jan 16 04:39:00 host sshd[23912]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:39:02 host sshd[23912]: Failed password for invalid user root from 213.6.203.226 port 34012 ssh2
Jan 16 04:39:02 host sshd[23912]: Received disconnect from 213.6.203.226 port 34012:11: Bye Bye [preauth]
Jan 16 04:39:02 host sshd[23912]: Disconnected from 213.6.203.226 port 34012 [preauth]
Jan 16 04:39:24 host sshd[24009]: User root from 91.66.4.163 not allowed because not listed in AllowUsers
Jan 16 04:39:24 host sshd[24009]: input_userauth_request: invalid user root [preauth]
Jan 16 04:39:24 host unix_chkpwd[24013]: password check failed for user (root)
Jan 16 04:39:24 host sshd[24009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.66.4.163 user=root
Jan 16 04:39:24 host sshd[24009]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:39:26 host sshd[24009]: Failed password for invalid user root from 91.66.4.163 port 59919 ssh2
Jan 16 04:39:31 host sshd[24073]: User root from 157.230.36.91 not allowed because not listed in AllowUsers
Jan 16 04:39:31 host sshd[24073]: input_userauth_request: invalid user root [preauth]
Jan 16 04:39:31 host unix_chkpwd[24075]: password check failed for user (root)
Jan 16 04:39:31 host sshd[24073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.36.91 user=root
Jan 16 04:39:31 host sshd[24073]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:39:33 host sshd[24073]: Failed password for invalid user root from 157.230.36.91 port 40016 ssh2
Jan 16 04:39:33 host sshd[24073]: Received disconnect from 157.230.36.91 port 40016:11: Bye Bye [preauth]
Jan 16 04:39:33 host sshd[24073]: Disconnected from 157.230.36.91 port 40016 [preauth]
Jan 16 04:39:34 host sshd[24078]: User root from 144.22.161.37 not allowed because not listed in AllowUsers
Jan 16 04:39:34 host sshd[24078]: input_userauth_request: invalid user root [preauth]
Jan 16 04:39:34 host unix_chkpwd[24082]: password check failed for user (root)
Jan 16 04:39:34 host sshd[24078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.22.161.37 user=root
Jan 16 04:39:34 host sshd[24078]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 04:39:37 host sshd[24078]: Failed password for invalid user root from 144.22.161.37 port 48400 ssh2
Jan 16 05:03:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 05:03:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:03:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:03:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 05:03:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:03:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:03:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 05:03:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:03:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:03:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 05:03:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:03:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:03:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 05:03:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:03:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:03:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 05:03:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:03:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:03:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 05:03:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:03:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:06:10 host sshd[28006]: Invalid user vadmin from 119.201.206.169 port 54718
Jan 16 05:06:10 host sshd[28006]: input_userauth_request: invalid user vadmin [preauth]
Jan 16 05:06:10 host sshd[28006]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 05:06:10 host sshd[28006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.201.206.169
Jan 16 05:06:12 host sshd[28006]: Failed password for invalid user vadmin from 119.201.206.169 port 54718 ssh2
Jan 16 05:06:12 host sshd[28006]: Connection reset by 119.201.206.169 port 54718 [preauth]
Jan 16 05:13:59 host sshd[29030]: Invalid user eu from 194.110.203.109 port 57170
Jan 16 05:13:59 host sshd[29030]: input_userauth_request: invalid user eu [preauth]
Jan 16 05:13:59 host sshd[29030]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 05:13:59 host sshd[29030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 05:14:00 host sshd[29030]: Failed password for invalid user eu from 194.110.203.109 port 57170 ssh2
Jan 16 05:14:04 host sshd[29030]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 05:14:06 host sshd[29030]: Failed password for invalid user eu from 194.110.203.109 port 57170 ssh2
Jan 16 05:14:09 host sshd[29030]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 05:14:11 host sshd[29030]: Failed password for invalid user eu from 194.110.203.109 port 57170 ssh2
Jan 16 05:14:14 host sshd[29030]: Connection closed by 194.110.203.109 port 57170 [preauth]
Jan 16 05:14:14 host sshd[29030]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 05:14:59 host sshd[29245]: User root from 200.111.101.210 not allowed because not listed in AllowUsers
Jan 16 05:14:59 host sshd[29245]: input_userauth_request: invalid user root [preauth]
Jan 16 05:15:00 host unix_chkpwd[29249]: password check failed for user (root)
Jan 16 05:15:00 host sshd[29245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.111.101.210 user=root
Jan 16 05:15:00 host sshd[29245]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 05:15:01 host sshd[29245]: Failed password for invalid user root from 200.111.101.210 port 21675 ssh2
Jan 16 05:15:01 host sshd[29245]: Received disconnect from 200.111.101.210 port 21675:11: Bye Bye [preauth]
Jan 16 05:15:01 host sshd[29245]: Disconnected from 200.111.101.210 port 21675 [preauth]
Jan 16 05:16:24 host sshd[29488]: Invalid user emcali from 186.189.141.232 port 38649
Jan 16 05:16:24 host sshd[29488]: input_userauth_request: invalid user emcali [preauth]
Jan 16 05:16:24 host sshd[29488]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 05:16:24 host sshd[29488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.189.141.232
Jan 16 05:16:25 host sshd[29488]: Failed password for invalid user emcali from 186.189.141.232 port 38649 ssh2
Jan 16 05:16:26 host sshd[29488]: Failed password for invalid user emcali from 186.189.141.232 port 38649 ssh2
Jan 16 05:16:26 host sshd[29488]: Connection closed by 186.189.141.232 port 38649 [preauth]
Jan 16 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkaretakers user-2=cochintaxi user-3=a2zgroup user-4=dartsimp user-5=laundryboniface user-6=wwwpmcresource user-7=travelboniface user-8=ugotscom user-9=keralaholi user-10=wwwresourcehunte user-11=wwwrmswll user-12=remysagr user-13=disposeat user-14=wwwkmaorg user-15=wwwkapin user-16=woodpeck user-17=shalinijames user-18=wwwtestugo user-19=vfmassets user-20=pmcresources user-21=wwwevmhonda user-22=bonifacegroup user-23=wwwletsstalkfood user-24=straightcurve user-25=kottayamcalldriv user-26=phmetals user-27=palco123 user-28=gifterman user-29=wwwnexidigital user-30=mrsclean feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 05:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=evmhonda.com --output=json
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/test -e /home/wwwevmhonda/wordpress-backups
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 16 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=letsstalkfood.com --output=json
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/test -e /home/wwwletsstalkfood/wordpress-backups
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 16 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=mrsclean.co.in --output=json
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/test -e /home/mrsclean/wordpress-backups
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 16 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/test -e /home/mrsclean/wordpress-backups
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 16 05:21:04 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 16 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=shalinijames.com --output=json
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/test -e /home/shalinijames/wordpress-backups
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 16 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=testugo.in --output=json
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 16 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 16 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 16 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=ugotechnologies.com --output=json
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=woodpeckerindia.com --output=json
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/test -e /home/woodpeck/wordpress-backups
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 16 05:21:05 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=panlys.com --output=json
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/test -e /home/palco123/wordpress-backups
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=resourcehunters.com --output=json
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/test -e /home/wwwresourcehunte/wordpress-backups
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /var/cpanel/licenseid_credentials.json
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkaretakers ; COMMAND=/bin/cat /home/wwwkaretakers/.wp-toolkit-identifier
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user wwwkaretakers by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user wwwkaretakers
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=cochintaxi ; COMMAND=/bin/cat /home/cochintaxi/.wp-toolkit-identifier
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user cochintaxi by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user cochintaxi
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=a2zgroup ; COMMAND=/bin/cat /home/a2zgroup/.wp-toolkit-identifier
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user a2zgroup by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user a2zgroup
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=dartsimp ; COMMAND=/bin/cat /home/dartsimp/.wp-toolkit-identifier
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user dartsimp by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user dartsimp
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=laundryboniface ; COMMAND=/bin/cat /home/laundryboniface/.wp-toolkit-identifier
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user laundryboniface by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user laundryboniface
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwpmcresource ; COMMAND=/bin/cat /home/wwwpmcresource/.wp-toolkit-identifier
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user wwwpmcresource by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user wwwpmcresource
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=travelboniface ; COMMAND=/bin/cat /home/travelboniface/.wp-toolkit-identifier
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user travelboniface by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user travelboniface
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/cat /home/keralaholi/.wp-toolkit-identifier
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -f /home/keralaholi/.wp-toolkit-identifier
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 16 05:21:06 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 16 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -e /home/keralaholi/-wpt-tmp-DF9TqENDJo53vrEA.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/sh -c cat > /home/keralaholi/-wpt-tmp-DF9TqENDJo53vrEA.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/cat /home/wwwresourcehunte/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwrmswll ; COMMAND=/bin/cat /home/wwwrmswll/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwrmswll by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwrmswll
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=remysagr ; COMMAND=/bin/cat /home/remysagr/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user remysagr by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user remysagr
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=disposeat ; COMMAND=/bin/cat /home/disposeat/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user disposeat by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user disposeat
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkmaorg ; COMMAND=/bin/cat /home/wwwkmaorg/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwkmaorg by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwkmaorg
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkapin ; COMMAND=/bin/cat /home/wwwkapin/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwkapin by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwkapin
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/cat /home/woodpeck/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/cat /home/shalinijames/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/cat /home/wwwtestugo/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=vfmassets ; COMMAND=/bin/cat /home/vfmassets/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user vfmassets by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user vfmassets
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=pmcresources ; COMMAND=/bin/cat /home/pmcresources/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user pmcresources by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user pmcresources
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/cat /home/wwwevmhonda/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=bonifacegroup ; COMMAND=/bin/cat /home/bonifacegroup/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user bonifacegroup by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user bonifacegroup
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/cat /home/wwwletsstalkfood/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=straightcurve ; COMMAND=/bin/cat /home/straightcurve/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user straightcurve by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user straightcurve
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=kottayamcalldriv ; COMMAND=/bin/cat /home/kottayamcalldriv/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user kottayamcalldriv by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user kottayamcalldriv
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=phmetals ; COMMAND=/bin/cat /home/phmetals/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user phmetals by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user phmetals
Jan 16 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/cat /home/palco123/.wp-toolkit-identifier
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 16 05:21:07 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 16 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=gifterman ; COMMAND=/bin/cat /home/gifterman/.wp-toolkit-identifier
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session opened for user gifterman by (uid=0)
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session closed for user gifterman
Jan 16 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwnexidigital ; COMMAND=/bin/cat /home/wwwnexidigital/.wp-toolkit-identifier
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwnexidigital by (uid=0)
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwnexidigital
Jan 16 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/cat /home/mrsclean/.wp-toolkit-identifier
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 16 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/cat /home/keralaholi/.wp-toolkit-identifier
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 16 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -f /home/keralaholi/.wp-toolkit-identifier
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 16 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -e /home/keralaholi/-wpt-tmp-0jXN34wyGR7IUTr3.wp-toolkit-identifier
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 16 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/sh -c cat > /home/keralaholi/-wpt-tmp-0jXN34wyGR7IUTr3.wp-toolkit-identifier
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 16 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_shared_ip --output=json
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_public_ip ip=167.71.234.10 --output=json
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-wYbBG8RYCtZ7m8fN.~
Jan 16 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-wYbBG8RYCtZ7m8fN.~'
Jan 16 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-wYbBG8RYCtZ7m8fN.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 05:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 05:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 05:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 05:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 05:22:02 host sshd[30886]: Connection reset by 98.143.227.205 port 62792 [preauth]
Jan 16 05:22:13 host sshd[30913]: Invalid user sFTPUser from 175.183.85.113 port 38915
Jan 16 05:22:13 host sshd[30913]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 16 05:22:13 host sshd[30913]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 05:22:13 host sshd[30913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.183.85.113
Jan 16 05:22:15 host sshd[30913]: Failed password for invalid user sFTPUser from 175.183.85.113 port 38915 ssh2
Jan 16 05:22:15 host sshd[30913]: Connection reset by 175.183.85.113 port 38915 [preauth]
Jan 16 05:28:04 host sshd[31685]: Invalid user juan from 209.141.56.48 port 55498
Jan 16 05:28:04 host sshd[31685]: input_userauth_request: invalid user juan [preauth]
Jan 16 05:28:04 host sshd[31685]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 05:28:04 host sshd[31685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 16 05:28:05 host sshd[31685]: Failed password for invalid user juan from 209.141.56.48 port 55498 ssh2
Jan 16 05:28:06 host sshd[31685]: Connection closed by 209.141.56.48 port 55498 [preauth]
Jan 16 05:28:45 host sshd[31774]: Invalid user mike from 107.189.30.59 port 37172
Jan 16 05:28:45 host sshd[31774]: input_userauth_request: invalid user mike [preauth]
Jan 16 05:28:45 host sshd[31774]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 05:28:45 host sshd[31774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 16 05:28:47 host sshd[31774]: Failed password for invalid user mike from 107.189.30.59 port 37172 ssh2
Jan 16 05:28:48 host sshd[31774]: Connection closed by 107.189.30.59 port 37172 [preauth]
Jan 16 05:31:48 host sshd[32283]: Connection reset by 171.6.78.101 port 37966 [preauth]
Jan 16 05:32:06 host sshd[32356]: Invalid user juan from 209.141.56.48 port 40838
Jan 16 05:32:06 host sshd[32356]: input_userauth_request: invalid user juan [preauth]
Jan 16 05:32:06 host sshd[32356]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 05:32:06 host sshd[32356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 16 05:32:09 host sshd[32356]: Failed password for invalid user juan from 209.141.56.48 port 40838 ssh2
Jan 16 05:32:09 host sshd[32356]: Connection closed by 209.141.56.48 port 40838 [preauth]
Jan 16 05:37:07 host sshd[637]: Invalid user nginx from 14.42.53.181 port 60343
Jan 16 05:37:07 host sshd[637]: input_userauth_request: invalid user nginx [preauth]
Jan 16 05:37:07 host sshd[637]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 05:37:07 host sshd[637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.42.53.181
Jan 16 05:37:09 host sshd[637]: Failed password for invalid user nginx from 14.42.53.181 port 60343 ssh2
Jan 16 05:37:10 host sshd[637]: Connection reset by 14.42.53.181 port 60343 [preauth]
Jan 16 05:37:43 host sshd[737]: User root from 164.92.192.247 not allowed because not listed in AllowUsers
Jan 16 05:37:43 host sshd[737]: input_userauth_request: invalid user root [preauth]
Jan 16 05:37:43 host unix_chkpwd[741]: password check failed for user (root)
Jan 16 05:37:43 host sshd[737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.192.247 user=root
Jan 16 05:37:43 host sshd[737]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 05:37:45 host sshd[737]: Failed password for invalid user root from 164.92.192.247 port 46260 ssh2
Jan 16 05:37:46 host sshd[737]: Received disconnect from 164.92.192.247 port 46260:11: Bye Bye [preauth]
Jan 16 05:37:46 host sshd[737]: Disconnected from 164.92.192.247 port 46260 [preauth]
Jan 16 05:39:48 host sshd[992]: User root from 164.92.192.247 not allowed because not listed in AllowUsers
Jan 16 05:39:48 host sshd[992]: input_userauth_request: invalid user root [preauth]
Jan 16 05:39:48 host unix_chkpwd[996]: password check failed for user (root)
Jan 16 05:39:48 host sshd[992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.192.247 user=root
Jan 16 05:39:48 host sshd[992]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 05:39:51 host sshd[992]: Failed password for invalid user root from 164.92.192.247 port 47404 ssh2
Jan 16 05:39:51 host sshd[992]: Received disconnect from 164.92.192.247 port 47404:11: Bye Bye [preauth]
Jan 16 05:39:51 host sshd[992]: Disconnected from 164.92.192.247 port 47404 [preauth]
Jan 16 05:44:33 host sshd[1798]: Invalid user pi from 59.92.106.29 port 44285
Jan 16 05:44:33 host sshd[1798]: input_userauth_request: invalid user pi [preauth]
Jan 16 05:44:33 host sshd[1798]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 05:44:33 host sshd[1798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.92.106.29
Jan 16 05:44:35 host sshd[1798]: Failed password for invalid user pi from 59.92.106.29 port 44285 ssh2
Jan 16 05:44:36 host sshd[1798]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 05:44:38 host sshd[1798]: Failed password for invalid user pi from 59.92.106.29 port 44285 ssh2
Jan 16 05:44:41 host sshd[1798]: Connection reset by 59.92.106.29 port 44285 [preauth]
Jan 16 05:44:41 host sshd[1798]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.92.106.29
Jan 16 05:45:09 host sshd[1868]: Connection reset by 61.83.41.209 port 60492 [preauth]
Jan 16 05:50:06 host sshd[2562]: User root from 202.131.233.35 not allowed because not listed in AllowUsers
Jan 16 05:50:06 host sshd[2562]: input_userauth_request: invalid user root [preauth]
Jan 16 05:50:06 host unix_chkpwd[2567]: password check failed for user (root)
Jan 16 05:50:06 host sshd[2562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.131.233.35 user=root
Jan 16 05:50:06 host sshd[2562]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 05:50:08 host sshd[2562]: Failed password for invalid user root from 202.131.233.35 port 34580 ssh2
Jan 16 05:50:08 host sshd[2562]: Received disconnect from 202.131.233.35 port 34580:11: Bye Bye [preauth]
Jan 16 05:50:08 host sshd[2562]: Disconnected from 202.131.233.35 port 34580 [preauth]
Jan 16 05:52:21 host sshd[2985]: User root from 202.131.233.35 not allowed because not listed in AllowUsers
Jan 16 05:52:21 host sshd[2985]: input_userauth_request: invalid user root [preauth]
Jan 16 05:52:21 host unix_chkpwd[2989]: password check failed for user (root)
Jan 16 05:52:21 host sshd[2985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.131.233.35 user=root
Jan 16 05:52:21 host sshd[2985]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 05:52:23 host sshd[2985]: Failed password for invalid user root from 202.131.233.35 port 55430 ssh2
Jan 16 05:57:21 host sshd[3721]: Connection reset by 139.9.5.44 port 46102 [preauth]
Jan 16 05:57:21 host sshd[3723]: Connection reset by 139.9.5.44 port 46072 [preauth]
Jan 16 05:57:27 host sshd[3742]: Did not receive identification string from 139.9.5.44 port 46058
Jan 16 05:57:28 host sshd[3743]: Did not receive identification string from 139.9.5.44 port 46056
Jan 16 05:57:29 host sshd[3769]: Connection reset by 139.9.5.44 port 46086 [preauth]
Jan 16 05:57:30 host sshd[3777]: Did not receive identification string from 139.9.5.44 port 46062
Jan 16 05:57:36 host sshd[3806]: Connection reset by 139.9.5.44 port 46066 [preauth]
Jan 16 05:57:41 host sshd[3745]: User root from 139.9.5.44 not allowed because not listed in AllowUsers
Jan 16 05:57:41 host sshd[3745]: input_userauth_request: invalid user root [preauth]
Jan 16 05:57:42 host sshd[3745]: Connection reset by 139.9.5.44 port 46078 [preauth]
Jan 16 05:58:28 host sshd[3929]: Invalid user ec2-user from 122.117.98.41 port 49561
Jan 16 05:58:28 host sshd[3929]: input_userauth_request: invalid user ec2-user [preauth]
Jan 16 05:58:28 host sshd[3929]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 05:58:28 host sshd[3929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.98.41
Jan 16 05:58:30 host sshd[3929]: Failed password for invalid user ec2-user from 122.117.98.41 port 49561 ssh2
Jan 16 05:58:30 host sshd[3929]: Connection reset by 122.117.98.41 port 49561 [preauth]
Jan 16 05:58:48 host sshd[3960]: Connection reset by 139.9.5.44 port 46090 [preauth]
Jan 16 05:58:50 host sshd[3728]: Connection reset by 139.9.5.44 port 46050 [preauth]
Jan 16 06:01:18 host sshd[4466]: Invalid user bigipuser3 from 203.66.178.245 port 34546
Jan 16 06:01:18 host sshd[4466]: input_userauth_request: invalid user bigipuser3 [preauth]
Jan 16 06:01:18 host sshd[4466]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 06:01:18 host sshd[4466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.66.178.245
Jan 16 06:01:21 host sshd[4466]: Failed password for invalid user bigipuser3 from 203.66.178.245 port 34546 ssh2
Jan 16 06:01:21 host sshd[4466]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 06:01:23 host sshd[4466]: Failed password for invalid user bigipuser3 from 203.66.178.245 port 34546 ssh2
Jan 16 06:01:24 host sshd[4466]: Connection reset by 203.66.178.245 port 34546 [preauth]
Jan 16 06:01:24 host sshd[4466]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.66.178.245
Jan 16 06:02:17 host sshd[4594]: Invalid user juan from 209.141.56.48 port 45672
Jan 16 06:02:17 host sshd[4594]: input_userauth_request: invalid user juan [preauth]
Jan 16 06:02:17 host sshd[4594]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 06:02:17 host sshd[4594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 16 06:02:19 host sshd[4594]: Failed password for invalid user juan from 209.141.56.48 port 45672 ssh2
Jan 16 06:02:59 host sshd[4704]: Connection reset by 14.56.24.201 port 60108 [preauth]
Jan 16 06:11:12 host sshd[5847]: User root from 144.172.73.16 not allowed because not listed in AllowUsers
Jan 16 06:11:12 host sshd[5847]: input_userauth_request: invalid user root [preauth]
Jan 16 06:11:13 host sshd[5847]: Connection closed by 144.172.73.16 port 38788 [preauth]
Jan 16 06:11:26 host sshd[5881]: User root from 185.220.102.241 not allowed because not listed in AllowUsers
Jan 16 06:11:26 host sshd[5881]: input_userauth_request: invalid user root [preauth]
Jan 16 06:11:26 host unix_chkpwd[5885]: password check failed for user (root)
Jan 16 06:11:26 host sshd[5881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.241 user=root
Jan 16 06:11:26 host sshd[5881]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:11:28 host sshd[5881]: Failed password for invalid user root from 185.220.102.241 port 15503 ssh2
Jan 16 06:11:29 host unix_chkpwd[5912]: password check failed for user (root)
Jan 16 06:11:29 host sshd[5881]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:11:31 host sshd[5881]: Failed password for invalid user root from 185.220.102.241 port 15503 ssh2
Jan 16 06:11:32 host unix_chkpwd[5921]: password check failed for user (root)
Jan 16 06:11:32 host sshd[5881]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:11:34 host sshd[5881]: Failed password for invalid user root from 185.220.102.241 port 15503 ssh2
Jan 16 06:11:35 host unix_chkpwd[5924]: password check failed for user (root)
Jan 16 06:11:35 host sshd[5881]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:11:36 host sshd[5881]: Failed password for invalid user root from 185.220.102.241 port 15503 ssh2
Jan 16 06:11:39 host unix_chkpwd[5939]: password check failed for user (root)
Jan 16 06:11:39 host sshd[5881]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:11:41 host sshd[5881]: Failed password for invalid user root from 185.220.102.241 port 15503 ssh2
Jan 16 06:11:46 host sshd[5871]: Did not receive identification string from 5.2.70.140 port 20769
Jan 16 06:12:14 host sshd[6120]: User root from 146.59.233.33 not allowed because not listed in AllowUsers
Jan 16 06:12:14 host sshd[6120]: input_userauth_request: invalid user root [preauth]
Jan 16 06:12:14 host unix_chkpwd[6130]: password check failed for user (root)
Jan 16 06:12:14 host sshd[6120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.59.233.33 user=root
Jan 16 06:12:14 host sshd[6120]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:12:15 host sshd[6120]: Failed password for invalid user root from 146.59.233.33 port 43470 ssh2
Jan 16 06:12:16 host unix_chkpwd[6133]: password check failed for user (root)
Jan 16 06:12:16 host sshd[6120]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:12:18 host sshd[6120]: Failed password for invalid user root from 146.59.233.33 port 43470 ssh2
Jan 16 06:12:18 host unix_chkpwd[6135]: password check failed for user (root)
Jan 16 06:12:18 host sshd[6120]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:12:19 host sshd[6120]: Failed password for invalid user root from 146.59.233.33 port 43470 ssh2
Jan 16 06:12:20 host unix_chkpwd[6144]: password check failed for user (root)
Jan 16 06:12:20 host sshd[6120]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:12:22 host sshd[6120]: Failed password for invalid user root from 146.59.233.33 port 43470 ssh2
Jan 16 06:12:57 host sshd[6233]: User root from 185.220.102.245 not allowed because not listed in AllowUsers
Jan 16 06:12:57 host sshd[6233]: input_userauth_request: invalid user root [preauth]
Jan 16 06:12:57 host unix_chkpwd[6240]: password check failed for user (root)
Jan 16 06:12:57 host sshd[6233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.245 user=root
Jan 16 06:12:57 host sshd[6233]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:12:59 host sshd[6233]: Failed password for invalid user root from 185.220.102.245 port 10607 ssh2
Jan 16 06:13:00 host unix_chkpwd[6244]: password check failed for user (root)
Jan 16 06:13:00 host sshd[6233]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:13:02 host sshd[6233]: Failed password for invalid user root from 185.220.102.245 port 10607 ssh2
Jan 16 06:13:03 host unix_chkpwd[6263]: password check failed for user (root)
Jan 16 06:13:03 host sshd[6233]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:13:05 host sshd[6233]: Failed password for invalid user root from 185.220.102.245 port 10607 ssh2
Jan 16 06:13:06 host unix_chkpwd[6267]: password check failed for user (root)
Jan 16 06:13:06 host sshd[6233]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:13:08 host sshd[6233]: Failed password for invalid user root from 185.220.102.245 port 10607 ssh2
Jan 16 06:13:09 host unix_chkpwd[6294]: password check failed for user (root)
Jan 16 06:13:09 host sshd[6233]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:13:12 host sshd[6233]: Failed password for invalid user root from 185.220.102.245 port 10607 ssh2
Jan 16 06:13:44 host sshd[6384]: User root from 185.129.62.62 not allowed because not listed in AllowUsers
Jan 16 06:13:44 host sshd[6384]: input_userauth_request: invalid user root [preauth]
Jan 16 06:13:44 host unix_chkpwd[6395]: password check failed for user (root)
Jan 16 06:13:44 host sshd[6384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.129.62.62 user=root
Jan 16 06:13:44 host sshd[6384]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:13:46 host sshd[6384]: Failed password for invalid user root from 185.129.62.62 port 33328 ssh2
Jan 16 06:13:47 host unix_chkpwd[6411]: password check failed for user (root)
Jan 16 06:13:47 host sshd[6384]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:13:49 host sshd[6384]: Failed password for invalid user root from 185.129.62.62 port 33328 ssh2
Jan 16 06:13:50 host unix_chkpwd[6430]: password check failed for user (root)
Jan 16 06:13:50 host sshd[6384]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:13:52 host sshd[6384]: Failed password for invalid user root from 185.129.62.62 port 33328 ssh2
Jan 16 06:13:53 host unix_chkpwd[6434]: password check failed for user (root)
Jan 16 06:13:53 host sshd[6384]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:13:55 host sshd[6384]: Failed password for invalid user root from 185.129.62.62 port 33328 ssh2
Jan 16 06:15:05 host sshd[6606]: User root from 185.220.102.243 not allowed because not listed in AllowUsers
Jan 16 06:15:05 host sshd[6606]: input_userauth_request: invalid user root [preauth]
Jan 16 06:15:05 host unix_chkpwd[6650]: password check failed for user (root)
Jan 16 06:15:05 host sshd[6606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.243 user=root
Jan 16 06:15:05 host sshd[6606]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:15:06 host sshd[6576]: Did not receive identification string from 203.28.246.101 port 45318
Jan 16 06:15:08 host sshd[6606]: Failed password for invalid user root from 185.220.102.243 port 34311 ssh2
Jan 16 06:15:08 host unix_chkpwd[6656]: password check failed for user (root)
Jan 16 06:15:08 host sshd[6606]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:15:10 host sshd[6606]: Failed password for invalid user root from 185.220.102.243 port 34311 ssh2
Jan 16 06:15:11 host unix_chkpwd[6666]: password check failed for user (root)
Jan 16 06:15:11 host sshd[6606]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:15:13 host sshd[6606]: Failed password for invalid user root from 185.220.102.243 port 34311 ssh2
Jan 16 06:15:14 host unix_chkpwd[6675]: password check failed for user (root)
Jan 16 06:15:14 host sshd[6606]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:15:16 host sshd[6606]: Failed password for invalid user root from 185.220.102.243 port 34311 ssh2
Jan 16 06:15:36 host sshd[6751]: User root from 62.93.62.98 not allowed because not listed in AllowUsers
Jan 16 06:15:36 host sshd[6751]: input_userauth_request: invalid user root [preauth]
Jan 16 06:15:36 host unix_chkpwd[6755]: password check failed for user (root)
Jan 16 06:15:36 host sshd[6751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.93.62.98 user=root
Jan 16 06:15:36 host sshd[6751]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:15:37 host sshd[6751]: Failed password for invalid user root from 62.93.62.98 port 41496 ssh2
Jan 16 06:15:38 host unix_chkpwd[6758]: password check failed for user (root)
Jan 16 06:15:38 host sshd[6751]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:15:40 host sshd[6751]: Failed password for invalid user root from 62.93.62.98 port 41496 ssh2
Jan 16 06:15:41 host sshd[6751]: Connection reset by 62.93.62.98 port 41496 [preauth]
Jan 16 06:15:41 host sshd[6751]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.93.62.98 user=root
Jan 16 06:15:47 host sshd[6766]: User root from 203.28.246.189 not allowed because not listed in AllowUsers
Jan 16 06:15:47 host sshd[6766]: input_userauth_request: invalid user root [preauth]
Jan 16 06:15:47 host unix_chkpwd[6771]: password check failed for user (root)
Jan 16 06:15:47 host sshd[6766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.28.246.189 user=root
Jan 16 06:15:47 host sshd[6766]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:15:50 host sshd[6766]: Failed password for invalid user root from 203.28.246.189 port 35436 ssh2
Jan 16 06:15:51 host unix_chkpwd[6777]: password check failed for user (root)
Jan 16 06:15:51 host sshd[6766]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:15:53 host sshd[6766]: Failed password for invalid user root from 203.28.246.189 port 35436 ssh2
Jan 16 06:15:54 host unix_chkpwd[6780]: password check failed for user (root)
Jan 16 06:15:54 host sshd[6766]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:15:56 host sshd[6766]: Failed password for invalid user root from 203.28.246.189 port 35436 ssh2
Jan 16 06:15:57 host unix_chkpwd[6784]: password check failed for user (root)
Jan 16 06:15:57 host sshd[6766]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:15:59 host sshd[6766]: Failed password for invalid user root from 203.28.246.189 port 35436 ssh2
Jan 16 06:16:00 host unix_chkpwd[6794]: password check failed for user (root)
Jan 16 06:16:00 host sshd[6766]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:16:01 host sshd[6766]: Failed password for invalid user root from 203.28.246.189 port 35436 ssh2
Jan 16 06:17:19 host sshd[7083]: User ftp from 58.123.137.76 not allowed because not listed in AllowUsers
Jan 16 06:17:19 host sshd[7083]: input_userauth_request: invalid user ftp [preauth]
Jan 16 06:17:19 host unix_chkpwd[7091]: password check failed for user (ftp)
Jan 16 06:17:19 host sshd[7083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.123.137.76 user=ftp
Jan 16 06:17:19 host sshd[7083]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 16 06:17:21 host sshd[7083]: Failed password for invalid user ftp from 58.123.137.76 port 63452 ssh2
Jan 16 06:17:21 host sshd[7083]: Connection reset by 58.123.137.76 port 63452 [preauth]
Jan 16 06:17:41 host sshd[7045]: Connection reset by 107.189.5.241 port 38854 [preauth]
Jan 16 06:17:43 host sshd[7141]: User root from 185.220.102.247 not allowed because not listed in AllowUsers
Jan 16 06:17:43 host sshd[7141]: input_userauth_request: invalid user root [preauth]
Jan 16 06:17:43 host unix_chkpwd[7150]: password check failed for user (root)
Jan 16 06:17:43 host sshd[7141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.247 user=root
Jan 16 06:17:43 host sshd[7141]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:17:45 host sshd[7141]: Failed password for invalid user root from 185.220.102.247 port 26683 ssh2
Jan 16 06:18:23 host sshd[7141]: Connection closed by 185.220.102.247 port 26683 [preauth]
Jan 16 06:18:45 host sshd[7256]: User root from 23.129.64.131 not allowed because not listed in AllowUsers
Jan 16 06:18:45 host sshd[7256]: input_userauth_request: invalid user root [preauth]
Jan 16 06:18:45 host unix_chkpwd[7263]: password check failed for user (root)
Jan 16 06:18:45 host sshd[7256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.129.64.131 user=root
Jan 16 06:18:45 host sshd[7256]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:18:47 host sshd[7256]: Failed password for invalid user root from 23.129.64.131 port 13368 ssh2
Jan 16 06:18:47 host unix_chkpwd[7266]: password check failed for user (root)
Jan 16 06:18:47 host sshd[7256]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:18:49 host sshd[7256]: Failed password for invalid user root from 23.129.64.131 port 13368 ssh2
Jan 16 06:18:50 host unix_chkpwd[7273]: password check failed for user (root)
Jan 16 06:18:50 host sshd[7256]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:18:52 host sshd[7256]: Failed password for invalid user root from 23.129.64.131 port 13368 ssh2
Jan 16 06:18:52 host unix_chkpwd[7276]: password check failed for user (root)
Jan 16 06:18:52 host sshd[7256]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:18:54 host sshd[7256]: Failed password for invalid user root from 23.129.64.131 port 13368 ssh2
Jan 16 06:18:55 host unix_chkpwd[7298]: password check failed for user (root)
Jan 16 06:18:55 host sshd[7256]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:18:56 host sshd[7256]: Failed password for invalid user root from 23.129.64.131 port 13368 ssh2
Jan 16 06:19:38 host sshd[7365]: User root from 162.247.74.206 not allowed because not listed in AllowUsers
Jan 16 06:19:38 host sshd[7365]: input_userauth_request: invalid user root [preauth]
Jan 16 06:19:38 host unix_chkpwd[7400]: password check failed for user (root)
Jan 16 06:19:38 host sshd[7365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.247.74.206 user=root
Jan 16 06:19:38 host sshd[7365]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:19:40 host sshd[7365]: Failed password for invalid user root from 162.247.74.206 port 48952 ssh2
Jan 16 06:19:56 host unix_chkpwd[7437]: password check failed for user (root)
Jan 16 06:19:56 host sshd[7365]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:19:58 host sshd[7365]: Failed password for invalid user root from 162.247.74.206 port 48952 ssh2
Jan 16 06:19:59 host unix_chkpwd[7444]: password check failed for user (root)
Jan 16 06:19:59 host sshd[7365]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:20:01 host sshd[7365]: Failed password for invalid user root from 162.247.74.206 port 48952 ssh2
Jan 16 06:20:03 host unix_chkpwd[7477]: password check failed for user (root)
Jan 16 06:20:03 host sshd[7365]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:20:05 host sshd[7365]: Failed password for invalid user root from 162.247.74.206 port 48952 ssh2
Jan 16 06:20:38 host sshd[7611]: User root from 185.220.103.7 not allowed because not listed in AllowUsers
Jan 16 06:20:38 host sshd[7611]: input_userauth_request: invalid user root [preauth]
Jan 16 06:20:38 host unix_chkpwd[7614]: password check failed for user (root)
Jan 16 06:20:38 host sshd[7611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.103.7 user=root
Jan 16 06:20:38 host sshd[7611]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:20:40 host sshd[7611]: Failed password for invalid user root from 185.220.103.7 port 57002 ssh2
Jan 16 06:20:41 host unix_chkpwd[7619]: password check failed for user (root)
Jan 16 06:20:41 host sshd[7611]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:20:43 host sshd[7611]: Failed password for invalid user root from 185.220.103.7 port 57002 ssh2
Jan 16 06:20:44 host unix_chkpwd[7624]: password check failed for user (root)
Jan 16 06:20:44 host sshd[7611]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:20:47 host sshd[7611]: Failed password for invalid user root from 185.220.103.7 port 57002 ssh2
Jan 16 06:20:47 host unix_chkpwd[7627]: password check failed for user (root)
Jan 16 06:20:47 host sshd[7611]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:20:49 host sshd[7611]: Failed password for invalid user root from 185.220.103.7 port 57002 ssh2
Jan 16 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkaretakers user-2=cochintaxi user-3=laundryboniface user-4=dartsimp user-5=a2zgroup user-6=wwwpmcresource user-7=ugotscom user-8=wwwrmswll user-9=wwwresourcehunte user-10=keralaholi user-11=travelboniface user-12=wwwkapin user-13=woodpeck user-14=remysagr user-15=disposeat user-16=wwwkmaorg user-17=pmcresources user-18=wwwtestugo user-19=shalinijames user-20=vfmassets user-21=wwwletsstalkfood user-22=straightcurve user-23=wwwevmhonda user-24=bonifacegroup user-25=mrsclean user-26=wwwnexidigital user-27=phmetals user-28=kottayamcalldriv user-29=gifterman user-30=palco123 feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 06:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-3jeK2WFhRDCNFwaV.~
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-3jeK2WFhRDCNFwaV.~'
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-3jeK2WFhRDCNFwaV.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 06:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 06:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 06:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 06:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 06:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 06:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 06:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 06:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 06:22:27 host sshd[8032]: User root from 23.129.64.224 not allowed because not listed in AllowUsers
Jan 16 06:22:27 host sshd[8032]: input_userauth_request: invalid user root [preauth]
Jan 16 06:22:27 host unix_chkpwd[8041]: password check failed for user (root)
Jan 16 06:22:27 host sshd[8032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.129.64.224 user=root
Jan 16 06:22:27 host sshd[8032]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:22:29 host sshd[8032]: Failed password for invalid user root from 23.129.64.224 port 6746 ssh2
Jan 16 06:22:30 host unix_chkpwd[8065]: password check failed for user (root)
Jan 16 06:22:30 host sshd[8032]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:22:32 host sshd[8032]: Failed password for invalid user root from 23.129.64.224 port 6746 ssh2
Jan 16 06:22:32 host unix_chkpwd[8068]: password check failed for user (root)
Jan 16 06:22:32 host sshd[8032]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:22:35 host sshd[8032]: Failed password for invalid user root from 23.129.64.224 port 6746 ssh2
Jan 16 06:22:35 host unix_chkpwd[8072]: password check failed for user (root)
Jan 16 06:22:35 host sshd[8032]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:22:38 host sshd[8032]: Failed password for invalid user root from 23.129.64.224 port 6746 ssh2
Jan 16 06:22:38 host unix_chkpwd[8076]: password check failed for user (root)
Jan 16 06:22:38 host sshd[8032]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:22:40 host sshd[8032]: Failed password for invalid user root from 23.129.64.224 port 6746 ssh2
Jan 16 06:22:48 host sshd[8223]: Connection closed by 172.104.11.34 port 6318 [preauth]
Jan 16 06:22:49 host sshd[8229]: Connection closed by 172.104.11.34 port 6332 [preauth]
Jan 16 06:22:51 host sshd[8233]: Connection closed by 172.104.11.34 port 6338 [preauth]
Jan 16 06:23:22 host sshd[8294]: User root from 185.220.102.250 not allowed because not listed in AllowUsers
Jan 16 06:23:22 host sshd[8294]: input_userauth_request: invalid user root [preauth]
Jan 16 06:23:22 host unix_chkpwd[8298]: password check failed for user (root)
Jan 16 06:23:22 host sshd[8294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.250 user=root
Jan 16 06:23:22 host sshd[8294]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:23:24 host sshd[8294]: Failed password for invalid user root from 185.220.102.250 port 48315 ssh2
Jan 16 06:23:25 host unix_chkpwd[8304]: password check failed for user (root)
Jan 16 06:23:25 host sshd[8294]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:23:26 host sshd[8294]: Failed password for invalid user root from 185.220.102.250 port 48315 ssh2
Jan 16 06:23:27 host unix_chkpwd[8307]: password check failed for user (root)
Jan 16 06:23:27 host sshd[8294]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:23:28 host sshd[8294]: Failed password for invalid user root from 185.220.102.250 port 48315 ssh2
Jan 16 06:23:29 host unix_chkpwd[8334]: password check failed for user (root)
Jan 16 06:23:29 host sshd[8294]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:23:31 host sshd[8294]: Failed password for invalid user root from 185.220.102.250 port 48315 ssh2
Jan 16 06:24:16 host sshd[8452]: User root from 162.247.74.74 not allowed because not listed in AllowUsers
Jan 16 06:24:16 host sshd[8452]: input_userauth_request: invalid user root [preauth]
Jan 16 06:24:16 host unix_chkpwd[8529]: password check failed for user (root)
Jan 16 06:24:16 host sshd[8452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.247.74.74 user=root
Jan 16 06:24:16 host sshd[8452]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:24:19 host sshd[8452]: Failed password for invalid user root from 162.247.74.74 port 46728 ssh2
Jan 16 06:24:19 host unix_chkpwd[8541]: password check failed for user (root)
Jan 16 06:24:19 host sshd[8452]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:24:21 host sshd[8452]: Failed password for invalid user root from 162.247.74.74 port 46728 ssh2
Jan 16 06:24:22 host unix_chkpwd[8544]: password check failed for user (root)
Jan 16 06:24:22 host sshd[8452]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:24:23 host sshd[8452]: Failed password for invalid user root from 162.247.74.74 port 46728 ssh2
Jan 16 06:24:24 host unix_chkpwd[8549]: password check failed for user (root)
Jan 16 06:24:24 host sshd[8452]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:24:26 host sshd[8452]: Failed password for invalid user root from 162.247.74.74 port 46728 ssh2
Jan 16 06:24:56 host sshd[8684]: User root from 162.247.74.216 not allowed because not listed in AllowUsers
Jan 16 06:24:56 host sshd[8684]: input_userauth_request: invalid user root [preauth]
Jan 16 06:24:56 host unix_chkpwd[8688]: password check failed for user (root)
Jan 16 06:24:56 host sshd[8684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.247.74.216 user=root
Jan 16 06:24:56 host sshd[8684]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:24:57 host sshd[8684]: Failed password for invalid user root from 162.247.74.216 port 33340 ssh2
Jan 16 06:24:58 host unix_chkpwd[8694]: password check failed for user (root)
Jan 16 06:24:58 host sshd[8684]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:25:00 host sshd[8684]: Failed password for invalid user root from 162.247.74.216 port 33340 ssh2
Jan 16 06:25:00 host unix_chkpwd[8697]: password check failed for user (root)
Jan 16 06:25:00 host sshd[8684]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:25:02 host sshd[8684]: Failed password for invalid user root from 162.247.74.216 port 33340 ssh2
Jan 16 06:25:03 host unix_chkpwd[8726]: password check failed for user (root)
Jan 16 06:25:03 host sshd[8684]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:25:05 host sshd[8684]: Failed password for invalid user root from 162.247.74.216 port 33340 ssh2
Jan 16 06:26:00 host sshd[8891]: User root from 185.129.61.129 not allowed because not listed in AllowUsers
Jan 16 06:26:00 host sshd[8891]: input_userauth_request: invalid user root [preauth]
Jan 16 06:26:00 host unix_chkpwd[8897]: password check failed for user (root)
Jan 16 06:26:00 host sshd[8891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.129.61.129 user=root
Jan 16 06:26:00 host sshd[8891]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:26:02 host sshd[8891]: Failed password for invalid user root from 185.129.61.129 port 37222 ssh2
Jan 16 06:26:03 host unix_chkpwd[8912]: password check failed for user (root)
Jan 16 06:26:03 host sshd[8891]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:26:05 host sshd[8891]: Failed password for invalid user root from 185.129.61.129 port 37222 ssh2
Jan 16 06:26:06 host unix_chkpwd[8917]: password check failed for user (root)
Jan 16 06:26:06 host sshd[8891]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:26:08 host sshd[8891]: Failed password for invalid user root from 185.129.61.129 port 37222 ssh2
Jan 16 06:26:08 host unix_chkpwd[8920]: password check failed for user (root)
Jan 16 06:26:08 host sshd[8891]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:26:10 host sshd[8891]: Failed password for invalid user root from 185.129.61.129 port 37222 ssh2
Jan 16 06:26:54 host sshd[9038]: User root from 185.220.103.8 not allowed because not listed in AllowUsers
Jan 16 06:26:54 host sshd[9038]: input_userauth_request: invalid user root [preauth]
Jan 16 06:26:54 host unix_chkpwd[9061]: password check failed for user (root)
Jan 16 06:26:54 host sshd[9038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.103.8 user=root
Jan 16 06:26:54 host sshd[9038]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:26:56 host sshd[9038]: Failed password for invalid user root from 185.220.103.8 port 59012 ssh2
Jan 16 06:26:57 host unix_chkpwd[9067]: password check failed for user (root)
Jan 16 06:26:57 host sshd[9038]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:27:00 host sshd[9038]: Failed password for invalid user root from 185.220.103.8 port 59012 ssh2
Jan 16 06:27:00 host unix_chkpwd[9071]: password check failed for user (root)
Jan 16 06:27:00 host sshd[9038]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:27:02 host sshd[9038]: Failed password for invalid user root from 185.220.103.8 port 59012 ssh2
Jan 16 06:27:03 host unix_chkpwd[9086]: password check failed for user (root)
Jan 16 06:27:03 host sshd[9038]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:27:06 host sshd[9038]: Failed password for invalid user root from 185.220.103.8 port 59012 ssh2
Jan 16 06:27:35 host sshd[9174]: User root from 185.220.102.246 not allowed because not listed in AllowUsers
Jan 16 06:27:35 host sshd[9174]: input_userauth_request: invalid user root [preauth]
Jan 16 06:27:35 host unix_chkpwd[9178]: password check failed for user (root)
Jan 16 06:27:35 host sshd[9174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.246 user=root
Jan 16 06:27:35 host sshd[9174]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:27:37 host sshd[9174]: Failed password for invalid user root from 185.220.102.246 port 23917 ssh2
Jan 16 06:27:38 host unix_chkpwd[9182]: password check failed for user (root)
Jan 16 06:27:38 host sshd[9174]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:27:40 host sshd[9174]: Failed password for invalid user root from 185.220.102.246 port 23917 ssh2
Jan 16 06:27:41 host unix_chkpwd[9189]: password check failed for user (root)
Jan 16 06:27:41 host sshd[9174]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:27:43 host sshd[9174]: Failed password for invalid user root from 185.220.102.246 port 23917 ssh2
Jan 16 06:27:44 host unix_chkpwd[9192]: password check failed for user (root)
Jan 16 06:27:44 host sshd[9174]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:27:46 host sshd[9174]: Failed password for invalid user root from 185.220.102.246 port 23917 ssh2
Jan 16 06:28:17 host sshd[9396]: User root from 185.220.102.253 not allowed because not listed in AllowUsers
Jan 16 06:28:17 host sshd[9396]: input_userauth_request: invalid user root [preauth]
Jan 16 06:28:17 host unix_chkpwd[9404]: password check failed for user (root)
Jan 16 06:28:17 host sshd[9396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.253 user=root
Jan 16 06:28:17 host sshd[9396]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:28:18 host sshd[9396]: Failed password for invalid user root from 185.220.102.253 port 5825 ssh2
Jan 16 06:28:19 host unix_chkpwd[9409]: password check failed for user (root)
Jan 16 06:28:19 host sshd[9396]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:28:21 host sshd[9396]: Failed password for invalid user root from 185.220.102.253 port 5825 ssh2
Jan 16 06:28:22 host unix_chkpwd[9423]: password check failed for user (root)
Jan 16 06:28:22 host sshd[9396]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:28:24 host sshd[9396]: Failed password for invalid user root from 185.220.102.253 port 5825 ssh2
Jan 16 06:28:25 host unix_chkpwd[9432]: password check failed for user (root)
Jan 16 06:28:25 host sshd[9396]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:28:27 host sshd[9396]: Failed password for invalid user root from 185.220.102.253 port 5825 ssh2
Jan 16 06:28:57 host sshd[9531]: User root from 104.244.79.40 not allowed because not listed in AllowUsers
Jan 16 06:28:57 host sshd[9531]: input_userauth_request: invalid user root [preauth]
Jan 16 06:28:58 host unix_chkpwd[9537]: password check failed for user (root)
Jan 16 06:28:58 host sshd[9531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.79.40 user=root
Jan 16 06:28:58 host sshd[9531]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:29:00 host sshd[9531]: Failed password for invalid user root from 104.244.79.40 port 60973 ssh2
Jan 16 06:29:01 host unix_chkpwd[9546]: password check failed for user (root)
Jan 16 06:29:01 host sshd[9531]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:29:03 host sshd[9531]: Failed password for invalid user root from 104.244.79.40 port 60973 ssh2
Jan 16 06:29:04 host unix_chkpwd[9564]: password check failed for user (root)
Jan 16 06:29:04 host sshd[9531]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:29:06 host sshd[9531]: Failed password for invalid user root from 104.244.79.40 port 60973 ssh2
Jan 16 06:29:07 host unix_chkpwd[9570]: password check failed for user (root)
Jan 16 06:29:07 host sshd[9531]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:29:09 host sshd[9531]: Failed password for invalid user root from 104.244.79.40 port 60973 ssh2
Jan 16 06:29:09 host unix_chkpwd[9573]: password check failed for user (root)
Jan 16 06:29:09 host sshd[9531]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:29:12 host sshd[9531]: Failed password for invalid user root from 104.244.79.40 port 60973 ssh2
Jan 16 06:29:43 host sshd[9675]: User root from 185.220.102.254 not allowed because not listed in AllowUsers
Jan 16 06:29:43 host sshd[9675]: input_userauth_request: invalid user root [preauth]
Jan 16 06:29:43 host unix_chkpwd[9680]: password check failed for user (root)
Jan 16 06:29:43 host sshd[9675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.254 user=root
Jan 16 06:29:43 host sshd[9675]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:29:45 host sshd[9675]: Failed password for invalid user root from 185.220.102.254 port 12683 ssh2
Jan 16 06:29:46 host unix_chkpwd[9684]: password check failed for user (root)
Jan 16 06:29:46 host sshd[9675]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:29:48 host sshd[9675]: Failed password for invalid user root from 185.220.102.254 port 12683 ssh2
Jan 16 06:29:49 host unix_chkpwd[9688]: password check failed for user (root)
Jan 16 06:29:49 host sshd[9675]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:29:51 host sshd[9675]: Failed password for invalid user root from 185.220.102.254 port 12683 ssh2
Jan 16 06:29:51 host unix_chkpwd[9693]: password check failed for user (root)
Jan 16 06:29:51 host sshd[9675]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:29:53 host sshd[9675]: Failed password for invalid user root from 185.220.102.254 port 12683 ssh2
Jan 16 06:29:54 host unix_chkpwd[9706]: password check failed for user (root)
Jan 16 06:29:54 host sshd[9675]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:29:56 host sshd[9675]: Failed password for invalid user root from 185.220.102.254 port 12683 ssh2
Jan 16 06:30:26 host sshd[9821]: User root from 82.221.128.191 not allowed because not listed in AllowUsers
Jan 16 06:30:26 host sshd[9821]: input_userauth_request: invalid user root [preauth]
Jan 16 06:30:26 host unix_chkpwd[9827]: password check failed for user (root)
Jan 16 06:30:26 host sshd[9821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.221.128.191 user=root
Jan 16 06:30:26 host sshd[9821]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:30:28 host sshd[9821]: Failed password for invalid user root from 82.221.128.191 port 39729 ssh2
Jan 16 06:30:28 host unix_chkpwd[9853]: password check failed for user (root)
Jan 16 06:30:28 host sshd[9821]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:30:30 host sshd[9821]: Failed password for invalid user root from 82.221.128.191 port 39729 ssh2
Jan 16 06:30:30 host unix_chkpwd[9858]: password check failed for user (root)
Jan 16 06:30:30 host sshd[9821]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:30:33 host sshd[9821]: Failed password for invalid user root from 82.221.128.191 port 39729 ssh2
Jan 16 06:30:33 host unix_chkpwd[9865]: password check failed for user (root)
Jan 16 06:30:33 host sshd[9821]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:30:35 host sshd[9821]: Failed password for invalid user root from 82.221.128.191 port 39729 ssh2
Jan 16 06:32:30 host sshd[10037]: User root from 185.146.232.168 not allowed because not listed in AllowUsers
Jan 16 06:32:30 host sshd[10037]: input_userauth_request: invalid user root [preauth]
Jan 16 06:32:30 host unix_chkpwd[10152]: password check failed for user (root)
Jan 16 06:32:30 host sshd[10037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.146.232.168 user=root
Jan 16 06:32:30 host sshd[10037]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:32:32 host sshd[10037]: Failed password for invalid user root from 185.146.232.168 port 42629 ssh2
Jan 16 06:32:34 host unix_chkpwd[10162]: password check failed for user (root)
Jan 16 06:32:34 host sshd[10037]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:32:35 host sshd[10037]: Failed password for invalid user root from 185.146.232.168 port 42629 ssh2
Jan 16 06:32:36 host unix_chkpwd[10170]: password check failed for user (root)
Jan 16 06:32:36 host sshd[10037]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:32:38 host sshd[10037]: Failed password for invalid user root from 185.146.232.168 port 42629 ssh2
Jan 16 06:32:39 host unix_chkpwd[10176]: password check failed for user (root)
Jan 16 06:32:39 host sshd[10037]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:32:41 host sshd[10037]: Failed password for invalid user root from 185.146.232.168 port 42629 ssh2
Jan 16 06:33:34 host sshd[10371]: User root from 179.43.159.201 not allowed because not listed in AllowUsers
Jan 16 06:33:34 host sshd[10371]: input_userauth_request: invalid user root [preauth]
Jan 16 06:33:34 host unix_chkpwd[10377]: password check failed for user (root)
Jan 16 06:33:34 host sshd[10371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.43.159.201 user=root
Jan 16 06:33:34 host sshd[10371]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:33:36 host sshd[10371]: Failed password for invalid user root from 179.43.159.201 port 15106 ssh2
Jan 16 06:33:37 host unix_chkpwd[10380]: password check failed for user (root)
Jan 16 06:33:37 host sshd[10371]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:33:39 host sshd[10371]: Failed password for invalid user root from 179.43.159.201 port 15106 ssh2
Jan 16 06:33:41 host unix_chkpwd[10385]: password check failed for user (root)
Jan 16 06:33:41 host sshd[10371]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:33:43 host sshd[10371]: Failed password for invalid user root from 179.43.159.201 port 15106 ssh2
Jan 16 06:34:33 host sshd[10582]: User root from 23.129.64.149 not allowed because not listed in AllowUsers
Jan 16 06:34:33 host sshd[10582]: input_userauth_request: invalid user root [preauth]
Jan 16 06:34:33 host unix_chkpwd[10625]: password check failed for user (root)
Jan 16 06:34:33 host sshd[10582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.129.64.149 user=root
Jan 16 06:34:33 host sshd[10582]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:34:35 host sshd[10582]: Failed password for invalid user root from 23.129.64.149 port 10012 ssh2
Jan 16 06:34:36 host unix_chkpwd[10632]: password check failed for user (root)
Jan 16 06:34:36 host sshd[10582]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:34:38 host sshd[10582]: Failed password for invalid user root from 23.129.64.149 port 10012 ssh2
Jan 16 06:34:39 host unix_chkpwd[10636]: password check failed for user (root)
Jan 16 06:34:39 host sshd[10582]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:34:42 host sshd[10582]: Failed password for invalid user root from 23.129.64.149 port 10012 ssh2
Jan 16 06:34:43 host unix_chkpwd[10642]: password check failed for user (root)
Jan 16 06:34:43 host sshd[10582]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:34:45 host sshd[10582]: Failed password for invalid user root from 23.129.64.149 port 10012 ssh2
Jan 16 06:34:46 host unix_chkpwd[10665]: password check failed for user (root)
Jan 16 06:34:46 host sshd[10582]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:34:48 host sshd[10582]: Failed password for invalid user root from 23.129.64.149 port 10012 ssh2
Jan 16 06:35:14 host sshd[10743]: Invalid user steam from 60.251.222.93 port 56331
Jan 16 06:35:14 host sshd[10743]: input_userauth_request: invalid user steam [preauth]
Jan 16 06:35:14 host sshd[10743]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 06:35:14 host sshd[10743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.251.222.93
Jan 16 06:35:16 host sshd[10743]: Failed password for invalid user steam from 60.251.222.93 port 56331 ssh2
Jan 16 06:35:17 host sshd[10743]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 06:35:18 host sshd[10751]: User root from 162.247.74.7 not allowed because not listed in AllowUsers
Jan 16 06:35:18 host sshd[10751]: input_userauth_request: invalid user root [preauth]
Jan 16 06:35:18 host unix_chkpwd[10755]: password check failed for user (root)
Jan 16 06:35:18 host sshd[10751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.247.74.7 user=root
Jan 16 06:35:18 host sshd[10751]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:35:19 host sshd[10743]: Failed password for invalid user steam from 60.251.222.93 port 56331 ssh2
Jan 16 06:35:19 host sshd[10743]: Failed password for invalid user steam from 60.251.222.93 port 56331 ssh2
Jan 16 06:35:20 host sshd[10743]: Connection closed by 60.251.222.93 port 56331 [preauth]
Jan 16 06:35:20 host sshd[10743]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.251.222.93
Jan 16 06:35:20 host sshd[10751]: Failed password for invalid user root from 162.247.74.7 port 33862 ssh2
Jan 16 06:35:21 host unix_chkpwd[10769]: password check failed for user (root)
Jan 16 06:35:21 host sshd[10751]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:35:23 host sshd[10751]: Failed password for invalid user root from 162.247.74.7 port 33862 ssh2
Jan 16 06:35:23 host unix_chkpwd[10772]: password check failed for user (root)
Jan 16 06:35:23 host sshd[10751]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:35:25 host sshd[10751]: Failed password for invalid user root from 162.247.74.7 port 33862 ssh2
Jan 16 06:35:26 host unix_chkpwd[10776]: password check failed for user (root)
Jan 16 06:35:26 host sshd[10751]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:35:28 host sshd[10751]: Failed password for invalid user root from 162.247.74.7 port 33862 ssh2
Jan 16 06:35:29 host unix_chkpwd[10800]: password check failed for user (root)
Jan 16 06:35:29 host sshd[10751]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:35:31 host sshd[10751]: Failed password for invalid user root from 162.247.74.7 port 33862 ssh2
Jan 16 06:36:42 host sshd[10958]: User root from 185.220.102.240 not allowed because not listed in AllowUsers
Jan 16 06:36:42 host sshd[10958]: input_userauth_request: invalid user root [preauth]
Jan 16 06:36:42 host unix_chkpwd[10963]: password check failed for user (root)
Jan 16 06:36:42 host sshd[10958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.240 user=root
Jan 16 06:36:42 host sshd[10958]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:36:44 host sshd[10958]: Failed password for invalid user root from 185.220.102.240 port 22849 ssh2
Jan 16 06:36:44 host unix_chkpwd[10966]: password check failed for user (root)
Jan 16 06:36:44 host sshd[10958]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:36:47 host sshd[10958]: Failed password for invalid user root from 185.220.102.240 port 22849 ssh2
Jan 16 06:36:47 host unix_chkpwd[10972]: password check failed for user (root)
Jan 16 06:36:47 host sshd[10958]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:36:49 host sshd[10958]: Failed password for invalid user root from 185.220.102.240 port 22849 ssh2
Jan 16 06:36:50 host unix_chkpwd[10975]: password check failed for user (root)
Jan 16 06:36:50 host sshd[10958]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:36:52 host sshd[10958]: Failed password for invalid user root from 185.220.102.240 port 22849 ssh2
Jan 16 06:37:57 host sshd[11117]: User root from 162.247.74.213 not allowed because not listed in AllowUsers
Jan 16 06:37:57 host sshd[11117]: input_userauth_request: invalid user root [preauth]
Jan 16 06:37:57 host unix_chkpwd[11121]: password check failed for user (root)
Jan 16 06:37:57 host sshd[11117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.247.74.213 user=root
Jan 16 06:37:57 host sshd[11117]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:37:59 host sshd[11117]: Failed password for invalid user root from 162.247.74.213 port 43502 ssh2
Jan 16 06:38:00 host unix_chkpwd[11123]: password check failed for user (root)
Jan 16 06:38:00 host sshd[11117]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:38:01 host sshd[11117]: Failed password for invalid user root from 162.247.74.213 port 43502 ssh2
Jan 16 06:38:02 host unix_chkpwd[11137]: password check failed for user (root)
Jan 16 06:38:02 host sshd[11117]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:38:04 host sshd[11117]: Failed password for invalid user root from 162.247.74.213 port 43502 ssh2
Jan 16 06:38:05 host unix_chkpwd[11140]: password check failed for user (root)
Jan 16 06:38:05 host sshd[11117]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:38:07 host sshd[11117]: Failed password for invalid user root from 162.247.74.213 port 43502 ssh2
Jan 16 06:38:39 host sshd[11241]: User root from 185.220.102.252 not allowed because not listed in AllowUsers
Jan 16 06:38:39 host sshd[11241]: input_userauth_request: invalid user root [preauth]
Jan 16 06:38:39 host unix_chkpwd[11244]: password check failed for user (root)
Jan 16 06:38:39 host sshd[11241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.252 user=root
Jan 16 06:38:39 host sshd[11241]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:38:41 host sshd[11241]: Failed password for invalid user root from 185.220.102.252 port 36433 ssh2
Jan 16 06:38:42 host unix_chkpwd[11248]: password check failed for user (root)
Jan 16 06:38:42 host sshd[11241]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:38:44 host sshd[11241]: Failed password for invalid user root from 185.220.102.252 port 36433 ssh2
Jan 16 06:38:44 host unix_chkpwd[11257]: password check failed for user (root)
Jan 16 06:38:44 host sshd[11241]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:38:46 host sshd[11241]: Failed password for invalid user root from 185.220.102.252 port 36433 ssh2
Jan 16 06:38:47 host unix_chkpwd[11263]: password check failed for user (root)
Jan 16 06:38:47 host sshd[11241]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:38:49 host sshd[11241]: Failed password for invalid user root from 185.220.102.252 port 36433 ssh2
Jan 16 06:38:49 host unix_chkpwd[11266]: password check failed for user (root)
Jan 16 06:38:49 host sshd[11241]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:38:52 host sshd[11241]: Failed password for invalid user root from 185.220.102.252 port 36433 ssh2
Jan 16 06:39:05 host sshd[11411]: User root from 190.214.36.160 not allowed because not listed in AllowUsers
Jan 16 06:39:05 host sshd[11411]: input_userauth_request: invalid user root [preauth]
Jan 16 06:39:05 host unix_chkpwd[11443]: password check failed for user (root)
Jan 16 06:39:05 host sshd[11411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.214.36.160 user=root
Jan 16 06:39:05 host sshd[11411]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:39:07 host sshd[11411]: Failed password for invalid user root from 190.214.36.160 port 58262 ssh2
Jan 16 06:39:08 host unix_chkpwd[11447]: password check failed for user (root)
Jan 16 06:39:08 host sshd[11411]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:39:10 host sshd[11411]: Failed password for invalid user root from 190.214.36.160 port 58262 ssh2
Jan 16 06:39:11 host unix_chkpwd[11450]: password check failed for user (root)
Jan 16 06:39:11 host sshd[11411]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:39:13 host sshd[11411]: Failed password for invalid user root from 190.214.36.160 port 58262 ssh2
Jan 16 06:39:14 host unix_chkpwd[11455]: password check failed for user (root)
Jan 16 06:39:14 host sshd[11411]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:39:16 host sshd[11411]: Failed password for invalid user root from 190.214.36.160 port 58262 ssh2
Jan 16 06:39:16 host unix_chkpwd[11478]: password check failed for user (root)
Jan 16 06:39:16 host sshd[11411]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:39:19 host sshd[11411]: Failed password for invalid user root from 190.214.36.160 port 58262 ssh2
Jan 16 06:39:40 host sshd[11544]: User root from 179.43.159.198 not allowed because not listed in AllowUsers
Jan 16 06:39:40 host sshd[11544]: input_userauth_request: invalid user root [preauth]
Jan 16 06:39:40 host unix_chkpwd[11550]: password check failed for user (root)
Jan 16 06:39:40 host sshd[11544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.43.159.198 user=root
Jan 16 06:39:40 host sshd[11544]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:39:42 host sshd[11544]: Failed password for invalid user root from 179.43.159.198 port 16136 ssh2
Jan 16 06:39:43 host sshd[11544]: Connection closed by 179.43.159.198 port 16136 [preauth]
Jan 16 06:46:18 host sshd[12462]: User root from 125.138.44.175 not allowed because not listed in AllowUsers
Jan 16 06:46:18 host sshd[12462]: input_userauth_request: invalid user root [preauth]
Jan 16 06:46:19 host unix_chkpwd[12466]: password check failed for user (root)
Jan 16 06:46:19 host sshd[12462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.138.44.175 user=root
Jan 16 06:46:19 host sshd[12462]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:46:21 host sshd[12462]: Failed password for invalid user root from 125.138.44.175 port 61371 ssh2
Jan 16 06:46:21 host unix_chkpwd[12474]: password check failed for user (root)
Jan 16 06:46:21 host sshd[12462]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:46:23 host sshd[12462]: Failed password for invalid user root from 125.138.44.175 port 61371 ssh2
Jan 16 06:46:24 host unix_chkpwd[12477]: password check failed for user (root)
Jan 16 06:46:24 host sshd[12462]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:46:26 host sshd[12462]: Failed password for invalid user root from 125.138.44.175 port 61371 ssh2
Jan 16 06:46:27 host unix_chkpwd[12485]: password check failed for user (root)
Jan 16 06:46:27 host sshd[12462]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:46:29 host sshd[12462]: Failed password for invalid user root from 125.138.44.175 port 61371 ssh2
Jan 16 06:51:45 host sshd[13327]: Invalid user pi from 79.122.55.186 port 40998
Jan 16 06:51:45 host sshd[13327]: input_userauth_request: invalid user pi [preauth]
Jan 16 06:51:45 host sshd[13327]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 06:51:45 host sshd[13327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.122.55.186
Jan 16 06:51:45 host sshd[13330]: Invalid user pi from 79.122.55.186 port 41000
Jan 16 06:51:45 host sshd[13330]: input_userauth_request: invalid user pi [preauth]
Jan 16 06:51:45 host sshd[13330]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 06:51:45 host sshd[13330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.122.55.186
Jan 16 06:51:47 host sshd[13327]: Failed password for invalid user pi from 79.122.55.186 port 40998 ssh2
Jan 16 06:51:47 host sshd[13327]: Connection closed by 79.122.55.186 port 40998 [preauth]
Jan 16 06:51:48 host sshd[13330]: Failed password for invalid user pi from 79.122.55.186 port 41000 ssh2
Jan 16 06:51:48 host sshd[13330]: Connection closed by 79.122.55.186 port 41000 [preauth]
Jan 16 06:56:12 host sshd[13995]: User root from 61.82.205.196 not allowed because not listed in AllowUsers
Jan 16 06:56:12 host sshd[13995]: input_userauth_request: invalid user root [preauth]
Jan 16 06:56:12 host unix_chkpwd[13998]: password check failed for user (root)
Jan 16 06:56:12 host sshd[13995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.82.205.196 user=root
Jan 16 06:56:12 host sshd[13995]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:56:13 host sshd[13995]: Failed password for invalid user root from 61.82.205.196 port 62657 ssh2
Jan 16 06:56:14 host unix_chkpwd[14001]: password check failed for user (root)
Jan 16 06:56:14 host sshd[13995]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:56:16 host sshd[13995]: Failed password for invalid user root from 61.82.205.196 port 62657 ssh2
Jan 16 06:56:17 host unix_chkpwd[14005]: password check failed for user (root)
Jan 16 06:56:17 host sshd[13995]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:56:19 host sshd[13995]: Failed password for invalid user root from 61.82.205.196 port 62657 ssh2
Jan 16 06:56:19 host sshd[13995]: Connection reset by 61.82.205.196 port 62657 [preauth]
Jan 16 06:56:19 host sshd[13995]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.82.205.196 user=root
Jan 16 06:58:49 host sshd[14322]: User root from 180.252.167.158 not allowed because not listed in AllowUsers
Jan 16 06:58:49 host sshd[14322]: input_userauth_request: invalid user root [preauth]
Jan 16 06:58:49 host unix_chkpwd[14325]: password check failed for user (root)
Jan 16 06:58:49 host sshd[14322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.167.158 user=root
Jan 16 06:58:49 host sshd[14322]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 06:58:51 host sshd[14322]: Failed password for invalid user root from 180.252.167.158 port 42384 ssh2
Jan 16 06:58:51 host sshd[14322]: Received disconnect from 180.252.167.158 port 42384:11: Bye Bye [preauth]
Jan 16 06:58:51 host sshd[14322]: Disconnected from 180.252.167.158 port 42384 [preauth]
Jan 16 07:00:25 host sshd[14513]: User root from 222.252.11.10 not allowed because not listed in AllowUsers
Jan 16 07:00:25 host sshd[14513]: input_userauth_request: invalid user root [preauth]
Jan 16 07:00:25 host unix_chkpwd[14516]: password check failed for user (root)
Jan 16 07:00:25 host sshd[14513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.252.11.10 user=root
Jan 16 07:00:25 host sshd[14513]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:00:27 host sshd[14513]: Failed password for invalid user root from 222.252.11.10 port 57957 ssh2
Jan 16 07:00:27 host sshd[14513]: Received disconnect from 222.252.11.10 port 57957:11: Bye Bye [preauth]
Jan 16 07:00:27 host sshd[14513]: Disconnected from 222.252.11.10 port 57957 [preauth]
Jan 16 07:00:40 host sshd[14552]: Invalid user ev from 194.110.203.109 port 55454
Jan 16 07:00:40 host sshd[14552]: input_userauth_request: invalid user ev [preauth]
Jan 16 07:00:40 host sshd[14552]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 07:00:40 host sshd[14552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 07:00:42 host sshd[14552]: Failed password for invalid user ev from 194.110.203.109 port 55454 ssh2
Jan 16 07:00:42 host sshd[14558]: User root from 211.44.198.209 not allowed because not listed in AllowUsers
Jan 16 07:00:42 host sshd[14558]: input_userauth_request: invalid user root [preauth]
Jan 16 07:00:42 host unix_chkpwd[14561]: password check failed for user (root)
Jan 16 07:00:42 host sshd[14558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.44.198.209 user=root
Jan 16 07:00:42 host sshd[14558]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:00:44 host sshd[14558]: Failed password for invalid user root from 211.44.198.209 port 4596 ssh2
Jan 16 07:00:44 host sshd[14562]: User root from 74.94.234.151 not allowed because not listed in AllowUsers
Jan 16 07:00:44 host sshd[14562]: input_userauth_request: invalid user root [preauth]
Jan 16 07:00:44 host sshd[14558]: Received disconnect from 211.44.198.209 port 4596:11: Bye Bye [preauth]
Jan 16 07:00:44 host sshd[14558]: Disconnected from 211.44.198.209 port 4596 [preauth]
Jan 16 07:00:44 host unix_chkpwd[14575]: password check failed for user (root)
Jan 16 07:00:44 host sshd[14562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151 user=root
Jan 16 07:00:44 host sshd[14562]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:00:45 host sshd[14552]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 07:00:47 host sshd[14562]: Failed password for invalid user root from 74.94.234.151 port 43170 ssh2
Jan 16 07:00:47 host sshd[14562]: Received disconnect from 74.94.234.151 port 43170:11: Bye Bye [preauth]
Jan 16 07:00:47 host sshd[14562]: Disconnected from 74.94.234.151 port 43170 [preauth]
Jan 16 07:00:47 host sshd[14552]: Failed password for invalid user ev from 194.110.203.109 port 55454 ssh2
Jan 16 07:00:50 host sshd[14552]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 07:00:52 host sshd[14552]: Failed password for invalid user ev from 194.110.203.109 port 55454 ssh2
Jan 16 07:00:55 host sshd[14552]: Connection closed by 194.110.203.109 port 55454 [preauth]
Jan 16 07:00:55 host sshd[14552]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 07:01:50 host sshd[14824]: User root from 164.52.12.102 not allowed because not listed in AllowUsers
Jan 16 07:01:50 host sshd[14824]: input_userauth_request: invalid user root [preauth]
Jan 16 07:01:50 host unix_chkpwd[14826]: password check failed for user (root)
Jan 16 07:01:50 host sshd[14824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.52.12.102 user=root
Jan 16 07:01:50 host sshd[14824]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:01:52 host sshd[14824]: Failed password for invalid user root from 164.52.12.102 port 53794 ssh2
Jan 16 07:01:52 host sshd[14824]: Received disconnect from 164.52.12.102 port 53794:11: Bye Bye [preauth]
Jan 16 07:01:52 host sshd[14824]: Disconnected from 164.52.12.102 port 53794 [preauth]
Jan 16 07:02:16 host sshd[14866]: User root from 180.252.167.158 not allowed because not listed in AllowUsers
Jan 16 07:02:16 host sshd[14866]: input_userauth_request: invalid user root [preauth]
Jan 16 07:02:16 host unix_chkpwd[14869]: password check failed for user (root)
Jan 16 07:02:16 host sshd[14866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.167.158 user=root
Jan 16 07:02:16 host sshd[14866]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:02:18 host sshd[14866]: Failed password for invalid user root from 180.252.167.158 port 42388 ssh2
Jan 16 07:02:18 host sshd[14866]: Received disconnect from 180.252.167.158 port 42388:11: Bye Bye [preauth]
Jan 16 07:02:18 host sshd[14866]: Disconnected from 180.252.167.158 port 42388 [preauth]
Jan 16 07:02:21 host sshd[14885]: User root from 143.110.188.7 not allowed because not listed in AllowUsers
Jan 16 07:02:21 host sshd[14885]: input_userauth_request: invalid user root [preauth]
Jan 16 07:02:21 host unix_chkpwd[14887]: password check failed for user (root)
Jan 16 07:02:21 host sshd[14885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.188.7 user=root
Jan 16 07:02:21 host sshd[14885]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:02:23 host sshd[14885]: Failed password for invalid user root from 143.110.188.7 port 52110 ssh2
Jan 16 07:02:23 host sshd[14885]: Received disconnect from 143.110.188.7 port 52110:11: Bye Bye [preauth]
Jan 16 07:02:23 host sshd[14885]: Disconnected from 143.110.188.7 port 52110 [preauth]
Jan 16 07:04:41 host sshd[15200]: Connection reset by 69.118.48.182 port 48047 [preauth]
Jan 16 07:04:48 host sshd[15212]: User root from 211.44.198.209 not allowed because not listed in AllowUsers
Jan 16 07:04:48 host sshd[15212]: input_userauth_request: invalid user root [preauth]
Jan 16 07:04:48 host unix_chkpwd[15214]: password check failed for user (root)
Jan 16 07:04:48 host sshd[15212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.44.198.209 user=root
Jan 16 07:04:48 host sshd[15212]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:04:50 host sshd[15212]: Failed password for invalid user root from 211.44.198.209 port 58624 ssh2
Jan 16 07:04:50 host sshd[15212]: Received disconnect from 211.44.198.209 port 58624:11: Bye Bye [preauth]
Jan 16 07:04:50 host sshd[15212]: Disconnected from 211.44.198.209 port 58624 [preauth]
Jan 16 07:05:02 host sshd[15262]: User root from 41.57.68.2 not allowed because not listed in AllowUsers
Jan 16 07:05:02 host sshd[15262]: input_userauth_request: invalid user root [preauth]
Jan 16 07:05:02 host unix_chkpwd[15289]: password check failed for user (root)
Jan 16 07:05:02 host sshd[15262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.57.68.2 user=root
Jan 16 07:05:02 host sshd[15262]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:05:04 host sshd[15262]: Failed password for invalid user root from 41.57.68.2 port 59054 ssh2
Jan 16 07:05:04 host sshd[15262]: Received disconnect from 41.57.68.2 port 59054:11: Bye Bye [preauth]
Jan 16 07:05:04 host sshd[15262]: Disconnected from 41.57.68.2 port 59054 [preauth]
Jan 16 07:05:27 host sshd[15364]: User root from 143.110.188.7 not allowed because not listed in AllowUsers
Jan 16 07:05:27 host sshd[15364]: input_userauth_request: invalid user root [preauth]
Jan 16 07:05:27 host unix_chkpwd[15366]: password check failed for user (root)
Jan 16 07:05:27 host sshd[15364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.188.7 user=root
Jan 16 07:05:27 host sshd[15364]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:05:29 host sshd[15364]: Failed password for invalid user root from 143.110.188.7 port 33918 ssh2
Jan 16 07:05:29 host sshd[15364]: Received disconnect from 143.110.188.7 port 33918:11: Bye Bye [preauth]
Jan 16 07:05:29 host sshd[15364]: Disconnected from 143.110.188.7 port 33918 [preauth]
Jan 16 07:05:30 host sshd[15370]: User root from 222.252.11.10 not allowed because not listed in AllowUsers
Jan 16 07:05:30 host sshd[15370]: input_userauth_request: invalid user root [preauth]
Jan 16 07:05:30 host unix_chkpwd[15372]: password check failed for user (root)
Jan 16 07:05:30 host sshd[15370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.252.11.10 user=root
Jan 16 07:05:30 host sshd[15370]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:05:32 host sshd[15370]: Failed password for invalid user root from 222.252.11.10 port 52479 ssh2
Jan 16 07:05:53 host sshd[15475]: User root from 164.52.12.102 not allowed because not listed in AllowUsers
Jan 16 07:05:53 host sshd[15475]: input_userauth_request: invalid user root [preauth]
Jan 16 07:05:53 host unix_chkpwd[15477]: password check failed for user (root)
Jan 16 07:05:53 host sshd[15475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.52.12.102 user=root
Jan 16 07:05:53 host sshd[15475]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:05:55 host sshd[15475]: Failed password for invalid user root from 164.52.12.102 port 60294 ssh2
Jan 16 07:05:55 host sshd[15475]: Received disconnect from 164.52.12.102 port 60294:11: Bye Bye [preauth]
Jan 16 07:05:55 host sshd[15475]: Disconnected from 164.52.12.102 port 60294 [preauth]
Jan 16 07:06:40 host sshd[15704]: User root from 41.57.68.2 not allowed because not listed in AllowUsers
Jan 16 07:06:40 host sshd[15704]: input_userauth_request: invalid user root [preauth]
Jan 16 07:06:40 host unix_chkpwd[15709]: password check failed for user (root)
Jan 16 07:06:40 host sshd[15704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.57.68.2 user=root
Jan 16 07:06:40 host sshd[15704]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:06:43 host sshd[15704]: Failed password for invalid user root from 41.57.68.2 port 41564 ssh2
Jan 16 07:07:05 host sshd[15815]: User root from 74.94.234.151 not allowed because not listed in AllowUsers
Jan 16 07:07:05 host sshd[15815]: input_userauth_request: invalid user root [preauth]
Jan 16 07:07:05 host unix_chkpwd[15822]: password check failed for user (root)
Jan 16 07:07:05 host sshd[15815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151 user=root
Jan 16 07:07:05 host sshd[15815]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:07:07 host sshd[15815]: Failed password for invalid user root from 74.94.234.151 port 39780 ssh2
Jan 16 07:09:38 host sshd[16215]: Invalid user vadmin from 183.104.247.190 port 39346
Jan 16 07:09:38 host sshd[16215]: input_userauth_request: invalid user vadmin [preauth]
Jan 16 07:09:38 host sshd[16215]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 07:09:38 host sshd[16215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.247.190
Jan 16 07:09:40 host sshd[16215]: Failed password for invalid user vadmin from 183.104.247.190 port 39346 ssh2
Jan 16 07:09:40 host sshd[16215]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 07:09:42 host sshd[16215]: Failed password for invalid user vadmin from 183.104.247.190 port 39346 ssh2
Jan 16 07:09:43 host sshd[16215]: Failed password for invalid user vadmin from 183.104.247.190 port 39346 ssh2
Jan 16 07:09:43 host sshd[16215]: Connection closed by 183.104.247.190 port 39346 [preauth]
Jan 16 07:09:43 host sshd[16215]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.104.247.190
Jan 16 07:15:09 host sshd[16996]: Invalid user dmdba from 112.166.176.21 port 61030
Jan 16 07:15:09 host sshd[16996]: input_userauth_request: invalid user dmdba [preauth]
Jan 16 07:15:09 host sshd[16996]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 07:15:09 host sshd[16996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.166.176.21
Jan 16 07:15:11 host sshd[16996]: Failed password for invalid user dmdba from 112.166.176.21 port 61030 ssh2
Jan 16 07:15:11 host sshd[16996]: Failed password for invalid user dmdba from 112.166.176.21 port 61030 ssh2
Jan 16 07:15:15 host sshd[17007]: Invalid user vipin@ugotechnologies.com from 117.236.177.223 port 58913
Jan 16 07:15:15 host sshd[17007]: input_userauth_request: invalid user vipin@ugotechnologies.com [preauth]
Jan 16 07:15:15 host sshd[17007]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 07:15:15 host sshd[17007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.236.177.223
Jan 16 07:15:18 host sshd[17007]: Failed password for invalid user vipin@ugotechnologies.com from 117.236.177.223 port 58913 ssh2
Jan 16 07:15:18 host sshd[17007]: Connection closed by 117.236.177.223 port 58913 [preauth]
Jan 16 07:15:18 host sshd[17012]: User root from 117.236.177.223 not allowed because not listed in AllowUsers
Jan 16 07:15:18 host sshd[17012]: input_userauth_request: invalid user root [preauth]
Jan 16 07:15:18 host unix_chkpwd[17014]: password check failed for user (root)
Jan 16 07:15:18 host sshd[17012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.236.177.223 user=root
Jan 16 07:15:18 host sshd[17012]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:15:20 host sshd[17012]: Failed password for invalid user root from 117.236.177.223 port 59837 ssh2
Jan 16 07:15:20 host sshd[17012]: Connection closed by 117.236.177.223 port 59837 [preauth]
Jan 16 07:15:20 host unix_chkpwd[17020]: password check failed for user (vipin)
Jan 16 07:15:20 host sshd[17018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.236.177.223 user=vipin
Jan 16 07:15:22 host sshd[17018]: Failed password for vipin from 117.236.177.223 port 60188 ssh2
Jan 16 07:19:53 host sshd[17667]: User root from 109.249.179.219 not allowed because not listed in AllowUsers
Jan 16 07:19:53 host sshd[17667]: input_userauth_request: invalid user root [preauth]
Jan 16 07:19:53 host unix_chkpwd[17673]: password check failed for user (root)
Jan 16 07:19:53 host sshd[17667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.249.179.219 user=root
Jan 16 07:19:53 host sshd[17667]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:19:55 host sshd[17667]: Failed password for invalid user root from 109.249.179.219 port 44944 ssh2
Jan 16 07:19:55 host sshd[17667]: Received disconnect from 109.249.179.219 port 44944:11: Bye Bye [preauth]
Jan 16 07:19:55 host sshd[17667]: Disconnected from 109.249.179.219 port 44944 [preauth]
Jan 16 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=woodpeck user-2=wwwkapin user-3=disposeat user-4=remysagr user-5=wwwkmaorg user-6=pmcresources user-7=shalinijames user-8=wwwtestugo user-9=vfmassets user-10=wwwletsstalkfood user-11=straightcurve user-12=wwwevmhonda user-13=bonifacegroup user-14=mrsclean user-15=wwwnexidigital user-16=phmetals user-17=kottayamcalldriv user-18=palco123 user-19=gifterman user-20=cochintaxi user-21=wwwkaretakers user-22=laundryboniface user-23=a2zgroup user-24=dartsimp user-25=wwwpmcresource user-26=ugotscom user-27=keralaholi user-28=wwwresourcehunte user-29=wwwrmswll user-30=travelboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 07:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-HNiDSK3lMKpsgCCv.~
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-HNiDSK3lMKpsgCCv.~'
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-HNiDSK3lMKpsgCCv.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 07:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 07:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 07:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 07:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 07:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 07:21:48 host sshd[18189]: User root from 34.123.234.91 not allowed because not listed in AllowUsers
Jan 16 07:21:48 host sshd[18189]: input_userauth_request: invalid user root [preauth]
Jan 16 07:21:48 host unix_chkpwd[18192]: password check failed for user (root)
Jan 16 07:21:48 host sshd[18189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.234.91 user=root
Jan 16 07:21:48 host sshd[18189]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:21:50 host sshd[18189]: Failed password for invalid user root from 34.123.234.91 port 33406 ssh2
Jan 16 07:21:51 host sshd[18189]: Received disconnect from 34.123.234.91 port 33406:11: Bye Bye [preauth]
Jan 16 07:21:51 host sshd[18189]: Disconnected from 34.123.234.91 port 33406 [preauth]
Jan 16 07:22:22 host sshd[18261]: User root from 109.249.179.219 not allowed because not listed in AllowUsers
Jan 16 07:22:22 host sshd[18261]: input_userauth_request: invalid user root [preauth]
Jan 16 07:22:22 host unix_chkpwd[18266]: password check failed for user (root)
Jan 16 07:22:22 host sshd[18261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.249.179.219 user=root
Jan 16 07:22:22 host sshd[18261]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:22:24 host sshd[18261]: Failed password for invalid user root from 109.249.179.219 port 52300 ssh2
Jan 16 07:22:25 host sshd[18261]: Received disconnect from 109.249.179.219 port 52300:11: Bye Bye [preauth]
Jan 16 07:22:25 host sshd[18261]: Disconnected from 109.249.179.219 port 52300 [preauth]
Jan 16 07:24:43 host sshd[18580]: User root from 58.64.193.176 not allowed because not listed in AllowUsers
Jan 16 07:24:43 host sshd[18580]: input_userauth_request: invalid user root [preauth]
Jan 16 07:24:43 host unix_chkpwd[18582]: password check failed for user (root)
Jan 16 07:24:43 host sshd[18580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.64.193.176 user=root
Jan 16 07:24:43 host sshd[18580]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:24:45 host sshd[18580]: Failed password for invalid user root from 58.64.193.176 port 61000 ssh2
Jan 16 07:24:45 host sshd[18580]: Received disconnect from 58.64.193.176 port 61000:11: Bye Bye [preauth]
Jan 16 07:24:45 host sshd[18580]: Disconnected from 58.64.193.176 port 61000 [preauth]
Jan 16 07:25:17 host sshd[18633]: User root from 182.75.65.22 not allowed because not listed in AllowUsers
Jan 16 07:25:17 host sshd[18633]: input_userauth_request: invalid user root [preauth]
Jan 16 07:25:17 host unix_chkpwd[18635]: password check failed for user (root)
Jan 16 07:25:17 host sshd[18633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.65.22 user=root
Jan 16 07:25:17 host sshd[18633]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:25:18 host sshd[18633]: Failed password for invalid user root from 182.75.65.22 port 51746 ssh2
Jan 16 07:25:18 host sshd[18633]: Received disconnect from 182.75.65.22 port 51746:11: Bye Bye [preauth]
Jan 16 07:25:18 host sshd[18633]: Disconnected from 182.75.65.22 port 51746 [preauth]
Jan 16 07:26:34 host sshd[18908]: Did not receive identification string from 45.79.132.80 port 34570
Jan 16 07:27:00 host sshd[18941]: User root from 34.123.234.91 not allowed because not listed in AllowUsers
Jan 16 07:27:00 host sshd[18941]: input_userauth_request: invalid user root [preauth]
Jan 16 07:27:01 host unix_chkpwd[18944]: password check failed for user (root)
Jan 16 07:27:01 host sshd[18941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.123.234.91 user=root
Jan 16 07:27:01 host sshd[18941]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:27:02 host sshd[18941]: Failed password for invalid user root from 34.123.234.91 port 60390 ssh2
Jan 16 07:27:02 host sshd[18941]: Received disconnect from 34.123.234.91 port 60390:11: Bye Bye [preauth]
Jan 16 07:27:02 host sshd[18941]: Disconnected from 34.123.234.91 port 60390 [preauth]
Jan 16 07:27:45 host sshd[19063]: User root from 152.32.171.15 not allowed because not listed in AllowUsers
Jan 16 07:27:45 host sshd[19063]: input_userauth_request: invalid user root [preauth]
Jan 16 07:27:45 host unix_chkpwd[19065]: password check failed for user (root)
Jan 16 07:27:45 host sshd[19063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.15 user=root
Jan 16 07:27:45 host sshd[19063]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:27:47 host sshd[19063]: Failed password for invalid user root from 152.32.171.15 port 11850 ssh2
Jan 16 07:27:47 host sshd[19063]: Received disconnect from 152.32.171.15 port 11850:11: Bye Bye [preauth]
Jan 16 07:27:47 host sshd[19063]: Disconnected from 152.32.171.15 port 11850 [preauth]
Jan 16 07:29:00 host sshd[19238]: User root from 182.75.65.22 not allowed because not listed in AllowUsers
Jan 16 07:29:00 host sshd[19238]: input_userauth_request: invalid user root [preauth]
Jan 16 07:29:00 host unix_chkpwd[19240]: password check failed for user (root)
Jan 16 07:29:00 host sshd[19238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.65.22 user=root
Jan 16 07:29:00 host sshd[19238]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:29:01 host sshd[19238]: Failed password for invalid user root from 182.75.65.22 port 33302 ssh2
Jan 16 07:29:01 host sshd[19238]: Received disconnect from 182.75.65.22 port 33302:11: Bye Bye [preauth]
Jan 16 07:29:01 host sshd[19238]: Disconnected from 182.75.65.22 port 33302 [preauth]
Jan 16 07:30:32 host sshd[19537]: User root from 152.32.171.15 not allowed because not listed in AllowUsers
Jan 16 07:30:32 host sshd[19537]: input_userauth_request: invalid user root [preauth]
Jan 16 07:30:32 host unix_chkpwd[19540]: password check failed for user (root)
Jan 16 07:30:32 host sshd[19537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.15 user=root
Jan 16 07:30:32 host sshd[19537]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:30:34 host sshd[19537]: Failed password for invalid user root from 152.32.171.15 port 38220 ssh2
Jan 16 07:31:16 host sshd[19762]: User root from 58.64.193.176 not allowed because not listed in AllowUsers
Jan 16 07:31:16 host sshd[19762]: input_userauth_request: invalid user root [preauth]
Jan 16 07:31:16 host unix_chkpwd[19766]: password check failed for user (root)
Jan 16 07:31:16 host sshd[19762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.64.193.176 user=root
Jan 16 07:31:16 host sshd[19762]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:31:18 host sshd[19762]: Failed password for invalid user root from 58.64.193.176 port 33037 ssh2
Jan 16 07:32:06 host sshd[19906]: Invalid user sFTPUser from 175.196.131.122 port 61255
Jan 16 07:32:06 host sshd[19906]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 16 07:32:06 host sshd[19906]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 07:32:06 host sshd[19906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.196.131.122
Jan 16 07:32:07 host sshd[19911]: User root from 165.227.204.174 not allowed because not listed in AllowUsers
Jan 16 07:32:07 host sshd[19911]: input_userauth_request: invalid user root [preauth]
Jan 16 07:32:07 host unix_chkpwd[19915]: password check failed for user (root)
Jan 16 07:32:07 host sshd[19911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.204.174 user=root
Jan 16 07:32:07 host sshd[19911]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:32:08 host sshd[19906]: Failed password for invalid user sFTPUser from 175.196.131.122 port 61255 ssh2
Jan 16 07:32:08 host sshd[19911]: Failed password for invalid user root from 165.227.204.174 port 50478 ssh2
Jan 16 07:32:08 host sshd[19911]: Received disconnect from 165.227.204.174 port 50478:11: Bye Bye [preauth]
Jan 16 07:32:08 host sshd[19911]: Disconnected from 165.227.204.174 port 50478 [preauth]
Jan 16 07:32:08 host sshd[19906]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 07:32:09 host sshd[19916]: User root from 165.227.59.243 not allowed because not listed in AllowUsers
Jan 16 07:32:09 host sshd[19916]: input_userauth_request: invalid user root [preauth]
Jan 16 07:32:09 host unix_chkpwd[19921]: password check failed for user (root)
Jan 16 07:32:09 host sshd[19916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.59.243 user=root
Jan 16 07:32:09 host sshd[19916]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:32:11 host sshd[19906]: Failed password for invalid user sFTPUser from 175.196.131.122 port 61255 ssh2
Jan 16 07:32:11 host sshd[19916]: Failed password for invalid user root from 165.227.59.243 port 49438 ssh2
Jan 16 07:32:11 host sshd[19916]: Received disconnect from 165.227.59.243 port 49438:11: Bye Bye [preauth]
Jan 16 07:32:11 host sshd[19916]: Disconnected from 165.227.59.243 port 49438 [preauth]
Jan 16 07:32:11 host sshd[19906]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 07:32:14 host sshd[19906]: Failed password for invalid user sFTPUser from 175.196.131.122 port 61255 ssh2
Jan 16 07:32:15 host sshd[19906]: Connection reset by 175.196.131.122 port 61255 [preauth]
Jan 16 07:32:15 host sshd[19906]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.196.131.122
Jan 16 07:34:37 host sshd[20342]: Connection reset by 114.158.41.69 port 60688 [preauth]
Jan 16 07:34:39 host sshd[20346]: User root from 167.71.16.200 not allowed because not listed in AllowUsers
Jan 16 07:34:39 host sshd[20346]: input_userauth_request: invalid user root [preauth]
Jan 16 07:34:39 host unix_chkpwd[20349]: password check failed for user (root)
Jan 16 07:34:39 host sshd[20346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.16.200 user=root
Jan 16 07:34:39 host sshd[20346]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:34:41 host sshd[20346]: Failed password for invalid user root from 167.71.16.200 port 51762 ssh2
Jan 16 07:34:42 host sshd[20346]: Received disconnect from 167.71.16.200 port 51762:11: Bye Bye [preauth]
Jan 16 07:34:42 host sshd[20346]: Disconnected from 167.71.16.200 port 51762 [preauth]
Jan 16 07:34:42 host sshd[20353]: User root from 202.89.73.85 not allowed because not listed in AllowUsers
Jan 16 07:34:42 host sshd[20353]: input_userauth_request: invalid user root [preauth]
Jan 16 07:34:42 host unix_chkpwd[20355]: password check failed for user (root)
Jan 16 07:34:42 host sshd[20353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.89.73.85 user=root
Jan 16 07:34:42 host sshd[20353]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:34:44 host sshd[20353]: Failed password for invalid user root from 202.89.73.85 port 40737 ssh2
Jan 16 07:34:44 host sshd[20353]: Received disconnect from 202.89.73.85 port 40737:11: Bye Bye [preauth]
Jan 16 07:34:44 host sshd[20353]: Disconnected from 202.89.73.85 port 40737 [preauth]
Jan 16 07:34:56 host sshd[20371]: User root from 143.244.190.90 not allowed because not listed in AllowUsers
Jan 16 07:34:56 host sshd[20371]: input_userauth_request: invalid user root [preauth]
Jan 16 07:34:56 host unix_chkpwd[20378]: password check failed for user (root)
Jan 16 07:34:56 host sshd[20371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.244.190.90 user=root
Jan 16 07:34:56 host sshd[20371]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:34:58 host sshd[20371]: Failed password for invalid user root from 143.244.190.90 port 56326 ssh2
Jan 16 07:34:58 host sshd[20371]: Received disconnect from 143.244.190.90 port 56326:11: Bye Bye [preauth]
Jan 16 07:34:58 host sshd[20371]: Disconnected from 143.244.190.90 port 56326 [preauth]
Jan 16 07:36:26 host sshd[20695]: User root from 64.225.108.130 not allowed because not listed in AllowUsers
Jan 16 07:36:26 host sshd[20695]: input_userauth_request: invalid user root [preauth]
Jan 16 07:36:26 host unix_chkpwd[20699]: password check failed for user (root)
Jan 16 07:36:26 host sshd[20695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.108.130 user=root
Jan 16 07:36:26 host sshd[20695]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:36:27 host sshd[20695]: Failed password for invalid user root from 64.225.108.130 port 50504 ssh2
Jan 16 07:36:28 host sshd[20695]: Received disconnect from 64.225.108.130 port 50504:11: Bye Bye [preauth]
Jan 16 07:36:28 host sshd[20695]: Disconnected from 64.225.108.130 port 50504 [preauth]
Jan 16 07:36:55 host sshd[20764]: User root from 174.138.5.151 not allowed because not listed in AllowUsers
Jan 16 07:36:55 host sshd[20764]: input_userauth_request: invalid user root [preauth]
Jan 16 07:36:55 host unix_chkpwd[20767]: password check failed for user (root)
Jan 16 07:36:55 host sshd[20764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.5.151 user=root
Jan 16 07:36:55 host sshd[20764]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:36:57 host sshd[20764]: Failed password for invalid user root from 174.138.5.151 port 53300 ssh2
Jan 16 07:36:57 host sshd[20764]: Received disconnect from 174.138.5.151 port 53300:11: Bye Bye [preauth]
Jan 16 07:36:57 host sshd[20764]: Disconnected from 174.138.5.151 port 53300 [preauth]
Jan 16 07:37:51 host sshd[20870]: User root from 165.227.59.243 not allowed because not listed in AllowUsers
Jan 16 07:37:51 host sshd[20870]: input_userauth_request: invalid user root [preauth]
Jan 16 07:37:51 host unix_chkpwd[20873]: password check failed for user (root)
Jan 16 07:37:51 host sshd[20870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.59.243 user=root
Jan 16 07:37:51 host sshd[20870]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:37:53 host sshd[20870]: Failed password for invalid user root from 165.227.59.243 port 63400 ssh2
Jan 16 07:37:53 host sshd[20870]: Received disconnect from 165.227.59.243 port 63400:11: Bye Bye [preauth]
Jan 16 07:37:53 host sshd[20870]: Disconnected from 165.227.59.243 port 63400 [preauth]
Jan 16 07:37:53 host sshd[20875]: User root from 165.227.204.174 not allowed because not listed in AllowUsers
Jan 16 07:37:53 host sshd[20875]: input_userauth_request: invalid user root [preauth]
Jan 16 07:37:53 host unix_chkpwd[20909]: password check failed for user (root)
Jan 16 07:37:53 host sshd[20875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.204.174 user=root
Jan 16 07:37:53 host sshd[20875]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:37:56 host sshd[20875]: Failed password for invalid user root from 165.227.204.174 port 52858 ssh2
Jan 16 07:37:56 host sshd[20875]: Received disconnect from 165.227.204.174 port 52858:11: Bye Bye [preauth]
Jan 16 07:37:56 host sshd[20875]: Disconnected from 165.227.204.174 port 52858 [preauth]
Jan 16 07:38:09 host sshd[21005]: User root from 174.138.5.151 not allowed because not listed in AllowUsers
Jan 16 07:38:09 host sshd[21005]: input_userauth_request: invalid user root [preauth]
Jan 16 07:38:09 host unix_chkpwd[21008]: password check failed for user (root)
Jan 16 07:38:09 host sshd[21005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.5.151 user=root
Jan 16 07:38:09 host sshd[21005]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:38:11 host sshd[21005]: Failed password for invalid user root from 174.138.5.151 port 51938 ssh2
Jan 16 07:38:12 host sshd[21005]: Received disconnect from 174.138.5.151 port 51938:11: Bye Bye [preauth]
Jan 16 07:38:12 host sshd[21005]: Disconnected from 174.138.5.151 port 51938 [preauth]
Jan 16 07:38:16 host sshd[21043]: User root from 143.244.190.90 not allowed because not listed in AllowUsers
Jan 16 07:38:16 host sshd[21043]: input_userauth_request: invalid user root [preauth]
Jan 16 07:38:16 host unix_chkpwd[21046]: password check failed for user (root)
Jan 16 07:38:16 host sshd[21043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.244.190.90 user=root
Jan 16 07:38:16 host sshd[21043]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:38:18 host sshd[21043]: Failed password for invalid user root from 143.244.190.90 port 35642 ssh2
Jan 16 07:38:59 host sshd[21168]: User root from 167.71.16.200 not allowed because not listed in AllowUsers
Jan 16 07:38:59 host sshd[21168]: input_userauth_request: invalid user root [preauth]
Jan 16 07:38:59 host unix_chkpwd[21172]: password check failed for user (root)
Jan 16 07:38:59 host sshd[21168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.16.200 user=root
Jan 16 07:38:59 host sshd[21168]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:39:01 host sshd[21173]: User root from 64.225.108.130 not allowed because not listed in AllowUsers
Jan 16 07:39:01 host sshd[21173]: input_userauth_request: invalid user root [preauth]
Jan 16 07:39:01 host unix_chkpwd[21176]: password check failed for user (root)
Jan 16 07:39:01 host sshd[21173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.108.130 user=root
Jan 16 07:39:01 host sshd[21173]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:39:02 host sshd[21168]: Failed password for invalid user root from 167.71.16.200 port 39142 ssh2
Jan 16 07:39:02 host sshd[21168]: Received disconnect from 167.71.16.200 port 39142:11: Bye Bye [preauth]
Jan 16 07:39:02 host sshd[21168]: Disconnected from 167.71.16.200 port 39142 [preauth]
Jan 16 07:39:03 host sshd[21173]: Failed password for invalid user root from 64.225.108.130 port 43148 ssh2
Jan 16 07:39:37 host sshd[21345]: User root from 202.89.73.85 not allowed because not listed in AllowUsers
Jan 16 07:39:37 host sshd[21345]: input_userauth_request: invalid user root [preauth]
Jan 16 07:39:37 host unix_chkpwd[21348]: password check failed for user (root)
Jan 16 07:39:37 host sshd[21345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.89.73.85 user=root
Jan 16 07:39:37 host sshd[21345]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:39:39 host sshd[21345]: Failed password for invalid user root from 202.89.73.85 port 62368 ssh2
Jan 16 07:39:39 host sshd[21345]: Received disconnect from 202.89.73.85 port 62368:11: Bye Bye [preauth]
Jan 16 07:39:39 host sshd[21345]: Disconnected from 202.89.73.85 port 62368 [preauth]
Jan 16 07:40:10 host sshd[21486]: User root from 158.160.38.134 not allowed because not listed in AllowUsers
Jan 16 07:40:10 host sshd[21486]: input_userauth_request: invalid user root [preauth]
Jan 16 07:40:10 host unix_chkpwd[21488]: password check failed for user (root)
Jan 16 07:40:10 host sshd[21486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.160.38.134 user=root
Jan 16 07:40:10 host sshd[21486]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:40:12 host sshd[21486]: Failed password for invalid user root from 158.160.38.134 port 55754 ssh2
Jan 16 07:40:12 host sshd[21486]: Received disconnect from 158.160.38.134 port 55754:11: Bye Bye [preauth]
Jan 16 07:40:12 host sshd[21486]: Disconnected from 158.160.38.134 port 55754 [preauth]
Jan 16 07:43:13 host sshd[21912]: User root from 158.160.38.134 not allowed because not listed in AllowUsers
Jan 16 07:43:13 host sshd[21912]: input_userauth_request: invalid user root [preauth]
Jan 16 07:43:13 host unix_chkpwd[21917]: password check failed for user (root)
Jan 16 07:43:13 host sshd[21912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.160.38.134 user=root
Jan 16 07:43:13 host sshd[21912]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 07:43:15 host sshd[21912]: Failed password for invalid user root from 158.160.38.134 port 48736 ssh2
Jan 16 07:43:15 host sshd[21912]: Received disconnect from 158.160.38.134 port 48736:11: Bye Bye [preauth]
Jan 16 07:43:15 host sshd[21912]: Disconnected from 158.160.38.134 port 48736 [preauth]
Jan 16 07:43:45 host sshd[22130]: User ftp from 112.166.10.205 not allowed because not listed in AllowUsers
Jan 16 07:43:45 host sshd[22130]: input_userauth_request: invalid user ftp [preauth]
Jan 16 07:43:45 host unix_chkpwd[22135]: password check failed for user (ftp)
Jan 16 07:43:45 host sshd[22130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.166.10.205 user=ftp
Jan 16 07:43:45 host sshd[22130]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 16 07:43:48 host sshd[22130]: Failed password for invalid user ftp from 112.166.10.205 port 43932 ssh2
Jan 16 07:43:49 host unix_chkpwd[22141]: password check failed for user (ftp)
Jan 16 07:43:49 host sshd[22130]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 16 07:43:51 host sshd[22130]: Failed password for invalid user ftp from 112.166.10.205 port 43932 ssh2
Jan 16 07:43:51 host unix_chkpwd[22147]: password check failed for user (ftp)
Jan 16 07:43:51 host sshd[22130]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 16 07:43:53 host sshd[22130]: Failed password for invalid user ftp from 112.166.10.205 port 43932 ssh2
Jan 16 07:43:53 host sshd[22130]: Failed password for invalid user ftp from 112.166.10.205 port 43932 ssh2
Jan 16 07:43:55 host sshd[22185]: Connection reset by 211.192.41.14 port 42132 [preauth]
Jan 16 07:46:49 host sshd[22895]: Connection reset by 96.56.99.75 port 55214 [preauth]
Jan 16 07:53:22 host sshd[23838]: ssh_dispatch_run_fatal: Connection from 207.229.167.36 port 37500: Connection corrupted [preauth]
Jan 16 08:09:49 host sshd[26307]: Invalid user support from 59.120.15.107 port 39263
Jan 16 08:09:49 host sshd[26307]: input_userauth_request: invalid user support [preauth]
Jan 16 08:09:49 host sshd[26307]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 08:09:49 host sshd[26307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.15.107
Jan 16 08:09:52 host sshd[26307]: Failed password for invalid user support from 59.120.15.107 port 39263 ssh2
Jan 16 08:09:52 host sshd[26307]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 08:09:54 host sshd[26307]: Failed password for invalid user support from 59.120.15.107 port 39263 ssh2
Jan 16 08:09:55 host sshd[26307]: Connection reset by 59.120.15.107 port 39263 [preauth]
Jan 16 08:09:55 host sshd[26307]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.15.107
Jan 16 08:10:15 host sshd[26363]: Invalid user admin from 36.3.236.17 port 60037
Jan 16 08:10:15 host sshd[26363]: input_userauth_request: invalid user admin [preauth]
Jan 16 08:10:15 host sshd[26363]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 08:10:15 host sshd[26363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.3.236.17
Jan 16 08:10:17 host sshd[26363]: Failed password for invalid user admin from 36.3.236.17 port 60037 ssh2
Jan 16 08:10:17 host sshd[26363]: Failed password for invalid user admin from 36.3.236.17 port 60037 ssh2
Jan 16 08:10:18 host sshd[26363]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 08:10:20 host sshd[26363]: Failed password for invalid user admin from 36.3.236.17 port 60037 ssh2
Jan 16 08:10:20 host sshd[26363]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 08:10:22 host sshd[26363]: Failed password for invalid user admin from 36.3.236.17 port 60037 ssh2
Jan 16 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 08:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 08:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=remysagr user-2=disposeat user-3=wwwkmaorg user-4=woodpeck user-5=wwwkapin user-6=vfmassets user-7=shalinijames user-8=wwwtestugo user-9=pmcresources user-10=bonifacegroup user-11=wwwevmhonda user-12=straightcurve user-13=wwwletsstalkfood user-14=palco123 user-15=gifterman user-16=phmetals user-17=kottayamcalldriv user-18=wwwnexidigital user-19=mrsclean user-20=wwwkaretakers user-21=cochintaxi user-22=a2zgroup user-23=dartsimp user-24=laundryboniface user-25=wwwpmcresource user-26=travelboniface user-27=keralaholi user-28=wwwresourcehunte user-29=wwwrmswll user-30=ugotscom feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 08:21:07 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 08:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 08:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8c53ZUguvLXqlfcK.~
Jan 16 08:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8c53ZUguvLXqlfcK.~'
Jan 16 08:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8c53ZUguvLXqlfcK.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 08:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 08:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 08:21:08 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 08:21:08 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 08:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 08:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 08:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 08:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 08:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 08:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 08:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 08:22:18 host sshd[28267]: Connection reset by 125.227.205.53 port 33743 [preauth]
Jan 16 08:33:46 host sshd[29909]: Invalid user pi from 77.170.59.124 port 36296
Jan 16 08:33:46 host sshd[29909]: input_userauth_request: invalid user pi [preauth]
Jan 16 08:33:46 host sshd[29911]: Invalid user pi from 77.170.59.124 port 36304
Jan 16 08:33:46 host sshd[29911]: input_userauth_request: invalid user pi [preauth]
Jan 16 08:33:46 host sshd[29909]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 08:33:46 host sshd[29909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.170.59.124
Jan 16 08:33:46 host sshd[29911]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 08:33:46 host sshd[29911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.170.59.124
Jan 16 08:33:48 host sshd[29909]: Failed password for invalid user pi from 77.170.59.124 port 36296 ssh2
Jan 16 08:33:48 host sshd[29911]: Failed password for invalid user pi from 77.170.59.124 port 36304 ssh2
Jan 16 08:33:48 host sshd[29909]: Connection closed by 77.170.59.124 port 36296 [preauth]
Jan 16 08:33:48 host sshd[29911]: Connection closed by 77.170.59.124 port 36304 [preauth]
Jan 16 08:51:30 host sshd[32671]: Invalid user ew from 194.110.203.109 port 48314
Jan 16 08:51:30 host sshd[32671]: input_userauth_request: invalid user ew [preauth]
Jan 16 08:51:30 host sshd[32671]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 08:51:30 host sshd[32671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 08:51:31 host sshd[32671]: Failed password for invalid user ew from 194.110.203.109 port 48314 ssh2
Jan 16 08:51:34 host sshd[32671]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 08:51:36 host sshd[32671]: Failed password for invalid user ew from 194.110.203.109 port 48314 ssh2
Jan 16 08:51:39 host sshd[32671]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 08:51:41 host sshd[32671]: Failed password for invalid user ew from 194.110.203.109 port 48314 ssh2
Jan 16 08:51:44 host sshd[32671]: Connection closed by 194.110.203.109 port 48314 [preauth]
Jan 16 08:51:44 host sshd[32671]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 09:12:24 host sshd[3925]: Invalid user admin from 87.20.232.105 port 36436
Jan 16 09:12:24 host sshd[3925]: input_userauth_request: invalid user admin [preauth]
Jan 16 09:12:24 host sshd[3925]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:12:24 host sshd[3925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.20.232.105
Jan 16 09:12:26 host sshd[3925]: Failed password for invalid user admin from 87.20.232.105 port 36436 ssh2
Jan 16 09:12:27 host sshd[3925]: Failed password for invalid user admin from 87.20.232.105 port 36436 ssh2
Jan 16 09:12:27 host sshd[3925]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:12:29 host sshd[3925]: Failed password for invalid user admin from 87.20.232.105 port 36436 ssh2
Jan 16 09:12:30 host sshd[3925]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:12:32 host sshd[3925]: Failed password for invalid user admin from 87.20.232.105 port 36436 ssh2
Jan 16 09:12:32 host sshd[3925]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:12:34 host sshd[3925]: Failed password for invalid user admin from 87.20.232.105 port 36436 ssh2
Jan 16 09:12:34 host sshd[3925]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:12:36 host sshd[3925]: Failed password for invalid user admin from 87.20.232.105 port 36436 ssh2
Jan 16 09:12:36 host sshd[3925]: error: maximum authentication attempts exceeded for invalid user admin from 87.20.232.105 port 36436 ssh2 [preauth]
Jan 16 09:12:36 host sshd[3925]: Disconnecting: Too many authentication failures [preauth]
Jan 16 09:12:36 host sshd[3925]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.20.232.105
Jan 16 09:12:36 host sshd[3925]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 16 09:15:05 host sshd[4286]: Invalid user sFTPUser from 218.164.37.138 port 38124
Jan 16 09:15:05 host sshd[4286]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 16 09:15:05 host sshd[4286]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:15:05 host sshd[4286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.164.37.138
Jan 16 09:15:07 host sshd[4286]: Failed password for invalid user sFTPUser from 218.164.37.138 port 38124 ssh2
Jan 16 09:15:09 host sshd[4286]: Connection reset by 218.164.37.138 port 38124 [preauth]
Jan 16 09:17:30 host sshd[4758]: Did not receive identification string from 46.101.97.107 port 61000
Jan 16 09:17:48 host sshd[4779]: Did not receive identification string from 195.19.96.168 port 33852
Jan 16 09:17:49 host sshd[4784]: User mysql from 195.19.96.168 not allowed because not listed in AllowUsers
Jan 16 09:17:49 host sshd[4782]: User root from 195.19.96.168 not allowed because not listed in AllowUsers
Jan 16 09:17:49 host sshd[4800]: User root from 195.19.96.168 not allowed because not listed in AllowUsers
Jan 16 09:17:49 host sshd[4798]: Invalid user user from 195.19.96.168 port 34950
Jan 16 09:17:49 host sshd[4799]: Invalid user oracle from 195.19.96.168 port 35010
Jan 16 09:17:49 host sshd[4783]: Invalid user steam from 195.19.96.168 port 34414
Jan 16 09:17:49 host sshd[4800]: input_userauth_request: invalid user root [preauth]
Jan 16 09:17:49 host sshd[4783]: input_userauth_request: invalid user steam [preauth]
Jan 16 09:17:49 host sshd[4801]: Invalid user www from 195.19.96.168 port 34942
Jan 16 09:17:49 host sshd[4782]: input_userauth_request: invalid user root [preauth]
Jan 16 09:17:49 host sshd[4799]: input_userauth_request: invalid user oracle [preauth]
Jan 16 09:17:49 host sshd[4784]: input_userauth_request: invalid user mysql [preauth]
Jan 16 09:17:49 host sshd[4788]: Invalid user ansadmin from 195.19.96.168 port 34420
Jan 16 09:17:49 host sshd[4790]: User root from 195.19.96.168 not allowed because not listed in AllowUsers
Jan 16 09:17:49 host sshd[4790]: input_userauth_request: invalid user root [preauth]
Jan 16 09:17:49 host sshd[4786]: Invalid user ansadmin from 195.19.96.168 port 34418
Jan 16 09:17:49 host sshd[4788]: input_userauth_request: invalid user ansadmin [preauth]
Jan 16 09:17:49 host sshd[4786]: input_userauth_request: invalid user ansadmin [preauth]
Jan 16 09:17:49 host sshd[4789]: Invalid user ubuntu from 195.19.96.168 port 34416
Jan 16 09:17:49 host sshd[4789]: input_userauth_request: invalid user ubuntu [preauth]
Jan 16 09:17:49 host sshd[4798]: input_userauth_request: invalid user user [preauth]
Jan 16 09:17:49 host sshd[4785]: Invalid user tester from 195.19.96.168 port 34422
Jan 16 09:17:49 host sshd[4785]: input_userauth_request: invalid user tester [preauth]
Jan 16 09:17:49 host sshd[4801]: input_userauth_request: invalid user www [preauth]
Jan 16 09:17:49 host sshd[4806]: Invalid user devops from 195.19.96.168 port 34982
Jan 16 09:17:49 host sshd[4807]: Invalid user pi from 195.19.96.168 port 34978
Jan 16 09:17:49 host sshd[4806]: input_userauth_request: invalid user devops [preauth]
Jan 16 09:17:49 host sshd[4804]: Invalid user guest from 195.19.96.168 port 35012
Jan 16 09:17:49 host sshd[4808]: User centos from 195.19.96.168 not allowed because not listed in AllowUsers
Jan 16 09:17:49 host sshd[4804]: input_userauth_request: invalid user guest [preauth]
Jan 16 09:17:49 host sshd[4808]: input_userauth_request: invalid user centos [preauth]
Jan 16 09:17:49 host sshd[4807]: input_userauth_request: invalid user pi [preauth]
Jan 16 09:17:49 host sshd[4811]: User centos from 195.19.96.168 not allowed because not listed in AllowUsers
Jan 16 09:17:49 host sshd[4811]: input_userauth_request: invalid user centos [preauth]
Jan 16 09:17:49 host sshd[4805]: User root from 195.19.96.168 not allowed because not listed in AllowUsers
Jan 16 09:17:49 host sshd[4803]: Invalid user user from 195.19.96.168 port 34966
Jan 16 09:17:49 host sshd[4803]: input_userauth_request: invalid user user [preauth]
Jan 16 09:17:49 host sshd[4805]: input_userauth_request: invalid user root [preauth]
Jan 16 09:17:49 host sshd[4802]: Invalid user emqx from 195.19.96.168 port 34976
Jan 16 09:17:49 host sshd[4802]: input_userauth_request: invalid user emqx [preauth]
Jan 16 09:17:49 host sshd[4809]: Invalid user postgres from 195.19.96.168 port 34960
Jan 16 09:17:49 host sshd[4809]: input_userauth_request: invalid user postgres [preauth]
Jan 16 09:17:49 host sshd[4810]: User root from 195.19.96.168 not allowed because not listed in AllowUsers
Jan 16 09:17:49 host sshd[4810]: input_userauth_request: invalid user root [preauth]
Jan 16 09:17:49 host sshd[4815]: Invalid user postgres from 195.19.96.168 port 34924
Jan 16 09:17:49 host sshd[4813]: Invalid user admin from 195.19.96.168 port 34954
Jan 16 09:17:49 host sshd[4815]: input_userauth_request: invalid user postgres [preauth]
Jan 16 09:17:49 host sshd[4813]: input_userauth_request: invalid user admin [preauth]
Jan 16 09:17:49 host sshd[4812]: Invalid user test from 195.19.96.168 port 34962
Jan 16 09:17:49 host sshd[4814]: Invalid user ubuntu from 195.19.96.168 port 35026
Jan 16 09:17:49 host sshd[4812]: input_userauth_request: invalid user test [preauth]
Jan 16 09:17:49 host sshd[4814]: input_userauth_request: invalid user ubuntu [preauth]
Jan 16 09:17:49 host sshd[4816]: Invalid user postgres from 195.19.96.168 port 34920
Jan 16 09:17:49 host sshd[4816]: input_userauth_request: invalid user postgres [preauth]
Jan 16 09:17:49 host sshd[4817]: Invalid user ec2-user from 195.19.96.168 port 35022
Jan 16 09:17:49 host sshd[4817]: input_userauth_request: invalid user ec2-user [preauth]
Jan 16 09:17:49 host sshd[4799]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:49 host sshd[4798]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:49 host sshd[4799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:49 host sshd[4798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:49 host sshd[4783]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:49 host sshd[4783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:49 host sshd[4786]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:49 host sshd[4786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:49 host sshd[4801]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:49 host sshd[4801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:49 host sshd[4789]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:49 host sshd[4789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:49 host sshd[4788]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:49 host sshd[4788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:49 host sshd[4785]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:49 host sshd[4785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:49 host unix_chkpwd[4843]: password check failed for user (mysql)
Jan 16 09:17:49 host sshd[4784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168 user=mysql
Jan 16 09:17:49 host sshd[4784]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 16 09:17:49 host sshd[4804]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:49 host sshd[4804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:49 host sshd[4807]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:49 host sshd[4807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:49 host sshd[4806]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:49 host sshd[4806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:49 host unix_chkpwd[4845]: password check failed for user (centos)
Jan 16 09:17:49 host sshd[4808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168 user=centos
Jan 16 09:17:49 host unix_chkpwd[4841]: password check failed for user (root)
Jan 16 09:17:49 host sshd[4782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168 user=root
Jan 16 09:17:49 host sshd[4782]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 09:17:49 host unix_chkpwd[4842]: password check failed for user (root)
Jan 16 09:17:49 host sshd[4800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168 user=root
Jan 16 09:17:49 host sshd[4800]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 09:17:49 host unix_chkpwd[4846]: password check failed for user (centos)
Jan 16 09:17:49 host sshd[4811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168 user=centos
Jan 16 09:17:49 host unix_chkpwd[4844]: password check failed for user (root)
Jan 16 09:17:49 host sshd[4790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168 user=root
Jan 16 09:17:49 host sshd[4790]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 09:17:50 host sshd[4802]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:50 host sshd[4803]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:50 host sshd[4802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:50 host sshd[4803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:50 host sshd[4813]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:50 host sshd[4813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:50 host sshd[4815]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:50 host sshd[4815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:50 host sshd[4816]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:50 host sshd[4816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:50 host sshd[4817]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:50 host sshd[4817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:50 host sshd[4809]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:50 host sshd[4809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:50 host sshd[4812]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:50 host sshd[4812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:50 host sshd[4814]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:17:50 host sshd[4814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168
Jan 16 09:17:50 host unix_chkpwd[4847]: password check failed for user (root)
Jan 16 09:17:50 host sshd[4805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168 user=root
Jan 16 09:17:50 host sshd[4805]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 09:17:50 host unix_chkpwd[4848]: password check failed for user (root)
Jan 16 09:17:50 host sshd[4810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.96.168 user=root
Jan 16 09:17:50 host sshd[4810]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 09:17:51 host sshd[4798]: Failed password for invalid user user from 195.19.96.168 port 34950 ssh2
Jan 16 09:17:51 host sshd[4799]: Failed password for invalid user oracle from 195.19.96.168 port 35010 ssh2
Jan 16 09:17:51 host sshd[4783]: Failed password for invalid user steam from 195.19.96.168 port 34414 ssh2
Jan 16 09:17:51 host sshd[4786]: Failed password for invalid user ansadmin from 195.19.96.168 port 34418 ssh2
Jan 16 09:17:51 host sshd[4801]: Failed password for invalid user www from 195.19.96.168 port 34942 ssh2
Jan 16 09:17:51 host sshd[4789]: Failed password for invalid user ubuntu from 195.19.96.168 port 34416 ssh2
Jan 16 09:17:51 host sshd[4802]: Failed password for invalid user emqx from 195.19.96.168 port 34976 ssh2
Jan 16 09:17:51 host sshd[4803]: Failed password for invalid user user from 195.19.96.168 port 34966 ssh2
Jan 16 09:17:51 host sshd[4788]: Failed password for invalid user ansadmin from 195.19.96.168 port 34420 ssh2
Jan 16 09:17:51 host sshd[4785]: Failed password for invalid user tester from 195.19.96.168 port 34422 ssh2
Jan 16 09:17:51 host sshd[4784]: Failed password for invalid user mysql from 195.19.96.168 port 34426 ssh2
Jan 16 09:17:51 host sshd[4813]: Failed password for invalid user admin from 195.19.96.168 port 34954 ssh2
Jan 16 09:17:51 host sshd[4815]: Failed password for invalid user postgres from 195.19.96.168 port 34924 ssh2
Jan 16 09:17:51 host sshd[4816]: Failed password for invalid user postgres from 195.19.96.168 port 34920 ssh2
Jan 16 09:17:51 host sshd[4804]: Failed password for invalid user guest from 195.19.96.168 port 35012 ssh2
Jan 16 09:17:51 host sshd[4817]: Failed password for invalid user ec2-user from 195.19.96.168 port 35022 ssh2
Jan 16 09:17:51 host sshd[4809]: Failed password for invalid user postgres from 195.19.96.168 port 34960 ssh2
Jan 16 09:17:51 host sshd[4807]: Failed password for invalid user pi from 195.19.96.168 port 34978 ssh2
Jan 16 09:17:51 host sshd[4812]: Failed password for invalid user test from 195.19.96.168 port 34962 ssh2
Jan 16 09:17:51 host sshd[4806]: Failed password for invalid user devops from 195.19.96.168 port 34982 ssh2
Jan 16 09:17:51 host sshd[4814]: Failed password for invalid user ubuntu from 195.19.96.168 port 35026 ssh2
Jan 16 09:17:51 host sshd[4808]: Failed password for invalid user centos from 195.19.96.168 port 34990 ssh2
Jan 16 09:17:51 host sshd[4782]: Failed password for invalid user root from 195.19.96.168 port 34424 ssh2
Jan 16 09:17:51 host sshd[4800]: Failed password for invalid user root from 195.19.96.168 port 34930 ssh2
Jan 16 09:17:51 host sshd[4805]: Failed password for invalid user root from 195.19.96.168 port 34946 ssh2
Jan 16 09:17:51 host sshd[4811]: Failed password for invalid user centos from 195.19.96.168 port 35018 ssh2
Jan 16 09:17:51 host sshd[4790]: Failed password for invalid user root from 195.19.96.168 port 34312 ssh2
Jan 16 09:17:51 host sshd[4810]: Failed password for invalid user root from 195.19.96.168 port 35014 ssh2
Jan 16 09:17:52 host sshd[4804]: Connection closed by 195.19.96.168 port 35012 [preauth]
Jan 16 09:17:52 host sshd[4801]: Connection closed by 195.19.96.168 port 34942 [preauth]
Jan 16 09:17:52 host sshd[4798]: Connection closed by 195.19.96.168 port 34950 [preauth]
Jan 16 09:17:52 host sshd[4817]: Connection closed by 195.19.96.168 port 35022 [preauth]
Jan 16 09:17:52 host sshd[4788]: Connection closed by 195.19.96.168 port 34420 [preauth]
Jan 16 09:17:52 host sshd[4790]: Connection closed by 195.19.96.168 port 34312 [preauth]
Jan 16 09:17:52 host sshd[4785]: Connection closed by 195.19.96.168 port 34422 [preauth]
Jan 16 09:17:52 host sshd[4816]: Connection closed by 195.19.96.168 port 34920 [preauth]
Jan 16 09:17:52 host sshd[4784]: Connection closed by 195.19.96.168 port 34426 [preauth]
Jan 16 09:17:52 host sshd[4806]: Connection closed by 195.19.96.168 port 34982 [preauth]
Jan 16 09:17:52 host sshd[4800]: Connection closed by 195.19.96.168 port 34930 [preauth]
Jan 16 09:17:52 host sshd[4799]: Connection closed by 195.19.96.168 port 35010 [preauth]
Jan 16 09:17:52 host sshd[4805]: Connection closed by 195.19.96.168 port 34946 [preauth]
Jan 16 09:17:52 host sshd[4803]: Connection closed by 195.19.96.168 port 34966 [preauth]
Jan 16 09:17:52 host sshd[4783]: Connection closed by 195.19.96.168 port 34414 [preauth]
Jan 16 09:17:52 host sshd[4810]: Connection closed by 195.19.96.168 port 35014 [preauth]
Jan 16 09:17:52 host sshd[4782]: Connection closed by 195.19.96.168 port 34424 [preauth]
Jan 16 09:17:52 host sshd[4809]: Connection closed by 195.19.96.168 port 34960 [preauth]
Jan 16 09:17:52 host sshd[4807]: Connection closed by 195.19.96.168 port 34978 [preauth]
Jan 16 09:17:52 host sshd[4808]: Connection closed by 195.19.96.168 port 34990 [preauth]
Jan 16 09:17:52 host sshd[4811]: Connection closed by 195.19.96.168 port 35018 [preauth]
Jan 16 09:17:52 host sshd[4786]: Connection closed by 195.19.96.168 port 34418 [preauth]
Jan 16 09:17:52 host sshd[4789]: Connection closed by 195.19.96.168 port 34416 [preauth]
Jan 16 09:17:52 host sshd[4812]: Connection closed by 195.19.96.168 port 34962 [preauth]
Jan 16 09:17:52 host sshd[4802]: Connection closed by 195.19.96.168 port 34976 [preauth]
Jan 16 09:17:52 host sshd[4815]: Connection closed by 195.19.96.168 port 34924 [preauth]
Jan 16 09:17:52 host sshd[4813]: Connection closed by 195.19.96.168 port 34954 [preauth]
Jan 16 09:17:52 host sshd[4814]: Connection closed by 195.19.96.168 port 35026 [preauth]
Jan 16 09:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 09:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 09:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 09:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 09:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 09:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 09:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 09:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwrmswll user-2=keralaholi user-3=wwwresourcehunte user-4=ugotscom user-5=travelboniface user-6=wwwpmcresource user-7=laundryboniface user-8=dartsimp user-9=a2zgroup user-10=wwwkaretakers user-11=cochintaxi user-12=wwwnexidigital user-13=mrsclean user-14=gifterman user-15=palco123 user-16=kottayamcalldriv user-17=phmetals user-18=straightcurve user-19=wwwletsstalkfood user-20=bonifacegroup user-21=wwwevmhonda user-22=pmcresources user-23=vfmassets user-24=wwwtestugo user-25=shalinijames user-26=woodpeck user-27=wwwkapin user-28=disposeat user-29=wwwkmaorg user-30=remysagr feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 09:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 09:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 09:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-EquLB8ljlxby9ysG.~
Jan 16 09:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-EquLB8ljlxby9ysG.~'
Jan 16 09:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-EquLB8ljlxby9ysG.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 09:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 09:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 09:22:16 host sshd[5749]: Invalid user pi from 95.160.144.251 port 58690
Jan 16 09:22:16 host sshd[5749]: input_userauth_request: invalid user pi [preauth]
Jan 16 09:22:16 host sshd[5749]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:22:16 host sshd[5749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.160.144.251
Jan 16 09:22:17 host sshd[5749]: Failed password for invalid user pi from 95.160.144.251 port 58690 ssh2
Jan 16 09:22:18 host sshd[5749]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:22:21 host sshd[5749]: Failed password for invalid user pi from 95.160.144.251 port 58690 ssh2
Jan 16 09:22:22 host sshd[5749]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:22:24 host sshd[5749]: Failed password for invalid user pi from 95.160.144.251 port 58690 ssh2
Jan 16 09:22:24 host sshd[5749]: Connection reset by 95.160.144.251 port 58690 [preauth]
Jan 16 09:22:24 host sshd[5749]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.160.144.251
Jan 16 09:22:39 host sshd[5848]: User root from 190.144.139.235 not allowed because not listed in AllowUsers
Jan 16 09:22:39 host sshd[5848]: input_userauth_request: invalid user root [preauth]
Jan 16 09:22:39 host unix_chkpwd[5854]: password check failed for user (root)
Jan 16 09:22:39 host sshd[5848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.144.139.235 user=root
Jan 16 09:22:39 host sshd[5848]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 09:22:40 host sshd[5848]: Failed password for invalid user root from 190.144.139.235 port 47011 ssh2
Jan 16 09:22:41 host sshd[5848]: Received disconnect from 190.144.139.235 port 47011:11: Bye Bye [preauth]
Jan 16 09:22:41 host sshd[5848]: Disconnected from 190.144.139.235 port 47011 [preauth]
Jan 16 09:28:40 host sshd[6890]: User root from 190.144.139.235 not allowed because not listed in AllowUsers
Jan 16 09:28:40 host sshd[6890]: input_userauth_request: invalid user root [preauth]
Jan 16 09:28:40 host unix_chkpwd[6893]: password check failed for user (root)
Jan 16 09:28:40 host sshd[6890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.144.139.235 user=root
Jan 16 09:28:40 host sshd[6890]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 09:28:42 host sshd[6890]: Failed password for invalid user root from 190.144.139.235 port 46894 ssh2
Jan 16 09:28:42 host sshd[6890]: Received disconnect from 190.144.139.235 port 46894:11: Bye Bye [preauth]
Jan 16 09:28:42 host sshd[6890]: Disconnected from 190.144.139.235 port 46894 [preauth]
Jan 16 09:33:56 host sshd[7698]: Invalid user Admin from 121.188.124.131 port 61701
Jan 16 09:33:56 host sshd[7698]: input_userauth_request: invalid user Admin [preauth]
Jan 16 09:33:56 host sshd[7698]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:33:56 host sshd[7698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.188.124.131
Jan 16 09:33:58 host sshd[7698]: Failed password for invalid user Admin from 121.188.124.131 port 61701 ssh2
Jan 16 09:33:58 host sshd[7698]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:34:00 host sshd[7698]: Failed password for invalid user Admin from 121.188.124.131 port 61701 ssh2
Jan 16 09:34:00 host sshd[7698]: Connection reset by 121.188.124.131 port 61701 [preauth]
Jan 16 09:34:00 host sshd[7698]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.188.124.131
Jan 16 09:38:47 host sshd[8457]: Invalid user pi from 185.122.204.242 port 41602
Jan 16 09:38:47 host sshd[8457]: input_userauth_request: invalid user pi [preauth]
Jan 16 09:38:47 host sshd[8457]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:38:47 host sshd[8457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.122.204.242
Jan 16 09:38:47 host sshd[8460]: Invalid user pi from 185.122.204.242 port 46246
Jan 16 09:38:47 host sshd[8460]: input_userauth_request: invalid user pi [preauth]
Jan 16 09:38:47 host sshd[8460]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:38:47 host sshd[8460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.122.204.242
Jan 16 09:38:50 host sshd[8457]: Failed password for invalid user pi from 185.122.204.242 port 41602 ssh2
Jan 16 09:38:50 host sshd[8460]: Failed password for invalid user pi from 185.122.204.242 port 46246 ssh2
Jan 16 09:38:50 host sshd[8457]: Connection closed by 185.122.204.242 port 41602 [preauth]
Jan 16 09:38:50 host sshd[8460]: Connection closed by 185.122.204.242 port 46246 [preauth]
Jan 16 09:38:52 host sshd[8468]: Invalid user pi from 185.122.204.242 port 53334
Jan 16 09:38:52 host sshd[8468]: input_userauth_request: invalid user pi [preauth]
Jan 16 09:38:52 host sshd[8468]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:38:52 host sshd[8468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.122.204.242
Jan 16 09:38:54 host sshd[8468]: Failed password for invalid user pi from 185.122.204.242 port 53334 ssh2
Jan 16 09:38:56 host sshd[8491]: User root from 125.229.80.19 not allowed because not listed in AllowUsers
Jan 16 09:38:56 host sshd[8491]: input_userauth_request: invalid user root [preauth]
Jan 16 09:38:56 host unix_chkpwd[8508]: password check failed for user (root)
Jan 16 09:38:56 host sshd[8491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.80.19 user=root
Jan 16 09:38:56 host sshd[8491]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 09:38:58 host sshd[8491]: Failed password for invalid user root from 125.229.80.19 port 37093 ssh2
Jan 16 09:38:59 host unix_chkpwd[8513]: password check failed for user (root)
Jan 16 09:38:59 host sshd[8491]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 09:39:01 host sshd[8491]: Failed password for invalid user root from 125.229.80.19 port 37093 ssh2
Jan 16 09:39:02 host unix_chkpwd[8533]: password check failed for user (root)
Jan 16 09:39:02 host sshd[8491]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 09:39:04 host sshd[8491]: Failed password for invalid user root from 125.229.80.19 port 37093 ssh2
Jan 16 09:39:05 host sshd[8491]: Connection reset by 125.229.80.19 port 37093 [preauth]
Jan 16 09:39:05 host sshd[8491]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.80.19 user=root
Jan 16 09:49:09 host sshd[10234]: Invalid user zyfwp from 183.99.143.30 port 56535
Jan 16 09:49:09 host sshd[10234]: input_userauth_request: invalid user zyfwp [preauth]
Jan 16 09:49:09 host sshd[10234]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:49:09 host sshd[10234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.99.143.30
Jan 16 09:49:11 host sshd[10234]: Failed password for invalid user zyfwp from 183.99.143.30 port 56535 ssh2
Jan 16 09:49:12 host sshd[10234]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:49:14 host sshd[10234]: Failed password for invalid user zyfwp from 183.99.143.30 port 56535 ssh2
Jan 16 09:49:15 host sshd[10234]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 09:49:17 host sshd[10234]: Failed password for invalid user zyfwp from 183.99.143.30 port 56535 ssh2
Jan 16 09:49:17 host sshd[10234]: Connection closed by 183.99.143.30 port 56535 [preauth]
Jan 16 09:49:17 host sshd[10234]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.99.143.30
Jan 16 10:03:11 host sshd[12455]: User root from 141.98.11.66 not allowed because not listed in AllowUsers
Jan 16 10:03:11 host sshd[12455]: input_userauth_request: invalid user root [preauth]
Jan 16 10:03:11 host unix_chkpwd[12458]: password check failed for user (root)
Jan 16 10:03:11 host sshd[12455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.11.66 user=root
Jan 16 10:03:11 host sshd[12455]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:03:13 host sshd[12455]: Failed password for invalid user root from 141.98.11.66 port 47952 ssh2
Jan 16 10:03:13 host sshd[12455]: Received disconnect from 141.98.11.66 port 47952:11: Normal Shutdown, Thank you for playing [preauth]
Jan 16 10:03:13 host sshd[12455]: Disconnected from 141.98.11.66 port 47952 [preauth]
Jan 16 10:10:07 host sshd[13461]: User root from 141.98.11.66 not allowed because not listed in AllowUsers
Jan 16 10:10:07 host sshd[13461]: input_userauth_request: invalid user root [preauth]
Jan 16 10:10:07 host unix_chkpwd[13470]: password check failed for user (root)
Jan 16 10:10:07 host sshd[13461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.11.66 user=root
Jan 16 10:10:07 host sshd[13461]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:10:09 host sshd[13461]: Failed password for invalid user root from 141.98.11.66 port 35014 ssh2
Jan 16 10:10:09 host sshd[13461]: Received disconnect from 141.98.11.66 port 35014:11: Normal Shutdown, Thank you for playing [preauth]
Jan 16 10:10:09 host sshd[13461]: Disconnected from 141.98.11.66 port 35014 [preauth]
Jan 16 10:10:11 host sshd[13507]: User root from 61.57.118.54 not allowed because not listed in AllowUsers
Jan 16 10:10:11 host sshd[13507]: input_userauth_request: invalid user root [preauth]
Jan 16 10:10:11 host unix_chkpwd[13511]: password check failed for user (root)
Jan 16 10:10:11 host sshd[13507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.57.118.54 user=root
Jan 16 10:10:11 host sshd[13507]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:10:14 host sshd[13507]: Failed password for invalid user root from 61.57.118.54 port 37280 ssh2
Jan 16 10:10:15 host sshd[13512]: Invalid user admin from 61.57.118.54 port 37295
Jan 16 10:10:15 host sshd[13512]: input_userauth_request: invalid user admin [preauth]
Jan 16 10:10:15 host sshd[13512]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:10:15 host sshd[13512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.57.118.54
Jan 16 10:10:15 host unix_chkpwd[13519]: password check failed for user (root)
Jan 16 10:10:15 host sshd[13507]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:10:17 host sshd[13512]: Failed password for invalid user admin from 61.57.118.54 port 37295 ssh2
Jan 16 10:10:17 host sshd[13507]: Failed password for invalid user root from 61.57.118.54 port 37280 ssh2
Jan 16 10:10:18 host sshd[13507]: Connection reset by 61.57.118.54 port 37280 [preauth]
Jan 16 10:10:18 host sshd[13507]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.57.118.54 user=root
Jan 16 10:10:18 host sshd[13512]: Failed password for invalid user admin from 61.57.118.54 port 37295 ssh2
Jan 16 10:10:18 host sshd[13512]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:10:20 host sshd[13512]: Failed password for invalid user admin from 61.57.118.54 port 37295 ssh2
Jan 16 10:19:24 host sshd[14950]: User root from 59.31.129.33 not allowed because not listed in AllowUsers
Jan 16 10:19:24 host sshd[14950]: input_userauth_request: invalid user root [preauth]
Jan 16 10:19:24 host unix_chkpwd[14954]: password check failed for user (root)
Jan 16 10:19:24 host sshd[14950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.129.33 user=root
Jan 16 10:19:24 host sshd[14950]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:19:26 host sshd[14950]: Failed password for invalid user root from 59.31.129.33 port 61235 ssh2
Jan 16 10:19:26 host unix_chkpwd[14957]: password check failed for user (root)
Jan 16 10:19:26 host sshd[14950]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:19:28 host sshd[14950]: Failed password for invalid user root from 59.31.129.33 port 61235 ssh2
Jan 16 10:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 10:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 10:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 10:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 10:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 10:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 10:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 10:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 10:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=pmcresources user-2=shalinijames user-3=wwwtestugo user-4=vfmassets user-5=wwwkapin user-6=woodpeck user-7=disposeat user-8=wwwkmaorg user-9=remysagr user-10=wwwnexidigital user-11=mrsclean user-12=phmetals user-13=kottayamcalldriv user-14=palco123 user-15=gifterman user-16=wwwletsstalkfood user-17=straightcurve user-18=wwwevmhonda user-19=bonifacegroup user-20=laundryboniface user-21=a2zgroup user-22=dartsimp user-23=cochintaxi user-24=wwwkaretakers user-25=ugotscom user-26=wwwresourcehunte user-27=keralaholi user-28=wwwrmswll user-29=travelboniface user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 10:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-bynyOHfTLaFTzZSD.~
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-bynyOHfTLaFTzZSD.~'
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-bynyOHfTLaFTzZSD.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 10:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 10:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 10:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 10:21:22 host sshd[15372]: Invalid user stanley from 107.189.30.59 port 51864
Jan 16 10:21:22 host sshd[15372]: input_userauth_request: invalid user stanley [preauth]
Jan 16 10:21:22 host sshd[15372]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:21:22 host sshd[15372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 16 10:21:25 host sshd[15372]: Failed password for invalid user stanley from 107.189.30.59 port 51864 ssh2
Jan 16 10:21:26 host sshd[15372]: Connection closed by 107.189.30.59 port 51864 [preauth]
Jan 16 10:23:43 host sshd[15703]: User root from 20.246.90.161 not allowed because not listed in AllowUsers
Jan 16 10:23:43 host sshd[15703]: input_userauth_request: invalid user root [preauth]
Jan 16 10:23:43 host unix_chkpwd[15706]: password check failed for user (root)
Jan 16 10:23:43 host sshd[15703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.246.90.161 user=root
Jan 16 10:23:43 host sshd[15703]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:23:45 host sshd[15703]: Failed password for invalid user root from 20.246.90.161 port 64623 ssh2
Jan 16 10:24:05 host sshd[15751]: Invalid user usr from 147.158.214.55 port 58013
Jan 16 10:24:05 host sshd[15751]: input_userauth_request: invalid user usr [preauth]
Jan 16 10:24:05 host sshd[15751]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:24:05 host sshd[15751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.158.214.55
Jan 16 10:24:07 host sshd[15751]: Failed password for invalid user usr from 147.158.214.55 port 58013 ssh2
Jan 16 10:24:07 host sshd[15751]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:24:09 host sshd[15751]: Failed password for invalid user usr from 147.158.214.55 port 58013 ssh2
Jan 16 10:24:10 host sshd[15751]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:24:13 host sshd[15751]: Failed password for invalid user usr from 147.158.214.55 port 58013 ssh2
Jan 16 10:24:14 host sshd[15751]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:24:16 host sshd[15751]: Failed password for invalid user usr from 147.158.214.55 port 58013 ssh2
Jan 16 10:24:18 host sshd[15751]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:24:20 host sshd[15751]: Failed password for invalid user usr from 147.158.214.55 port 58013 ssh2
Jan 16 10:27:57 host sshd[16448]: Invalid user oracle from 220.132.211.140 port 39786
Jan 16 10:27:57 host sshd[16448]: input_userauth_request: invalid user oracle [preauth]
Jan 16 10:27:57 host sshd[16448]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:27:57 host sshd[16448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.211.140
Jan 16 10:27:59 host sshd[16448]: Failed password for invalid user oracle from 220.132.211.140 port 39786 ssh2
Jan 16 10:27:59 host sshd[16448]: Connection reset by 220.132.211.140 port 39786 [preauth]
Jan 16 10:28:09 host sshd[16482]: Invalid user dlxuser from 192.72.191.27 port 35199
Jan 16 10:28:09 host sshd[16482]: input_userauth_request: invalid user dlxuser [preauth]
Jan 16 10:28:09 host sshd[16482]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:28:09 host sshd[16482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.72.191.27
Jan 16 10:28:11 host sshd[16482]: Failed password for invalid user dlxuser from 192.72.191.27 port 35199 ssh2
Jan 16 10:28:12 host sshd[16482]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:28:15 host sshd[16482]: Failed password for invalid user dlxuser from 192.72.191.27 port 35199 ssh2
Jan 16 10:28:16 host sshd[16482]: Failed password for invalid user dlxuser from 192.72.191.27 port 35199 ssh2
Jan 16 10:28:16 host sshd[16482]: Connection closed by 192.72.191.27 port 35199 [preauth]
Jan 16 10:28:16 host sshd[16482]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.72.191.27
Jan 16 10:29:54 host sshd[16802]: Connection reset by 125.229.100.222 port 44785 [preauth]
Jan 16 10:32:20 host sshd[17138]: Invalid user admin from 111.94.71.206 port 44831
Jan 16 10:32:20 host sshd[17138]: input_userauth_request: invalid user admin [preauth]
Jan 16 10:32:20 host sshd[17138]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:32:20 host sshd[17138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.94.71.206
Jan 16 10:32:22 host sshd[17138]: Failed password for invalid user admin from 111.94.71.206 port 44831 ssh2
Jan 16 10:32:22 host sshd[17138]: Failed password for invalid user admin from 111.94.71.206 port 44831 ssh2
Jan 16 10:32:23 host sshd[17138]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:32:25 host sshd[17138]: Failed password for invalid user admin from 111.94.71.206 port 44831 ssh2
Jan 16 10:32:25 host sshd[17138]: Connection reset by 111.94.71.206 port 44831 [preauth]
Jan 16 10:32:25 host sshd[17138]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.94.71.206
Jan 16 10:35:22 host sshd[17499]: Invalid user ex from 194.110.203.109 port 42988
Jan 16 10:35:22 host sshd[17499]: input_userauth_request: invalid user ex [preauth]
Jan 16 10:35:22 host sshd[17499]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:35:22 host sshd[17499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 10:35:24 host sshd[17499]: Failed password for invalid user ex from 194.110.203.109 port 42988 ssh2
Jan 16 10:35:27 host sshd[17499]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:35:29 host sshd[17499]: Failed password for invalid user ex from 194.110.203.109 port 42988 ssh2
Jan 16 10:35:32 host sshd[17499]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:35:34 host sshd[17499]: Failed password for invalid user ex from 194.110.203.109 port 42988 ssh2
Jan 16 10:35:37 host sshd[17499]: Connection closed by 194.110.203.109 port 42988 [preauth]
Jan 16 10:35:37 host sshd[17499]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 10:41:51 host sshd[18524]: User root from 107.150.119.232 not allowed because not listed in AllowUsers
Jan 16 10:41:51 host sshd[18524]: input_userauth_request: invalid user root [preauth]
Jan 16 10:41:51 host unix_chkpwd[18527]: password check failed for user (root)
Jan 16 10:41:51 host sshd[18524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.119.232 user=root
Jan 16 10:41:51 host sshd[18524]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:41:52 host sshd[18524]: Failed password for invalid user root from 107.150.119.232 port 50448 ssh2
Jan 16 10:41:53 host sshd[18524]: Received disconnect from 107.150.119.232 port 50448:11: Bye Bye [preauth]
Jan 16 10:41:53 host sshd[18524]: Disconnected from 107.150.119.232 port 50448 [preauth]
Jan 16 10:44:57 host sshd[18914]: User root from 43.153.5.126 not allowed because not listed in AllowUsers
Jan 16 10:44:57 host sshd[18914]: input_userauth_request: invalid user root [preauth]
Jan 16 10:44:57 host unix_chkpwd[18917]: password check failed for user (root)
Jan 16 10:44:57 host sshd[18914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.5.126 user=root
Jan 16 10:44:57 host sshd[18914]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:44:58 host sshd[18914]: Failed password for invalid user root from 43.153.5.126 port 40972 ssh2
Jan 16 10:44:59 host sshd[18914]: Received disconnect from 43.153.5.126 port 40972:11: Bye Bye [preauth]
Jan 16 10:44:59 host sshd[18914]: Disconnected from 43.153.5.126 port 40972 [preauth]
Jan 16 10:45:15 host sshd[18968]: User root from 128.199.182.19 not allowed because not listed in AllowUsers
Jan 16 10:45:15 host sshd[18968]: input_userauth_request: invalid user root [preauth]
Jan 16 10:45:15 host unix_chkpwd[18970]: password check failed for user (root)
Jan 16 10:45:15 host sshd[18968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.182.19 user=root
Jan 16 10:45:15 host sshd[18968]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:45:17 host sshd[18968]: Failed password for invalid user root from 128.199.182.19 port 48344 ssh2
Jan 16 10:45:17 host sshd[18968]: Received disconnect from 128.199.182.19 port 48344:11: Bye Bye [preauth]
Jan 16 10:45:17 host sshd[18968]: Disconnected from 128.199.182.19 port 48344 [preauth]
Jan 16 10:45:40 host sshd[19049]: User root from 159.223.95.95 not allowed because not listed in AllowUsers
Jan 16 10:45:40 host sshd[19049]: input_userauth_request: invalid user root [preauth]
Jan 16 10:45:40 host unix_chkpwd[19051]: password check failed for user (root)
Jan 16 10:45:40 host sshd[19049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.95.95 user=root
Jan 16 10:45:40 host sshd[19049]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:45:42 host sshd[19049]: Failed password for invalid user root from 159.223.95.95 port 51942 ssh2
Jan 16 10:45:42 host sshd[19049]: Received disconnect from 159.223.95.95 port 51942:11: Bye Bye [preauth]
Jan 16 10:45:42 host sshd[19049]: Disconnected from 159.223.95.95 port 51942 [preauth]
Jan 16 10:45:48 host sshd[19060]: User root from 129.154.217.134 not allowed because not listed in AllowUsers
Jan 16 10:45:48 host sshd[19060]: input_userauth_request: invalid user root [preauth]
Jan 16 10:45:48 host unix_chkpwd[19063]: password check failed for user (root)
Jan 16 10:45:48 host sshd[19060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.154.217.134 user=root
Jan 16 10:45:48 host sshd[19060]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:45:50 host sshd[19060]: Failed password for invalid user root from 129.154.217.134 port 43578 ssh2
Jan 16 10:45:50 host sshd[19060]: Received disconnect from 129.154.217.134 port 43578:11: Bye Bye [preauth]
Jan 16 10:45:50 host sshd[19060]: Disconnected from 129.154.217.134 port 43578 [preauth]
Jan 16 10:46:05 host sshd[19091]: User root from 81.89.110.244 not allowed because not listed in AllowUsers
Jan 16 10:46:05 host sshd[19091]: input_userauth_request: invalid user root [preauth]
Jan 16 10:46:05 host unix_chkpwd[19094]: password check failed for user (root)
Jan 16 10:46:05 host sshd[19091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.89.110.244 user=root
Jan 16 10:46:05 host sshd[19091]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:46:07 host sshd[19091]: Failed password for invalid user root from 81.89.110.244 port 36872 ssh2
Jan 16 10:46:07 host sshd[19091]: Received disconnect from 81.89.110.244 port 36872:11: Bye Bye [preauth]
Jan 16 10:46:07 host sshd[19091]: Disconnected from 81.89.110.244 port 36872 [preauth]
Jan 16 10:46:49 host sshd[19305]: User root from 35.223.246.35 not allowed because not listed in AllowUsers
Jan 16 10:46:49 host sshd[19305]: input_userauth_request: invalid user root [preauth]
Jan 16 10:46:49 host unix_chkpwd[19309]: password check failed for user (root)
Jan 16 10:46:49 host sshd[19305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.223.246.35 user=root
Jan 16 10:46:49 host sshd[19305]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:46:51 host sshd[19305]: Failed password for invalid user root from 35.223.246.35 port 35212 ssh2
Jan 16 10:46:51 host sshd[19305]: Received disconnect from 35.223.246.35 port 35212:11: Bye Bye [preauth]
Jan 16 10:46:51 host sshd[19305]: Disconnected from 35.223.246.35 port 35212 [preauth]
Jan 16 10:47:12 host sshd[19366]: User root from 159.223.95.95 not allowed because not listed in AllowUsers
Jan 16 10:47:12 host sshd[19366]: input_userauth_request: invalid user root [preauth]
Jan 16 10:47:12 host unix_chkpwd[19369]: password check failed for user (root)
Jan 16 10:47:12 host sshd[19366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.95.95 user=root
Jan 16 10:47:12 host sshd[19366]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:47:14 host sshd[19366]: Failed password for invalid user root from 159.223.95.95 port 38322 ssh2
Jan 16 10:47:14 host sshd[19366]: Received disconnect from 159.223.95.95 port 38322:11: Bye Bye [preauth]
Jan 16 10:47:14 host sshd[19366]: Disconnected from 159.223.95.95 port 38322 [preauth]
Jan 16 10:47:18 host sshd[19408]: User root from 128.199.182.19 not allowed because not listed in AllowUsers
Jan 16 10:47:18 host sshd[19408]: input_userauth_request: invalid user root [preauth]
Jan 16 10:47:18 host unix_chkpwd[19410]: password check failed for user (root)
Jan 16 10:47:18 host sshd[19408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.182.19 user=root
Jan 16 10:47:18 host sshd[19408]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:47:19 host sshd[19408]: Failed password for invalid user root from 128.199.182.19 port 51576 ssh2
Jan 16 10:47:19 host sshd[19408]: Received disconnect from 128.199.182.19 port 51576:11: Bye Bye [preauth]
Jan 16 10:47:19 host sshd[19408]: Disconnected from 128.199.182.19 port 51576 [preauth]
Jan 16 10:48:26 host sshd[19591]: User root from 35.223.246.35 not allowed because not listed in AllowUsers
Jan 16 10:48:26 host sshd[19591]: input_userauth_request: invalid user root [preauth]
Jan 16 10:48:26 host unix_chkpwd[19599]: password check failed for user (root)
Jan 16 10:48:26 host sshd[19591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.223.246.35 user=root
Jan 16 10:48:26 host sshd[19591]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:48:27 host sshd[19588]: Invalid user super from 67.221.122.74 port 63428
Jan 16 10:48:27 host sshd[19588]: input_userauth_request: invalid user super [preauth]
Jan 16 10:48:27 host sshd[19588]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:48:27 host sshd[19588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.221.122.74
Jan 16 10:48:27 host sshd[19601]: User root from 107.150.119.232 not allowed because not listed in AllowUsers
Jan 16 10:48:27 host sshd[19601]: input_userauth_request: invalid user root [preauth]
Jan 16 10:48:27 host unix_chkpwd[19603]: password check failed for user (root)
Jan 16 10:48:27 host sshd[19601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.119.232 user=root
Jan 16 10:48:27 host sshd[19601]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:48:28 host sshd[19591]: Failed password for invalid user root from 35.223.246.35 port 35850 ssh2
Jan 16 10:48:28 host sshd[19591]: Received disconnect from 35.223.246.35 port 35850:11: Bye Bye [preauth]
Jan 16 10:48:28 host sshd[19591]: Disconnected from 35.223.246.35 port 35850 [preauth]
Jan 16 10:48:29 host sshd[19588]: Failed password for invalid user super from 67.221.122.74 port 63428 ssh2
Jan 16 10:48:30 host sshd[19601]: Failed password for invalid user root from 107.150.119.232 port 45190 ssh2
Jan 16 10:48:30 host sshd[19601]: Received disconnect from 107.150.119.232 port 45190:11: Bye Bye [preauth]
Jan 16 10:48:30 host sshd[19601]: Disconnected from 107.150.119.232 port 45190 [preauth]
Jan 16 10:48:30 host sshd[19588]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:48:32 host sshd[19588]: Failed password for invalid user super from 67.221.122.74 port 63428 ssh2
Jan 16 10:48:32 host sshd[19588]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:48:35 host sshd[19588]: Failed password for invalid user super from 67.221.122.74 port 63428 ssh2
Jan 16 10:48:36 host sshd[19588]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 10:48:38 host sshd[19588]: Failed password for invalid user super from 67.221.122.74 port 63428 ssh2
Jan 16 10:48:38 host sshd[19588]: Connection reset by 67.221.122.74 port 63428 [preauth]
Jan 16 10:48:38 host sshd[19588]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.221.122.74
Jan 16 10:48:38 host sshd[19588]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 16 10:48:46 host sshd[19748]: User root from 43.153.5.126 not allowed because not listed in AllowUsers
Jan 16 10:48:46 host sshd[19748]: input_userauth_request: invalid user root [preauth]
Jan 16 10:48:46 host unix_chkpwd[19751]: password check failed for user (root)
Jan 16 10:48:46 host sshd[19748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.5.126 user=root
Jan 16 10:48:46 host sshd[19748]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:48:49 host sshd[19748]: Failed password for invalid user root from 43.153.5.126 port 40908 ssh2
Jan 16 10:48:49 host sshd[19748]: Received disconnect from 43.153.5.126 port 40908:11: Bye Bye [preauth]
Jan 16 10:48:49 host sshd[19748]: Disconnected from 43.153.5.126 port 40908 [preauth]
Jan 16 10:51:30 host sshd[20183]: User root from 81.89.110.244 not allowed because not listed in AllowUsers
Jan 16 10:51:30 host sshd[20183]: input_userauth_request: invalid user root [preauth]
Jan 16 10:51:30 host unix_chkpwd[20186]: password check failed for user (root)
Jan 16 10:51:30 host sshd[20183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.89.110.244 user=root
Jan 16 10:51:30 host sshd[20183]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:51:31 host sshd[20183]: Failed password for invalid user root from 81.89.110.244 port 57844 ssh2
Jan 16 10:51:32 host sshd[20183]: Received disconnect from 81.89.110.244 port 57844:11: Bye Bye [preauth]
Jan 16 10:51:32 host sshd[20183]: Disconnected from 81.89.110.244 port 57844 [preauth]
Jan 16 10:52:23 host sshd[20390]: User root from 129.154.217.134 not allowed because not listed in AllowUsers
Jan 16 10:52:23 host sshd[20390]: input_userauth_request: invalid user root [preauth]
Jan 16 10:52:23 host unix_chkpwd[20393]: password check failed for user (root)
Jan 16 10:52:23 host sshd[20390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.154.217.134 user=root
Jan 16 10:52:23 host sshd[20390]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 10:52:25 host sshd[20390]: Failed password for invalid user root from 129.154.217.134 port 51610 ssh2
Jan 16 10:52:25 host sshd[20390]: Received disconnect from 129.154.217.134 port 51610:11: Bye Bye [preauth]
Jan 16 10:52:25 host sshd[20390]: Disconnected from 129.154.217.134 port 51610 [preauth]
Jan 16 11:15:11 host sshd[24046]: User root from 124.11.82.91 not allowed because not listed in AllowUsers
Jan 16 11:15:11 host sshd[24046]: input_userauth_request: invalid user root [preauth]
Jan 16 11:15:11 host unix_chkpwd[24051]: password check failed for user (root)
Jan 16 11:15:11 host sshd[24046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.11.82.91 user=root
Jan 16 11:15:11 host sshd[24046]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 11:15:13 host sshd[24046]: Failed password for invalid user root from 124.11.82.91 port 52323 ssh2
Jan 16 11:15:14 host unix_chkpwd[24056]: password check failed for user (root)
Jan 16 11:15:14 host sshd[24046]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 11:15:16 host sshd[24046]: Failed password for invalid user root from 124.11.82.91 port 52323 ssh2
Jan 16 11:15:17 host unix_chkpwd[24062]: password check failed for user (root)
Jan 16 11:15:17 host sshd[24046]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 11:15:19 host sshd[24046]: Failed password for invalid user root from 124.11.82.91 port 52323 ssh2
Jan 16 11:15:20 host unix_chkpwd[24066]: password check failed for user (root)
Jan 16 11:15:20 host sshd[24046]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 11:15:21 host sshd[24046]: Failed password for invalid user root from 124.11.82.91 port 52323 ssh2
Jan 16 11:15:22 host unix_chkpwd[24089]: password check failed for user (root)
Jan 16 11:15:22 host sshd[24046]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 11:15:24 host sshd[24046]: Failed password for invalid user root from 124.11.82.91 port 52323 ssh2
Jan 16 11:16:45 host sshd[24304]: User root from 148.72.247.138 not allowed because not listed in AllowUsers
Jan 16 11:16:45 host sshd[24304]: input_userauth_request: invalid user root [preauth]
Jan 16 11:16:45 host unix_chkpwd[24307]: password check failed for user (root)
Jan 16 11:16:45 host sshd[24304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.72.247.138 user=root
Jan 16 11:16:45 host sshd[24304]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 11:16:47 host sshd[24304]: Failed password for invalid user root from 148.72.247.138 port 35746 ssh2
Jan 16 11:16:47 host sshd[24304]: Received disconnect from 148.72.247.138 port 35746:11: Bye Bye [preauth]
Jan 16 11:16:47 host sshd[24304]: Disconnected from 148.72.247.138 port 35746 [preauth]
Jan 16 11:16:47 host sshd[24312]: User root from 148.72.247.138 not allowed because not listed in AllowUsers
Jan 16 11:16:47 host sshd[24312]: input_userauth_request: invalid user root [preauth]
Jan 16 11:16:47 host unix_chkpwd[24314]: password check failed for user (root)
Jan 16 11:16:47 host sshd[24312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.72.247.138 user=root
Jan 16 11:16:47 host sshd[24312]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 11:16:50 host sshd[24312]: Failed password for invalid user root from 148.72.247.138 port 35772 ssh2
Jan 16 11:16:50 host sshd[24312]: Received disconnect from 148.72.247.138 port 35772:11: Bye Bye [preauth]
Jan 16 11:16:50 host sshd[24312]: Disconnected from 148.72.247.138 port 35772 [preauth]
Jan 16 11:16:50 host sshd[24319]: User root from 148.72.247.138 not allowed because not listed in AllowUsers
Jan 16 11:16:50 host sshd[24319]: input_userauth_request: invalid user root [preauth]
Jan 16 11:16:50 host unix_chkpwd[24321]: password check failed for user (root)
Jan 16 11:16:50 host sshd[24319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.72.247.138 user=root
Jan 16 11:16:50 host sshd[24319]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 11:16:52 host sshd[24319]: Failed password for invalid user root from 148.72.247.138 port 35778 ssh2
Jan 16 11:16:52 host sshd[24319]: Received disconnect from 148.72.247.138 port 35778:11: Bye Bye [preauth]
Jan 16 11:16:52 host sshd[24319]: Disconnected from 148.72.247.138 port 35778 [preauth]
Jan 16 11:16:52 host sshd[24332]: User root from 148.72.247.138 not allowed because not listed in AllowUsers
Jan 16 11:16:52 host sshd[24332]: input_userauth_request: invalid user root [preauth]
Jan 16 11:16:52 host unix_chkpwd[24346]: password check failed for user (root)
Jan 16 11:16:52 host sshd[24332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.72.247.138 user=root
Jan 16 11:16:52 host sshd[24332]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 11:16:54 host sshd[24332]: Failed password for invalid user root from 148.72.247.138 port 35834 ssh2
Jan 16 11:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 11:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 11:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 11:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 11:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 11:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 11:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=ugotscom user-2=wwwrmswll user-3=wwwresourcehunte user-4=keralaholi user-5=travelboniface user-6=wwwpmcresource user-7=laundryboniface user-8=dartsimp user-9=a2zgroup user-10=wwwkaretakers user-11=cochintaxi user-12=mrsclean user-13=wwwnexidigital user-14=phmetals user-15=kottayamcalldriv user-16=gifterman user-17=palco123 user-18=wwwletsstalkfood user-19=straightcurve user-20=wwwevmhonda user-21=bonifacegroup user-22=pmcresources user-23=wwwtestugo user-24=shalinijames user-25=vfmassets user-26=woodpeck user-27=wwwkapin user-28=wwwkmaorg user-29=disposeat user-30=remysagr feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 11:21:10 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 11:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 11:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-4HDLYpNrHON2VwoG.~
Jan 16 11:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-4HDLYpNrHON2VwoG.~'
Jan 16 11:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-4HDLYpNrHON2VwoG.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 11:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 11:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 11:21:11 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 11:21:11 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 11:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 11:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 11:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 11:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 11:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 11:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 11:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 11:44:03 host sshd[28931]: User sshd from 194.169.175.102 not allowed because not listed in AllowUsers
Jan 16 11:44:03 host sshd[28931]: input_userauth_request: invalid user sshd [preauth]
Jan 16 11:44:03 host unix_chkpwd[28934]: password check failed for user (sshd)
Jan 16 11:44:03 host sshd[28931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 user=sshd
Jan 16 11:44:03 host sshd[28931]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd"
Jan 16 11:44:05 host sshd[28931]: Failed password for invalid user sshd from 194.169.175.102 port 53145 ssh2
Jan 16 11:44:05 host sshd[28931]: Received disconnect from 194.169.175.102 port 53145:11: Client disconnecting normally [preauth]
Jan 16 11:44:05 host sshd[28931]: Disconnected from 194.169.175.102 port 53145 [preauth]
Jan 16 11:49:16 host sshd[29702]: Invalid user admin from 211.230.166.110 port 60565
Jan 16 11:49:16 host sshd[29702]: input_userauth_request: invalid user admin [preauth]
Jan 16 11:49:16 host sshd[29702]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 11:49:16 host sshd[29702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.230.166.110
Jan 16 11:49:18 host sshd[29702]: Failed password for invalid user admin from 211.230.166.110 port 60565 ssh2
Jan 16 11:49:18 host sshd[29702]: Failed password for invalid user admin from 211.230.166.110 port 60565 ssh2
Jan 16 11:49:18 host sshd[29702]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 11:49:20 host sshd[29702]: Failed password for invalid user admin from 211.230.166.110 port 60565 ssh2
Jan 16 11:49:21 host sshd[29702]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 11:49:23 host sshd[29702]: Failed password for invalid user admin from 211.230.166.110 port 60565 ssh2
Jan 16 11:49:24 host sshd[29702]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 11:49:26 host sshd[29702]: Failed password for invalid user admin from 211.230.166.110 port 60565 ssh2
Jan 16 12:10:10 host sshd[387]: Invalid user gitlab-runner from 222.114.241.4 port 48800
Jan 16 12:10:10 host sshd[387]: input_userauth_request: invalid user gitlab-runner [preauth]
Jan 16 12:10:10 host sshd[387]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 12:10:10 host sshd[387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.114.241.4
Jan 16 12:10:12 host sshd[387]: Failed password for invalid user gitlab-runner from 222.114.241.4 port 48800 ssh2
Jan 16 12:10:13 host sshd[387]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 12:10:15 host sshd[387]: Failed password for invalid user gitlab-runner from 222.114.241.4 port 48800 ssh2
Jan 16 12:10:16 host sshd[387]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 12:10:18 host sshd[387]: Failed password for invalid user gitlab-runner from 222.114.241.4 port 48800 ssh2
Jan 16 12:10:19 host sshd[387]: Failed password for invalid user gitlab-runner from 222.114.241.4 port 48800 ssh2
Jan 16 12:10:20 host sshd[387]: Connection closed by 222.114.241.4 port 48800 [preauth]
Jan 16 12:10:20 host sshd[387]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.114.241.4
Jan 16 12:10:44 host sshd[620]: Did not receive identification string from 92.255.85.115 port 14084
Jan 16 12:19:12 host sshd[2767]: Invalid user ey from 194.110.203.109 port 57752
Jan 16 12:19:12 host sshd[2767]: input_userauth_request: invalid user ey [preauth]
Jan 16 12:19:12 host sshd[2767]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 12:19:12 host sshd[2767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 12:19:15 host sshd[2767]: Failed password for invalid user ey from 194.110.203.109 port 57752 ssh2
Jan 16 12:19:18 host sshd[2767]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 12:19:21 host sshd[2767]: Failed password for invalid user ey from 194.110.203.109 port 57752 ssh2
Jan 16 12:19:24 host sshd[2767]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 12:19:26 host sshd[2767]: Failed password for invalid user ey from 194.110.203.109 port 57752 ssh2
Jan 16 12:19:30 host sshd[2767]: Connection closed by 194.110.203.109 port 57752 [preauth]
Jan 16 12:19:30 host sshd[2767]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 12:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 12:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 12:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 12:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 12:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=cochintaxi user-2=wwwkaretakers user-3=dartsimp user-4=a2zgroup user-5=laundryboniface user-6=wwwpmcresource user-7=travelboniface user-8=wwwrmswll user-9=keralaholi user-10=wwwresourcehunte user-11=ugotscom user-12=remysagr user-13=disposeat user-14=wwwkmaorg user-15=woodpeck user-16=wwwkapin user-17=vfmassets user-18=wwwtestugo user-19=shalinijames user-20=pmcresources user-21=bonifacegroup user-22=wwwevmhonda user-23=wwwletsstalkfood user-24=straightcurve user-25=gifterman user-26=palco123 user-27=phmetals user-28=kottayamcalldriv user-29=wwwnexidigital user-30=mrsclean feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 12:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 12:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-HVwgceWVebCJRIA1.~
Jan 16 12:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-HVwgceWVebCJRIA1.~'
Jan 16 12:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-HVwgceWVebCJRIA1.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 12:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 12:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 12:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 12:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 12:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 12:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 12:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 12:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 12:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 12:24:48 host sshd[3805]: Connection closed by 45.79.172.21 port 53600 [preauth]
Jan 16 12:24:50 host sshd[3812]: Connection closed by 45.79.172.21 port 64684 [preauth]
Jan 16 12:24:53 host sshd[3818]: Connection closed by 45.79.172.21 port 64700 [preauth]
Jan 16 12:41:07 host sshd[6201]: Invalid user bzrx1098ui from 92.255.85.115 port 6841
Jan 16 12:41:07 host sshd[6201]: input_userauth_request: invalid user bzrx1098ui [preauth]
Jan 16 12:41:07 host sshd[6201]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 12:41:07 host sshd[6201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.255.85.115
Jan 16 12:41:09 host sshd[6201]: Failed password for invalid user bzrx1098ui from 92.255.85.115 port 6841 ssh2
Jan 16 12:41:10 host sshd[6201]: Connection reset by 92.255.85.115 port 6841 [preauth]
Jan 16 12:41:13 host sshd[6208]: User root from 154.120.242.70 not allowed because not listed in AllowUsers
Jan 16 12:41:13 host sshd[6208]: input_userauth_request: invalid user root [preauth]
Jan 16 12:41:13 host unix_chkpwd[6215]: password check failed for user (root)
Jan 16 12:41:13 host sshd[6208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.120.242.70 user=root
Jan 16 12:41:13 host sshd[6208]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 12:41:16 host sshd[6208]: Failed password for invalid user root from 154.120.242.70 port 59944 ssh2
Jan 16 12:41:16 host sshd[6208]: Received disconnect from 154.120.242.70 port 59944:11: Bye Bye [preauth]
Jan 16 12:41:16 host sshd[6208]: Disconnected from 154.120.242.70 port 59944 [preauth]
Jan 16 12:45:47 host sshd[6892]: Invalid user ec2-user from 103.250.144.169 port 39317
Jan 16 12:45:47 host sshd[6892]: input_userauth_request: invalid user ec2-user [preauth]
Jan 16 12:45:47 host sshd[6892]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 12:45:47 host sshd[6892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.250.144.169
Jan 16 12:45:49 host sshd[6892]: Failed password for invalid user ec2-user from 103.250.144.169 port 39317 ssh2
Jan 16 12:45:49 host sshd[6892]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 12:45:50 host sshd[6892]: Failed password for invalid user ec2-user from 103.250.144.169 port 39317 ssh2
Jan 16 12:45:52 host sshd[6892]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 12:45:53 host sshd[6892]: Failed password for invalid user ec2-user from 103.250.144.169 port 39317 ssh2
Jan 16 12:45:55 host sshd[6892]: Failed password for invalid user ec2-user from 103.250.144.169 port 39317 ssh2
Jan 16 12:45:55 host sshd[6892]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 12:45:58 host sshd[6892]: Failed password for invalid user ec2-user from 103.250.144.169 port 39317 ssh2
Jan 16 12:48:41 host sshd[7273]: User root from 154.120.242.70 not allowed because not listed in AllowUsers
Jan 16 12:48:41 host sshd[7273]: input_userauth_request: invalid user root [preauth]
Jan 16 12:48:42 host unix_chkpwd[7283]: password check failed for user (root)
Jan 16 12:48:42 host sshd[7273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.120.242.70 user=root
Jan 16 12:48:42 host sshd[7273]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 12:48:43 host sshd[7273]: Failed password for invalid user root from 154.120.242.70 port 46794 ssh2
Jan 16 12:48:44 host sshd[7273]: Received disconnect from 154.120.242.70 port 46794:11: Bye Bye [preauth]
Jan 16 12:48:44 host sshd[7273]: Disconnected from 154.120.242.70 port 46794 [preauth]
Jan 16 12:51:38 host sshd[7813]: User root from 220.134.125.95 not allowed because not listed in AllowUsers
Jan 16 12:51:38 host sshd[7813]: input_userauth_request: invalid user root [preauth]
Jan 16 12:51:38 host unix_chkpwd[7816]: password check failed for user (root)
Jan 16 12:51:38 host sshd[7813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.125.95 user=root
Jan 16 12:51:38 host sshd[7813]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 12:51:40 host sshd[7813]: Failed password for invalid user root from 220.134.125.95 port 40278 ssh2
Jan 16 12:51:41 host unix_chkpwd[7827]: password check failed for user (root)
Jan 16 12:51:41 host sshd[7813]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 12:51:42 host sshd[7813]: Failed password for invalid user root from 220.134.125.95 port 40278 ssh2
Jan 16 12:51:43 host unix_chkpwd[7832]: password check failed for user (root)
Jan 16 12:51:43 host sshd[7813]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 12:51:45 host sshd[7813]: Failed password for invalid user root from 220.134.125.95 port 40278 ssh2
Jan 16 12:51:46 host unix_chkpwd[7836]: password check failed for user (root)
Jan 16 12:51:46 host sshd[7813]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 12:51:48 host sshd[7813]: Failed password for invalid user root from 220.134.125.95 port 40278 ssh2
Jan 16 12:52:09 host sshd[7909]: Invalid user admin from 92.255.85.115 port 46607
Jan 16 12:52:09 host sshd[7909]: input_userauth_request: invalid user admin [preauth]
Jan 16 12:52:09 host sshd[7909]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 12:52:09 host sshd[7909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.255.85.115
Jan 16 12:52:11 host sshd[7909]: Failed password for invalid user admin from 92.255.85.115 port 46607 ssh2
Jan 16 12:52:11 host sshd[7909]: Connection reset by 92.255.85.115 port 46607 [preauth]
Jan 16 13:08:24 host sshd[10257]: Connection reset by 220.120.48.109 port 63933 [preauth]
Jan 16 13:09:36 host sshd[10402]: Invalid user service from 31.41.244.124 port 38412
Jan 16 13:09:36 host sshd[10402]: input_userauth_request: invalid user service [preauth]
Jan 16 13:09:36 host sshd[10402]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:09:36 host sshd[10402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124
Jan 16 13:09:39 host sshd[10402]: Failed password for invalid user service from 31.41.244.124 port 38412 ssh2
Jan 16 13:09:39 host sshd[10402]: Received disconnect from 31.41.244.124 port 38412:11: Client disconnecting normally [preauth]
Jan 16 13:09:39 host sshd[10402]: Disconnected from 31.41.244.124 port 38412 [preauth]
Jan 16 13:09:40 host sshd[10414]: Invalid user backup from 31.41.244.124 port 42424
Jan 16 13:09:40 host sshd[10414]: input_userauth_request: invalid user backup [preauth]
Jan 16 13:09:40 host sshd[10414]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:09:40 host sshd[10414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124
Jan 16 13:09:42 host sshd[10414]: Failed password for invalid user backup from 31.41.244.124 port 42424 ssh2
Jan 16 13:09:42 host sshd[10414]: Received disconnect from 31.41.244.124 port 42424:11: Client disconnecting normally [preauth]
Jan 16 13:09:42 host sshd[10414]: Disconnected from 31.41.244.124 port 42424 [preauth]
Jan 16 13:09:43 host sshd[10418]: Invalid user ftpuser from 31.41.244.124 port 46397
Jan 16 13:09:43 host sshd[10418]: input_userauth_request: invalid user ftpuser [preauth]
Jan 16 13:09:43 host sshd[10418]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:09:43 host sshd[10418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124
Jan 16 13:09:46 host sshd[10418]: Failed password for invalid user ftpuser from 31.41.244.124 port 46397 ssh2
Jan 16 13:09:46 host sshd[10418]: Received disconnect from 31.41.244.124 port 46397:11: Client disconnecting normally [preauth]
Jan 16 13:09:46 host sshd[10418]: Disconnected from 31.41.244.124 port 46397 [preauth]
Jan 16 13:12:51 host sshd[10917]: User root from 103.121.197.82 not allowed because not listed in AllowUsers
Jan 16 13:12:51 host sshd[10917]: input_userauth_request: invalid user root [preauth]
Jan 16 13:12:51 host unix_chkpwd[10919]: password check failed for user (root)
Jan 16 13:12:51 host sshd[10917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.121.197.82 user=root
Jan 16 13:12:51 host sshd[10917]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:12:53 host sshd[10917]: Failed password for invalid user root from 103.121.197.82 port 46792 ssh2
Jan 16 13:12:53 host sshd[10917]: Received disconnect from 103.121.197.82 port 46792:11: Bye Bye [preauth]
Jan 16 13:12:53 host sshd[10917]: Disconnected from 103.121.197.82 port 46792 [preauth]
Jan 16 13:14:25 host sshd[11081]: User root from 118.101.192.62 not allowed because not listed in AllowUsers
Jan 16 13:14:25 host sshd[11081]: input_userauth_request: invalid user root [preauth]
Jan 16 13:14:25 host unix_chkpwd[11084]: password check failed for user (root)
Jan 16 13:14:25 host sshd[11081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.101.192.62 user=root
Jan 16 13:14:25 host sshd[11081]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:14:27 host sshd[11081]: Failed password for invalid user root from 118.101.192.62 port 52404 ssh2
Jan 16 13:14:27 host sshd[11081]: Received disconnect from 118.101.192.62 port 52404:11: Bye Bye [preauth]
Jan 16 13:14:27 host sshd[11081]: Disconnected from 118.101.192.62 port 52404 [preauth]
Jan 16 13:15:05 host sshd[11174]: User root from 43.135.48.212 not allowed because not listed in AllowUsers
Jan 16 13:15:05 host sshd[11174]: input_userauth_request: invalid user root [preauth]
Jan 16 13:15:05 host unix_chkpwd[11180]: password check failed for user (root)
Jan 16 13:15:05 host sshd[11174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.48.212 user=root
Jan 16 13:15:05 host sshd[11174]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:15:07 host sshd[11174]: Failed password for invalid user root from 43.135.48.212 port 36144 ssh2
Jan 16 13:15:07 host sshd[11174]: Received disconnect from 43.135.48.212 port 36144:11: Bye Bye [preauth]
Jan 16 13:15:07 host sshd[11174]: Disconnected from 43.135.48.212 port 36144 [preauth]
Jan 16 13:16:00 host sshd[11277]: User root from 114.33.106.103 not allowed because not listed in AllowUsers
Jan 16 13:16:00 host sshd[11277]: input_userauth_request: invalid user root [preauth]
Jan 16 13:16:00 host unix_chkpwd[11290]: password check failed for user (root)
Jan 16 13:16:00 host sshd[11277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.106.103 user=root
Jan 16 13:16:00 host sshd[11277]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:16:03 host sshd[11277]: Failed password for invalid user root from 114.33.106.103 port 33649 ssh2
Jan 16 13:16:03 host sshd[11277]: Connection reset by 114.33.106.103 port 33649 [preauth]
Jan 16 13:17:33 host sshd[11483]: User root from 43.135.48.212 not allowed because not listed in AllowUsers
Jan 16 13:17:33 host sshd[11483]: input_userauth_request: invalid user root [preauth]
Jan 16 13:17:33 host unix_chkpwd[11485]: password check failed for user (root)
Jan 16 13:17:33 host sshd[11483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.48.212 user=root
Jan 16 13:17:33 host sshd[11483]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:17:35 host sshd[11483]: Failed password for invalid user root from 43.135.48.212 port 42470 ssh2
Jan 16 13:17:35 host sshd[11483]: Received disconnect from 43.135.48.212 port 42470:11: Bye Bye [preauth]
Jan 16 13:17:35 host sshd[11483]: Disconnected from 43.135.48.212 port 42470 [preauth]
Jan 16 13:17:39 host sshd[11562]: User root from 103.121.197.82 not allowed because not listed in AllowUsers
Jan 16 13:17:39 host sshd[11562]: input_userauth_request: invalid user root [preauth]
Jan 16 13:17:39 host unix_chkpwd[11583]: password check failed for user (root)
Jan 16 13:17:39 host sshd[11562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.121.197.82 user=root
Jan 16 13:17:39 host sshd[11562]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:17:40 host sshd[11562]: Failed password for invalid user root from 103.121.197.82 port 38246 ssh2
Jan 16 13:17:40 host sshd[11562]: Received disconnect from 103.121.197.82 port 38246:11: Bye Bye [preauth]
Jan 16 13:17:40 host sshd[11562]: Disconnected from 103.121.197.82 port 38246 [preauth]
Jan 16 13:17:42 host sshd[11596]: User root from 118.101.192.62 not allowed because not listed in AllowUsers
Jan 16 13:17:42 host sshd[11596]: input_userauth_request: invalid user root [preauth]
Jan 16 13:17:42 host unix_chkpwd[11612]: password check failed for user (root)
Jan 16 13:17:42 host sshd[11596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.101.192.62 user=root
Jan 16 13:17:42 host sshd[11596]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:17:44 host sshd[11596]: Failed password for invalid user root from 118.101.192.62 port 59812 ssh2
Jan 16 13:19:42 host sshd[11921]: User root from 221.160.148.227 not allowed because not listed in AllowUsers
Jan 16 13:19:42 host sshd[11921]: input_userauth_request: invalid user root [preauth]
Jan 16 13:19:42 host unix_chkpwd[11924]: password check failed for user (root)
Jan 16 13:19:42 host sshd[11921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.160.148.227 user=root
Jan 16 13:19:42 host sshd[11921]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:19:44 host sshd[11921]: Failed password for invalid user root from 221.160.148.227 port 61032 ssh2
Jan 16 13:19:45 host sshd[11921]: Connection reset by 221.160.148.227 port 61032 [preauth]
Jan 16 13:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 13:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 13:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 13:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 13:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwtestugo user-2=shalinijames user-3=vfmassets user-4=pmcresources user-5=remysagr user-6=disposeat user-7=wwwkmaorg user-8=woodpeck user-9=wwwkapin user-10=kottayamcalldriv user-11=phmetals user-12=gifterman user-13=palco123 user-14=wwwnexidigital user-15=mrsclean user-16=wwwevmhonda user-17=bonifacegroup user-18=wwwletsstalkfood user-19=straightcurve user-20=dartsimp user-21=a2zgroup user-22=laundryboniface user-23=cochintaxi user-24=wwwkaretakers user-25=travelboniface user-26=ugotscom user-27=wwwrmswll user-28=wwwresourcehunte user-29=keralaholi user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 13:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 13:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-E3PjlIPTmlZAJbt7.~
Jan 16 13:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-E3PjlIPTmlZAJbt7.~'
Jan 16 13:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-E3PjlIPTmlZAJbt7.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 13:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 13:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 13:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 13:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 13:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 13:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 13:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 13:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 13:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 13:27:57 host sshd[13219]: User root from 103.70.31.101 not allowed because not listed in AllowUsers
Jan 16 13:27:57 host sshd[13219]: input_userauth_request: invalid user root [preauth]
Jan 16 13:27:57 host unix_chkpwd[13222]: password check failed for user (root)
Jan 16 13:27:57 host sshd[13219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.31.101 user=root
Jan 16 13:27:57 host sshd[13219]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:27:59 host sshd[13219]: Failed password for invalid user root from 103.70.31.101 port 35820 ssh2
Jan 16 13:27:59 host sshd[13219]: Received disconnect from 103.70.31.101 port 35820:11: Bye Bye [preauth]
Jan 16 13:27:59 host sshd[13219]: Disconnected from 103.70.31.101 port 35820 [preauth]
Jan 16 13:30:11 host sshd[13485]: Invalid user readonly from 205.185.113.129 port 47740
Jan 16 13:30:11 host sshd[13485]: input_userauth_request: invalid user readonly [preauth]
Jan 16 13:30:11 host sshd[13485]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:30:11 host sshd[13485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 16 13:30:13 host sshd[13485]: Failed password for invalid user readonly from 205.185.113.129 port 47740 ssh2
Jan 16 13:30:13 host sshd[13485]: Connection closed by 205.185.113.129 port 47740 [preauth]
Jan 16 13:30:19 host sshd[13500]: User root from 103.70.31.101 not allowed because not listed in AllowUsers
Jan 16 13:30:19 host sshd[13500]: input_userauth_request: invalid user root [preauth]
Jan 16 13:30:19 host unix_chkpwd[13503]: password check failed for user (root)
Jan 16 13:30:19 host sshd[13500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.31.101 user=root
Jan 16 13:30:19 host sshd[13500]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:30:21 host sshd[13500]: Failed password for invalid user root from 103.70.31.101 port 34640 ssh2
Jan 16 13:30:21 host sshd[13500]: Received disconnect from 103.70.31.101 port 34640:11: Bye Bye [preauth]
Jan 16 13:30:21 host sshd[13500]: Disconnected from 103.70.31.101 port 34640 [preauth]
Jan 16 13:32:10 host sshd[13879]: User root from 186.31.94.189 not allowed because not listed in AllowUsers
Jan 16 13:32:10 host sshd[13879]: input_userauth_request: invalid user root [preauth]
Jan 16 13:32:10 host unix_chkpwd[13883]: password check failed for user (root)
Jan 16 13:32:10 host sshd[13879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.31.94.189 user=root
Jan 16 13:32:10 host sshd[13879]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:32:12 host sshd[13879]: Failed password for invalid user root from 186.31.94.189 port 52703 ssh2
Jan 16 13:32:13 host sshd[13879]: Connection reset by 186.31.94.189 port 52703 [preauth]
Jan 16 13:32:50 host sshd[13945]: User root from 159.223.208.228 not allowed because not listed in AllowUsers
Jan 16 13:32:50 host sshd[13945]: input_userauth_request: invalid user root [preauth]
Jan 16 13:32:50 host unix_chkpwd[13948]: password check failed for user (root)
Jan 16 13:32:50 host sshd[13945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.208.228 user=root
Jan 16 13:32:50 host sshd[13945]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:32:52 host sshd[13945]: Failed password for invalid user root from 159.223.208.228 port 44910 ssh2
Jan 16 13:32:52 host sshd[13945]: Received disconnect from 159.223.208.228 port 44910:11: Bye Bye [preauth]
Jan 16 13:32:52 host sshd[13945]: Disconnected from 159.223.208.228 port 44910 [preauth]
Jan 16 13:34:01 host sshd[14059]: Invalid user grp from 46.101.2.4 port 50640
Jan 16 13:34:01 host sshd[14059]: input_userauth_request: invalid user grp [preauth]
Jan 16 13:34:01 host sshd[14059]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:34:01 host sshd[14059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.2.4
Jan 16 13:34:03 host sshd[14059]: Failed password for invalid user grp from 46.101.2.4 port 50640 ssh2
Jan 16 13:34:04 host sshd[14059]: Received disconnect from 46.101.2.4 port 50640:11: Bye Bye [preauth]
Jan 16 13:34:04 host sshd[14059]: Disconnected from 46.101.2.4 port 50640 [preauth]
Jan 16 13:35:06 host sshd[14213]: Invalid user tbv from 147.161.2.3 port 39640
Jan 16 13:35:06 host sshd[14213]: input_userauth_request: invalid user tbv [preauth]
Jan 16 13:35:06 host sshd[14213]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:35:06 host sshd[14213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.161.2.3
Jan 16 13:35:09 host sshd[14213]: Failed password for invalid user tbv from 147.161.2.3 port 39640 ssh2
Jan 16 13:35:09 host sshd[14213]: Received disconnect from 147.161.2.3 port 39640:11: Bye Bye [preauth]
Jan 16 13:35:09 host sshd[14213]: Disconnected from 147.161.2.3 port 39640 [preauth]
Jan 16 13:36:12 host sshd[14435]: User root from 159.223.208.228 not allowed because not listed in AllowUsers
Jan 16 13:36:12 host sshd[14435]: input_userauth_request: invalid user root [preauth]
Jan 16 13:36:12 host unix_chkpwd[14442]: password check failed for user (root)
Jan 16 13:36:12 host sshd[14435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.208.228 user=root
Jan 16 13:36:12 host sshd[14435]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:36:15 host sshd[14435]: Failed password for invalid user root from 159.223.208.228 port 35978 ssh2
Jan 16 13:37:25 host sshd[14601]: Invalid user vyq from 43.159.39.194 port 42950
Jan 16 13:37:25 host sshd[14601]: input_userauth_request: invalid user vyq [preauth]
Jan 16 13:37:25 host sshd[14601]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:37:25 host sshd[14601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.39.194
Jan 16 13:37:26 host sshd[14601]: Failed password for invalid user vyq from 43.159.39.194 port 42950 ssh2
Jan 16 13:37:26 host sshd[14601]: Received disconnect from 43.159.39.194 port 42950:11: Bye Bye [preauth]
Jan 16 13:37:26 host sshd[14601]: Disconnected from 43.159.39.194 port 42950 [preauth]
Jan 16 13:37:55 host sshd[14663]: Invalid user org from 137.184.96.200 port 47496
Jan 16 13:37:55 host sshd[14663]: input_userauth_request: invalid user org [preauth]
Jan 16 13:37:55 host sshd[14663]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:37:55 host sshd[14663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.96.200
Jan 16 13:37:57 host sshd[14663]: Failed password for invalid user org from 137.184.96.200 port 47496 ssh2
Jan 16 13:37:57 host sshd[14663]: Received disconnect from 137.184.96.200 port 47496:11: Bye Bye [preauth]
Jan 16 13:37:57 host sshd[14663]: Disconnected from 137.184.96.200 port 47496 [preauth]
Jan 16 13:38:38 host sshd[14764]: Invalid user mlz from 178.128.55.198 port 47238
Jan 16 13:38:38 host sshd[14764]: input_userauth_request: invalid user mlz [preauth]
Jan 16 13:38:38 host sshd[14764]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:38:38 host sshd[14764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.55.198
Jan 16 13:38:40 host sshd[14764]: Failed password for invalid user mlz from 178.128.55.198 port 47238 ssh2
Jan 16 13:38:40 host sshd[14764]: Received disconnect from 178.128.55.198 port 47238:11: Bye Bye [preauth]
Jan 16 13:38:40 host sshd[14764]: Disconnected from 178.128.55.198 port 47238 [preauth]
Jan 16 13:39:54 host sshd[14918]: Invalid user qem from 212.83.137.137 port 60910
Jan 16 13:39:54 host sshd[14918]: input_userauth_request: invalid user qem [preauth]
Jan 16 13:39:54 host sshd[14918]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:39:54 host sshd[14918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.137.137
Jan 16 13:39:56 host sshd[14918]: Failed password for invalid user qem from 212.83.137.137 port 60910 ssh2
Jan 16 13:39:56 host sshd[14918]: Received disconnect from 212.83.137.137 port 60910:11: Bye Bye [preauth]
Jan 16 13:39:56 host sshd[14918]: Disconnected from 212.83.137.137 port 60910 [preauth]
Jan 16 13:40:02 host sshd[14931]: Invalid user tzq from 46.101.2.4 port 39200
Jan 16 13:40:02 host sshd[14931]: input_userauth_request: invalid user tzq [preauth]
Jan 16 13:40:02 host sshd[14931]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:40:02 host sshd[14931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.2.4
Jan 16 13:40:04 host sshd[14931]: Failed password for invalid user tzq from 46.101.2.4 port 39200 ssh2
Jan 16 13:40:04 host sshd[14931]: Received disconnect from 46.101.2.4 port 39200:11: Bye Bye [preauth]
Jan 16 13:40:04 host sshd[14931]: Disconnected from 46.101.2.4 port 39200 [preauth]
Jan 16 13:40:34 host sshd[15035]: Invalid user admin from 122.116.163.124 port 36969
Jan 16 13:40:34 host sshd[15035]: input_userauth_request: invalid user admin [preauth]
Jan 16 13:40:34 host sshd[15035]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:40:34 host sshd[15035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.163.124
Jan 16 13:40:37 host sshd[15035]: Failed password for invalid user admin from 122.116.163.124 port 36969 ssh2
Jan 16 13:40:38 host sshd[15035]: Failed password for invalid user admin from 122.116.163.124 port 36969 ssh2
Jan 16 13:40:38 host sshd[15035]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:40:40 host sshd[15035]: Failed password for invalid user admin from 122.116.163.124 port 36969 ssh2
Jan 16 13:40:42 host sshd[15035]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:40:44 host sshd[15035]: Failed password for invalid user admin from 122.116.163.124 port 36969 ssh2
Jan 16 13:40:44 host sshd[15035]: Connection reset by 122.116.163.124 port 36969 [preauth]
Jan 16 13:40:44 host sshd[15035]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.163.124
Jan 16 13:40:54 host sshd[15213]: Invalid user zns from 43.159.39.194 port 59620
Jan 16 13:40:54 host sshd[15213]: input_userauth_request: invalid user zns [preauth]
Jan 16 13:40:54 host sshd[15213]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:40:54 host sshd[15213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.39.194
Jan 16 13:40:56 host sshd[15213]: Failed password for invalid user zns from 43.159.39.194 port 59620 ssh2
Jan 16 13:40:56 host sshd[15216]: Invalid user tza from 137.184.96.200 port 54932
Jan 16 13:40:56 host sshd[15216]: input_userauth_request: invalid user tza [preauth]
Jan 16 13:40:56 host sshd[15216]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:40:56 host sshd[15216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.96.200
Jan 16 13:40:56 host sshd[15213]: Received disconnect from 43.159.39.194 port 59620:11: Bye Bye [preauth]
Jan 16 13:40:56 host sshd[15213]: Disconnected from 43.159.39.194 port 59620 [preauth]
Jan 16 13:40:58 host sshd[15216]: Failed password for invalid user tza from 137.184.96.200 port 54932 ssh2
Jan 16 13:40:59 host sshd[15216]: Received disconnect from 137.184.96.200 port 54932:11: Bye Bye [preauth]
Jan 16 13:40:59 host sshd[15216]: Disconnected from 137.184.96.200 port 54932 [preauth]
Jan 16 13:41:11 host sshd[15256]: Invalid user tbv from 46.101.2.4 port 33432
Jan 16 13:41:11 host sshd[15256]: input_userauth_request: invalid user tbv [preauth]
Jan 16 13:41:11 host sshd[15256]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:41:11 host sshd[15256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.2.4
Jan 16 13:41:13 host sshd[15256]: Failed password for invalid user tbv from 46.101.2.4 port 33432 ssh2
Jan 16 13:41:14 host sshd[15256]: Received disconnect from 46.101.2.4 port 33432:11: Bye Bye [preauth]
Jan 16 13:41:14 host sshd[15256]: Disconnected from 46.101.2.4 port 33432 [preauth]
Jan 16 13:41:22 host sshd[15310]: Invalid user stb from 212.83.137.137 port 57896
Jan 16 13:41:22 host sshd[15310]: input_userauth_request: invalid user stb [preauth]
Jan 16 13:41:22 host sshd[15310]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:41:22 host sshd[15310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.137.137
Jan 16 13:41:24 host sshd[15310]: Failed password for invalid user stb from 212.83.137.137 port 57896 ssh2
Jan 16 13:41:24 host sshd[15310]: Received disconnect from 212.83.137.137 port 57896:11: Bye Bye [preauth]
Jan 16 13:41:24 host sshd[15310]: Disconnected from 212.83.137.137 port 57896 [preauth]
Jan 16 13:41:49 host sshd[15384]: Invalid user org from 147.161.2.3 port 59868
Jan 16 13:41:49 host sshd[15384]: input_userauth_request: invalid user org [preauth]
Jan 16 13:41:49 host sshd[15384]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:41:49 host sshd[15384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.161.2.3
Jan 16 13:41:51 host sshd[15384]: Failed password for invalid user org from 147.161.2.3 port 59868 ssh2
Jan 16 13:41:51 host sshd[15384]: Received disconnect from 147.161.2.3 port 59868:11: Bye Bye [preauth]
Jan 16 13:41:51 host sshd[15384]: Disconnected from 147.161.2.3 port 59868 [preauth]
Jan 16 13:42:03 host sshd[15417]: Invalid user fzb from 137.184.96.200 port 49866
Jan 16 13:42:03 host sshd[15417]: input_userauth_request: invalid user fzb [preauth]
Jan 16 13:42:03 host sshd[15417]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:42:03 host sshd[15417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.96.200
Jan 16 13:42:05 host sshd[15417]: Failed password for invalid user fzb from 137.184.96.200 port 49866 ssh2
Jan 16 13:42:05 host sshd[15417]: Received disconnect from 137.184.96.200 port 49866:11: Bye Bye [preauth]
Jan 16 13:42:05 host sshd[15417]: Disconnected from 137.184.96.200 port 49866 [preauth]
Jan 16 13:42:08 host sshd[15426]: Invalid user vre from 178.128.55.198 port 55108
Jan 16 13:42:08 host sshd[15426]: input_userauth_request: invalid user vre [preauth]
Jan 16 13:42:08 host sshd[15426]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:42:08 host sshd[15426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.55.198
Jan 16 13:42:10 host sshd[15426]: Failed password for invalid user vre from 178.128.55.198 port 55108 ssh2
Jan 16 13:42:10 host sshd[15426]: Received disconnect from 178.128.55.198 port 55108:11: Bye Bye [preauth]
Jan 16 13:42:10 host sshd[15426]: Disconnected from 178.128.55.198 port 55108 [preauth]
Jan 16 13:42:24 host sshd[15482]: Invalid user prl from 212.83.137.137 port 52688
Jan 16 13:42:24 host sshd[15482]: input_userauth_request: invalid user prl [preauth]
Jan 16 13:42:25 host sshd[15482]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:42:25 host sshd[15482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.137.137
Jan 16 13:42:25 host sshd[15485]: Invalid user xfu from 43.159.39.194 port 48620
Jan 16 13:42:25 host sshd[15485]: input_userauth_request: invalid user xfu [preauth]
Jan 16 13:42:25 host sshd[15485]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:42:25 host sshd[15485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.39.194
Jan 16 13:42:26 host sshd[15482]: Failed password for invalid user prl from 212.83.137.137 port 52688 ssh2
Jan 16 13:42:26 host sshd[15482]: Received disconnect from 212.83.137.137 port 52688:11: Bye Bye [preauth]
Jan 16 13:42:26 host sshd[15482]: Disconnected from 212.83.137.137 port 52688 [preauth]
Jan 16 13:42:26 host sshd[15485]: Failed password for invalid user xfu from 43.159.39.194 port 48620 ssh2
Jan 16 13:42:26 host sshd[15485]: Received disconnect from 43.159.39.194 port 48620:11: Bye Bye [preauth]
Jan 16 13:42:26 host sshd[15485]: Disconnected from 43.159.39.194 port 48620 [preauth]
Jan 16 13:43:02 host sshd[15642]: Invalid user ukz from 147.161.2.3 port 55624
Jan 16 13:43:02 host sshd[15642]: input_userauth_request: invalid user ukz [preauth]
Jan 16 13:43:02 host sshd[15642]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:43:02 host sshd[15642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.161.2.3
Jan 16 13:43:04 host sshd[15642]: Failed password for invalid user ukz from 147.161.2.3 port 55624 ssh2
Jan 16 13:43:31 host sshd[15763]: Invalid user qem from 178.128.55.198 port 49364
Jan 16 13:43:31 host sshd[15763]: input_userauth_request: invalid user qem [preauth]
Jan 16 13:43:31 host sshd[15763]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:43:31 host sshd[15763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.55.198
Jan 16 13:43:32 host sshd[15763]: Failed password for invalid user qem from 178.128.55.198 port 49364 ssh2
Jan 16 13:43:32 host sshd[15763]: Received disconnect from 178.128.55.198 port 49364:11: Bye Bye [preauth]
Jan 16 13:43:32 host sshd[15763]: Disconnected from 178.128.55.198 port 49364 [preauth]
Jan 16 13:45:41 host sshd[16413]: User root from 122.116.158.4 not allowed because not listed in AllowUsers
Jan 16 13:45:41 host sshd[16413]: input_userauth_request: invalid user root [preauth]
Jan 16 13:45:41 host unix_chkpwd[16431]: password check failed for user (root)
Jan 16 13:45:41 host sshd[16413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.158.4 user=root
Jan 16 13:45:41 host sshd[16413]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:45:43 host sshd[16413]: Failed password for invalid user root from 122.116.158.4 port 57617 ssh2
Jan 16 13:45:44 host unix_chkpwd[16439]: password check failed for user (root)
Jan 16 13:45:44 host sshd[16413]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:45:46 host sshd[16413]: Failed password for invalid user root from 122.116.158.4 port 57617 ssh2
Jan 16 13:45:47 host unix_chkpwd[16445]: password check failed for user (root)
Jan 16 13:45:47 host sshd[16413]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:45:49 host sshd[16413]: Failed password for invalid user root from 122.116.158.4 port 57617 ssh2
Jan 16 13:45:50 host unix_chkpwd[16453]: password check failed for user (root)
Jan 16 13:45:50 host sshd[16413]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:45:52 host sshd[16413]: Failed password for invalid user root from 122.116.158.4 port 57617 ssh2
Jan 16 13:45:53 host unix_chkpwd[16458]: password check failed for user (root)
Jan 16 13:45:53 host sshd[16413]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:45:55 host sshd[16413]: Failed password for invalid user root from 122.116.158.4 port 57617 ssh2
Jan 16 13:53:49 host sshd[17910]: Did not receive identification string from 154.212.146.1 port 36242
Jan 16 13:53:49 host sshd[17912]: Invalid user admin from 154.212.146.1 port 37329
Jan 16 13:53:49 host sshd[17912]: input_userauth_request: invalid user admin [preauth]
Jan 16 13:53:49 host sshd[17911]: Invalid user tester from 154.212.146.1 port 37296
Jan 16 13:53:49 host sshd[17911]: input_userauth_request: invalid user tester [preauth]
Jan 16 13:53:49 host sshd[17913]: Invalid user testuser from 154.212.146.1 port 37268
Jan 16 13:53:49 host sshd[17913]: input_userauth_request: invalid user testuser [preauth]
Jan 16 13:53:49 host sshd[17918]: Invalid user steam from 154.212.146.1 port 37276
Jan 16 13:53:49 host sshd[17918]: input_userauth_request: invalid user steam [preauth]
Jan 16 13:53:49 host sshd[17917]: User mysql from 154.212.146.1 not allowed because not listed in AllowUsers
Jan 16 13:53:49 host sshd[17917]: input_userauth_request: invalid user mysql [preauth]
Jan 16 13:53:49 host sshd[17914]: Invalid user ec2-user from 154.212.146.1 port 37300
Jan 16 13:53:49 host sshd[17914]: input_userauth_request: invalid user ec2-user [preauth]
Jan 16 13:53:49 host sshd[17916]: User root from 154.212.146.1 not allowed because not listed in AllowUsers
Jan 16 13:53:49 host sshd[17916]: input_userauth_request: invalid user root [preauth]
Jan 16 13:53:49 host sshd[17921]: Invalid user postgres from 154.212.146.1 port 37323
Jan 16 13:53:49 host sshd[17921]: input_userauth_request: invalid user postgres [preauth]
Jan 16 13:53:49 host sshd[17919]: User root from 154.212.146.1 not allowed because not listed in AllowUsers
Jan 16 13:53:49 host sshd[17915]: Invalid user steam from 154.212.146.1 port 37284
Jan 16 13:53:49 host sshd[17919]: input_userauth_request: invalid user root [preauth]
Jan 16 13:53:49 host sshd[17915]: input_userauth_request: invalid user steam [preauth]
Jan 16 13:53:49 host sshd[17924]: Invalid user postgres from 154.212.146.1 port 37304
Jan 16 13:53:49 host sshd[17924]: input_userauth_request: invalid user postgres [preauth]
Jan 16 13:53:49 host sshd[17920]: Invalid user dockeradmin from 154.212.146.1 port 37294
Jan 16 13:53:49 host sshd[17923]: Invalid user steam from 154.212.146.1 port 37312
Jan 16 13:53:49 host sshd[17920]: input_userauth_request: invalid user dockeradmin [preauth]
Jan 16 13:53:49 host sshd[17923]: input_userauth_request: invalid user steam [preauth]
Jan 16 13:53:49 host sshd[17922]: Invalid user devops from 154.212.146.1 port 37320
Jan 16 13:53:49 host sshd[17922]: input_userauth_request: invalid user devops [preauth]
Jan 16 13:53:49 host sshd[17912]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:53:49 host sshd[17912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1
Jan 16 13:53:49 host sshd[17913]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:53:49 host sshd[17911]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:53:49 host sshd[17913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1
Jan 16 13:53:49 host sshd[17911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1
Jan 16 13:53:49 host sshd[17918]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:53:49 host sshd[17918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1
Jan 16 13:53:49 host sshd[17914]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:53:49 host sshd[17914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1
Jan 16 13:53:49 host sshd[17921]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:53:49 host sshd[17921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1
Jan 16 13:53:49 host unix_chkpwd[17941]: password check failed for user (mysql)
Jan 16 13:53:49 host sshd[17915]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:53:49 host sshd[17915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1
Jan 16 13:53:49 host sshd[17917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1 user=mysql
Jan 16 13:53:49 host sshd[17917]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 16 13:53:49 host sshd[17924]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:53:49 host sshd[17924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1
Jan 16 13:53:49 host sshd[17920]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:53:49 host sshd[17920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1
Jan 16 13:53:49 host sshd[17922]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:53:49 host sshd[17922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1
Jan 16 13:53:49 host unix_chkpwd[17942]: password check failed for user (root)
Jan 16 13:53:49 host sshd[17916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1 user=root
Jan 16 13:53:49 host sshd[17916]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:53:49 host sshd[17923]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:53:49 host sshd[17923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1
Jan 16 13:53:49 host unix_chkpwd[17943]: password check failed for user (root)
Jan 16 13:53:49 host sshd[17919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1 user=root
Jan 16 13:53:49 host sshd[17919]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:53:52 host sshd[17912]: Failed password for invalid user admin from 154.212.146.1 port 37329 ssh2
Jan 16 13:53:52 host sshd[17913]: Failed password for invalid user testuser from 154.212.146.1 port 37268 ssh2
Jan 16 13:53:52 host sshd[17911]: Failed password for invalid user tester from 154.212.146.1 port 37296 ssh2
Jan 16 13:53:52 host sshd[17918]: Failed password for invalid user steam from 154.212.146.1 port 37276 ssh2
Jan 16 13:53:52 host sshd[17914]: Failed password for invalid user ec2-user from 154.212.146.1 port 37300 ssh2
Jan 16 13:53:52 host sshd[17921]: Failed password for invalid user postgres from 154.212.146.1 port 37323 ssh2
Jan 16 13:53:52 host sshd[17915]: Failed password for invalid user steam from 154.212.146.1 port 37284 ssh2
Jan 16 13:53:52 host sshd[17917]: Failed password for invalid user mysql from 154.212.146.1 port 37282 ssh2
Jan 16 13:53:52 host sshd[17924]: Failed password for invalid user postgres from 154.212.146.1 port 37304 ssh2
Jan 16 13:53:52 host sshd[17920]: Failed password for invalid user dockeradmin from 154.212.146.1 port 37294 ssh2
Jan 16 13:53:52 host sshd[17922]: Failed password for invalid user devops from 154.212.146.1 port 37320 ssh2
Jan 16 13:53:52 host sshd[17916]: Failed password for invalid user root from 154.212.146.1 port 37278 ssh2
Jan 16 13:53:52 host sshd[17923]: Failed password for invalid user steam from 154.212.146.1 port 37312 ssh2
Jan 16 13:53:52 host sshd[17919]: Failed password for invalid user root from 154.212.146.1 port 37310 ssh2
Jan 16 13:53:52 host sshd[17912]: Connection closed by 154.212.146.1 port 37329 [preauth]
Jan 16 13:53:52 host sshd[17913]: Connection closed by 154.212.146.1 port 37268 [preauth]
Jan 16 13:53:52 host sshd[17911]: Connection closed by 154.212.146.1 port 37296 [preauth]
Jan 16 13:53:52 host sshd[17918]: Connection closed by 154.212.146.1 port 37276 [preauth]
Jan 16 13:53:52 host sshd[17914]: Connection closed by 154.212.146.1 port 37300 [preauth]
Jan 16 13:53:52 host sshd[17921]: Connection closed by 154.212.146.1 port 37323 [preauth]
Jan 16 13:53:52 host sshd[17915]: Connection closed by 154.212.146.1 port 37284 [preauth]
Jan 16 13:53:52 host sshd[17917]: Connection closed by 154.212.146.1 port 37282 [preauth]
Jan 16 13:53:52 host sshd[17920]: Connection closed by 154.212.146.1 port 37294 [preauth]
Jan 16 13:53:52 host sshd[17922]: Connection closed by 154.212.146.1 port 37320 [preauth]
Jan 16 13:53:52 host sshd[17924]: Connection closed by 154.212.146.1 port 37304 [preauth]
Jan 16 13:53:52 host sshd[17916]: Connection closed by 154.212.146.1 port 37278 [preauth]
Jan 16 13:53:52 host sshd[17923]: Connection closed by 154.212.146.1 port 37312 [preauth]
Jan 16 13:53:52 host sshd[17919]: Connection closed by 154.212.146.1 port 37310 [preauth]
Jan 16 13:53:52 host sshd[17952]: Invalid user test from 154.212.146.1 port 37291
Jan 16 13:53:52 host sshd[17952]: input_userauth_request: invalid user test [preauth]
Jan 16 13:53:52 host sshd[17953]: User root from 154.212.146.1 not allowed because not listed in AllowUsers
Jan 16 13:53:52 host sshd[17953]: input_userauth_request: invalid user root [preauth]
Jan 16 13:53:52 host sshd[17952]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:53:52 host sshd[17952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1
Jan 16 13:53:52 host unix_chkpwd[17956]: password check failed for user (root)
Jan 16 13:53:52 host sshd[17953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.212.146.1 user=root
Jan 16 13:53:52 host sshd[17953]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 13:53:55 host sshd[17952]: Failed password for invalid user test from 154.212.146.1 port 37291 ssh2
Jan 16 13:53:55 host sshd[17953]: Failed password for invalid user root from 154.212.146.1 port 37251 ssh2
Jan 16 13:54:32 host sshd[18088]: Did not receive identification string from 46.101.97.107 port 61000
Jan 16 13:55:38 host sshd[18218]: Did not receive identification string from 113.250.61.242 port 53086
Jan 16 13:55:41 host sshd[18219]: Invalid user devops from 113.250.61.242 port 54594
Jan 16 13:55:41 host sshd[18219]: input_userauth_request: invalid user devops [preauth]
Jan 16 13:55:41 host sshd[18219]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:55:41 host sshd[18219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.250.61.242
Jan 16 13:55:42 host sshd[18230]: Invalid user git from 113.250.61.242 port 54608
Jan 16 13:55:42 host sshd[18230]: input_userauth_request: invalid user git [preauth]
Jan 16 13:55:42 host sshd[18230]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:55:42 host sshd[18230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.250.61.242
Jan 16 13:55:42 host sshd[18223]: Invalid user dmdba from 113.250.61.242 port 54626
Jan 16 13:55:42 host sshd[18223]: input_userauth_request: invalid user dmdba [preauth]
Jan 16 13:55:42 host sshd[18236]: Invalid user a from 113.250.61.242 port 54622
Jan 16 13:55:42 host sshd[18236]: input_userauth_request: invalid user a [preauth]
Jan 16 13:55:42 host sshd[18233]: Invalid user guest from 113.250.61.242 port 54554
Jan 16 13:55:42 host sshd[18233]: input_userauth_request: invalid user guest [preauth]
Jan 16 13:55:43 host sshd[18219]: Failed password for invalid user devops from 113.250.61.242 port 54594 ssh2
Jan 16 13:55:43 host sshd[18260]: Invalid user ftpuser from 113.250.61.242 port 54556
Jan 16 13:55:43 host sshd[18260]: input_userauth_request: invalid user ftpuser [preauth]
Jan 16 13:55:43 host sshd[18233]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:55:43 host sshd[18233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.250.61.242
Jan 16 13:55:43 host sshd[18236]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:55:43 host sshd[18236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.250.61.242
Jan 16 13:55:43 host sshd[18219]: Connection closed by 113.250.61.242 port 54594 [preauth]
Jan 16 13:55:43 host sshd[18260]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:55:43 host sshd[18260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.250.61.242
Jan 16 13:55:44 host sshd[18224]: Invalid user esuser from 113.250.61.242 port 54616
Jan 16 13:55:44 host sshd[18224]: input_userauth_request: invalid user esuser [preauth]
Jan 16 13:55:44 host sshd[18247]: Invalid user elastic from 113.250.61.242 port 54592
Jan 16 13:55:44 host sshd[18245]: Invalid user oracle from 113.250.61.242 port 54598
Jan 16 13:55:44 host sshd[18247]: input_userauth_request: invalid user elastic [preauth]
Jan 16 13:55:44 host sshd[18245]: input_userauth_request: invalid user oracle [preauth]
Jan 16 13:55:44 host sshd[18248]: Invalid user teamspeak3 from 113.250.61.242 port 54574
Jan 16 13:55:44 host sshd[18248]: input_userauth_request: invalid user teamspeak3 [preauth]
Jan 16 13:55:44 host sshd[18256]: Invalid user admin from 113.250.61.242 port 54586
Jan 16 13:55:44 host sshd[18256]: input_userauth_request: invalid user admin [preauth]
Jan 16 13:55:44 host sshd[18230]: Failed password for invalid user git from 113.250.61.242 port 54608 ssh2
Jan 16 13:55:44 host sshd[18249]: Invalid user user from 113.250.61.242 port 54572
Jan 16 13:55:44 host sshd[18249]: input_userauth_request: invalid user user [preauth]
Jan 16 13:55:44 host sshd[18245]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:55:44 host sshd[18245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.250.61.242
Jan 16 13:55:44 host sshd[18247]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:55:44 host sshd[18247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.250.61.242
Jan 16 13:55:44 host sshd[18248]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 13:55:44 host sshd[18248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.250.61.242
Jan 16 13:55:44 host sshd[18230]: Connection closed by 113.250.61.242 port 54608 [preauth]
Jan 16 13:55:46 host sshd[18233]: Failed password for invalid user guest from 113.250.61.242 port 54554 ssh2
Jan 16 13:55:46 host sshd[18236]: Failed password for invalid user a from 113.250.61.242 port 54622 ssh2
Jan 16 13:55:46 host sshd[18245]: Failed password for invalid user oracle from 113.250.61.242 port 54598 ssh2
Jan 16 13:55:46 host sshd[18247]: Failed password for invalid user elastic from 113.250.61.242 port 54592 ssh2
Jan 16 13:55:46 host sshd[18248]: Failed password for invalid user teamspeak3 from 113.250.61.242 port 54574 ssh2
Jan 16 13:55:46 host sshd[18260]: Failed password for invalid user ftpuser from 113.250.61.242 port 54556 ssh2
Jan 16 14:05:34 host sshd[19978]: Invalid user admin from 39.112.0.147 port 62778
Jan 16 14:05:34 host sshd[19978]: input_userauth_request: invalid user admin [preauth]
Jan 16 14:05:34 host sshd[19978]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 14:05:34 host sshd[19978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.112.0.147
Jan 16 14:05:36 host sshd[19978]: Failed password for invalid user admin from 39.112.0.147 port 62778 ssh2
Jan 16 14:05:37 host sshd[19978]: Failed password for invalid user admin from 39.112.0.147 port 62778 ssh2
Jan 16 14:05:37 host sshd[19978]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 14:05:39 host sshd[19978]: Failed password for invalid user admin from 39.112.0.147 port 62778 ssh2
Jan 16 14:05:41 host sshd[19978]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 14:05:42 host sshd[19978]: Failed password for invalid user admin from 39.112.0.147 port 62778 ssh2
Jan 16 14:05:43 host sshd[19978]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 14:05:46 host sshd[19978]: Failed password for invalid user admin from 39.112.0.147 port 62778 ssh2
Jan 16 14:06:06 host sshd[20097]: Invalid user ez from 194.110.203.109 port 40426
Jan 16 14:06:06 host sshd[20097]: input_userauth_request: invalid user ez [preauth]
Jan 16 14:06:06 host sshd[20097]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 14:06:06 host sshd[20097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 14:06:09 host sshd[20097]: Failed password for invalid user ez from 194.110.203.109 port 40426 ssh2
Jan 16 14:06:12 host sshd[20097]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 14:06:14 host sshd[20097]: Failed password for invalid user ez from 194.110.203.109 port 40426 ssh2
Jan 16 14:06:17 host sshd[20097]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 14:06:19 host sshd[20097]: Failed password for invalid user ez from 194.110.203.109 port 40426 ssh2
Jan 16 14:06:22 host sshd[20097]: Connection closed by 194.110.203.109 port 40426 [preauth]
Jan 16 14:06:22 host sshd[20097]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 14:11:26 host sshd[21069]: Invalid user admin from 220.134.21.67 port 60736
Jan 16 14:11:26 host sshd[21069]: input_userauth_request: invalid user admin [preauth]
Jan 16 14:11:26 host sshd[21069]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 14:11:26 host sshd[21069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.21.67
Jan 16 14:11:28 host sshd[21069]: Failed password for invalid user admin from 220.134.21.67 port 60736 ssh2
Jan 16 14:11:33 host sshd[21069]: Failed password for invalid user admin from 220.134.21.67 port 60736 ssh2
Jan 16 14:11:34 host sshd[21069]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 14:11:35 host sshd[21069]: Failed password for invalid user admin from 220.134.21.67 port 60736 ssh2
Jan 16 14:11:36 host sshd[21069]: Connection reset by 220.134.21.67 port 60736 [preauth]
Jan 16 14:11:36 host sshd[21069]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.21.67
Jan 16 14:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 14:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 14:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 14:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkaretakers user-2=cochintaxi user-3=laundryboniface user-4=a2zgroup user-5=dartsimp user-6=wwwpmcresource user-7=wwwresourcehunte user-8=keralaholi user-9=wwwrmswll user-10=ugotscom user-11=travelboniface user-12=wwwkapin user-13=woodpeck user-14=disposeat user-15=wwwkmaorg user-16=remysagr user-17=pmcresources user-18=vfmassets user-19=shalinijames user-20=wwwtestugo user-21=wwwletsstalkfood user-22=straightcurve user-23=bonifacegroup user-24=wwwevmhonda user-25=mrsclean user-26=wwwnexidigital user-27=palco123 user-28=gifterman user-29=phmetals user-30=kottayamcalldriv feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 14:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-R4C9S6IK4q05Y3eN.~
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-R4C9S6IK4q05Y3eN.~'
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-R4C9S6IK4q05Y3eN.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 14:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 14:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 14:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 14:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 14:32:50 host sshd[24031]: Invalid user ubnt from 210.68.242.196 port 50601
Jan 16 14:32:50 host sshd[24031]: input_userauth_request: invalid user ubnt [preauth]
Jan 16 14:32:50 host sshd[24031]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 14:32:50 host sshd[24031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.68.242.196
Jan 16 14:32:52 host sshd[24031]: Failed password for invalid user ubnt from 210.68.242.196 port 50601 ssh2
Jan 16 14:32:53 host sshd[24031]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 14:32:55 host sshd[24031]: Failed password for invalid user ubnt from 210.68.242.196 port 50601 ssh2
Jan 16 14:32:55 host sshd[24031]: Connection reset by 210.68.242.196 port 50601 [preauth]
Jan 16 14:32:55 host sshd[24031]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.68.242.196
Jan 16 14:35:30 host sshd[24352]: Did not receive identification string from 196.179.238.249 port 33730
Jan 16 14:36:07 host sshd[24557]: Invalid user admin from 196.179.238.249 port 58494
Jan 16 14:36:07 host sshd[24557]: input_userauth_request: invalid user admin [preauth]
Jan 16 14:36:07 host sshd[24557]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 14:36:07 host sshd[24557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.179.238.249
Jan 16 14:36:09 host sshd[24557]: Failed password for invalid user admin from 196.179.238.249 port 58494 ssh2
Jan 16 14:36:10 host sshd[24557]: Connection closed by 196.179.238.249 port 58494 [preauth]
Jan 16 14:36:58 host sshd[24664]: Invalid user admin from 196.179.238.249 port 48036
Jan 16 14:36:58 host sshd[24664]: input_userauth_request: invalid user admin [preauth]
Jan 16 14:36:59 host sshd[24664]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 14:36:59 host sshd[24664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.179.238.249
Jan 16 14:37:01 host sshd[24664]: Failed password for invalid user admin from 196.179.238.249 port 48036 ssh2
Jan 16 14:37:01 host sshd[24664]: Connection closed by 196.179.238.249 port 48036 [preauth]
Jan 16 14:40:17 host sshd[25085]: User root from 59.126.114.190 not allowed because not listed in AllowUsers
Jan 16 14:40:17 host sshd[25085]: input_userauth_request: invalid user root [preauth]
Jan 16 14:40:17 host unix_chkpwd[25088]: password check failed for user (root)
Jan 16 14:40:17 host sshd[25085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.114.190 user=root
Jan 16 14:40:17 host sshd[25085]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 14:40:19 host sshd[25085]: Failed password for invalid user root from 59.126.114.190 port 52680 ssh2
Jan 16 14:40:19 host unix_chkpwd[25091]: password check failed for user (root)
Jan 16 14:40:19 host sshd[25085]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 14:40:21 host sshd[25085]: Failed password for invalid user root from 59.126.114.190 port 52680 ssh2
Jan 16 14:40:22 host sshd[25085]: Connection reset by 59.126.114.190 port 52680 [preauth]
Jan 16 14:40:22 host sshd[25085]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.114.190 user=root
Jan 16 14:57:49 host sshd[27470]: Invalid user Admin from 112.149.177.166 port 51572
Jan 16 14:57:49 host sshd[27470]: input_userauth_request: invalid user Admin [preauth]
Jan 16 14:57:49 host sshd[27470]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 14:57:49 host sshd[27470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.149.177.166
Jan 16 14:57:52 host sshd[27470]: Failed password for invalid user Admin from 112.149.177.166 port 51572 ssh2
Jan 16 14:57:52 host sshd[27470]: Connection reset by 112.149.177.166 port 51572 [preauth]
Jan 16 15:08:10 host sshd[29013]: Invalid user Admin from 1.34.107.46 port 50024
Jan 16 15:08:10 host sshd[29013]: input_userauth_request: invalid user Admin [preauth]
Jan 16 15:08:10 host sshd[29013]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:08:10 host sshd[29013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.107.46
Jan 16 15:08:12 host sshd[29013]: Failed password for invalid user Admin from 1.34.107.46 port 50024 ssh2
Jan 16 15:08:12 host sshd[29013]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:08:14 host sshd[29013]: Failed password for invalid user Admin from 1.34.107.46 port 50024 ssh2
Jan 16 15:08:15 host sshd[29013]: Connection reset by 1.34.107.46 port 50024 [preauth]
Jan 16 15:08:15 host sshd[29013]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.107.46
Jan 16 15:14:02 host sshd[29778]: Invalid user admin from 119.193.209.204 port 48034
Jan 16 15:14:02 host sshd[29778]: input_userauth_request: invalid user admin [preauth]
Jan 16 15:14:02 host sshd[29778]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:14:02 host sshd[29778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.209.204
Jan 16 15:14:03 host sshd[29778]: Failed password for invalid user admin from 119.193.209.204 port 48034 ssh2
Jan 16 15:14:04 host sshd[29778]: Failed password for invalid user admin from 119.193.209.204 port 48034 ssh2
Jan 16 15:14:04 host sshd[29778]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:14:07 host sshd[29778]: Failed password for invalid user admin from 119.193.209.204 port 48034 ssh2
Jan 16 15:14:07 host sshd[29778]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:14:09 host sshd[29778]: Failed password for invalid user admin from 119.193.209.204 port 48034 ssh2
Jan 16 15:14:10 host sshd[29778]: Connection reset by 119.193.209.204 port 48034 [preauth]
Jan 16 15:14:10 host sshd[29778]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.209.204
Jan 16 15:15:44 host sshd[29985]: Invalid user dmdba from 211.47.118.140 port 39347
Jan 16 15:15:44 host sshd[29985]: input_userauth_request: invalid user dmdba [preauth]
Jan 16 15:15:44 host sshd[29985]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:15:44 host sshd[29985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.47.118.140
Jan 16 15:15:46 host sshd[29985]: Failed password for invalid user dmdba from 211.47.118.140 port 39347 ssh2
Jan 16 15:15:49 host sshd[29985]: Failed password for invalid user dmdba from 211.47.118.140 port 39347 ssh2
Jan 16 15:15:49 host sshd[29985]: Connection closed by 211.47.118.140 port 39347 [preauth]
Jan 16 15:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 15:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 15:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 15:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=a2zgroup user-2=dartsimp user-3=laundryboniface user-4=cochintaxi user-5=wwwkaretakers user-6=travelboniface user-7=ugotscom user-8=keralaholi user-9=wwwresourcehunte user-10=wwwrmswll user-11=wwwpmcresource user-12=shalinijames user-13=wwwtestugo user-14=vfmassets user-15=pmcresources user-16=remysagr user-17=disposeat user-18=wwwkmaorg user-19=woodpeck user-20=wwwkapin user-21=kottayamcalldriv user-22=phmetals user-23=palco123 user-24=gifterman user-25=mrsclean user-26=wwwnexidigital user-27=wwwevmhonda user-28=bonifacegroup user-29=straightcurve user-30=wwwletsstalkfood feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 15:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-io3QaZHTQuwh3dmI.~
Jan 16 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-io3QaZHTQuwh3dmI.~'
Jan 16 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-io3QaZHTQuwh3dmI.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 15:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 15:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 15:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 15:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 15:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 15:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 15:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 15:26:29 host sshd[31564]: Invalid user leonard from 107.189.30.59 port 38324
Jan 16 15:26:29 host sshd[31564]: input_userauth_request: invalid user leonard [preauth]
Jan 16 15:26:29 host sshd[31564]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:26:29 host sshd[31564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 16 15:26:30 host sshd[31564]: Failed password for invalid user leonard from 107.189.30.59 port 38324 ssh2
Jan 16 15:26:31 host sshd[31564]: Connection closed by 107.189.30.59 port 38324 [preauth]
Jan 16 15:31:20 host sshd[32236]: Invalid user admin from 222.120.209.218 port 63537
Jan 16 15:31:20 host sshd[32236]: input_userauth_request: invalid user admin [preauth]
Jan 16 15:31:20 host sshd[32236]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:31:20 host sshd[32236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.120.209.218
Jan 16 15:31:22 host sshd[32236]: Failed password for invalid user admin from 222.120.209.218 port 63537 ssh2
Jan 16 15:31:25 host sshd[32236]: Failed password for invalid user admin from 222.120.209.218 port 63537 ssh2
Jan 16 15:31:25 host sshd[32236]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:31:27 host sshd[32236]: Failed password for invalid user admin from 222.120.209.218 port 63537 ssh2
Jan 16 15:31:29 host sshd[32236]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:31:31 host sshd[32236]: Failed password for invalid user admin from 222.120.209.218 port 63537 ssh2
Jan 16 15:38:36 host sshd[786]: Connection reset by 123.240.163.237 port 55195 [preauth]
Jan 16 15:42:09 host sshd[1367]: Invalid user admin from 121.166.213.186 port 62278
Jan 16 15:42:09 host sshd[1367]: input_userauth_request: invalid user admin [preauth]
Jan 16 15:42:09 host sshd[1367]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:42:09 host sshd[1367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.166.213.186
Jan 16 15:42:11 host sshd[1367]: Failed password for invalid user admin from 121.166.213.186 port 62278 ssh2
Jan 16 15:42:12 host sshd[1367]: Failed password for invalid user admin from 121.166.213.186 port 62278 ssh2
Jan 16 15:42:12 host sshd[1367]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:42:14 host sshd[1367]: Failed password for invalid user admin from 121.166.213.186 port 62278 ssh2
Jan 16 15:51:47 host sshd[2710]: Invalid user f from 194.110.203.109 port 50612
Jan 16 15:51:47 host sshd[2710]: input_userauth_request: invalid user f [preauth]
Jan 16 15:51:47 host sshd[2710]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:51:47 host sshd[2710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 15:51:49 host sshd[2710]: Failed password for invalid user f from 194.110.203.109 port 50612 ssh2
Jan 16 15:51:52 host sshd[2710]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:51:54 host sshd[2710]: Failed password for invalid user f from 194.110.203.109 port 50612 ssh2
Jan 16 15:51:57 host sshd[2710]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 15:51:59 host sshd[2710]: Failed password for invalid user f from 194.110.203.109 port 50612 ssh2
Jan 16 15:52:03 host sshd[2710]: Connection closed by 194.110.203.109 port 50612 [preauth]
Jan 16 15:52:03 host sshd[2710]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 16:12:27 host sshd[5835]: Invalid user talasam from 195.226.194.142 port 47742
Jan 16 16:12:27 host sshd[5835]: input_userauth_request: invalid user talasam [preauth]
Jan 16 16:12:27 host sshd[5835]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:12:27 host sshd[5835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 16 16:12:30 host sshd[5835]: Failed password for invalid user talasam from 195.226.194.142 port 47742 ssh2
Jan 16 16:12:30 host sshd[5835]: Received disconnect from 195.226.194.142 port 47742:11: Bye Bye [preauth]
Jan 16 16:12:30 host sshd[5835]: Disconnected from 195.226.194.142 port 47742 [preauth]
Jan 16 16:15:30 host sshd[6317]: User root from 71.200.58.137 not allowed because not listed in AllowUsers
Jan 16 16:15:30 host sshd[6317]: input_userauth_request: invalid user root [preauth]
Jan 16 16:15:30 host unix_chkpwd[6344]: password check failed for user (root)
Jan 16 16:15:30 host sshd[6317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71.200.58.137 user=root
Jan 16 16:15:30 host sshd[6317]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 16:15:31 host sshd[6317]: Failed password for invalid user root from 71.200.58.137 port 44159 ssh2
Jan 16 16:15:32 host unix_chkpwd[6348]: password check failed for user (root)
Jan 16 16:15:32 host sshd[6317]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 16:15:35 host sshd[6317]: Failed password for invalid user root from 71.200.58.137 port 44159 ssh2
Jan 16 16:15:36 host unix_chkpwd[6351]: password check failed for user (root)
Jan 16 16:15:36 host sshd[6317]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 16:15:38 host sshd[6317]: Failed password for invalid user root from 71.200.58.137 port 44159 ssh2
Jan 16 16:15:38 host sshd[6317]: Connection reset by 71.200.58.137 port 44159 [preauth]
Jan 16 16:15:38 host sshd[6317]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=71.200.58.137 user=root
Jan 16 16:16:14 host sshd[6456]: Invalid user super from 103.54.41.197 port 41093
Jan 16 16:16:14 host sshd[6456]: input_userauth_request: invalid user super [preauth]
Jan 16 16:16:14 host sshd[6456]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:16:14 host sshd[6456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.54.41.197
Jan 16 16:16:16 host sshd[6456]: Failed password for invalid user super from 103.54.41.197 port 41093 ssh2
Jan 16 16:16:17 host sshd[6456]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:16:18 host sshd[6456]: Failed password for invalid user super from 103.54.41.197 port 41093 ssh2
Jan 16 16:16:19 host sshd[6456]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:16:21 host sshd[6456]: Failed password for invalid user super from 103.54.41.197 port 41093 ssh2
Jan 16 16:16:21 host sshd[6456]: Connection reset by 103.54.41.197 port 41093 [preauth]
Jan 16 16:16:21 host sshd[6456]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.54.41.197
Jan 16 16:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 16:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 16:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 16:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=wwwrmswll user-3=keralaholi user-4=wwwresourcehunte user-5=ugotscom user-6=travelboniface user-7=cochintaxi user-8=wwwkaretakers user-9=laundryboniface user-10=dartsimp user-11=a2zgroup user-12=straightcurve user-13=wwwletsstalkfood user-14=bonifacegroup user-15=wwwevmhonda user-16=mrsclean user-17=wwwnexidigital user-18=gifterman user-19=palco123 user-20=phmetals user-21=kottayamcalldriv user-22=wwwkapin user-23=woodpeck user-24=disposeat user-25=wwwkmaorg user-26=remysagr user-27=pmcresources user-28=vfmassets user-29=wwwtestugo user-30=shalinijames feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 16:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-za9kiDIVzi7E9eSE.~
Jan 16 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-za9kiDIVzi7E9eSE.~'
Jan 16 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-za9kiDIVzi7E9eSE.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 16:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 16:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 16:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 16:26:53 host sshd[8483]: Invalid user default from 119.201.126.100 port 63005
Jan 16 16:26:53 host sshd[8483]: input_userauth_request: invalid user default [preauth]
Jan 16 16:26:53 host sshd[8483]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:26:53 host sshd[8483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.201.126.100
Jan 16 16:26:55 host sshd[8483]: Failed password for invalid user default from 119.201.126.100 port 63005 ssh2
Jan 16 16:26:57 host sshd[8483]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:26:59 host sshd[8483]: Failed password for invalid user default from 119.201.126.100 port 63005 ssh2
Jan 16 16:28:02 host sshd[8607]: Invalid user hadoop from 114.35.2.131 port 58218
Jan 16 16:28:02 host sshd[8607]: input_userauth_request: invalid user hadoop [preauth]
Jan 16 16:28:02 host sshd[8607]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:28:02 host sshd[8607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.2.131
Jan 16 16:28:04 host sshd[8607]: Failed password for invalid user hadoop from 114.35.2.131 port 58218 ssh2
Jan 16 16:28:04 host sshd[8607]: Failed password for invalid user hadoop from 114.35.2.131 port 58218 ssh2
Jan 16 16:28:05 host sshd[8607]: Connection closed by 114.35.2.131 port 58218 [preauth]
Jan 16 16:31:12 host sshd[8956]: Invalid user pi from 60.248.221.112 port 50023
Jan 16 16:31:12 host sshd[8956]: input_userauth_request: invalid user pi [preauth]
Jan 16 16:31:12 host sshd[8956]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:31:12 host sshd[8956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.248.221.112
Jan 16 16:31:15 host sshd[8956]: Failed password for invalid user pi from 60.248.221.112 port 50023 ssh2
Jan 16 16:31:15 host sshd[8956]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:31:17 host sshd[8956]: Failed password for invalid user pi from 60.248.221.112 port 50023 ssh2
Jan 16 16:31:17 host sshd[8956]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:31:20 host sshd[8956]: Failed password for invalid user pi from 60.248.221.112 port 50023 ssh2
Jan 16 16:31:20 host sshd[8956]: Connection reset by 60.248.221.112 port 50023 [preauth]
Jan 16 16:31:20 host sshd[8956]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.248.221.112
Jan 16 16:43:36 host sshd[10546]: Invalid user admin from 153.175.41.125 port 44788
Jan 16 16:43:36 host sshd[10546]: input_userauth_request: invalid user admin [preauth]
Jan 16 16:43:36 host sshd[10546]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:43:36 host sshd[10546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.175.41.125
Jan 16 16:43:38 host sshd[10546]: Failed password for invalid user admin from 153.175.41.125 port 44788 ssh2
Jan 16 16:43:39 host sshd[10546]: Failed password for invalid user admin from 153.175.41.125 port 44788 ssh2
Jan 16 16:43:39 host sshd[10546]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:43:41 host sshd[10546]: Failed password for invalid user admin from 153.175.41.125 port 44788 ssh2
Jan 16 16:43:42 host sshd[10546]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:43:44 host sshd[10546]: Failed password for invalid user admin from 153.175.41.125 port 44788 ssh2
Jan 16 16:43:45 host sshd[10546]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:43:47 host sshd[10546]: Failed password for invalid user admin from 153.175.41.125 port 44788 ssh2
Jan 16 16:47:39 host sshd[11140]: Invalid user ec2-user from 220.134.126.145 port 40586
Jan 16 16:47:39 host sshd[11140]: input_userauth_request: invalid user ec2-user [preauth]
Jan 16 16:47:39 host sshd[11140]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:47:39 host sshd[11140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.126.145
Jan 16 16:47:41 host sshd[11140]: Failed password for invalid user ec2-user from 220.134.126.145 port 40586 ssh2
Jan 16 16:47:41 host sshd[11140]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:47:43 host sshd[11140]: Failed password for invalid user ec2-user from 220.134.126.145 port 40586 ssh2
Jan 16 16:47:43 host sshd[11140]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:47:45 host sshd[11140]: Failed password for invalid user ec2-user from 220.134.126.145 port 40586 ssh2
Jan 16 16:47:46 host sshd[11140]: Failed password for invalid user ec2-user from 220.134.126.145 port 40586 ssh2
Jan 16 16:47:47 host sshd[11140]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:47:48 host sshd[11140]: Failed password for invalid user ec2-user from 220.134.126.145 port 40586 ssh2
Jan 16 16:47:49 host sshd[11140]: Connection reset by 220.134.126.145 port 40586 [preauth]
Jan 16 16:47:49 host sshd[11140]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.126.145
Jan 16 16:47:49 host sshd[11140]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 16 16:47:53 host sshd[11157]: Invalid user pi from 220.95.113.36 port 54022
Jan 16 16:47:53 host sshd[11157]: input_userauth_request: invalid user pi [preauth]
Jan 16 16:47:53 host sshd[11157]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:47:53 host sshd[11157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.95.113.36
Jan 16 16:47:54 host sshd[11157]: Failed password for invalid user pi from 220.95.113.36 port 54022 ssh2
Jan 16 16:47:55 host sshd[11157]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:47:57 host sshd[11157]: Failed password for invalid user pi from 220.95.113.36 port 54022 ssh2
Jan 16 16:47:58 host sshd[11157]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:48:00 host sshd[11157]: Failed password for invalid user pi from 220.95.113.36 port 54022 ssh2
Jan 16 16:49:13 host sshd[11339]: User root from 195.226.194.242 not allowed because not listed in AllowUsers
Jan 16 16:49:13 host sshd[11339]: input_userauth_request: invalid user root [preauth]
Jan 16 16:49:13 host unix_chkpwd[11342]: password check failed for user (root)
Jan 16 16:49:13 host sshd[11339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242 user=root
Jan 16 16:49:13 host sshd[11339]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 16:49:15 host sshd[11339]: Failed password for invalid user root from 195.226.194.242 port 43924 ssh2
Jan 16 16:49:15 host sshd[11339]: Received disconnect from 195.226.194.242 port 43924:11: Bye Bye [preauth]
Jan 16 16:49:15 host sshd[11339]: Disconnected from 195.226.194.242 port 43924 [preauth]
Jan 16 16:52:13 host sshd[11759]: Invalid user zyfwp from 121.155.129.59 port 61441
Jan 16 16:52:13 host sshd[11759]: input_userauth_request: invalid user zyfwp [preauth]
Jan 16 16:52:13 host sshd[11759]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:52:13 host sshd[11759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.155.129.59
Jan 16 16:52:16 host sshd[11759]: Failed password for invalid user zyfwp from 121.155.129.59 port 61441 ssh2
Jan 16 16:52:16 host sshd[11759]: Connection reset by 121.155.129.59 port 61441 [preauth]
Jan 16 16:54:30 host sshd[11994]: Invalid user admin from 220.135.191.217 port 41202
Jan 16 16:54:30 host sshd[11994]: input_userauth_request: invalid user admin [preauth]
Jan 16 16:54:30 host sshd[11994]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:54:30 host sshd[11994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.191.217
Jan 16 16:54:32 host sshd[11994]: Failed password for invalid user admin from 220.135.191.217 port 41202 ssh2
Jan 16 16:54:33 host sshd[11994]: Failed password for invalid user admin from 220.135.191.217 port 41202 ssh2
Jan 16 16:54:34 host sshd[11994]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:54:35 host sshd[11994]: Failed password for invalid user admin from 220.135.191.217 port 41202 ssh2
Jan 16 16:54:36 host sshd[11994]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:54:38 host sshd[11994]: Failed password for invalid user admin from 220.135.191.217 port 41202 ssh2
Jan 16 16:54:39 host sshd[11994]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 16:54:41 host sshd[11994]: Failed password for invalid user admin from 220.135.191.217 port 41202 ssh2
Jan 16 17:03:20 host sshd[13207]: Did not receive identification string from 58.72.18.130 port 39388
Jan 16 17:14:48 host sshd[14736]: Invalid user uucp from 195.226.194.142 port 23124
Jan 16 17:14:48 host sshd[14736]: input_userauth_request: invalid user uucp [preauth]
Jan 16 17:14:48 host sshd[14736]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:14:48 host sshd[14736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 16 17:14:50 host sshd[14736]: Failed password for invalid user uucp from 195.226.194.142 port 23124 ssh2
Jan 16 17:14:50 host sshd[14736]: Received disconnect from 195.226.194.142 port 23124:11: Bye Bye [preauth]
Jan 16 17:14:50 host sshd[14736]: Disconnected from 195.226.194.142 port 23124 [preauth]
Jan 16 17:15:31 host sshd[14831]: Invalid user admin from 78.152.236.82 port 60308
Jan 16 17:15:31 host sshd[14831]: input_userauth_request: invalid user admin [preauth]
Jan 16 17:15:31 host sshd[14831]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:15:31 host sshd[14831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.152.236.82
Jan 16 17:15:33 host sshd[14831]: Failed password for invalid user admin from 78.152.236.82 port 60308 ssh2
Jan 16 17:15:34 host sshd[14831]: Failed password for invalid user admin from 78.152.236.82 port 60308 ssh2
Jan 16 17:15:34 host sshd[14831]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:15:36 host sshd[14831]: Failed password for invalid user admin from 78.152.236.82 port 60308 ssh2
Jan 16 17:15:37 host sshd[14831]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:15:39 host sshd[14831]: Failed password for invalid user admin from 78.152.236.82 port 60308 ssh2
Jan 16 17:15:40 host sshd[14831]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:15:41 host sshd[14831]: Failed password for invalid user admin from 78.152.236.82 port 60308 ssh2
Jan 16 17:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 17:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 17:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 17:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=disposeat user-2=wwwkmaorg user-3=remysagr user-4=wwwkapin user-5=woodpeck user-6=shalinijames user-7=wwwtestugo user-8=vfmassets user-9=pmcresources user-10=wwwevmhonda user-11=bonifacegroup user-12=wwwletsstalkfood user-13=straightcurve user-14=kottayamcalldriv user-15=phmetals user-16=palco123 user-17=gifterman user-18=wwwnexidigital user-19=mrsclean user-20=cochintaxi user-21=wwwkaretakers user-22=a2zgroup user-23=dartsimp user-24=laundryboniface user-25=wwwpmcresource user-26=travelboniface user-27=ugotscom user-28=keralaholi user-29=wwwresourcehunte user-30=wwwrmswll feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 17:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-2rneM5UTEfGXbOvk.~
Jan 16 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-2rneM5UTEfGXbOvk.~'
Jan 16 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-2rneM5UTEfGXbOvk.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 17:21:09 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 17:21:09 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 17:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 17:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 17:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 17:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 17:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 17:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 17:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 17:26:52 host sshd[16490]: Invalid user admin from 180.75.49.182 port 39662
Jan 16 17:26:52 host sshd[16490]: input_userauth_request: invalid user admin [preauth]
Jan 16 17:26:52 host sshd[16490]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:26:52 host sshd[16490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.75.49.182
Jan 16 17:26:54 host sshd[16490]: Failed password for invalid user admin from 180.75.49.182 port 39662 ssh2
Jan 16 17:26:55 host sshd[16490]: Failed password for invalid user admin from 180.75.49.182 port 39662 ssh2
Jan 16 17:26:55 host sshd[16490]: Connection reset by 180.75.49.182 port 39662 [preauth]
Jan 16 17:28:26 host sshd[16638]: Invalid user wbs from 61.240.138.52 port 43900
Jan 16 17:28:26 host sshd[16638]: input_userauth_request: invalid user wbs [preauth]
Jan 16 17:28:26 host sshd[16638]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:28:26 host sshd[16638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.240.138.52
Jan 16 17:28:29 host sshd[16638]: Failed password for invalid user wbs from 61.240.138.52 port 43900 ssh2
Jan 16 17:28:29 host sshd[16638]: Received disconnect from 61.240.138.52 port 43900:11: Bye Bye [preauth]
Jan 16 17:28:29 host sshd[16638]: Disconnected from 61.240.138.52 port 43900 [preauth]
Jan 16 17:32:54 host sshd[17285]: Invalid user len from 61.240.138.52 port 34408
Jan 16 17:32:54 host sshd[17285]: input_userauth_request: invalid user len [preauth]
Jan 16 17:32:54 host sshd[17285]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:32:54 host sshd[17285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.240.138.52
Jan 16 17:32:55 host sshd[17285]: Failed password for invalid user len from 61.240.138.52 port 34408 ssh2
Jan 16 17:32:56 host sshd[17285]: Received disconnect from 61.240.138.52 port 34408:11: Bye Bye [preauth]
Jan 16 17:32:56 host sshd[17285]: Disconnected from 61.240.138.52 port 34408 [preauth]
Jan 16 17:35:18 host sshd[17570]: Invalid user cgn from 61.240.138.52 port 42664
Jan 16 17:35:18 host sshd[17570]: input_userauth_request: invalid user cgn [preauth]
Jan 16 17:35:18 host sshd[17570]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:35:18 host sshd[17570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.240.138.52
Jan 16 17:35:20 host sshd[17570]: Failed password for invalid user cgn from 61.240.138.52 port 42664 ssh2
Jan 16 17:35:20 host sshd[17570]: Received disconnect from 61.240.138.52 port 42664:11: Bye Bye [preauth]
Jan 16 17:35:20 host sshd[17570]: Disconnected from 61.240.138.52 port 42664 [preauth]
Jan 16 17:35:45 host sshd[17659]: Invalid user pi from 174.50.70.188 port 37868
Jan 16 17:35:45 host sshd[17659]: input_userauth_request: invalid user pi [preauth]
Jan 16 17:35:45 host sshd[17660]: Invalid user pi from 174.50.70.188 port 37890
Jan 16 17:35:45 host sshd[17660]: input_userauth_request: invalid user pi [preauth]
Jan 16 17:35:45 host sshd[17659]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:35:45 host sshd[17659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.50.70.188
Jan 16 17:35:46 host sshd[17660]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:35:46 host sshd[17660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.50.70.188
Jan 16 17:35:47 host sshd[17660]: Failed password for invalid user pi from 174.50.70.188 port 37890 ssh2
Jan 16 17:35:48 host sshd[17660]: Connection closed by 174.50.70.188 port 37890 [preauth]
Jan 16 17:35:48 host sshd[17659]: Failed password for invalid user pi from 174.50.70.188 port 37868 ssh2
Jan 16 17:35:48 host sshd[17659]: Connection closed by 174.50.70.188 port 37868 [preauth]
Jan 16 17:36:50 host sshd[17787]: Invalid user fa from 194.110.203.109 port 38736
Jan 16 17:36:50 host sshd[17787]: input_userauth_request: invalid user fa [preauth]
Jan 16 17:36:50 host sshd[17787]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:36:50 host sshd[17787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 17:36:51 host sshd[17787]: Failed password for invalid user fa from 194.110.203.109 port 38736 ssh2
Jan 16 17:36:55 host sshd[17787]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:36:57 host sshd[17787]: Failed password for invalid user fa from 194.110.203.109 port 38736 ssh2
Jan 16 17:37:00 host sshd[17787]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:37:02 host sshd[17787]: Failed password for invalid user fa from 194.110.203.109 port 38736 ssh2
Jan 16 17:37:05 host sshd[17787]: Connection closed by 194.110.203.109 port 38736 [preauth]
Jan 16 17:37:05 host sshd[17787]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 17:40:32 host sshd[18330]: User root from 218.35.169.102 not allowed because not listed in AllowUsers
Jan 16 17:40:32 host sshd[18330]: input_userauth_request: invalid user root [preauth]
Jan 16 17:40:32 host unix_chkpwd[18333]: password check failed for user (root)
Jan 16 17:40:32 host sshd[18330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.35.169.102 user=root
Jan 16 17:40:32 host sshd[18330]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 17:40:35 host sshd[18330]: Failed password for invalid user root from 218.35.169.102 port 34344 ssh2
Jan 16 17:40:35 host unix_chkpwd[18336]: password check failed for user (root)
Jan 16 17:40:35 host sshd[18330]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 17:40:37 host sshd[18330]: Failed password for invalid user root from 218.35.169.102 port 34344 ssh2
Jan 16 17:40:37 host unix_chkpwd[18339]: password check failed for user (root)
Jan 16 17:40:37 host sshd[18330]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 17:40:39 host sshd[18330]: Failed password for invalid user root from 218.35.169.102 port 34344 ssh2
Jan 16 17:40:39 host unix_chkpwd[18345]: password check failed for user (root)
Jan 16 17:40:39 host sshd[18330]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 17:40:42 host sshd[18330]: Failed password for invalid user root from 218.35.169.102 port 34344 ssh2
Jan 16 17:40:42 host unix_chkpwd[18348]: password check failed for user (root)
Jan 16 17:40:42 host sshd[18330]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 17:40:44 host sshd[18330]: Failed password for invalid user root from 218.35.169.102 port 34344 ssh2
Jan 16 17:40:54 host sshd[18409]: User root from 183.97.192.131 not allowed because not listed in AllowUsers
Jan 16 17:40:54 host sshd[18409]: input_userauth_request: invalid user root [preauth]
Jan 16 17:40:54 host unix_chkpwd[18414]: password check failed for user (root)
Jan 16 17:40:54 host sshd[18409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.97.192.131 user=root
Jan 16 17:40:54 host sshd[18409]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 17:40:56 host sshd[18409]: Failed password for invalid user root from 183.97.192.131 port 56642 ssh2
Jan 16 17:40:56 host unix_chkpwd[18416]: password check failed for user (root)
Jan 16 17:40:56 host sshd[18409]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 17:40:58 host sshd[18409]: Failed password for invalid user root from 183.97.192.131 port 56642 ssh2
Jan 16 17:40:59 host sshd[18409]: Connection reset by 183.97.192.131 port 56642 [preauth]
Jan 16 17:40:59 host sshd[18409]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.97.192.131 user=root
Jan 16 17:45:08 host sshd[18903]: User sync from 195.226.194.142 not allowed because not listed in AllowUsers
Jan 16 17:45:08 host sshd[18903]: input_userauth_request: invalid user sync [preauth]
Jan 16 17:45:08 host unix_chkpwd[18906]: password check failed for user (sync)
Jan 16 17:45:08 host sshd[18903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142 user=sync
Jan 16 17:45:08 host sshd[18903]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sync"
Jan 16 17:45:10 host sshd[18903]: Failed password for invalid user sync from 195.226.194.142 port 30806 ssh2
Jan 16 17:45:10 host sshd[18903]: Received disconnect from 195.226.194.142 port 30806:11: Bye Bye [preauth]
Jan 16 17:45:10 host sshd[18903]: Disconnected from 195.226.194.142 port 30806 [preauth]
Jan 16 17:45:29 host sshd[18957]: Invalid user oracle from 39.126.176.31 port 61874
Jan 16 17:45:29 host sshd[18957]: input_userauth_request: invalid user oracle [preauth]
Jan 16 17:45:29 host sshd[18957]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:45:29 host sshd[18957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.126.176.31
Jan 16 17:45:30 host sshd[18957]: Failed password for invalid user oracle from 39.126.176.31 port 61874 ssh2
Jan 16 17:45:31 host sshd[18957]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:45:33 host sshd[18957]: Failed password for invalid user oracle from 39.126.176.31 port 61874 ssh2
Jan 16 17:45:34 host sshd[18957]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:45:35 host sshd[18957]: Failed password for invalid user oracle from 39.126.176.31 port 61874 ssh2
Jan 16 17:45:36 host sshd[18957]: Failed password for invalid user oracle from 39.126.176.31 port 61874 ssh2
Jan 16 17:45:36 host sshd[18957]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:45:38 host sshd[18957]: Failed password for invalid user oracle from 39.126.176.31 port 61874 ssh2
Jan 16 17:46:20 host sshd[19200]: User root from 121.150.20.165 not allowed because not listed in AllowUsers
Jan 16 17:46:20 host sshd[19200]: input_userauth_request: invalid user root [preauth]
Jan 16 17:46:20 host unix_chkpwd[19204]: password check failed for user (root)
Jan 16 17:46:20 host sshd[19200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.150.20.165 user=root
Jan 16 17:46:20 host sshd[19200]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 17:46:22 host sshd[19200]: Failed password for invalid user root from 121.150.20.165 port 61408 ssh2
Jan 16 17:46:22 host sshd[19200]: Connection reset by 121.150.20.165 port 61408 [preauth]
Jan 16 17:47:35 host sshd[19347]: Invalid user admin from 211.75.194.227 port 45515
Jan 16 17:47:35 host sshd[19347]: input_userauth_request: invalid user admin [preauth]
Jan 16 17:47:35 host sshd[19347]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:47:35 host sshd[19347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.75.194.227
Jan 16 17:47:37 host sshd[19347]: Failed password for invalid user admin from 211.75.194.227 port 45515 ssh2
Jan 16 17:47:37 host sshd[19347]: Failed password for invalid user admin from 211.75.194.227 port 45515 ssh2
Jan 16 17:47:38 host sshd[19347]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:47:40 host sshd[19347]: Failed password for invalid user admin from 211.75.194.227 port 45515 ssh2
Jan 16 17:47:40 host sshd[19347]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:47:43 host sshd[19347]: Failed password for invalid user admin from 211.75.194.227 port 45515 ssh2
Jan 16 17:47:44 host sshd[19347]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:47:46 host sshd[19347]: Failed password for invalid user admin from 211.75.194.227 port 45515 ssh2
Jan 16 17:47:47 host sshd[19347]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:47:48 host sshd[19347]: Failed password for invalid user admin from 211.75.194.227 port 45515 ssh2
Jan 16 17:47:48 host sshd[19347]: error: maximum authentication attempts exceeded for invalid user admin from 211.75.194.227 port 45515 ssh2 [preauth]
Jan 16 17:47:48 host sshd[19347]: Disconnecting: Too many authentication failures [preauth]
Jan 16 17:47:48 host sshd[19347]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.75.194.227
Jan 16 17:47:48 host sshd[19347]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 16 17:54:00 host sshd[20161]: Invalid user vadmin from 121.147.18.165 port 63719
Jan 16 17:54:00 host sshd[20161]: input_userauth_request: invalid user vadmin [preauth]
Jan 16 17:54:00 host sshd[20161]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:54:00 host sshd[20161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.147.18.165
Jan 16 17:54:02 host sshd[20161]: Failed password for invalid user vadmin from 121.147.18.165 port 63719 ssh2
Jan 16 17:54:03 host sshd[20161]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:54:05 host sshd[20161]: Failed password for invalid user vadmin from 121.147.18.165 port 63719 ssh2
Jan 16 17:54:05 host sshd[20161]: Failed password for invalid user vadmin from 121.147.18.165 port 63719 ssh2
Jan 16 17:54:06 host sshd[20161]: Connection closed by 121.147.18.165 port 63719 [preauth]
Jan 16 17:54:06 host sshd[20161]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.147.18.165
Jan 16 17:55:10 host sshd[20343]: Invalid user squid from 62.233.50.248 port 41876
Jan 16 17:55:10 host sshd[20343]: input_userauth_request: invalid user squid [preauth]
Jan 16 17:55:11 host sshd[20343]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:55:11 host sshd[20343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248
Jan 16 17:55:13 host sshd[20343]: Failed password for invalid user squid from 62.233.50.248 port 41876 ssh2
Jan 16 17:55:13 host sshd[20343]: Received disconnect from 62.233.50.248 port 41876:11: Client disconnecting normally [preauth]
Jan 16 17:55:13 host sshd[20343]: Disconnected from 62.233.50.248 port 41876 [preauth]
Jan 16 17:55:14 host sshd[20350]: Invalid user listd from 62.233.50.248 port 45771
Jan 16 17:55:14 host sshd[20350]: input_userauth_request: invalid user listd [preauth]
Jan 16 17:55:14 host sshd[20350]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 17:55:14 host sshd[20350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248
Jan 16 17:55:17 host sshd[20350]: Failed password for invalid user listd from 62.233.50.248 port 45771 ssh2
Jan 16 17:55:17 host sshd[20350]: Received disconnect from 62.233.50.248 port 45771:11: Client disconnecting normally [preauth]
Jan 16 17:55:17 host sshd[20350]: Disconnected from 62.233.50.248 port 45771 [preauth]
Jan 16 17:55:18 host sshd[20360]: User root from 62.233.50.248 not allowed because not listed in AllowUsers
Jan 16 17:55:18 host sshd[20360]: input_userauth_request: invalid user root [preauth]
Jan 16 17:55:18 host unix_chkpwd[20366]: password check failed for user (root)
Jan 16 17:55:18 host sshd[20360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248 user=root
Jan 16 17:55:18 host sshd[20360]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 17:55:20 host sshd[20360]: Failed password for invalid user root from 62.233.50.248 port 49283 ssh2
Jan 16 17:55:20 host sshd[20360]: Received disconnect from 62.233.50.248 port 49283:11: Client disconnecting normally [preauth]
Jan 16 17:55:20 host sshd[20360]: Disconnected from 62.233.50.248 port 49283 [preauth]
Jan 16 18:18:15 host sshd[23688]: Invalid user nexidigital from 51.222.32.202 port 50518
Jan 16 18:18:15 host sshd[23688]: input_userauth_request: invalid user nexidigital [preauth]
Jan 16 18:18:15 host sshd[23688]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:18:15 host sshd[23688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.222.32.202
Jan 16 18:18:17 host sshd[23688]: Failed password for invalid user nexidigital from 51.222.32.202 port 50518 ssh2
Jan 16 18:18:18 host sshd[23688]: Connection closed by 51.222.32.202 port 50518 [preauth]
Jan 16 18:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 18:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 18:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkaretakers user-2=cochintaxi user-3=a2zgroup user-4=dartsimp user-5=laundryboniface user-6=wwwpmcresource user-7=travelboniface user-8=ugotscom user-9=wwwresourcehunte user-10=keralaholi user-11=wwwrmswll user-12=disposeat user-13=wwwkmaorg user-14=remysagr user-15=woodpeck user-16=wwwkapin user-17=shalinijames user-18=wwwtestugo user-19=vfmassets user-20=pmcresources user-21=wwwevmhonda user-22=bonifacegroup user-23=straightcurve user-24=wwwletsstalkfood user-25=kottayamcalldriv user-26=phmetals user-27=palco123 user-28=gifterman user-29=wwwnexidigital user-30=mrsclean feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 18:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-eFVVeMJR0gGDp1Cr.~
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-eFVVeMJR0gGDp1Cr.~'
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-eFVVeMJR0gGDp1Cr.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 18:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 18:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 18:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 18:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 18:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 18:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 18:23:31 host sshd[24587]: Invalid user admin from 125.228.195.106 port 38651
Jan 16 18:23:31 host sshd[24587]: input_userauth_request: invalid user admin [preauth]
Jan 16 18:23:31 host sshd[24587]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:23:31 host sshd[24587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.195.106
Jan 16 18:23:33 host sshd[24587]: Failed password for invalid user admin from 125.228.195.106 port 38651 ssh2
Jan 16 18:23:34 host sshd[24587]: Connection reset by 125.228.195.106 port 38651 [preauth]
Jan 16 18:25:21 host sshd[24768]: Connection closed by 172.105.128.11 port 49932 [preauth]
Jan 16 18:25:22 host sshd[24774]: Did not receive identification string from 172.105.128.11 port 57870
Jan 16 18:25:23 host sshd[24776]: Did not receive identification string from 172.105.128.11 port 57876
Jan 16 18:32:53 host sshd[25760]: Invalid user support from 121.183.220.151 port 41444
Jan 16 18:32:53 host sshd[25760]: input_userauth_request: invalid user support [preauth]
Jan 16 18:32:53 host sshd[25760]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:32:53 host sshd[25760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.183.220.151
Jan 16 18:32:55 host sshd[25760]: Failed password for invalid user support from 121.183.220.151 port 41444 ssh2
Jan 16 18:32:56 host sshd[25760]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:32:58 host sshd[25760]: Failed password for invalid user support from 121.183.220.151 port 41444 ssh2
Jan 16 18:33:00 host sshd[25760]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:33:02 host sshd[25760]: Failed password for invalid user support from 121.183.220.151 port 41444 ssh2
Jan 16 18:33:03 host sshd[25760]: Failed password for invalid user support from 121.183.220.151 port 41444 ssh2
Jan 16 18:36:16 host sshd[26296]: Connection reset by 59.127.237.234 port 45926 [preauth]
Jan 16 18:44:07 host sshd[27360]: Invalid user puy from 58.75.221.5 port 37220
Jan 16 18:44:07 host sshd[27360]: input_userauth_request: invalid user puy [preauth]
Jan 16 18:44:07 host sshd[27360]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:44:07 host sshd[27360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.75.221.5
Jan 16 18:44:09 host sshd[27360]: Failed password for invalid user puy from 58.75.221.5 port 37220 ssh2
Jan 16 18:44:09 host sshd[27360]: Received disconnect from 58.75.221.5 port 37220:11: Bye Bye [preauth]
Jan 16 18:44:09 host sshd[27360]: Disconnected from 58.75.221.5 port 37220 [preauth]
Jan 16 18:44:20 host sshd[27398]: Invalid user xqe from 66.98.112.247 port 43952
Jan 16 18:44:20 host sshd[27398]: input_userauth_request: invalid user xqe [preauth]
Jan 16 18:44:20 host sshd[27398]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:44:20 host sshd[27398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.98.112.247
Jan 16 18:44:22 host sshd[27398]: Failed password for invalid user xqe from 66.98.112.247 port 43952 ssh2
Jan 16 18:44:23 host sshd[27398]: Received disconnect from 66.98.112.247 port 43952:11: Bye Bye [preauth]
Jan 16 18:44:23 host sshd[27398]: Disconnected from 66.98.112.247 port 43952 [preauth]
Jan 16 18:44:23 host sshd[27408]: Invalid user rnq from 167.99.78.16 port 45272
Jan 16 18:44:23 host sshd[27408]: input_userauth_request: invalid user rnq [preauth]
Jan 16 18:44:23 host sshd[27408]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:44:23 host sshd[27408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.78.16
Jan 16 18:44:25 host sshd[27408]: Failed password for invalid user rnq from 167.99.78.16 port 45272 ssh2
Jan 16 18:44:25 host sshd[27408]: Received disconnect from 167.99.78.16 port 45272:11: Bye Bye [preauth]
Jan 16 18:44:25 host sshd[27408]: Disconnected from 167.99.78.16 port 45272 [preauth]
Jan 16 18:44:35 host sshd[27445]: Invalid user sdt from 157.230.178.127 port 58270
Jan 16 18:44:35 host sshd[27445]: input_userauth_request: invalid user sdt [preauth]
Jan 16 18:44:35 host sshd[27445]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:44:35 host sshd[27445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.178.127
Jan 16 18:44:36 host sshd[27445]: Failed password for invalid user sdt from 157.230.178.127 port 58270 ssh2
Jan 16 18:44:37 host sshd[27445]: Received disconnect from 157.230.178.127 port 58270:11: Bye Bye [preauth]
Jan 16 18:44:37 host sshd[27445]: Disconnected from 157.230.178.127 port 58270 [preauth]
Jan 16 18:46:35 host sshd[27830]: Invalid user admin from 113.169.124.61 port 47163
Jan 16 18:46:35 host sshd[27830]: input_userauth_request: invalid user admin [preauth]
Jan 16 18:46:35 host sshd[27830]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:46:35 host sshd[27830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.169.124.61
Jan 16 18:46:38 host sshd[27830]: Failed password for invalid user admin from 113.169.124.61 port 47163 ssh2
Jan 16 18:46:38 host sshd[27830]: Failed password for invalid user admin from 113.169.124.61 port 47163 ssh2
Jan 16 18:46:38 host sshd[27830]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:46:41 host sshd[27830]: Failed password for invalid user admin from 113.169.124.61 port 47163 ssh2
Jan 16 18:46:41 host sshd[27830]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:46:42 host sshd[27842]: Invalid user admin from 195.226.194.242 port 16578
Jan 16 18:46:42 host sshd[27842]: input_userauth_request: invalid user admin [preauth]
Jan 16 18:46:42 host sshd[27842]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:46:42 host sshd[27842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 16 18:46:44 host sshd[27842]: Failed password for invalid user admin from 195.226.194.242 port 16578 ssh2
Jan 16 18:46:44 host sshd[27830]: Failed password for invalid user admin from 113.169.124.61 port 47163 ssh2
Jan 16 18:46:44 host sshd[27847]: Invalid user ili from 37.44.238.165 port 59436
Jan 16 18:46:44 host sshd[27847]: input_userauth_request: invalid user ili [preauth]
Jan 16 18:46:44 host sshd[27847]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:46:44 host sshd[27847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.44.238.165
Jan 16 18:46:44 host sshd[27842]: Received disconnect from 195.226.194.242 port 16578:11: Bye Bye [preauth]
Jan 16 18:46:44 host sshd[27842]: Disconnected from 195.226.194.242 port 16578 [preauth]
Jan 16 18:46:44 host sshd[27830]: Connection reset by 113.169.124.61 port 47163 [preauth]
Jan 16 18:46:44 host sshd[27830]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.169.124.61
Jan 16 18:46:46 host sshd[27847]: Failed password for invalid user ili from 37.44.238.165 port 59436 ssh2
Jan 16 18:46:46 host sshd[27847]: Received disconnect from 37.44.238.165 port 59436:11: Bye Bye [preauth]
Jan 16 18:46:46 host sshd[27847]: Disconnected from 37.44.238.165 port 59436 [preauth]
Jan 16 18:48:35 host sshd[28123]: Invalid user oyw from 43.153.81.142 port 34310
Jan 16 18:48:35 host sshd[28123]: input_userauth_request: invalid user oyw [preauth]
Jan 16 18:48:35 host sshd[28123]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:48:35 host sshd[28123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.81.142
Jan 16 18:48:37 host sshd[28123]: Failed password for invalid user oyw from 43.153.81.142 port 34310 ssh2
Jan 16 18:48:37 host sshd[28123]: Received disconnect from 43.153.81.142 port 34310:11: Bye Bye [preauth]
Jan 16 18:48:37 host sshd[28123]: Disconnected from 43.153.81.142 port 34310 [preauth]
Jan 16 18:49:06 host sshd[28194]: Invalid user zhh from 201.48.78.29 port 37262
Jan 16 18:49:06 host sshd[28194]: input_userauth_request: invalid user zhh [preauth]
Jan 16 18:49:06 host sshd[28194]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:49:06 host sshd[28194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29
Jan 16 18:49:08 host sshd[28194]: Failed password for invalid user zhh from 201.48.78.29 port 37262 ssh2
Jan 16 18:49:08 host sshd[28194]: Received disconnect from 201.48.78.29 port 37262:11: Bye Bye [preauth]
Jan 16 18:49:08 host sshd[28194]: Disconnected from 201.48.78.29 port 37262 [preauth]
Jan 16 18:49:42 host sshd[28276]: Invalid user wno from 66.98.112.247 port 43550
Jan 16 18:49:42 host sshd[28276]: input_userauth_request: invalid user wno [preauth]
Jan 16 18:49:42 host sshd[28276]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:49:42 host sshd[28276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.98.112.247
Jan 16 18:49:44 host sshd[28276]: Failed password for invalid user wno from 66.98.112.247 port 43550 ssh2
Jan 16 18:49:45 host sshd[28276]: Received disconnect from 66.98.112.247 port 43550:11: Bye Bye [preauth]
Jan 16 18:49:45 host sshd[28276]: Disconnected from 66.98.112.247 port 43550 [preauth]
Jan 16 18:49:45 host sshd[28281]: Invalid user myf from 58.75.221.5 port 36248
Jan 16 18:49:45 host sshd[28281]: input_userauth_request: invalid user myf [preauth]
Jan 16 18:49:45 host sshd[28281]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:49:45 host sshd[28281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.75.221.5
Jan 16 18:49:47 host sshd[28281]: Failed password for invalid user myf from 58.75.221.5 port 36248 ssh2
Jan 16 18:49:47 host sshd[28281]: Received disconnect from 58.75.221.5 port 36248:11: Bye Bye [preauth]
Jan 16 18:49:47 host sshd[28281]: Disconnected from 58.75.221.5 port 36248 [preauth]
Jan 16 18:49:59 host sshd[28313]: Invalid user asx from 8.213.129.130 port 37568
Jan 16 18:49:59 host sshd[28313]: input_userauth_request: invalid user asx [preauth]
Jan 16 18:49:59 host sshd[28313]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:49:59 host sshd[28313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.129.130
Jan 16 18:50:01 host sshd[28313]: Failed password for invalid user asx from 8.213.129.130 port 37568 ssh2
Jan 16 18:50:02 host sshd[28345]: Invalid user urv from 37.44.238.165 port 51678
Jan 16 18:50:02 host sshd[28345]: input_userauth_request: invalid user urv [preauth]
Jan 16 18:50:02 host sshd[28345]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:50:02 host sshd[28345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.44.238.165
Jan 16 18:50:02 host sshd[28313]: Received disconnect from 8.213.129.130 port 37568:11: Bye Bye [preauth]
Jan 16 18:50:02 host sshd[28313]: Disconnected from 8.213.129.130 port 37568 [preauth]
Jan 16 18:50:04 host sshd[28345]: Failed password for invalid user urv from 37.44.238.165 port 51678 ssh2
Jan 16 18:50:04 host sshd[28345]: Received disconnect from 37.44.238.165 port 51678:11: Bye Bye [preauth]
Jan 16 18:50:04 host sshd[28345]: Disconnected from 37.44.238.165 port 51678 [preauth]
Jan 16 18:50:17 host sshd[28378]: Invalid user nqn from 157.230.178.127 port 55080
Jan 16 18:50:17 host sshd[28378]: input_userauth_request: invalid user nqn [preauth]
Jan 16 18:50:17 host sshd[28378]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:50:17 host sshd[28378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.178.127
Jan 16 18:50:18 host sshd[28378]: Failed password for invalid user nqn from 157.230.178.127 port 55080 ssh2
Jan 16 18:50:19 host sshd[28378]: Received disconnect from 157.230.178.127 port 55080:11: Bye Bye [preauth]
Jan 16 18:50:19 host sshd[28378]: Disconnected from 157.230.178.127 port 55080 [preauth]
Jan 16 18:50:48 host sshd[28451]: Invalid user stu from 66.98.112.247 port 42006
Jan 16 18:50:48 host sshd[28451]: input_userauth_request: invalid user stu [preauth]
Jan 16 18:50:48 host sshd[28451]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:50:48 host sshd[28451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.98.112.247
Jan 16 18:50:50 host sshd[28451]: Failed password for invalid user stu from 66.98.112.247 port 42006 ssh2
Jan 16 18:50:50 host sshd[28451]: Received disconnect from 66.98.112.247 port 42006:11: Bye Bye [preauth]
Jan 16 18:50:50 host sshd[28451]: Disconnected from 66.98.112.247 port 42006 [preauth]
Jan 16 18:51:06 host sshd[28635]: Invalid user stu from 37.44.238.165 port 38416
Jan 16 18:51:06 host sshd[28635]: input_userauth_request: invalid user stu [preauth]
Jan 16 18:51:06 host sshd[28635]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:51:06 host sshd[28635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.44.238.165
Jan 16 18:51:07 host sshd[28638]: Invalid user sdt from 43.153.81.142 port 38802
Jan 16 18:51:07 host sshd[28638]: input_userauth_request: invalid user sdt [preauth]
Jan 16 18:51:07 host sshd[28638]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:51:07 host sshd[28638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.81.142
Jan 16 18:51:07 host sshd[28640]: Invalid user wre from 58.75.221.5 port 32950
Jan 16 18:51:07 host sshd[28640]: input_userauth_request: invalid user wre [preauth]
Jan 16 18:51:07 host sshd[28640]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:51:07 host sshd[28640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.75.221.5
Jan 16 18:51:07 host sshd[28635]: Failed password for invalid user stu from 37.44.238.165 port 38416 ssh2
Jan 16 18:51:08 host sshd[28635]: Received disconnect from 37.44.238.165 port 38416:11: Bye Bye [preauth]
Jan 16 18:51:08 host sshd[28635]: Disconnected from 37.44.238.165 port 38416 [preauth]
Jan 16 18:51:09 host sshd[28638]: Failed password for invalid user sdt from 43.153.81.142 port 38802 ssh2
Jan 16 18:51:10 host sshd[28640]: Failed password for invalid user wre from 58.75.221.5 port 32950 ssh2
Jan 16 18:51:10 host sshd[28638]: Received disconnect from 43.153.81.142 port 38802:11: Bye Bye [preauth]
Jan 16 18:51:10 host sshd[28638]: Disconnected from 43.153.81.142 port 38802 [preauth]
Jan 16 18:51:10 host sshd[28640]: Received disconnect from 58.75.221.5 port 32950:11: Bye Bye [preauth]
Jan 16 18:51:10 host sshd[28640]: Disconnected from 58.75.221.5 port 32950 [preauth]
Jan 16 18:51:17 host sshd[28712]: Invalid user xqe from 157.230.178.127 port 49310
Jan 16 18:51:17 host sshd[28712]: input_userauth_request: invalid user xqe [preauth]
Jan 16 18:51:17 host sshd[28712]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:51:17 host sshd[28712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.178.127
Jan 16 18:51:19 host sshd[28712]: Failed password for invalid user xqe from 157.230.178.127 port 49310 ssh2
Jan 16 18:51:19 host sshd[28712]: Received disconnect from 157.230.178.127 port 49310:11: Bye Bye [preauth]
Jan 16 18:51:19 host sshd[28712]: Disconnected from 157.230.178.127 port 49310 [preauth]
Jan 16 18:51:20 host sshd[28721]: Invalid user stu from 167.99.78.16 port 44202
Jan 16 18:51:20 host sshd[28721]: input_userauth_request: invalid user stu [preauth]
Jan 16 18:51:20 host sshd[28721]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:51:20 host sshd[28721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.78.16
Jan 16 18:51:22 host sshd[28721]: Failed password for invalid user stu from 167.99.78.16 port 44202 ssh2
Jan 16 18:51:22 host sshd[28721]: Received disconnect from 167.99.78.16 port 44202:11: Bye Bye [preauth]
Jan 16 18:51:22 host sshd[28721]: Disconnected from 167.99.78.16 port 44202 [preauth]
Jan 16 18:51:40 host sshd[28815]: Invalid user myf from 201.48.78.29 port 52391
Jan 16 18:51:40 host sshd[28815]: input_userauth_request: invalid user myf [preauth]
Jan 16 18:51:40 host sshd[28815]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:51:40 host sshd[28815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29
Jan 16 18:51:42 host sshd[28815]: Failed password for invalid user myf from 201.48.78.29 port 52391 ssh2
Jan 16 18:51:42 host sshd[28815]: Received disconnect from 201.48.78.29 port 52391:11: Bye Bye [preauth]
Jan 16 18:51:42 host sshd[28815]: Disconnected from 201.48.78.29 port 52391 [preauth]
Jan 16 18:52:11 host sshd[28895]: Invalid user yuu from 43.153.81.142 port 33508
Jan 16 18:52:11 host sshd[28895]: input_userauth_request: invalid user yuu [preauth]
Jan 16 18:52:11 host sshd[28895]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:52:11 host sshd[28895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.81.142
Jan 16 18:52:13 host sshd[28895]: Failed password for invalid user yuu from 43.153.81.142 port 33508 ssh2
Jan 16 18:52:13 host sshd[28895]: Received disconnect from 43.153.81.142 port 33508:11: Bye Bye [preauth]
Jan 16 18:52:13 host sshd[28895]: Disconnected from 43.153.81.142 port 33508 [preauth]
Jan 16 18:52:41 host sshd[28980]: Invalid user phj from 167.99.78.16 port 38332
Jan 16 18:52:41 host sshd[28980]: input_userauth_request: invalid user phj [preauth]
Jan 16 18:52:41 host sshd[28980]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:52:41 host sshd[28980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.78.16
Jan 16 18:52:43 host sshd[28980]: Failed password for invalid user phj from 167.99.78.16 port 38332 ssh2
Jan 16 18:52:43 host sshd[28980]: Received disconnect from 167.99.78.16 port 38332:11: Bye Bye [preauth]
Jan 16 18:52:43 host sshd[28980]: Disconnected from 167.99.78.16 port 38332 [preauth]
Jan 16 18:53:01 host sshd[29047]: Invalid user uxc from 201.48.78.29 port 35431
Jan 16 18:53:01 host sshd[29047]: input_userauth_request: invalid user uxc [preauth]
Jan 16 18:53:01 host sshd[29047]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:53:01 host sshd[29047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.78.29
Jan 16 18:53:03 host sshd[29047]: Failed password for invalid user uxc from 201.48.78.29 port 35431 ssh2
Jan 16 18:53:03 host sshd[29047]: Received disconnect from 201.48.78.29 port 35431:11: Bye Bye [preauth]
Jan 16 18:53:03 host sshd[29047]: Disconnected from 201.48.78.29 port 35431 [preauth]
Jan 16 18:54:17 host sshd[29223]: Did not receive identification string from 87.236.176.114 port 34229
Jan 16 18:54:18 host sshd[29227]: Connection closed by 87.236.176.114 port 40369 [preauth]
Jan 16 18:54:38 host sshd[29276]: Invalid user zyfwp from 106.105.164.18 port 54507
Jan 16 18:54:38 host sshd[29276]: input_userauth_request: invalid user zyfwp [preauth]
Jan 16 18:54:38 host sshd[29276]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:54:38 host sshd[29276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.105.164.18
Jan 16 18:54:40 host sshd[29276]: Failed password for invalid user zyfwp from 106.105.164.18 port 54507 ssh2
Jan 16 18:54:40 host sshd[29276]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:54:42 host sshd[29276]: Failed password for invalid user zyfwp from 106.105.164.18 port 54507 ssh2
Jan 16 18:54:43 host sshd[29276]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:54:46 host sshd[29276]: Failed password for invalid user zyfwp from 106.105.164.18 port 54507 ssh2
Jan 16 18:54:46 host sshd[29276]: Connection closed by 106.105.164.18 port 54507 [preauth]
Jan 16 18:54:46 host sshd[29276]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.105.164.18
Jan 16 18:56:52 host sshd[29599]: Invalid user phs from 8.213.129.130 port 55128
Jan 16 18:56:52 host sshd[29599]: input_userauth_request: invalid user phs [preauth]
Jan 16 18:56:52 host sshd[29599]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:56:52 host sshd[29599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.129.130
Jan 16 18:56:54 host sshd[29599]: Failed password for invalid user phs from 8.213.129.130 port 55128 ssh2
Jan 16 18:56:54 host sshd[29599]: Received disconnect from 8.213.129.130 port 55128:11: Bye Bye [preauth]
Jan 16 18:56:54 host sshd[29599]: Disconnected from 8.213.129.130 port 55128 [preauth]
Jan 16 18:57:27 host sshd[29659]: Invalid user xcj from 91.122.197.235 port 58032
Jan 16 18:57:27 host sshd[29659]: input_userauth_request: invalid user xcj [preauth]
Jan 16 18:57:27 host sshd[29659]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:57:27 host sshd[29659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.122.197.235
Jan 16 18:57:29 host sshd[29659]: Failed password for invalid user xcj from 91.122.197.235 port 58032 ssh2
Jan 16 18:57:29 host sshd[29659]: Received disconnect from 91.122.197.235 port 58032:11: Bye Bye [preauth]
Jan 16 18:57:29 host sshd[29659]: Disconnected from 91.122.197.235 port 58032 [preauth]
Jan 16 18:58:12 host sshd[29772]: Invalid user tau from 62.84.125.211 port 39694
Jan 16 18:58:12 host sshd[29772]: input_userauth_request: invalid user tau [preauth]
Jan 16 18:58:12 host sshd[29772]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:58:12 host sshd[29772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.84.125.211
Jan 16 18:58:13 host sshd[29775]: Invalid user one from 80.85.241.81 port 56124
Jan 16 18:58:13 host sshd[29775]: input_userauth_request: invalid user one [preauth]
Jan 16 18:58:13 host sshd[29775]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:58:13 host sshd[29775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.85.241.81
Jan 16 18:58:13 host sshd[29772]: Failed password for invalid user tau from 62.84.125.211 port 39694 ssh2
Jan 16 18:58:13 host sshd[29772]: Received disconnect from 62.84.125.211 port 39694:11: Bye Bye [preauth]
Jan 16 18:58:13 host sshd[29772]: Disconnected from 62.84.125.211 port 39694 [preauth]
Jan 16 18:58:14 host sshd[29775]: Failed password for invalid user one from 80.85.241.81 port 56124 ssh2
Jan 16 18:58:15 host sshd[29775]: Received disconnect from 80.85.241.81 port 56124:11: Bye Bye [preauth]
Jan 16 18:58:15 host sshd[29775]: Disconnected from 80.85.241.81 port 56124 [preauth]
Jan 16 18:58:54 host sshd[29851]: Connection reset by 58.187.63.131 port 48198 [preauth]
Jan 16 18:59:09 host sshd[29878]: Invalid user rdl from 158.69.111.17 port 45460
Jan 16 18:59:09 host sshd[29878]: input_userauth_request: invalid user rdl [preauth]
Jan 16 18:59:09 host sshd[29878]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:59:09 host sshd[29878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.111.17
Jan 16 18:59:12 host sshd[29878]: Failed password for invalid user rdl from 158.69.111.17 port 45460 ssh2
Jan 16 18:59:12 host sshd[29878]: Received disconnect from 158.69.111.17 port 45460:11: Bye Bye [preauth]
Jan 16 18:59:12 host sshd[29878]: Disconnected from 158.69.111.17 port 45460 [preauth]
Jan 16 18:59:44 host sshd[29938]: Invalid user slp from 147.182.185.141 port 44160
Jan 16 18:59:44 host sshd[29938]: input_userauth_request: invalid user slp [preauth]
Jan 16 18:59:44 host sshd[29938]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:59:44 host sshd[29938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.185.141
Jan 16 18:59:46 host sshd[29938]: Failed password for invalid user slp from 147.182.185.141 port 44160 ssh2
Jan 16 18:59:46 host sshd[29938]: Received disconnect from 147.182.185.141 port 44160:11: Bye Bye [preauth]
Jan 16 18:59:46 host sshd[29938]: Disconnected from 147.182.185.141 port 44160 [preauth]
Jan 16 18:59:53 host sshd[29957]: Invalid user xpy from 8.213.129.130 port 49684
Jan 16 18:59:53 host sshd[29957]: input_userauth_request: invalid user xpy [preauth]
Jan 16 18:59:53 host sshd[29957]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 18:59:53 host sshd[29957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.129.130
Jan 16 18:59:55 host sshd[29957]: Failed password for invalid user xpy from 8.213.129.130 port 49684 ssh2
Jan 16 18:59:55 host sshd[29957]: Received disconnect from 8.213.129.130 port 49684:11: Bye Bye [preauth]
Jan 16 18:59:55 host sshd[29957]: Disconnected from 8.213.129.130 port 49684 [preauth]
Jan 16 19:00:09 host sshd[30054]: Invalid user cry from 128.199.33.46 port 42838
Jan 16 19:00:09 host sshd[30054]: input_userauth_request: invalid user cry [preauth]
Jan 16 19:00:09 host sshd[30054]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:00:09 host sshd[30054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.33.46
Jan 16 19:00:11 host sshd[30054]: Failed password for invalid user cry from 128.199.33.46 port 42838 ssh2
Jan 16 19:00:12 host sshd[30054]: Received disconnect from 128.199.33.46 port 42838:11: Bye Bye [preauth]
Jan 16 19:00:12 host sshd[30054]: Disconnected from 128.199.33.46 port 42838 [preauth]
Jan 16 19:02:31 host sshd[30450]: Invalid user her from 80.85.241.81 port 47534
Jan 16 19:02:31 host sshd[30450]: input_userauth_request: invalid user her [preauth]
Jan 16 19:02:31 host sshd[30450]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:02:31 host sshd[30450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.85.241.81
Jan 16 19:02:32 host sshd[30450]: Failed password for invalid user her from 80.85.241.81 port 47534 ssh2
Jan 16 19:02:33 host sshd[30450]: Received disconnect from 80.85.241.81 port 47534:11: Bye Bye [preauth]
Jan 16 19:02:33 host sshd[30450]: Disconnected from 80.85.241.81 port 47534 [preauth]
Jan 16 19:02:39 host sshd[30459]: Invalid user gvt from 91.122.197.235 port 42600
Jan 16 19:02:39 host sshd[30459]: input_userauth_request: invalid user gvt [preauth]
Jan 16 19:02:39 host sshd[30459]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:02:39 host sshd[30459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.122.197.235
Jan 16 19:02:42 host sshd[30459]: Failed password for invalid user gvt from 91.122.197.235 port 42600 ssh2
Jan 16 19:02:42 host sshd[30459]: Received disconnect from 91.122.197.235 port 42600:11: Bye Bye [preauth]
Jan 16 19:02:42 host sshd[30459]: Disconnected from 91.122.197.235 port 42600 [preauth]
Jan 16 19:03:13 host sshd[30531]: Invalid user yhv from 128.199.33.46 port 54590
Jan 16 19:03:13 host sshd[30531]: input_userauth_request: invalid user yhv [preauth]
Jan 16 19:03:13 host sshd[30531]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:03:13 host sshd[30531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.33.46
Jan 16 19:03:14 host sshd[30535]: Invalid user blm from 158.69.111.17 port 37586
Jan 16 19:03:14 host sshd[30535]: input_userauth_request: invalid user blm [preauth]
Jan 16 19:03:14 host sshd[30535]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:03:14 host sshd[30535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.111.17
Jan 16 19:03:15 host sshd[30531]: Failed password for invalid user yhv from 128.199.33.46 port 54590 ssh2
Jan 16 19:03:15 host sshd[30531]: Received disconnect from 128.199.33.46 port 54590:11: Bye Bye [preauth]
Jan 16 19:03:15 host sshd[30531]: Disconnected from 128.199.33.46 port 54590 [preauth]
Jan 16 19:03:17 host sshd[30535]: Failed password for invalid user blm from 158.69.111.17 port 37586 ssh2
Jan 16 19:03:17 host sshd[30535]: Received disconnect from 158.69.111.17 port 37586:11: Bye Bye [preauth]
Jan 16 19:03:17 host sshd[30535]: Disconnected from 158.69.111.17 port 37586 [preauth]
Jan 16 19:03:32 host sshd[30584]: Invalid user het from 62.84.125.211 port 36296
Jan 16 19:03:32 host sshd[30584]: input_userauth_request: invalid user het [preauth]
Jan 16 19:03:32 host sshd[30584]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:03:32 host sshd[30584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.84.125.211
Jan 16 19:03:34 host sshd[30584]: Failed password for invalid user het from 62.84.125.211 port 36296 ssh2
Jan 16 19:03:34 host sshd[30584]: Received disconnect from 62.84.125.211 port 36296:11: Bye Bye [preauth]
Jan 16 19:03:34 host sshd[30584]: Disconnected from 62.84.125.211 port 36296 [preauth]
Jan 16 19:03:39 host sshd[30599]: Invalid user brl from 80.85.241.81 port 45914
Jan 16 19:03:39 host sshd[30599]: input_userauth_request: invalid user brl [preauth]
Jan 16 19:03:39 host sshd[30599]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:03:39 host sshd[30599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.85.241.81
Jan 16 19:03:41 host sshd[30599]: Failed password for invalid user brl from 80.85.241.81 port 45914 ssh2
Jan 16 19:03:46 host sshd[30637]: Invalid user sop from 147.182.185.141 port 44312
Jan 16 19:03:46 host sshd[30637]: input_userauth_request: invalid user sop [preauth]
Jan 16 19:03:46 host sshd[30637]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:03:46 host sshd[30637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.185.141
Jan 16 19:03:48 host sshd[30637]: Failed password for invalid user sop from 147.182.185.141 port 44312 ssh2
Jan 16 19:03:48 host sshd[30637]: Received disconnect from 147.182.185.141 port 44312:11: Bye Bye [preauth]
Jan 16 19:03:48 host sshd[30637]: Disconnected from 147.182.185.141 port 44312 [preauth]
Jan 16 19:04:02 host sshd[30657]: Invalid user iwx from 91.122.197.235 port 49602
Jan 16 19:04:02 host sshd[30657]: input_userauth_request: invalid user iwx [preauth]
Jan 16 19:04:02 host sshd[30657]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:04:02 host sshd[30657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.122.197.235
Jan 16 19:04:04 host sshd[30657]: Failed password for invalid user iwx from 91.122.197.235 port 49602 ssh2
Jan 16 19:04:04 host sshd[30657]: Received disconnect from 91.122.197.235 port 49602:11: Bye Bye [preauth]
Jan 16 19:04:04 host sshd[30657]: Disconnected from 91.122.197.235 port 49602 [preauth]
Jan 16 19:04:15 host sshd[30712]: Invalid user rjd from 158.69.111.17 port 33048
Jan 16 19:04:15 host sshd[30712]: input_userauth_request: invalid user rjd [preauth]
Jan 16 19:04:15 host sshd[30712]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:04:15 host sshd[30712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.111.17
Jan 16 19:04:17 host sshd[30712]: Failed password for invalid user rjd from 158.69.111.17 port 33048 ssh2
Jan 16 19:04:19 host sshd[30748]: Invalid user het from 128.199.33.46 port 53102
Jan 16 19:04:19 host sshd[30748]: input_userauth_request: invalid user het [preauth]
Jan 16 19:04:19 host sshd[30748]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:04:19 host sshd[30748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.33.46
Jan 16 19:04:21 host sshd[30748]: Failed password for invalid user het from 128.199.33.46 port 53102 ssh2
Jan 16 19:04:40 host sshd[30829]: Invalid user mwo from 62.84.125.211 port 33196
Jan 16 19:04:40 host sshd[30829]: input_userauth_request: invalid user mwo [preauth]
Jan 16 19:04:40 host sshd[30829]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:04:40 host sshd[30829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.84.125.211
Jan 16 19:04:43 host sshd[30829]: Failed password for invalid user mwo from 62.84.125.211 port 33196 ssh2
Jan 16 19:05:44 host sshd[30986]: Invalid user rdc from 147.182.185.141 port 44404
Jan 16 19:05:44 host sshd[30986]: input_userauth_request: invalid user rdc [preauth]
Jan 16 19:05:44 host sshd[30986]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:05:44 host sshd[30986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.185.141
Jan 16 19:05:47 host sshd[30986]: Failed password for invalid user rdc from 147.182.185.141 port 44404 ssh2
Jan 16 19:09:01 host sshd[31451]: Invalid user admin from 61.65.230.124 port 46413
Jan 16 19:09:01 host sshd[31451]: input_userauth_request: invalid user admin [preauth]
Jan 16 19:09:01 host sshd[31451]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:09:01 host sshd[31451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.65.230.124
Jan 16 19:09:03 host sshd[31451]: Failed password for invalid user admin from 61.65.230.124 port 46413 ssh2
Jan 16 19:09:04 host sshd[31451]: Connection reset by 61.65.230.124 port 46413 [preauth]
Jan 16 19:09:54 host sshd[31552]: Invalid user pi from 114.33.167.224 port 37778
Jan 16 19:09:54 host sshd[31552]: input_userauth_request: invalid user pi [preauth]
Jan 16 19:09:54 host sshd[31552]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:09:54 host sshd[31552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.167.224
Jan 16 19:09:56 host sshd[31552]: Failed password for invalid user pi from 114.33.167.224 port 37778 ssh2
Jan 16 19:09:57 host sshd[31552]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:09:59 host sshd[31552]: Failed password for invalid user pi from 114.33.167.224 port 37778 ssh2
Jan 16 19:09:59 host sshd[31552]: Connection reset by 114.33.167.224 port 37778 [preauth]
Jan 16 19:09:59 host sshd[31552]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.167.224
Jan 16 19:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 19:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=bonifacegroup user-2=wwwevmhonda user-3=wwwletsstalkfood user-4=straightcurve user-5=gifterman user-6=palco123 user-7=phmetals user-8=kottayamcalldriv user-9=wwwnexidigital user-10=mrsclean user-11=remysagr user-12=disposeat user-13=wwwkmaorg user-14=wwwkapin user-15=woodpeck user-16=vfmassets user-17=wwwtestugo user-18=shalinijames user-19=pmcresources user-20=wwwpmcresource user-21=travelboniface user-22=wwwrmswll user-23=wwwresourcehunte user-24=keralaholi user-25=ugotscom user-26=wwwkaretakers user-27=cochintaxi user-28=dartsimp user-29=a2zgroup user-30=laundryboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 19:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-orSJLTiv4WNqAFbH.~
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-orSJLTiv4WNqAFbH.~'
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-orSJLTiv4WNqAFbH.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 19:21:08 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 19:21:08 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 19:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 19:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 19:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 19:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 19:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 19:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 19:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 19:23:25 host sshd[1543]: Invalid user fb from 194.110.203.109 port 48378
Jan 16 19:23:25 host sshd[1543]: input_userauth_request: invalid user fb [preauth]
Jan 16 19:23:25 host sshd[1543]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:23:25 host sshd[1543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 19:23:27 host sshd[1543]: Failed password for invalid user fb from 194.110.203.109 port 48378 ssh2
Jan 16 19:23:31 host sshd[1543]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:23:32 host sshd[1543]: Failed password for invalid user fb from 194.110.203.109 port 48378 ssh2
Jan 16 19:23:36 host sshd[1543]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:23:38 host sshd[1543]: Failed password for invalid user fb from 194.110.203.109 port 48378 ssh2
Jan 16 19:23:41 host sshd[1543]: Connection closed by 194.110.203.109 port 48378 [preauth]
Jan 16 19:23:41 host sshd[1543]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 19:24:27 host sshd[1654]: Connection closed by 167.248.133.62 port 46296 [preauth]
Jan 16 19:32:21 host sshd[2954]: Invalid user nginx from 112.144.156.103 port 46155
Jan 16 19:32:21 host sshd[2954]: input_userauth_request: invalid user nginx [preauth]
Jan 16 19:32:21 host sshd[2954]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:32:21 host sshd[2954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.144.156.103
Jan 16 19:32:23 host sshd[2954]: Failed password for invalid user nginx from 112.144.156.103 port 46155 ssh2
Jan 16 19:32:24 host sshd[2954]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:32:25 host sshd[2954]: Failed password for invalid user nginx from 112.144.156.103 port 46155 ssh2
Jan 16 19:32:26 host sshd[2954]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:32:28 host sshd[2954]: Failed password for invalid user nginx from 112.144.156.103 port 46155 ssh2
Jan 16 19:32:29 host sshd[2954]: Failed password for invalid user nginx from 112.144.156.103 port 46155 ssh2
Jan 16 19:32:30 host sshd[2954]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:32:32 host sshd[2954]: Failed password for invalid user nginx from 112.144.156.103 port 46155 ssh2
Jan 16 19:46:02 host sshd[5217]: Invalid user john from 195.226.194.242 port 32574
Jan 16 19:46:02 host sshd[5217]: input_userauth_request: invalid user john [preauth]
Jan 16 19:46:02 host sshd[5217]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:46:02 host sshd[5217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 16 19:46:04 host sshd[5217]: Failed password for invalid user john from 195.226.194.242 port 32574 ssh2
Jan 16 19:46:04 host sshd[5217]: Received disconnect from 195.226.194.242 port 32574:11: Bye Bye [preauth]
Jan 16 19:46:04 host sshd[5217]: Disconnected from 195.226.194.242 port 32574 [preauth]
Jan 16 19:52:43 host sshd[6199]: Invalid user super from 220.93.247.56 port 41847
Jan 16 19:52:43 host sshd[6199]: input_userauth_request: invalid user super [preauth]
Jan 16 19:52:43 host sshd[6199]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 19:52:43 host sshd[6199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.93.247.56
Jan 16 19:52:45 host sshd[6199]: Failed password for invalid user super from 220.93.247.56 port 41847 ssh2
Jan 16 20:02:11 host sshd[7509]: Invalid user admin from 112.185.120.208 port 60716
Jan 16 20:02:11 host sshd[7509]: input_userauth_request: invalid user admin [preauth]
Jan 16 20:02:11 host sshd[7509]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 20:02:11 host sshd[7509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.185.120.208
Jan 16 20:02:14 host sshd[7509]: Failed password for invalid user admin from 112.185.120.208 port 60716 ssh2
Jan 16 20:02:14 host sshd[7509]: Connection reset by 112.185.120.208 port 60716 [preauth]
Jan 16 20:03:01 host sshd[7597]: Connection reset by 211.46.182.203 port 61393 [preauth]
Jan 16 20:05:06 host sshd[7890]: Invalid user ubuntu from 125.130.74.221 port 40249
Jan 16 20:05:06 host sshd[7890]: input_userauth_request: invalid user ubuntu [preauth]
Jan 16 20:05:06 host sshd[7890]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 20:05:06 host sshd[7890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.130.74.221
Jan 16 20:05:08 host sshd[7890]: Failed password for invalid user ubuntu from 125.130.74.221 port 40249 ssh2
Jan 16 20:05:10 host sshd[7890]: Connection reset by 125.130.74.221 port 40249 [preauth]
Jan 16 20:12:35 host sshd[8886]: Invalid user telnet from 118.137.237.36 port 58991
Jan 16 20:12:35 host sshd[8886]: input_userauth_request: invalid user telnet [preauth]
Jan 16 20:12:35 host sshd[8886]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 20:12:35 host sshd[8886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.137.237.36
Jan 16 20:12:37 host sshd[8886]: Failed password for invalid user telnet from 118.137.237.36 port 58991 ssh2
Jan 16 20:12:37 host sshd[8886]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 20:12:39 host sshd[8886]: Failed password for invalid user telnet from 118.137.237.36 port 58991 ssh2
Jan 16 20:16:52 host sshd[9487]: Did not receive identification string from 39.98.229.135 port 56248
Jan 16 20:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=woodpeck user-2=wwwkapin user-3=disposeat user-4=remysagr user-5=wwwkmaorg user-6=pmcresources user-7=shalinijames user-8=wwwtestugo user-9=vfmassets user-10=wwwletsstalkfood user-11=straightcurve user-12=wwwevmhonda user-13=bonifacegroup user-14=mrsclean user-15=wwwnexidigital user-16=phmetals user-17=kottayamcalldriv user-18=palco123 user-19=gifterman user-20=cochintaxi user-21=wwwkaretakers user-22=laundryboniface user-23=a2zgroup user-24=dartsimp user-25=wwwpmcresource user-26=ugotscom user-27=wwwresourcehunte user-28=keralaholi user-29=wwwrmswll user-30=travelboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 20:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-TFLJFcgmstuq9FaH.~
Jan 16 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-TFLJFcgmstuq9FaH.~'
Jan 16 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-TFLJFcgmstuq9FaH.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 20:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 20:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 20:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 20:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 20:29:13 host sshd[11522]: Connection reset by 68.183.14.38 port 20330 [preauth]
Jan 16 20:35:01 host sshd[12266]: Invalid user bigipuser3 from 218.161.51.201 port 60954
Jan 16 20:35:01 host sshd[12266]: input_userauth_request: invalid user bigipuser3 [preauth]
Jan 16 20:35:01 host sshd[12266]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 20:35:01 host sshd[12266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.161.51.201
Jan 16 20:35:02 host sshd[12264]: Invalid user support from 218.161.51.201 port 60934
Jan 16 20:35:02 host sshd[12264]: input_userauth_request: invalid user support [preauth]
Jan 16 20:35:02 host sshd[12264]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 20:35:02 host sshd[12264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.161.51.201
Jan 16 20:35:03 host sshd[12266]: Failed password for invalid user bigipuser3 from 218.161.51.201 port 60954 ssh2
Jan 16 20:35:04 host sshd[12266]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 20:35:05 host sshd[12264]: Failed password for invalid user support from 218.161.51.201 port 60934 ssh2
Jan 16 20:35:06 host sshd[12266]: Failed password for invalid user bigipuser3 from 218.161.51.201 port 60954 ssh2
Jan 16 20:35:06 host sshd[12318]: Invalid user nathan from 107.189.30.59 port 53016
Jan 16 20:35:06 host sshd[12318]: input_userauth_request: invalid user nathan [preauth]
Jan 16 20:35:06 host sshd[12318]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 20:35:06 host sshd[12318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 16 20:35:08 host sshd[12264]: Connection reset by 218.161.51.201 port 60934 [preauth]
Jan 16 20:35:09 host sshd[12318]: Failed password for invalid user nathan from 107.189.30.59 port 53016 ssh2
Jan 16 20:35:09 host sshd[12318]: Connection closed by 107.189.30.59 port 53016 [preauth]
Jan 16 20:43:39 host sshd[13385]: User root from 222.98.96.235 not allowed because not listed in AllowUsers
Jan 16 20:43:39 host sshd[13385]: input_userauth_request: invalid user root [preauth]
Jan 16 20:43:39 host unix_chkpwd[13390]: password check failed for user (root)
Jan 16 20:43:39 host sshd[13385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.98.96.235 user=root
Jan 16 20:43:39 host sshd[13385]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 20:43:40 host sshd[13385]: Failed password for invalid user root from 222.98.96.235 port 60089 ssh2
Jan 16 20:43:41 host unix_chkpwd[13393]: password check failed for user (root)
Jan 16 20:43:41 host sshd[13385]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 20:43:43 host sshd[13385]: Failed password for invalid user root from 222.98.96.235 port 60089 ssh2
Jan 16 20:43:45 host unix_chkpwd[13396]: password check failed for user (root)
Jan 16 20:43:45 host sshd[13385]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 20:43:47 host sshd[13385]: Failed password for invalid user root from 222.98.96.235 port 60089 ssh2
Jan 16 20:43:48 host unix_chkpwd[13400]: password check failed for user (root)
Jan 16 20:43:48 host sshd[13385]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 20:43:49 host sshd[13385]: Failed password for invalid user root from 222.98.96.235 port 60089 ssh2
Jan 16 20:43:49 host sshd[13385]: Connection reset by 222.98.96.235 port 60089 [preauth]
Jan 16 20:43:49 host sshd[13385]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.98.96.235 user=root
Jan 16 20:43:49 host sshd[13385]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 16 20:57:12 host sshd[16358]: User root from 49.213.166.105 not allowed because not listed in AllowUsers
Jan 16 20:57:12 host sshd[16358]: input_userauth_request: invalid user root [preauth]
Jan 16 20:57:12 host unix_chkpwd[16371]: password check failed for user (root)
Jan 16 20:57:12 host sshd[16358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.166.105 user=root
Jan 16 20:57:12 host sshd[16358]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 20:57:14 host sshd[16358]: Failed password for invalid user root from 49.213.166.105 port 59598 ssh2
Jan 16 20:57:15 host unix_chkpwd[16380]: password check failed for user (root)
Jan 16 20:57:15 host sshd[16358]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 20:57:17 host sshd[16358]: Failed password for invalid user root from 49.213.166.105 port 59598 ssh2
Jan 16 20:57:18 host unix_chkpwd[16390]: password check failed for user (root)
Jan 16 20:57:18 host sshd[16358]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 20:57:20 host sshd[16358]: Failed password for invalid user root from 49.213.166.105 port 59598 ssh2
Jan 16 20:57:20 host unix_chkpwd[16397]: password check failed for user (root)
Jan 16 20:57:20 host sshd[16358]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 20:57:23 host sshd[16358]: Failed password for invalid user root from 49.213.166.105 port 59598 ssh2
Jan 16 20:57:24 host sshd[16358]: Connection reset by 49.213.166.105 port 59598 [preauth]
Jan 16 20:57:24 host sshd[16358]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.166.105 user=root
Jan 16 20:57:24 host sshd[16358]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 16 21:10:02 host sshd[18737]: Invalid user fc from 194.110.203.109 port 42772
Jan 16 21:10:02 host sshd[18737]: input_userauth_request: invalid user fc [preauth]
Jan 16 21:10:02 host sshd[18737]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 21:10:02 host sshd[18737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 21:10:04 host sshd[18737]: Failed password for invalid user fc from 194.110.203.109 port 42772 ssh2
Jan 16 21:10:07 host sshd[18737]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 21:10:09 host sshd[18737]: Failed password for invalid user fc from 194.110.203.109 port 42772 ssh2
Jan 16 21:10:12 host sshd[18737]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 21:10:14 host sshd[18737]: Failed password for invalid user fc from 194.110.203.109 port 42772 ssh2
Jan 16 21:10:17 host sshd[18737]: Connection closed by 194.110.203.109 port 42772 [preauth]
Jan 16 21:10:17 host sshd[18737]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 21:19:43 host sshd[20377]: User root from 1.2.182.253 not allowed because not listed in AllowUsers
Jan 16 21:19:43 host sshd[20377]: input_userauth_request: invalid user root [preauth]
Jan 16 21:19:43 host unix_chkpwd[20382]: password check failed for user (root)
Jan 16 21:19:43 host sshd[20377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.2.182.253 user=root
Jan 16 21:19:43 host sshd[20377]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 21:19:44 host sshd[20377]: Failed password for invalid user root from 1.2.182.253 port 32889 ssh2
Jan 16 21:19:44 host unix_chkpwd[20385]: password check failed for user (root)
Jan 16 21:19:44 host sshd[20377]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 21:19:46 host sshd[20377]: Failed password for invalid user root from 1.2.182.253 port 32889 ssh2
Jan 16 21:19:47 host unix_chkpwd[20389]: password check failed for user (root)
Jan 16 21:19:47 host sshd[20377]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 21:19:49 host sshd[20377]: Failed password for invalid user root from 1.2.182.253 port 32889 ssh2
Jan 16 21:19:50 host unix_chkpwd[20393]: password check failed for user (root)
Jan 16 21:19:50 host sshd[20377]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 21:19:52 host sshd[20377]: Failed password for invalid user root from 1.2.182.253 port 32889 ssh2
Jan 16 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 21:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 21:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=palco123 user-2=gifterman user-3=phmetals user-4=kottayamcalldriv user-5=mrsclean user-6=wwwnexidigital user-7=bonifacegroup user-8=wwwevmhonda user-9=wwwletsstalkfood user-10=straightcurve user-11=vfmassets user-12=shalinijames user-13=wwwtestugo user-14=pmcresources user-15=disposeat user-16=wwwkmaorg user-17=remysagr user-18=woodpeck user-19=wwwkapin user-20=travelboniface user-21=wwwresourcehunte user-22=keralaholi user-23=wwwrmswll user-24=ugotscom user-25=wwwpmcresource user-26=a2zgroup user-27=dartsimp user-28=laundryboniface user-29=cochintaxi user-30=wwwkaretakers feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 21:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 21:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-iWPXxNrR3PeSUoMo.~
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-iWPXxNrR3PeSUoMo.~'
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-iWPXxNrR3PeSUoMo.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 21:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 21:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 21:29:58 host sshd[22191]: User root from 116.241.207.248 not allowed because not listed in AllowUsers
Jan 16 21:29:58 host sshd[22191]: input_userauth_request: invalid user root [preauth]
Jan 16 21:29:58 host unix_chkpwd[22204]: password check failed for user (root)
Jan 16 21:29:58 host sshd[22191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.241.207.248 user=root
Jan 16 21:29:58 host sshd[22191]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 21:29:59 host sshd[22191]: Failed password for invalid user root from 116.241.207.248 port 57127 ssh2
Jan 16 21:30:00 host unix_chkpwd[22209]: password check failed for user (root)
Jan 16 21:30:00 host sshd[22191]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 21:30:03 host sshd[22191]: Failed password for invalid user root from 116.241.207.248 port 57127 ssh2
Jan 16 21:30:03 host unix_chkpwd[22239]: password check failed for user (root)
Jan 16 21:30:03 host sshd[22191]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 21:30:05 host sshd[22191]: Failed password for invalid user root from 116.241.207.248 port 57127 ssh2
Jan 16 21:30:06 host unix_chkpwd[22263]: password check failed for user (root)
Jan 16 21:30:06 host sshd[22191]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 21:30:08 host sshd[22191]: Failed password for invalid user root from 116.241.207.248 port 57127 ssh2
Jan 16 21:34:10 host sshd[22907]: Invalid user Admin from 1.170.118.167 port 48608
Jan 16 21:34:10 host sshd[22907]: input_userauth_request: invalid user Admin [preauth]
Jan 16 21:34:10 host sshd[22907]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 21:34:10 host sshd[22907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.170.118.167
Jan 16 21:34:11 host sshd[22907]: Failed password for invalid user Admin from 1.170.118.167 port 48608 ssh2
Jan 16 21:34:12 host sshd[22907]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 21:34:14 host sshd[22907]: Failed password for invalid user Admin from 1.170.118.167 port 48608 ssh2
Jan 16 21:34:15 host sshd[22907]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 21:34:17 host sshd[22907]: Failed password for invalid user Admin from 1.170.118.167 port 48608 ssh2
Jan 16 21:34:18 host sshd[22907]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 21:34:20 host sshd[22907]: Failed password for invalid user Admin from 1.170.118.167 port 48608 ssh2
Jan 16 21:34:21 host sshd[22907]: Failed password for invalid user Admin from 1.170.118.167 port 48608 ssh2
Jan 16 21:35:40 host sshd[23127]: User root from 112.187.236.253 not allowed because not listed in AllowUsers
Jan 16 21:35:40 host sshd[23127]: input_userauth_request: invalid user root [preauth]
Jan 16 21:35:40 host unix_chkpwd[23132]: password check failed for user (root)
Jan 16 21:35:40 host sshd[23127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.187.236.253 user=root
Jan 16 21:35:40 host sshd[23127]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 21:35:41 host sshd[23127]: Failed password for invalid user root from 112.187.236.253 port 61895 ssh2
Jan 16 21:35:42 host unix_chkpwd[23136]: password check failed for user (root)
Jan 16 21:35:42 host sshd[23127]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 21:35:44 host sshd[23127]: Failed password for invalid user root from 112.187.236.253 port 61895 ssh2
Jan 16 21:35:44 host unix_chkpwd[23140]: password check failed for user (root)
Jan 16 21:35:44 host sshd[23127]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 21:35:46 host sshd[23127]: Failed password for invalid user root from 112.187.236.253 port 61895 ssh2
Jan 16 21:35:47 host unix_chkpwd[23146]: password check failed for user (root)
Jan 16 21:35:47 host sshd[23127]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 21:35:48 host sshd[23127]: Failed password for invalid user root from 112.187.236.253 port 61895 ssh2
Jan 16 21:35:49 host unix_chkpwd[23155]: password check failed for user (root)
Jan 16 21:35:49 host sshd[23127]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 21:35:51 host sshd[23127]: Failed password for invalid user root from 112.187.236.253 port 61895 ssh2
Jan 16 21:35:51 host sshd[23127]: Connection reset by 112.187.236.253 port 61895 [preauth]
Jan 16 21:35:51 host sshd[23127]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.187.236.253 user=root
Jan 16 21:35:51 host sshd[23127]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 16 21:36:25 host sshd[23255]: Invalid user ubuntu from 220.135.144.200 port 60804
Jan 16 21:36:25 host sshd[23255]: input_userauth_request: invalid user ubuntu [preauth]
Jan 16 21:36:25 host sshd[23255]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 21:36:25 host sshd[23255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.144.200
Jan 16 21:36:27 host sshd[23255]: Failed password for invalid user ubuntu from 220.135.144.200 port 60804 ssh2
Jan 16 21:36:27 host sshd[23255]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 21:36:29 host sshd[23255]: Failed password for invalid user ubuntu from 220.135.144.200 port 60804 ssh2
Jan 16 21:36:30 host sshd[23255]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 21:36:32 host sshd[23255]: Failed password for invalid user ubuntu from 220.135.144.200 port 60804 ssh2
Jan 16 21:36:33 host sshd[23255]: Failed password for invalid user ubuntu from 220.135.144.200 port 60804 ssh2
Jan 16 21:36:33 host sshd[23255]: Connection reset by 220.135.144.200 port 60804 [preauth]
Jan 16 21:36:33 host sshd[23255]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.144.200
Jan 16 21:42:52 host sshd[24184]: Invalid user super from 121.168.34.211 port 37705
Jan 16 21:42:52 host sshd[24184]: input_userauth_request: invalid user super [preauth]
Jan 16 21:42:52 host sshd[24184]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 21:42:52 host sshd[24184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.168.34.211
Jan 16 21:42:54 host sshd[24184]: Failed password for invalid user super from 121.168.34.211 port 37705 ssh2
Jan 16 21:42:56 host sshd[24184]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 21:42:58 host sshd[24184]: Failed password for invalid user super from 121.168.34.211 port 37705 ssh2
Jan 16 21:42:59 host sshd[24184]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 21:43:00 host sshd[24184]: Failed password for invalid user super from 121.168.34.211 port 37705 ssh2
Jan 16 21:58:59 host sshd[26618]: Invalid user role from 205.185.113.129 port 48892
Jan 16 21:58:59 host sshd[26618]: input_userauth_request: invalid user role [preauth]
Jan 16 21:58:59 host sshd[26618]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 21:58:59 host sshd[26618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 16 21:59:01 host sshd[26618]: Failed password for invalid user role from 205.185.113.129 port 48892 ssh2
Jan 16 21:59:02 host sshd[26618]: Connection closed by 205.185.113.129 port 48892 [preauth]
Jan 16 22:01:59 host sshd[27150]: User root from 59.126.160.54 not allowed because not listed in AllowUsers
Jan 16 22:01:59 host sshd[27150]: input_userauth_request: invalid user root [preauth]
Jan 16 22:01:59 host unix_chkpwd[27153]: password check failed for user (root)
Jan 16 22:01:59 host sshd[27150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.160.54 user=root
Jan 16 22:01:59 host sshd[27150]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 22:02:02 host sshd[27150]: Failed password for invalid user root from 59.126.160.54 port 59477 ssh2
Jan 16 22:02:02 host unix_chkpwd[27167]: password check failed for user (root)
Jan 16 22:02:02 host sshd[27150]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 22:02:05 host sshd[27150]: Failed password for invalid user root from 59.126.160.54 port 59477 ssh2
Jan 16 22:02:05 host unix_chkpwd[27171]: password check failed for user (root)
Jan 16 22:02:05 host sshd[27150]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 22:02:07 host sshd[27150]: Failed password for invalid user root from 59.126.160.54 port 59477 ssh2
Jan 16 22:02:08 host sshd[27150]: Connection reset by 59.126.160.54 port 59477 [preauth]
Jan 16 22:02:08 host sshd[27150]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.160.54 user=root
Jan 16 22:07:29 host sshd[28092]: Invalid user vadmin from 221.164.246.171 port 59553
Jan 16 22:07:29 host sshd[28092]: input_userauth_request: invalid user vadmin [preauth]
Jan 16 22:07:29 host sshd[28092]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:07:29 host sshd[28092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.164.246.171
Jan 16 22:07:32 host sshd[28092]: Failed password for invalid user vadmin from 221.164.246.171 port 59553 ssh2
Jan 16 22:07:33 host sshd[28092]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:07:35 host sshd[28092]: Failed password for invalid user vadmin from 221.164.246.171 port 59553 ssh2
Jan 16 22:07:36 host sshd[28092]: Failed password for invalid user vadmin from 221.164.246.171 port 59553 ssh2
Jan 16 22:10:31 host sshd[28550]: Invalid user admin from 114.35.46.40 port 49709
Jan 16 22:10:31 host sshd[28550]: input_userauth_request: invalid user admin [preauth]
Jan 16 22:10:31 host sshd[28550]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:10:31 host sshd[28550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.46.40
Jan 16 22:10:33 host sshd[28550]: Failed password for invalid user admin from 114.35.46.40 port 49709 ssh2
Jan 16 22:10:34 host sshd[28550]: Failed password for invalid user admin from 114.35.46.40 port 49709 ssh2
Jan 16 22:10:35 host sshd[28550]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:10:37 host sshd[28550]: Failed password for invalid user admin from 114.35.46.40 port 49709 ssh2
Jan 16 22:10:38 host sshd[28550]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:10:40 host sshd[28550]: Failed password for invalid user admin from 114.35.46.40 port 49709 ssh2
Jan 16 22:10:40 host sshd[28550]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:10:42 host sshd[28550]: Failed password for invalid user admin from 114.35.46.40 port 49709 ssh2
Jan 16 22:17:16 host sshd[29571]: Invalid user user from 195.226.194.242 port 31982
Jan 16 22:17:16 host sshd[29571]: input_userauth_request: invalid user user [preauth]
Jan 16 22:17:16 host sshd[29571]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:17:16 host sshd[29571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 16 22:17:19 host sshd[29571]: Failed password for invalid user user from 195.226.194.242 port 31982 ssh2
Jan 16 22:17:19 host sshd[29571]: Received disconnect from 195.226.194.242 port 31982:11: Bye Bye [preauth]
Jan 16 22:17:19 host sshd[29571]: Disconnected from 195.226.194.242 port 31982 [preauth]
Jan 16 22:18:33 host sshd[29899]: User root from 121.158.230.180 not allowed because not listed in AllowUsers
Jan 16 22:18:33 host sshd[29899]: input_userauth_request: invalid user root [preauth]
Jan 16 22:18:33 host unix_chkpwd[29908]: password check failed for user (root)
Jan 16 22:18:33 host sshd[29899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.158.230.180 user=root
Jan 16 22:18:33 host sshd[29899]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 22:18:36 host sshd[29899]: Failed password for invalid user root from 121.158.230.180 port 63153 ssh2
Jan 16 22:18:37 host unix_chkpwd[29915]: password check failed for user (root)
Jan 16 22:18:37 host sshd[29899]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 22:18:38 host sshd[29899]: Failed password for invalid user root from 121.158.230.180 port 63153 ssh2
Jan 16 22:18:39 host unix_chkpwd[29920]: password check failed for user (root)
Jan 16 22:18:39 host sshd[29899]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 22:18:41 host sshd[29899]: Failed password for invalid user root from 121.158.230.180 port 63153 ssh2
Jan 16 22:18:42 host unix_chkpwd[29932]: password check failed for user (root)
Jan 16 22:18:42 host sshd[29899]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 22:18:44 host sshd[29899]: Failed password for invalid user root from 121.158.230.180 port 63153 ssh2
Jan 16 22:20:23 host sshd[30181]: Invalid user nginx from 97.65.33.11 port 52674
Jan 16 22:20:23 host sshd[30181]: input_userauth_request: invalid user nginx [preauth]
Jan 16 22:20:23 host sshd[30181]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:20:23 host sshd[30181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.65.33.11
Jan 16 22:20:24 host sshd[30181]: Failed password for invalid user nginx from 97.65.33.11 port 52674 ssh2
Jan 16 22:20:27 host sshd[30181]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:20:29 host sshd[30181]: Failed password for invalid user nginx from 97.65.33.11 port 52674 ssh2
Jan 16 22:20:30 host sshd[30181]: Connection reset by 97.65.33.11 port 52674 [preauth]
Jan 16 22:20:30 host sshd[30181]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.65.33.11
Jan 16 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=vfmassets user-2=wwwtestugo user-3=shalinijames user-4=pmcresources user-5=disposeat user-6=wwwkmaorg user-7=remysagr user-8=woodpeck user-9=wwwkapin user-10=gifterman user-11=palco123 user-12=phmetals user-13=kottayamcalldriv user-14=wwwnexidigital user-15=mrsclean user-16=bonifacegroup user-17=wwwevmhonda user-18=straightcurve user-19=wwwletsstalkfood user-20=dartsimp user-21=a2zgroup user-22=laundryboniface user-23=wwwkaretakers user-24=cochintaxi user-25=travelboniface user-26=wwwrmswll user-27=wwwresourcehunte user-28=keralaholi user-29=ugotscom user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 22:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-XXJbKNY16RmLr9fS.~
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-XXJbKNY16RmLr9fS.~'
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-XXJbKNY16RmLr9fS.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 22:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 22:22:14 host sshd[30644]: User root from 59.30.158.7 not allowed because not listed in AllowUsers
Jan 16 22:22:14 host sshd[30644]: input_userauth_request: invalid user root [preauth]
Jan 16 22:22:14 host unix_chkpwd[30648]: password check failed for user (root)
Jan 16 22:22:14 host sshd[30644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.30.158.7 user=root
Jan 16 22:22:14 host sshd[30644]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 22:22:16 host sshd[30644]: Failed password for invalid user root from 59.30.158.7 port 46098 ssh2
Jan 16 22:22:16 host sshd[30644]: Connection reset by 59.30.158.7 port 46098 [preauth]
Jan 16 22:33:06 host sshd[32289]: Invalid user app from 202.163.119.238 port 40317
Jan 16 22:33:06 host sshd[32289]: input_userauth_request: invalid user app [preauth]
Jan 16 22:33:06 host sshd[32289]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:33:06 host sshd[32289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.163.119.238
Jan 16 22:33:07 host sshd[32289]: Failed password for invalid user app from 202.163.119.238 port 40317 ssh2
Jan 16 22:33:08 host sshd[32289]: Received disconnect from 202.163.119.238 port 40317:11: Bye Bye [preauth]
Jan 16 22:33:08 host sshd[32289]: Disconnected from 202.163.119.238 port 40317 [preauth]
Jan 16 22:38:05 host sshd[669]: Invalid user gpadmin from 202.163.119.238 port 52799
Jan 16 22:38:05 host sshd[669]: input_userauth_request: invalid user gpadmin [preauth]
Jan 16 22:38:05 host sshd[669]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:38:05 host sshd[669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.163.119.238
Jan 16 22:38:07 host sshd[669]: Failed password for invalid user gpadmin from 202.163.119.238 port 52799 ssh2
Jan 16 22:38:07 host sshd[669]: Received disconnect from 202.163.119.238 port 52799:11: Bye Bye [preauth]
Jan 16 22:38:07 host sshd[669]: Disconnected from 202.163.119.238 port 52799 [preauth]
Jan 16 22:39:23 host sshd[863]: Invalid user wordpress from 202.163.119.238 port 56485
Jan 16 22:39:23 host sshd[863]: input_userauth_request: invalid user wordpress [preauth]
Jan 16 22:39:23 host sshd[863]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:39:23 host sshd[863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.163.119.238
Jan 16 22:39:25 host sshd[863]: Failed password for invalid user wordpress from 202.163.119.238 port 56485 ssh2
Jan 16 22:39:25 host sshd[863]: Received disconnect from 202.163.119.238 port 56485:11: Bye Bye [preauth]
Jan 16 22:39:25 host sshd[863]: Disconnected from 202.163.119.238 port 56485 [preauth]
Jan 16 22:53:03 host sshd[3102]: User root from 146.190.116.107 not allowed because not listed in AllowUsers
Jan 16 22:53:03 host sshd[3102]: input_userauth_request: invalid user root [preauth]
Jan 16 22:53:03 host unix_chkpwd[3108]: password check failed for user (root)
Jan 16 22:53:03 host sshd[3102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.116.107 user=root
Jan 16 22:53:03 host sshd[3102]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 22:53:05 host sshd[3102]: Failed password for invalid user root from 146.190.116.107 port 60984 ssh2
Jan 16 22:53:05 host sshd[3102]: Received disconnect from 146.190.116.107 port 60984:11: Bye Bye [preauth]
Jan 16 22:53:05 host sshd[3102]: Disconnected from 146.190.116.107 port 60984 [preauth]
Jan 16 22:53:07 host sshd[3111]: User root from 146.190.116.107 not allowed because not listed in AllowUsers
Jan 16 22:53:07 host sshd[3111]: input_userauth_request: invalid user root [preauth]
Jan 16 22:53:07 host unix_chkpwd[3139]: password check failed for user (root)
Jan 16 22:53:07 host sshd[3111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.116.107 user=root
Jan 16 22:53:07 host sshd[3111]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 22:53:09 host sshd[3111]: Failed password for invalid user root from 146.190.116.107 port 38544 ssh2
Jan 16 22:53:09 host sshd[3111]: Received disconnect from 146.190.116.107 port 38544:11: Bye Bye [preauth]
Jan 16 22:53:09 host sshd[3111]: Disconnected from 146.190.116.107 port 38544 [preauth]
Jan 16 22:58:16 host sshd[4199]: Invalid user fd from 194.110.203.109 port 36052
Jan 16 22:58:16 host sshd[4199]: input_userauth_request: invalid user fd [preauth]
Jan 16 22:58:16 host sshd[4199]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:58:16 host sshd[4199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 22:58:18 host sshd[4199]: Failed password for invalid user fd from 194.110.203.109 port 36052 ssh2
Jan 16 22:58:21 host sshd[4199]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:58:23 host sshd[4199]: Failed password for invalid user fd from 194.110.203.109 port 36052 ssh2
Jan 16 22:58:27 host sshd[4199]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 22:58:29 host sshd[4199]: Failed password for invalid user fd from 194.110.203.109 port 36052 ssh2
Jan 16 22:58:32 host sshd[4199]: Connection closed by 194.110.203.109 port 36052 [preauth]
Jan 16 22:58:32 host sshd[4199]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 16 23:00:57 host sshd[4587]: Invalid user admin from 180.214.182.147 port 55065
Jan 16 23:00:57 host sshd[4587]: input_userauth_request: invalid user admin [preauth]
Jan 16 23:00:57 host sshd[4587]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:00:57 host sshd[4587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.214.182.147
Jan 16 23:00:58 host sshd[4587]: Failed password for invalid user admin from 180.214.182.147 port 55065 ssh2
Jan 16 23:00:59 host sshd[4587]: Failed password for invalid user admin from 180.214.182.147 port 55065 ssh2
Jan 16 23:01:00 host sshd[4587]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:01:02 host sshd[4587]: Failed password for invalid user admin from 180.214.182.147 port 55065 ssh2
Jan 16 23:01:04 host sshd[4587]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:01:06 host sshd[4587]: Failed password for invalid user admin from 180.214.182.147 port 55065 ssh2
Jan 16 23:01:07 host sshd[4587]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:01:10 host sshd[4587]: Failed password for invalid user admin from 180.214.182.147 port 55065 ssh2
Jan 16 23:02:42 host sshd[4919]: User sshd from 194.169.175.102 not allowed because not listed in AllowUsers
Jan 16 23:02:42 host sshd[4919]: input_userauth_request: invalid user sshd [preauth]
Jan 16 23:02:42 host unix_chkpwd[4922]: password check failed for user (sshd)
Jan 16 23:02:42 host sshd[4919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 user=sshd
Jan 16 23:02:42 host sshd[4919]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd"
Jan 16 23:02:43 host sshd[4919]: Failed password for invalid user sshd from 194.169.175.102 port 62929 ssh2
Jan 16 23:02:43 host sshd[4919]: Received disconnect from 194.169.175.102 port 62929:11: Client disconnecting normally [preauth]
Jan 16 23:02:43 host sshd[4919]: Disconnected from 194.169.175.102 port 62929 [preauth]
Jan 16 23:04:18 host sshd[5083]: User root from 115.69.119.76 not allowed because not listed in AllowUsers
Jan 16 23:04:18 host sshd[5083]: input_userauth_request: invalid user root [preauth]
Jan 16 23:04:18 host unix_chkpwd[5087]: password check failed for user (root)
Jan 16 23:04:18 host sshd[5083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.69.119.76 user=root
Jan 16 23:04:18 host sshd[5083]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:04:19 host sshd[5083]: Failed password for invalid user root from 115.69.119.76 port 40280 ssh2
Jan 16 23:04:20 host unix_chkpwd[5091]: password check failed for user (root)
Jan 16 23:04:20 host sshd[5083]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:04:22 host sshd[5083]: Failed password for invalid user root from 115.69.119.76 port 40280 ssh2
Jan 16 23:04:23 host unix_chkpwd[5095]: password check failed for user (root)
Jan 16 23:04:23 host sshd[5083]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:04:25 host sshd[5083]: Failed password for invalid user root from 115.69.119.76 port 40280 ssh2
Jan 16 23:04:25 host unix_chkpwd[5097]: password check failed for user (root)
Jan 16 23:04:25 host sshd[5083]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:04:26 host sshd[5083]: Failed password for invalid user root from 115.69.119.76 port 40280 ssh2
Jan 16 23:04:27 host unix_chkpwd[5162]: password check failed for user (root)
Jan 16 23:04:27 host sshd[5083]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:04:30 host sshd[5083]: Failed password for invalid user root from 115.69.119.76 port 40280 ssh2
Jan 16 23:04:37 host sshd[5263]: Invalid user mcserver from 117.131.215.49 port 52471
Jan 16 23:04:37 host sshd[5263]: input_userauth_request: invalid user mcserver [preauth]
Jan 16 23:04:37 host sshd[5263]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:04:37 host sshd[5263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.131.215.49
Jan 16 23:04:39 host sshd[5263]: Failed password for invalid user mcserver from 117.131.215.49 port 52471 ssh2
Jan 16 23:04:39 host sshd[5263]: Received disconnect from 117.131.215.49 port 52471:11: Bye Bye [preauth]
Jan 16 23:04:39 host sshd[5263]: Disconnected from 117.131.215.49 port 52471 [preauth]
Jan 16 23:04:58 host sshd[5294]: Invalid user maint from 134.209.200.13 port 56152
Jan 16 23:04:58 host sshd[5294]: input_userauth_request: invalid user maint [preauth]
Jan 16 23:04:58 host sshd[5294]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:04:58 host sshd[5294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.200.13
Jan 16 23:05:00 host sshd[5294]: Failed password for invalid user maint from 134.209.200.13 port 56152 ssh2
Jan 16 23:05:00 host sshd[5294]: Received disconnect from 134.209.200.13 port 56152:11: Bye Bye [preauth]
Jan 16 23:05:00 host sshd[5294]: Disconnected from 134.209.200.13 port 56152 [preauth]
Jan 16 23:05:15 host sshd[5342]: User root from 159.89.115.75 not allowed because not listed in AllowUsers
Jan 16 23:05:15 host sshd[5342]: input_userauth_request: invalid user root [preauth]
Jan 16 23:05:15 host unix_chkpwd[5345]: password check failed for user (root)
Jan 16 23:05:15 host sshd[5342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.115.75 user=root
Jan 16 23:05:15 host sshd[5342]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:05:17 host sshd[5342]: Failed password for invalid user root from 159.89.115.75 port 51866 ssh2
Jan 16 23:05:18 host sshd[5342]: Received disconnect from 159.89.115.75 port 51866:11: Bye Bye [preauth]
Jan 16 23:05:18 host sshd[5342]: Disconnected from 159.89.115.75 port 51866 [preauth]
Jan 16 23:08:01 host sshd[5711]: User root from 185.74.4.17 not allowed because not listed in AllowUsers
Jan 16 23:08:01 host sshd[5711]: input_userauth_request: invalid user root [preauth]
Jan 16 23:08:01 host unix_chkpwd[5722]: password check failed for user (root)
Jan 16 23:08:01 host sshd[5711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.74.4.17 user=root
Jan 16 23:08:01 host sshd[5711]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:08:04 host sshd[5711]: Failed password for invalid user root from 185.74.4.17 port 48477 ssh2
Jan 16 23:08:04 host sshd[5711]: Received disconnect from 185.74.4.17 port 48477:11: Bye Bye [preauth]
Jan 16 23:08:04 host sshd[5711]: Disconnected from 185.74.4.17 port 48477 [preauth]
Jan 16 23:08:50 host sshd[5811]: Invalid user nginx from 220.125.235.116 port 61136
Jan 16 23:08:50 host sshd[5811]: input_userauth_request: invalid user nginx [preauth]
Jan 16 23:08:50 host sshd[5811]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:08:50 host sshd[5811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.125.235.116
Jan 16 23:08:52 host sshd[5811]: Failed password for invalid user nginx from 220.125.235.116 port 61136 ssh2
Jan 16 23:08:53 host sshd[5811]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:08:55 host sshd[5811]: Failed password for invalid user nginx from 220.125.235.116 port 61136 ssh2
Jan 16 23:08:56 host sshd[5811]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:08:58 host sshd[5811]: Failed password for invalid user nginx from 220.125.235.116 port 61136 ssh2
Jan 16 23:08:59 host sshd[5811]: Failed password for invalid user nginx from 220.125.235.116 port 61136 ssh2
Jan 16 23:09:00 host sshd[5811]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:09:02 host sshd[5811]: Failed password for invalid user nginx from 220.125.235.116 port 61136 ssh2
Jan 16 23:09:37 host sshd[6056]: Invalid user developer from 190.99.178.165 port 55096
Jan 16 23:09:37 host sshd[6056]: input_userauth_request: invalid user developer [preauth]
Jan 16 23:09:37 host sshd[6056]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:09:37 host sshd[6056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.99.178.165
Jan 16 23:09:39 host sshd[6056]: Failed password for invalid user developer from 190.99.178.165 port 55096 ssh2
Jan 16 23:09:39 host sshd[6056]: Received disconnect from 190.99.178.165 port 55096:11: Bye Bye [preauth]
Jan 16 23:09:39 host sshd[6056]: Disconnected from 190.99.178.165 port 55096 [preauth]
Jan 16 23:10:53 host sshd[6208]: User root from 134.209.200.13 not allowed because not listed in AllowUsers
Jan 16 23:10:53 host sshd[6208]: input_userauth_request: invalid user root [preauth]
Jan 16 23:10:53 host unix_chkpwd[6217]: password check failed for user (root)
Jan 16 23:10:53 host sshd[6208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.200.13 user=root
Jan 16 23:10:53 host sshd[6208]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:10:55 host sshd[6208]: Failed password for invalid user root from 134.209.200.13 port 46382 ssh2
Jan 16 23:10:55 host sshd[6208]: Received disconnect from 134.209.200.13 port 46382:11: Bye Bye [preauth]
Jan 16 23:10:55 host sshd[6208]: Disconnected from 134.209.200.13 port 46382 [preauth]
Jan 16 23:11:51 host sshd[6355]: User root from 159.89.115.75 not allowed because not listed in AllowUsers
Jan 16 23:11:51 host sshd[6355]: input_userauth_request: invalid user root [preauth]
Jan 16 23:11:51 host unix_chkpwd[6358]: password check failed for user (root)
Jan 16 23:11:51 host sshd[6355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.115.75 user=root
Jan 16 23:11:51 host sshd[6355]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:11:53 host sshd[6355]: Failed password for invalid user root from 159.89.115.75 port 52752 ssh2
Jan 16 23:11:53 host sshd[6355]: Received disconnect from 159.89.115.75 port 52752:11: Bye Bye [preauth]
Jan 16 23:11:53 host sshd[6355]: Disconnected from 159.89.115.75 port 52752 [preauth]
Jan 16 23:11:53 host sshd[6360]: Invalid user jboss from 190.99.178.165 port 60180
Jan 16 23:11:53 host sshd[6360]: input_userauth_request: invalid user jboss [preauth]
Jan 16 23:11:53 host sshd[6360]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:11:53 host sshd[6360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.99.178.165
Jan 16 23:11:55 host sshd[6360]: Failed password for invalid user jboss from 190.99.178.165 port 60180 ssh2
Jan 16 23:11:56 host sshd[6360]: Received disconnect from 190.99.178.165 port 60180:11: Bye Bye [preauth]
Jan 16 23:11:56 host sshd[6360]: Disconnected from 190.99.178.165 port 60180 [preauth]
Jan 16 23:12:11 host sshd[6436]: Invalid user minecraft from 185.74.4.17 port 41232
Jan 16 23:12:11 host sshd[6436]: input_userauth_request: invalid user minecraft [preauth]
Jan 16 23:12:11 host sshd[6436]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:12:11 host sshd[6436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.74.4.17
Jan 16 23:12:14 host sshd[6436]: Failed password for invalid user minecraft from 185.74.4.17 port 41232 ssh2
Jan 16 23:12:14 host sshd[6436]: Received disconnect from 185.74.4.17 port 41232:11: Bye Bye [preauth]
Jan 16 23:12:14 host sshd[6436]: Disconnected from 185.74.4.17 port 41232 [preauth]
Jan 16 23:13:16 host sshd[6599]: User root from 190.99.178.165 not allowed because not listed in AllowUsers
Jan 16 23:13:16 host sshd[6599]: input_userauth_request: invalid user root [preauth]
Jan 16 23:13:16 host unix_chkpwd[6604]: password check failed for user (root)
Jan 16 23:13:16 host sshd[6599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.99.178.165 user=root
Jan 16 23:13:16 host sshd[6599]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:13:18 host sshd[6599]: Failed password for invalid user root from 190.99.178.165 port 58966 ssh2
Jan 16 23:13:19 host sshd[6599]: Received disconnect from 190.99.178.165 port 58966:11: Bye Bye [preauth]
Jan 16 23:13:19 host sshd[6599]: Disconnected from 190.99.178.165 port 58966 [preauth]
Jan 16 23:13:31 host sshd[6683]: Did not receive identification string from 206.189.23.129 port 61000
Jan 16 23:15:52 host sshd[7048]: Invalid user terraria from 117.131.215.49 port 35861
Jan 16 23:15:52 host sshd[7048]: input_userauth_request: invalid user terraria [preauth]
Jan 16 23:15:52 host sshd[7048]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:15:52 host sshd[7048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.131.215.49
Jan 16 23:15:54 host sshd[7048]: Failed password for invalid user terraria from 117.131.215.49 port 35861 ssh2
Jan 16 23:15:54 host sshd[7048]: Received disconnect from 117.131.215.49 port 35861:11: Bye Bye [preauth]
Jan 16 23:15:54 host sshd[7048]: Disconnected from 117.131.215.49 port 35861 [preauth]
Jan 16 23:16:29 host sshd[7124]: User root from 117.131.215.49 not allowed because not listed in AllowUsers
Jan 16 23:16:29 host sshd[7124]: input_userauth_request: invalid user root [preauth]
Jan 16 23:16:29 host unix_chkpwd[7149]: password check failed for user (root)
Jan 16 23:16:29 host sshd[7124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.131.215.49 user=root
Jan 16 23:16:29 host sshd[7124]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:16:31 host sshd[7124]: Failed password for invalid user root from 117.131.215.49 port 39553 ssh2
Jan 16 23:16:31 host sshd[7124]: Received disconnect from 117.131.215.49 port 39553:11: Bye Bye [preauth]
Jan 16 23:16:31 host sshd[7124]: Disconnected from 117.131.215.49 port 39553 [preauth]
Jan 16 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 23:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=vfmassets user-2=shalinijames user-3=wwwtestugo user-4=pmcresources user-5=remysagr user-6=disposeat user-7=wwwkmaorg user-8=woodpeck user-9=wwwkapin user-10=palco123 user-11=gifterman user-12=kottayamcalldriv user-13=phmetals user-14=mrsclean user-15=wwwnexidigital user-16=bonifacegroup user-17=wwwevmhonda user-18=wwwletsstalkfood user-19=straightcurve user-20=a2zgroup user-21=dartsimp user-22=laundryboniface user-23=cochintaxi user-24=wwwkaretakers user-25=travelboniface user-26=keralaholi user-27=wwwresourcehunte user-28=wwwrmswll user-29=ugotscom user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 16 23:21:08 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-udsuIN4wgOvY9tyf.~
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-udsuIN4wgOvY9tyf.~'
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-udsuIN4wgOvY9tyf.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 16 23:21:08 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 16 23:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 16 23:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 16 23:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 16 23:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 16 23:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 16 23:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 16 23:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 16 23:40:21 host sshd[10788]: User root from 223.204.8.94 not allowed because not listed in AllowUsers
Jan 16 23:40:21 host sshd[10788]: input_userauth_request: invalid user root [preauth]
Jan 16 23:40:21 host unix_chkpwd[10792]: password check failed for user (root)
Jan 16 23:40:21 host sshd[10788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.204.8.94 user=root
Jan 16 23:40:21 host sshd[10788]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:40:23 host sshd[10788]: Failed password for invalid user root from 223.204.8.94 port 56705 ssh2
Jan 16 23:40:23 host unix_chkpwd[10795]: password check failed for user (root)
Jan 16 23:40:23 host sshd[10788]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:40:25 host sshd[10788]: Failed password for invalid user root from 223.204.8.94 port 56705 ssh2
Jan 16 23:40:28 host unix_chkpwd[10800]: password check failed for user (root)
Jan 16 23:40:28 host sshd[10788]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:40:30 host sshd[10788]: Failed password for invalid user root from 223.204.8.94 port 56705 ssh2
Jan 16 23:40:30 host unix_chkpwd[10824]: password check failed for user (root)
Jan 16 23:40:30 host sshd[10788]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:40:31 host sshd[10788]: Failed password for invalid user root from 223.204.8.94 port 56705 ssh2
Jan 16 23:49:23 host sshd[12039]: Invalid user admin from 195.226.194.242 port 31954
Jan 16 23:49:23 host sshd[12039]: input_userauth_request: invalid user admin [preauth]
Jan 16 23:49:23 host sshd[12039]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:49:23 host sshd[12039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 16 23:49:25 host sshd[12046]: Did not receive identification string from 45.119.132.191 port 49122
Jan 16 23:49:25 host sshd[12039]: Failed password for invalid user admin from 195.226.194.242 port 31954 ssh2
Jan 16 23:49:25 host sshd[12039]: Received disconnect from 195.226.194.242 port 31954:11: Bye Bye [preauth]
Jan 16 23:49:25 host sshd[12039]: Disconnected from 195.226.194.242 port 31954 [preauth]
Jan 16 23:49:25 host sshd[12047]: Invalid user oracle from 45.119.132.191 port 50650
Jan 16 23:49:25 host sshd[12047]: input_userauth_request: invalid user oracle [preauth]
Jan 16 23:49:26 host sshd[12047]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:49:26 host sshd[12047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.132.191
Jan 16 23:49:28 host sshd[12047]: Failed password for invalid user oracle from 45.119.132.191 port 50650 ssh2
Jan 16 23:49:28 host sshd[12047]: Connection closed by 45.119.132.191 port 50650 [preauth]
Jan 16 23:53:41 host sshd[12699]: Invalid user david from 157.245.82.165 port 60984
Jan 16 23:53:41 host sshd[12699]: input_userauth_request: invalid user david [preauth]
Jan 16 23:53:41 host sshd[12699]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:53:41 host sshd[12699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.82.165
Jan 16 23:53:43 host sshd[12699]: Failed password for invalid user david from 157.245.82.165 port 60984 ssh2
Jan 16 23:53:43 host sshd[12699]: Received disconnect from 157.245.82.165 port 60984:11: Bye Bye [preauth]
Jan 16 23:53:43 host sshd[12699]: Disconnected from 157.245.82.165 port 60984 [preauth]
Jan 16 23:54:44 host sshd[12824]: Invalid user airflow from 220.86.68.33 port 55088
Jan 16 23:54:44 host sshd[12824]: input_userauth_request: invalid user airflow [preauth]
Jan 16 23:54:44 host sshd[12824]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:54:44 host sshd[12824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.86.68.33
Jan 16 23:54:46 host sshd[12824]: Failed password for invalid user airflow from 220.86.68.33 port 55088 ssh2
Jan 16 23:54:46 host sshd[12824]: Received disconnect from 220.86.68.33 port 55088:11: Bye Bye [preauth]
Jan 16 23:54:46 host sshd[12824]: Disconnected from 220.86.68.33 port 55088 [preauth]
Jan 16 23:55:18 host sshd[12933]: User root from 181.224.94.54 not allowed because not listed in AllowUsers
Jan 16 23:55:18 host sshd[12933]: input_userauth_request: invalid user root [preauth]
Jan 16 23:55:18 host unix_chkpwd[12936]: password check failed for user (root)
Jan 16 23:55:18 host sshd[12933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.224.94.54 user=root
Jan 16 23:55:18 host sshd[12933]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:55:19 host sshd[12933]: Failed password for invalid user root from 181.224.94.54 port 16807 ssh2
Jan 16 23:55:20 host sshd[12933]: Received disconnect from 181.224.94.54 port 16807:11: Bye Bye [preauth]
Jan 16 23:55:20 host sshd[12933]: Disconnected from 181.224.94.54 port 16807 [preauth]
Jan 16 23:55:33 host sshd[12984]: Invalid user mike from 40.127.156.222 port 10792
Jan 16 23:55:33 host sshd[12984]: input_userauth_request: invalid user mike [preauth]
Jan 16 23:55:33 host sshd[12984]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:55:33 host sshd[12984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.127.156.222
Jan 16 23:55:35 host sshd[12984]: Failed password for invalid user mike from 40.127.156.222 port 10792 ssh2
Jan 16 23:55:36 host sshd[12984]: Received disconnect from 40.127.156.222 port 10792:11: Bye Bye [preauth]
Jan 16 23:55:36 host sshd[12984]: Disconnected from 40.127.156.222 port 10792 [preauth]
Jan 16 23:56:05 host sshd[13143]: Invalid user gns3 from 206.189.130.158 port 49130
Jan 16 23:56:05 host sshd[13143]: input_userauth_request: invalid user gns3 [preauth]
Jan 16 23:56:05 host sshd[13143]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:56:05 host sshd[13143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.130.158
Jan 16 23:56:07 host sshd[13143]: Failed password for invalid user gns3 from 206.189.130.158 port 49130 ssh2
Jan 16 23:56:07 host sshd[13143]: Received disconnect from 206.189.130.158 port 49130:11: Bye Bye [preauth]
Jan 16 23:56:07 host sshd[13143]: Disconnected from 206.189.130.158 port 49130 [preauth]
Jan 16 23:56:44 host sshd[13228]: Invalid user solr from 185.74.5.184 port 38366
Jan 16 23:56:44 host sshd[13228]: input_userauth_request: invalid user solr [preauth]
Jan 16 23:56:44 host sshd[13228]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:56:44 host sshd[13228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.74.5.184
Jan 16 23:56:46 host sshd[13228]: Failed password for invalid user solr from 185.74.5.184 port 38366 ssh2
Jan 16 23:56:47 host sshd[13228]: Received disconnect from 185.74.5.184 port 38366:11: Bye Bye [preauth]
Jan 16 23:56:47 host sshd[13228]: Disconnected from 185.74.5.184 port 38366 [preauth]
Jan 16 23:57:38 host sshd[13367]: Invalid user sonar from 45.127.88.139 port 50760
Jan 16 23:57:38 host sshd[13367]: input_userauth_request: invalid user sonar [preauth]
Jan 16 23:57:38 host sshd[13367]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:57:38 host sshd[13367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.127.88.139
Jan 16 23:57:40 host sshd[13367]: Failed password for invalid user sonar from 45.127.88.139 port 50760 ssh2
Jan 16 23:57:40 host sshd[13367]: Received disconnect from 45.127.88.139 port 50760:11: Bye Bye [preauth]
Jan 16 23:57:40 host sshd[13367]: Disconnected from 45.127.88.139 port 50760 [preauth]
Jan 16 23:57:57 host sshd[13396]: Invalid user zabbix from 220.86.68.33 port 37738
Jan 16 23:57:57 host sshd[13396]: input_userauth_request: invalid user zabbix [preauth]
Jan 16 23:57:57 host sshd[13396]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:57:57 host sshd[13396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.86.68.33
Jan 16 23:58:00 host sshd[13396]: Failed password for invalid user zabbix from 220.86.68.33 port 37738 ssh2
Jan 16 23:58:00 host sshd[13396]: Received disconnect from 220.86.68.33 port 37738:11: Bye Bye [preauth]
Jan 16 23:58:00 host sshd[13396]: Disconnected from 220.86.68.33 port 37738 [preauth]
Jan 16 23:58:38 host sshd[13485]: Invalid user pos from 35.199.73.100 port 33668
Jan 16 23:58:38 host sshd[13485]: input_userauth_request: invalid user pos [preauth]
Jan 16 23:58:38 host sshd[13485]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:58:38 host sshd[13485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.73.100
Jan 16 23:58:40 host sshd[13485]: Failed password for invalid user pos from 35.199.73.100 port 33668 ssh2
Jan 16 23:58:40 host sshd[13485]: Received disconnect from 35.199.73.100 port 33668:11: Bye Bye [preauth]
Jan 16 23:58:40 host sshd[13485]: Disconnected from 35.199.73.100 port 33668 [preauth]
Jan 16 23:58:59 host sshd[13506]: User root from 157.245.82.165 not allowed because not listed in AllowUsers
Jan 16 23:58:59 host sshd[13506]: input_userauth_request: invalid user root [preauth]
Jan 16 23:58:59 host unix_chkpwd[13509]: password check failed for user (root)
Jan 16 23:58:59 host sshd[13506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.82.165 user=root
Jan 16 23:58:59 host sshd[13506]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:59:01 host sshd[13506]: Failed password for invalid user root from 157.245.82.165 port 50534 ssh2
Jan 16 23:59:02 host sshd[13506]: Received disconnect from 157.245.82.165 port 50534:11: Bye Bye [preauth]
Jan 16 23:59:02 host sshd[13506]: Disconnected from 157.245.82.165 port 50534 [preauth]
Jan 16 23:59:05 host sshd[13530]: Invalid user deamon from 154.209.4.95 port 35314
Jan 16 23:59:05 host sshd[13530]: input_userauth_request: invalid user deamon [preauth]
Jan 16 23:59:05 host sshd[13530]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:59:05 host sshd[13530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.209.4.95
Jan 16 23:59:08 host sshd[13530]: Failed password for invalid user deamon from 154.209.4.95 port 35314 ssh2
Jan 16 23:59:08 host sshd[13530]: Received disconnect from 154.209.4.95 port 35314:11: Bye Bye [preauth]
Jan 16 23:59:08 host sshd[13530]: Disconnected from 154.209.4.95 port 35314 [preauth]
Jan 16 23:59:09 host sshd[13567]: Invalid user bitnami from 40.127.156.222 port 10792
Jan 16 23:59:09 host sshd[13567]: input_userauth_request: invalid user bitnami [preauth]
Jan 16 23:59:09 host sshd[13567]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:59:09 host sshd[13567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.127.156.222
Jan 16 23:59:11 host sshd[13567]: Failed password for invalid user bitnami from 40.127.156.222 port 10792 ssh2
Jan 16 23:59:11 host sshd[13567]: Received disconnect from 40.127.156.222 port 10792:11: Bye Bye [preauth]
Jan 16 23:59:11 host sshd[13567]: Disconnected from 40.127.156.222 port 10792 [preauth]
Jan 16 23:59:23 host sshd[13586]: Invalid user deamon from 181.224.94.54 port 40197
Jan 16 23:59:23 host sshd[13586]: input_userauth_request: invalid user deamon [preauth]
Jan 16 23:59:23 host sshd[13586]: pam_unix(sshd:auth): check pass; user unknown
Jan 16 23:59:23 host sshd[13586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.224.94.54
Jan 16 23:59:25 host sshd[13586]: Failed password for invalid user deamon from 181.224.94.54 port 40197 ssh2
Jan 16 23:59:26 host sshd[13586]: Received disconnect from 181.224.94.54 port 40197:11: Bye Bye [preauth]
Jan 16 23:59:26 host sshd[13586]: Disconnected from 181.224.94.54 port 40197 [preauth]
Jan 16 23:59:48 host sshd[13667]: User root from 220.86.68.33 not allowed because not listed in AllowUsers
Jan 16 23:59:48 host sshd[13667]: input_userauth_request: invalid user root [preauth]
Jan 16 23:59:48 host unix_chkpwd[13670]: password check failed for user (root)
Jan 16 23:59:48 host sshd[13667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.86.68.33 user=root
Jan 16 23:59:48 host sshd[13667]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:59:49 host sshd[13667]: Failed password for invalid user root from 220.86.68.33 port 36126 ssh2
Jan 16 23:59:49 host sshd[13667]: Received disconnect from 220.86.68.33 port 36126:11: Bye Bye [preauth]
Jan 16 23:59:49 host sshd[13667]: Disconnected from 220.86.68.33 port 36126 [preauth]
Jan 16 23:59:49 host sshd[13672]: User root from 185.74.5.184 not allowed because not listed in AllowUsers
Jan 16 23:59:49 host sshd[13672]: input_userauth_request: invalid user root [preauth]
Jan 16 23:59:49 host unix_chkpwd[13675]: password check failed for user (root)
Jan 16 23:59:49 host sshd[13672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.74.5.184 user=root
Jan 16 23:59:49 host sshd[13672]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 16 23:59:51 host sshd[13672]: Failed password for invalid user root from 185.74.5.184 port 44990 ssh2
Jan 16 23:59:51 host sshd[13672]: Received disconnect from 185.74.5.184 port 44990:11: Bye Bye [preauth]
Jan 16 23:59:51 host sshd[13672]: Disconnected from 185.74.5.184 port 44990 [preauth]
Jan 17 00:00:09 host sshd[13846]: Invalid user david from 45.127.88.139 port 32938
Jan 17 00:00:09 host sshd[13846]: input_userauth_request: invalid user david [preauth]
Jan 17 00:00:09 host sshd[13846]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:00:09 host sshd[13846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.127.88.139
Jan 17 00:00:10 host sshd[13846]: Failed password for invalid user david from 45.127.88.139 port 32938 ssh2
Jan 17 00:00:11 host sshd[13846]: Received disconnect from 45.127.88.139 port 32938:11: Bye Bye [preauth]
Jan 17 00:00:11 host sshd[13846]: Disconnected from 45.127.88.139 port 32938 [preauth]
Jan 17 00:00:17 host sshd[13853]: Invalid user testing from 40.127.156.222 port 10792
Jan 17 00:00:17 host sshd[13853]: input_userauth_request: invalid user testing [preauth]
Jan 17 00:00:17 host sshd[13853]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:00:17 host sshd[13853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.127.156.222
Jan 17 00:00:19 host sshd[13853]: Failed password for invalid user testing from 40.127.156.222 port 10792 ssh2
Jan 17 00:00:19 host sshd[13853]: Received disconnect from 40.127.156.222 port 10792:11: Bye Bye [preauth]
Jan 17 00:00:19 host sshd[13853]: Disconnected from 40.127.156.222 port 10792 [preauth]
Jan 17 00:00:20 host sshd[13859]: User root from 206.189.130.158 not allowed because not listed in AllowUsers
Jan 17 00:00:20 host sshd[13859]: input_userauth_request: invalid user root [preauth]
Jan 17 00:00:20 host unix_chkpwd[13861]: password check failed for user (root)
Jan 17 00:00:20 host sshd[13859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.130.158 user=root
Jan 17 00:00:20 host sshd[13859]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:00:21 host sshd[13859]: Failed password for invalid user root from 206.189.130.158 port 33732 ssh2
Jan 17 00:00:21 host sshd[13859]: Received disconnect from 206.189.130.158 port 33732:11: Bye Bye [preauth]
Jan 17 00:00:21 host sshd[13859]: Disconnected from 206.189.130.158 port 33732 [preauth]
Jan 17 00:00:37 host sshd[13897]: User root from 35.199.73.100 not allowed because not listed in AllowUsers
Jan 17 00:00:37 host sshd[13897]: input_userauth_request: invalid user root [preauth]
Jan 17 00:00:37 host unix_chkpwd[13902]: password check failed for user (root)
Jan 17 00:00:37 host sshd[13897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.73.100 user=root
Jan 17 00:00:37 host sshd[13897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:00:38 host sshd[13897]: Failed password for invalid user root from 35.199.73.100 port 34772 ssh2
Jan 17 00:00:39 host sshd[13897]: Received disconnect from 35.199.73.100 port 34772:11: Bye Bye [preauth]
Jan 17 00:00:39 host sshd[13897]: Disconnected from 35.199.73.100 port 34772 [preauth]
Jan 17 00:01:19 host sshd[14049]: User root from 154.209.4.95 not allowed because not listed in AllowUsers
Jan 17 00:01:19 host sshd[14049]: input_userauth_request: invalid user root [preauth]
Jan 17 00:01:19 host unix_chkpwd[14051]: password check failed for user (root)
Jan 17 00:01:19 host sshd[14049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.209.4.95 user=root
Jan 17 00:01:19 host sshd[14049]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:01:21 host sshd[14049]: Failed password for invalid user root from 154.209.4.95 port 33190 ssh2
Jan 17 00:01:21 host sshd[14049]: Received disconnect from 154.209.4.95 port 33190:11: Bye Bye [preauth]
Jan 17 00:01:21 host sshd[14049]: Disconnected from 154.209.4.95 port 33190 [preauth]
Jan 17 00:01:22 host sshd[14094]: User root from 45.127.88.139 not allowed because not listed in AllowUsers
Jan 17 00:01:22 host sshd[14094]: input_userauth_request: invalid user root [preauth]
Jan 17 00:01:22 host unix_chkpwd[14097]: password check failed for user (root)
Jan 17 00:01:22 host sshd[14094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.127.88.139 user=root
Jan 17 00:01:22 host sshd[14094]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:01:23 host sshd[14094]: Failed password for invalid user root from 45.127.88.139 port 54486 ssh2
Jan 17 00:01:23 host sshd[14094]: Received disconnect from 45.127.88.139 port 54486:11: Bye Bye [preauth]
Jan 17 00:01:23 host sshd[14094]: Disconnected from 45.127.88.139 port 54486 [preauth]
Jan 17 00:01:28 host sshd[14103]: Invalid user samba from 40.127.156.222 port 10792
Jan 17 00:01:28 host sshd[14103]: input_userauth_request: invalid user samba [preauth]
Jan 17 00:01:28 host sshd[14103]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:01:28 host sshd[14103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.127.156.222
Jan 17 00:01:30 host sshd[14103]: Failed password for invalid user samba from 40.127.156.222 port 10792 ssh2
Jan 17 00:01:30 host sshd[14158]: Invalid user bitwarden from 206.189.130.158 port 55378
Jan 17 00:01:30 host sshd[14158]: input_userauth_request: invalid user bitwarden [preauth]
Jan 17 00:01:30 host sshd[14158]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:01:30 host sshd[14158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.130.158
Jan 17 00:01:30 host sshd[14103]: Received disconnect from 40.127.156.222 port 10792:11: Bye Bye [preauth]
Jan 17 00:01:30 host sshd[14103]: Disconnected from 40.127.156.222 port 10792 [preauth]
Jan 17 00:01:32 host sshd[14158]: Failed password for invalid user bitwarden from 206.189.130.158 port 55378 ssh2
Jan 17 00:01:32 host sshd[14158]: Received disconnect from 206.189.130.158 port 55378:11: Bye Bye [preauth]
Jan 17 00:01:32 host sshd[14158]: Disconnected from 206.189.130.158 port 55378 [preauth]
Jan 17 00:01:55 host sshd[14219]: Invalid user gitlab-runner from 125.229.10.158 port 33220
Jan 17 00:01:55 host sshd[14219]: input_userauth_request: invalid user gitlab-runner [preauth]
Jan 17 00:01:55 host sshd[14219]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:01:55 host sshd[14219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.10.158
Jan 17 00:01:57 host sshd[14219]: Failed password for invalid user gitlab-runner from 125.229.10.158 port 33220 ssh2
Jan 17 00:01:57 host sshd[14219]: Connection reset by 125.229.10.158 port 33220 [preauth]
Jan 17 00:02:05 host sshd[14248]: User mysql from 35.199.73.100 not allowed because not listed in AllowUsers
Jan 17 00:02:05 host sshd[14248]: input_userauth_request: invalid user mysql [preauth]
Jan 17 00:02:05 host unix_chkpwd[14251]: password check failed for user (mysql)
Jan 17 00:02:05 host sshd[14248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.199.73.100 user=mysql
Jan 17 00:02:05 host sshd[14248]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 17 00:02:07 host sshd[14248]: Failed password for invalid user mysql from 35.199.73.100 port 33210 ssh2
Jan 17 00:02:07 host sshd[14248]: Received disconnect from 35.199.73.100 port 33210:11: Bye Bye [preauth]
Jan 17 00:02:07 host sshd[14248]: Disconnected from 35.199.73.100 port 33210 [preauth]
Jan 17 00:02:41 host sshd[14338]: User root from 154.209.4.95 not allowed because not listed in AllowUsers
Jan 17 00:02:41 host sshd[14338]: input_userauth_request: invalid user root [preauth]
Jan 17 00:02:41 host unix_chkpwd[14341]: password check failed for user (root)
Jan 17 00:02:41 host sshd[14338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.209.4.95 user=root
Jan 17 00:02:41 host sshd[14338]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:02:43 host sshd[14338]: Failed password for invalid user root from 154.209.4.95 port 54866 ssh2
Jan 17 00:02:43 host sshd[14343]: Invalid user system from 40.127.156.222 port 10792
Jan 17 00:02:43 host sshd[14343]: input_userauth_request: invalid user system [preauth]
Jan 17 00:02:43 host sshd[14343]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:02:43 host sshd[14343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.127.156.222
Jan 17 00:02:43 host sshd[14338]: Received disconnect from 154.209.4.95 port 54866:11: Bye Bye [preauth]
Jan 17 00:02:43 host sshd[14338]: Disconnected from 154.209.4.95 port 54866 [preauth]
Jan 17 00:02:45 host sshd[14343]: Failed password for invalid user system from 40.127.156.222 port 10792 ssh2
Jan 17 00:02:45 host sshd[14343]: Received disconnect from 40.127.156.222 port 10792:11: Bye Bye [preauth]
Jan 17 00:02:45 host sshd[14343]: Disconnected from 40.127.156.222 port 10792 [preauth]
Jan 17 00:18:07 host sshd[17367]: Invalid user user from 121.133.205.146 port 64786
Jan 17 00:18:07 host sshd[17367]: input_userauth_request: invalid user user [preauth]
Jan 17 00:18:07 host sshd[17367]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:18:07 host sshd[17367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.133.205.146
Jan 17 00:18:09 host sshd[17367]: Failed password for invalid user user from 121.133.205.146 port 64786 ssh2
Jan 17 00:18:10 host sshd[17367]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:18:12 host sshd[17367]: Failed password for invalid user user from 121.133.205.146 port 64786 ssh2
Jan 17 00:18:14 host sshd[17367]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:18:16 host sshd[17367]: Failed password for invalid user user from 121.133.205.146 port 64786 ssh2
Jan 17 00:18:17 host sshd[17367]: Connection reset by 121.133.205.146 port 64786 [preauth]
Jan 17 00:18:17 host sshd[17367]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.133.205.146
Jan 17 00:19:24 host sshd[17500]: Connection reset by 180.50.241.202 port 60203 [preauth]
Jan 17 00:20:14 host sshd[17717]: Invalid user ubnt from 195.226.194.242 port 20862
Jan 17 00:20:14 host sshd[17717]: input_userauth_request: invalid user ubnt [preauth]
Jan 17 00:20:15 host sshd[17717]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:20:15 host sshd[17717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 17 00:20:16 host sshd[17717]: Failed password for invalid user ubnt from 195.226.194.242 port 20862 ssh2
Jan 17 00:20:17 host sshd[17717]: Received disconnect from 195.226.194.242 port 20862:11: Bye Bye [preauth]
Jan 17 00:20:17 host sshd[17717]: Disconnected from 195.226.194.242 port 20862 [preauth]
Jan 17 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 00:22:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=cochintaxi user-2=wwwkaretakers user-3=dartsimp user-4=a2zgroup user-5=laundryboniface user-6=wwwpmcresource user-7=travelboniface user-8=ugotscom user-9=wwwrmswll user-10=keralaholi user-11=wwwresourcehunte user-12=disposeat user-13=remysagr user-14=wwwkmaorg user-15=woodpeck user-16=wwwkapin user-17=wwwtestugo user-18=shalinijames user-19=vfmassets user-20=pmcresources user-21=wwwevmhonda user-22=bonifacegroup user-23=wwwletsstalkfood user-24=straightcurve user-25=kottayamcalldriv user-26=phmetals user-27=gifterman user-28=palco123 user-29=wwwnexidigital user-30=mrsclean feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 00:22:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-XJTsbz1hrVdmH4rk.~
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-XJTsbz1hrVdmH4rk.~'
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-XJTsbz1hrVdmH4rk.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 00:22:03 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 00:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 00:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 00:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 00:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 00:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 00:22:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 00:22:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 00:24:23 host sshd[18419]: Invalid user admin from 68.21.145.132 port 51598
Jan 17 00:24:23 host sshd[18419]: input_userauth_request: invalid user admin [preauth]
Jan 17 00:24:23 host sshd[18419]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:24:23 host sshd[18419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.21.145.132
Jan 17 00:24:24 host sshd[18419]: Failed password for invalid user admin from 68.21.145.132 port 51598 ssh2
Jan 17 00:24:24 host sshd[18419]: Received disconnect from 68.21.145.132 port 51598:11: Bye Bye [preauth]
Jan 17 00:24:24 host sshd[18419]: Disconnected from 68.21.145.132 port 51598 [preauth]
Jan 17 00:26:13 host sshd[18884]: Did not receive identification string from 121.4.200.213 port 56546
Jan 17 00:26:14 host sshd[18886]: User mysql from 121.4.200.213 not allowed because not listed in AllowUsers
Jan 17 00:26:14 host sshd[18885]: User root from 121.4.200.213 not allowed because not listed in AllowUsers
Jan 17 00:26:14 host sshd[18886]: input_userauth_request: invalid user mysql [preauth]
Jan 17 00:26:14 host sshd[18885]: input_userauth_request: invalid user root [preauth]
Jan 17 00:26:14 host sshd[18887]: User root from 121.4.200.213 not allowed because not listed in AllowUsers
Jan 17 00:26:14 host sshd[18887]: input_userauth_request: invalid user root [preauth]
Jan 17 00:26:14 host sshd[18888]: Invalid user steam from 121.4.200.213 port 37012
Jan 17 00:26:14 host sshd[18888]: input_userauth_request: invalid user steam [preauth]
Jan 17 00:26:14 host sshd[18892]: Invalid user admin from 121.4.200.213 port 37018
Jan 17 00:26:14 host sshd[18891]: Invalid user student from 121.4.200.213 port 37014
Jan 17 00:26:14 host sshd[18890]: User root from 121.4.200.213 not allowed because not listed in AllowUsers
Jan 17 00:26:14 host sshd[18893]: User root from 121.4.200.213 not allowed because not listed in AllowUsers
Jan 17 00:26:14 host sshd[18891]: input_userauth_request: invalid user student [preauth]
Jan 17 00:26:14 host sshd[18890]: input_userauth_request: invalid user root [preauth]
Jan 17 00:26:14 host sshd[18893]: input_userauth_request: invalid user root [preauth]
Jan 17 00:26:14 host sshd[18892]: input_userauth_request: invalid user admin [preauth]
Jan 17 00:26:14 host sshd[18895]: Invalid user admin from 121.4.200.213 port 37002
Jan 17 00:26:14 host sshd[18895]: input_userauth_request: invalid user admin [preauth]
Jan 17 00:26:14 host sshd[18901]: Invalid user admin from 121.4.200.213 port 36986
Jan 17 00:26:14 host sshd[18901]: input_userauth_request: invalid user admin [preauth]
Jan 17 00:26:14 host sshd[18913]: User root from 121.4.200.213 not allowed because not listed in AllowUsers
Jan 17 00:26:14 host sshd[18913]: input_userauth_request: invalid user root [preauth]
Jan 17 00:26:15 host unix_chkpwd[18917]: password check failed for user (mysql)
Jan 17 00:26:15 host sshd[18886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213 user=mysql
Jan 17 00:26:15 host sshd[18886]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 17 00:26:15 host unix_chkpwd[18918]: password check failed for user (root)
Jan 17 00:26:15 host sshd[18885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213 user=root
Jan 17 00:26:15 host sshd[18885]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:26:15 host sshd[18888]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:26:15 host sshd[18888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213
Jan 17 00:26:15 host sshd[18891]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:26:15 host sshd[18891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213
Jan 17 00:26:15 host sshd[18892]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:26:15 host sshd[18892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213
Jan 17 00:26:15 host unix_chkpwd[18919]: password check failed for user (root)
Jan 17 00:26:15 host sshd[18887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213 user=root
Jan 17 00:26:15 host sshd[18887]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:26:15 host sshd[18895]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:26:15 host sshd[18895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213
Jan 17 00:26:15 host unix_chkpwd[18921]: password check failed for user (root)
Jan 17 00:26:15 host sshd[18890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213 user=root
Jan 17 00:26:15 host sshd[18890]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:26:15 host unix_chkpwd[18920]: password check failed for user (root)
Jan 17 00:26:15 host sshd[18893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213 user=root
Jan 17 00:26:15 host sshd[18893]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:26:15 host sshd[18898]: User root from 121.4.200.213 not allowed because not listed in AllowUsers
Jan 17 00:26:15 host sshd[18898]: input_userauth_request: invalid user root [preauth]
Jan 17 00:26:15 host sshd[18901]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:26:15 host sshd[18901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213
Jan 17 00:26:15 host sshd[18905]: Invalid user git from 121.4.200.213 port 37008
Jan 17 00:26:15 host sshd[18905]: input_userauth_request: invalid user git [preauth]
Jan 17 00:26:15 host unix_chkpwd[18923]: password check failed for user (root)
Jan 17 00:26:15 host sshd[18913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213 user=root
Jan 17 00:26:15 host sshd[18913]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:26:15 host unix_chkpwd[18924]: password check failed for user (root)
Jan 17 00:26:15 host sshd[18898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213 user=root
Jan 17 00:26:15 host sshd[18898]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:26:15 host sshd[18905]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:26:15 host sshd[18905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213
Jan 17 00:26:16 host sshd[18906]: Invalid user user from 121.4.200.213 port 36988
Jan 17 00:26:16 host sshd[18906]: input_userauth_request: invalid user user [preauth]
Jan 17 00:26:16 host sshd[18907]: User centos from 121.4.200.213 not allowed because not listed in AllowUsers
Jan 17 00:26:16 host sshd[18907]: input_userauth_request: invalid user centos [preauth]
Jan 17 00:26:16 host sshd[18906]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:26:16 host sshd[18906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213
Jan 17 00:26:16 host unix_chkpwd[18942]: password check failed for user (centos)
Jan 17 00:26:16 host sshd[18907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213 user=centos
Jan 17 00:26:16 host sshd[18886]: Failed password for invalid user mysql from 121.4.200.213 port 37020 ssh2
Jan 17 00:26:16 host sshd[18885]: Failed password for invalid user root from 121.4.200.213 port 36992 ssh2
Jan 17 00:26:17 host sshd[18886]: Connection closed by 121.4.200.213 port 37020 [preauth]
Jan 17 00:26:17 host sshd[18885]: Connection closed by 121.4.200.213 port 36992 [preauth]
Jan 17 00:26:17 host sshd[18888]: Failed password for invalid user steam from 121.4.200.213 port 37012 ssh2
Jan 17 00:26:17 host sshd[18891]: Failed password for invalid user student from 121.4.200.213 port 37014 ssh2
Jan 17 00:26:17 host sshd[18892]: Failed password for invalid user admin from 121.4.200.213 port 37018 ssh2
Jan 17 00:26:17 host sshd[18887]: Failed password for invalid user root from 121.4.200.213 port 37004 ssh2
Jan 17 00:26:17 host sshd[18895]: Failed password for invalid user admin from 121.4.200.213 port 37002 ssh2
Jan 17 00:26:17 host sshd[18890]: Failed password for invalid user root from 121.4.200.213 port 36996 ssh2
Jan 17 00:26:17 host sshd[18893]: Failed password for invalid user root from 121.4.200.213 port 37010 ssh2
Jan 17 00:26:17 host sshd[18901]: Failed password for invalid user admin from 121.4.200.213 port 36986 ssh2
Jan 17 00:26:17 host sshd[18913]: Failed password for invalid user root from 121.4.200.213 port 36998 ssh2
Jan 17 00:26:17 host sshd[18888]: Connection closed by 121.4.200.213 port 37012 [preauth]
Jan 17 00:26:17 host sshd[18891]: Connection closed by 121.4.200.213 port 37014 [preauth]
Jan 17 00:26:17 host sshd[18887]: Connection closed by 121.4.200.213 port 37004 [preauth]
Jan 17 00:26:17 host sshd[18892]: Connection closed by 121.4.200.213 port 37018 [preauth]
Jan 17 00:26:17 host sshd[18895]: Connection closed by 121.4.200.213 port 37002 [preauth]
Jan 17 00:26:17 host sshd[18890]: Connection closed by 121.4.200.213 port 36996 [preauth]
Jan 17 00:26:17 host sshd[18893]: Connection closed by 121.4.200.213 port 37010 [preauth]
Jan 17 00:26:17 host sshd[18901]: Connection closed by 121.4.200.213 port 36986 [preauth]
Jan 17 00:26:17 host sshd[18898]: Failed password for invalid user root from 121.4.200.213 port 36990 ssh2
Jan 17 00:26:17 host sshd[18905]: Failed password for invalid user git from 121.4.200.213 port 37008 ssh2
Jan 17 00:26:17 host sshd[18925]: User root from 121.4.200.213 not allowed because not listed in AllowUsers
Jan 17 00:26:17 host sshd[18925]: input_userauth_request: invalid user root [preauth]
Jan 17 00:26:17 host sshd[18926]: Invalid user esuser from 121.4.200.213 port 37058
Jan 17 00:26:17 host sshd[18926]: input_userauth_request: invalid user esuser [preauth]
Jan 17 00:26:17 host sshd[18913]: Connection closed by 121.4.200.213 port 36998 [preauth]
Jan 17 00:26:17 host sshd[18898]: Connection closed by 121.4.200.213 port 36990 [preauth]
Jan 17 00:26:18 host sshd[18905]: Connection closed by 121.4.200.213 port 37008 [preauth]
Jan 17 00:26:18 host unix_chkpwd[18954]: password check failed for user (root)
Jan 17 00:26:18 host sshd[18925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213 user=root
Jan 17 00:26:18 host sshd[18925]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:26:18 host sshd[18926]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:26:18 host sshd[18926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213
Jan 17 00:26:18 host sshd[18906]: Failed password for invalid user user from 121.4.200.213 port 36988 ssh2
Jan 17 00:26:18 host sshd[18934]: User root from 121.4.200.213 not allowed because not listed in AllowUsers
Jan 17 00:26:18 host sshd[18934]: input_userauth_request: invalid user root [preauth]
Jan 17 00:26:18 host sshd[18907]: Failed password for invalid user centos from 121.4.200.213 port 36994 ssh2
Jan 17 00:26:18 host sshd[18935]: Invalid user testuser from 121.4.200.213 port 37056
Jan 17 00:26:18 host sshd[18935]: input_userauth_request: invalid user testuser [preauth]
Jan 17 00:26:18 host sshd[18944]: User root from 121.4.200.213 not allowed because not listed in AllowUsers
Jan 17 00:26:18 host sshd[18944]: input_userauth_request: invalid user root [preauth]
Jan 17 00:26:18 host sshd[18945]: Invalid user admin from 121.4.200.213 port 37050
Jan 17 00:26:18 host sshd[18945]: input_userauth_request: invalid user admin [preauth]
Jan 17 00:26:18 host sshd[18906]: Connection closed by 121.4.200.213 port 36988 [preauth]
Jan 17 00:26:18 host sshd[18948]: User root from 121.4.200.213 not allowed because not listed in AllowUsers
Jan 17 00:26:18 host sshd[18948]: input_userauth_request: invalid user root [preauth]
Jan 17 00:26:18 host sshd[18907]: Connection closed by 121.4.200.213 port 36994 [preauth]
Jan 17 00:26:18 host unix_chkpwd[18962]: password check failed for user (root)
Jan 17 00:26:18 host sshd[18934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213 user=root
Jan 17 00:26:18 host sshd[18934]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:26:19 host sshd[18935]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:26:19 host sshd[18935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213
Jan 17 00:26:19 host unix_chkpwd[18963]: password check failed for user (root)
Jan 17 00:26:19 host sshd[18944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213 user=root
Jan 17 00:26:19 host sshd[18944]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:26:19 host sshd[18945]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:26:19 host sshd[18945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213
Jan 17 00:26:19 host unix_chkpwd[18965]: password check failed for user (root)
Jan 17 00:26:19 host sshd[18948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.200.213 user=root
Jan 17 00:26:19 host sshd[18948]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:26:19 host sshd[18925]: Failed password for invalid user root from 121.4.200.213 port 37040 ssh2
Jan 17 00:26:19 host sshd[18926]: Failed password for invalid user esuser from 121.4.200.213 port 37058 ssh2
Jan 17 00:26:19 host sshd[18931]: Invalid user www from 121.4.200.213 port 37022
Jan 17 00:26:19 host sshd[18931]: input_userauth_request: invalid user www [preauth]
Jan 17 00:26:19 host sshd[18925]: Connection closed by 121.4.200.213 port 37040 [preauth]
Jan 17 00:26:19 host sshd[18926]: Connection closed by 121.4.200.213 port 37058 [preauth]
Jan 17 00:26:20 host sshd[18934]: Failed password for invalid user root from 121.4.200.213 port 37038 ssh2
Jan 17 00:26:20 host sshd[18935]: Failed password for invalid user testuser from 121.4.200.213 port 37056 ssh2
Jan 17 00:26:20 host sshd[18944]: Failed password for invalid user root from 121.4.200.213 port 37042 ssh2
Jan 17 00:26:20 host sshd[18945]: Failed password for invalid user admin from 121.4.200.213 port 37050 ssh2
Jan 17 00:26:20 host sshd[18948]: Failed password for invalid user root from 121.4.200.213 port 37028 ssh2
Jan 17 00:27:10 host sshd[19101]: Connection closed by 45.79.181.94 port 42342 [preauth]
Jan 17 00:27:12 host sshd[19104]: Connection closed by 45.79.181.94 port 42344 [preauth]
Jan 17 00:27:13 host sshd[19109]: Connection closed by 45.79.181.94 port 42354 [preauth]
Jan 17 00:28:01 host sshd[19240]: User root from 68.21.145.132 not allowed because not listed in AllowUsers
Jan 17 00:28:01 host sshd[19240]: input_userauth_request: invalid user root [preauth]
Jan 17 00:28:01 host unix_chkpwd[19243]: password check failed for user (root)
Jan 17 00:28:01 host sshd[19240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.21.145.132 user=root
Jan 17 00:28:01 host sshd[19240]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 00:28:02 host sshd[19240]: Failed password for invalid user root from 68.21.145.132 port 42528 ssh2
Jan 17 00:28:03 host sshd[19240]: Received disconnect from 68.21.145.132 port 42528:11: Bye Bye [preauth]
Jan 17 00:28:03 host sshd[19240]: Disconnected from 68.21.145.132 port 42528 [preauth]
Jan 17 00:33:59 host sshd[20269]: Connection reset by 52.124.103.152 port 62397 [preauth]
Jan 17 00:37:56 host sshd[20803]: Invalid user user from 122.117.94.46 port 50767
Jan 17 00:37:56 host sshd[20803]: input_userauth_request: invalid user user [preauth]
Jan 17 00:37:56 host sshd[20803]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:37:56 host sshd[20803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.94.46
Jan 17 00:37:58 host sshd[20803]: Failed password for invalid user user from 122.117.94.46 port 50767 ssh2
Jan 17 00:37:59 host sshd[20803]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:38:01 host sshd[20803]: Failed password for invalid user user from 122.117.94.46 port 50767 ssh2
Jan 17 00:38:03 host sshd[20803]: Connection reset by 122.117.94.46 port 50767 [preauth]
Jan 17 00:38:03 host sshd[20803]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.94.46
Jan 17 00:39:19 host sshd[21098]: Invalid user user from 75.151.249.214 port 63624
Jan 17 00:39:19 host sshd[21098]: input_userauth_request: invalid user user [preauth]
Jan 17 00:39:19 host sshd[21098]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:39:19 host sshd[21098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.151.249.214
Jan 17 00:39:21 host sshd[21098]: Failed password for invalid user user from 75.151.249.214 port 63624 ssh2
Jan 17 00:39:28 host sshd[21098]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:39:30 host sshd[21098]: Failed password for invalid user user from 75.151.249.214 port 63624 ssh2
Jan 17 00:39:34 host sshd[21098]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:39:36 host sshd[21098]: Failed password for invalid user user from 75.151.249.214 port 63624 ssh2
Jan 17 00:39:41 host sshd[21098]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:39:43 host sshd[21098]: Failed password for invalid user user from 75.151.249.214 port 63624 ssh2
Jan 17 00:41:55 host sshd[21613]: Invalid user fe from 194.110.203.109 port 43804
Jan 17 00:41:55 host sshd[21613]: input_userauth_request: invalid user fe [preauth]
Jan 17 00:41:55 host sshd[21613]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:41:55 host sshd[21613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 00:41:57 host sshd[21613]: Failed password for invalid user fe from 194.110.203.109 port 43804 ssh2
Jan 17 00:42:00 host sshd[21613]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:42:03 host sshd[21613]: Failed password for invalid user fe from 194.110.203.109 port 43804 ssh2
Jan 17 00:42:06 host sshd[21613]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 00:42:08 host sshd[21613]: Failed password for invalid user fe from 194.110.203.109 port 43804 ssh2
Jan 17 00:42:11 host sshd[21613]: Connection closed by 194.110.203.109 port 43804 [preauth]
Jan 17 00:42:11 host sshd[21613]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 01:17:38 host sshd[26727]: User root from 195.226.194.242 not allowed because not listed in AllowUsers
Jan 17 01:17:38 host sshd[26727]: input_userauth_request: invalid user root [preauth]
Jan 17 01:17:38 host unix_chkpwd[26730]: password check failed for user (root)
Jan 17 01:17:38 host sshd[26727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242 user=root
Jan 17 01:17:38 host sshd[26727]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 01:17:40 host sshd[26727]: Failed password for invalid user root from 195.226.194.242 port 25598 ssh2
Jan 17 01:17:40 host sshd[26727]: Received disconnect from 195.226.194.242 port 25598:11: Bye Bye [preauth]
Jan 17 01:17:40 host sshd[26727]: Disconnected from 195.226.194.242 port 25598 [preauth]
Jan 17 01:17:55 host sshd[26784]: Did not receive identification string from 106.13.29.110 port 44606
Jan 17 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 01:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 01:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkaretakers user-2=cochintaxi user-3=laundryboniface user-4=a2zgroup user-5=dartsimp user-6=wwwpmcresource user-7=wwwresourcehunte user-8=keralaholi user-9=wwwrmswll user-10=ugotscom user-11=travelboniface user-12=woodpeck user-13=wwwkapin user-14=disposeat user-15=remysagr user-16=wwwkmaorg user-17=pmcresources user-18=vfmassets user-19=shalinijames user-20=wwwtestugo user-21=straightcurve user-22=wwwletsstalkfood user-23=bonifacegroup user-24=wwwevmhonda user-25=mrsclean user-26=wwwnexidigital user-27=palco123 user-28=gifterman user-29=kottayamcalldriv user-30=phmetals feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 01:22:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 01:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 01:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-HsjGVEzcEhR9VS16.~
Jan 17 01:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-HsjGVEzcEhR9VS16.~'
Jan 17 01:22:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-HsjGVEzcEhR9VS16.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 01:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 01:22:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 01:22:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 01:22:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 01:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 01:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 01:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 01:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 01:22:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:22:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 01:22:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 01:22:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 01:23:10 host sshd[27684]: User root from 59.4.255.220 not allowed because not listed in AllowUsers
Jan 17 01:23:10 host sshd[27684]: input_userauth_request: invalid user root [preauth]
Jan 17 01:23:10 host unix_chkpwd[27695]: password check failed for user (root)
Jan 17 01:23:10 host sshd[27684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.4.255.220 user=root
Jan 17 01:23:10 host sshd[27684]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 01:23:13 host sshd[27684]: Failed password for invalid user root from 59.4.255.220 port 46820 ssh2
Jan 17 01:23:14 host unix_chkpwd[27701]: password check failed for user (root)
Jan 17 01:23:14 host sshd[27684]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 01:23:16 host sshd[27684]: Failed password for invalid user root from 59.4.255.220 port 46820 ssh2
Jan 17 01:23:16 host unix_chkpwd[27704]: password check failed for user (root)
Jan 17 01:23:16 host sshd[27684]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 01:23:18 host sshd[27684]: Failed password for invalid user root from 59.4.255.220 port 46820 ssh2
Jan 17 01:23:19 host unix_chkpwd[27708]: password check failed for user (root)
Jan 17 01:23:19 host sshd[27684]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 01:23:21 host sshd[27684]: Failed password for invalid user root from 59.4.255.220 port 46820 ssh2
Jan 17 01:23:25 host sshd[27743]: Invalid user dale from 107.189.30.59 port 39476
Jan 17 01:23:25 host sshd[27743]: input_userauth_request: invalid user dale [preauth]
Jan 17 01:23:25 host sshd[27743]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 01:23:25 host sshd[27743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 17 01:23:26 host sshd[27743]: Failed password for invalid user dale from 107.189.30.59 port 39476 ssh2
Jan 17 01:23:27 host sshd[27743]: Connection closed by 107.189.30.59 port 39476 [preauth]
Jan 17 01:26:48 host sshd[28219]: User root from 162.252.102.236 not allowed because not listed in AllowUsers
Jan 17 01:26:48 host sshd[28219]: input_userauth_request: invalid user root [preauth]
Jan 17 01:26:48 host unix_chkpwd[28223]: password check failed for user (root)
Jan 17 01:26:48 host sshd[28219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.252.102.236 user=root
Jan 17 01:26:48 host sshd[28219]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 01:26:50 host sshd[28219]: Failed password for invalid user root from 162.252.102.236 port 37768 ssh2
Jan 17 01:26:51 host sshd[28219]: Connection reset by 162.252.102.236 port 37768 [preauth]
Jan 17 01:42:57 host sshd[30314]: Did not receive identification string from 198.23.174.250 port 41614
Jan 17 01:43:06 host sshd[30337]: Invalid user user from 222.118.129.96 port 61392
Jan 17 01:43:06 host sshd[30337]: input_userauth_request: invalid user user [preauth]
Jan 17 01:43:06 host sshd[30337]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 01:43:06 host sshd[30337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.118.129.96
Jan 17 01:43:08 host sshd[30337]: Failed password for invalid user user from 222.118.129.96 port 61392 ssh2
Jan 17 01:43:08 host sshd[30337]: Connection reset by 222.118.129.96 port 61392 [preauth]
Jan 17 01:43:23 host sshd[30358]: User root from 198.23.174.250 not allowed because not listed in AllowUsers
Jan 17 01:43:23 host sshd[30358]: input_userauth_request: invalid user root [preauth]
Jan 17 01:43:24 host unix_chkpwd[30361]: password check failed for user (root)
Jan 17 01:43:24 host sshd[30358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.250 user=root
Jan 17 01:43:24 host sshd[30358]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 01:43:26 host sshd[30358]: Failed password for invalid user root from 198.23.174.250 port 55522 ssh2
Jan 17 01:43:26 host sshd[30358]: Connection closed by 198.23.174.250 port 55522 [preauth]
Jan 17 01:43:58 host sshd[30426]: Invalid user admin from 198.23.174.250 port 33362
Jan 17 01:43:58 host sshd[30426]: input_userauth_request: invalid user admin [preauth]
Jan 17 01:43:58 host sshd[30426]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 01:43:58 host sshd[30426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.250
Jan 17 01:44:00 host sshd[30426]: Failed password for invalid user admin from 198.23.174.250 port 33362 ssh2
Jan 17 01:44:00 host sshd[30426]: Connection closed by 198.23.174.250 port 33362 [preauth]
Jan 17 01:44:25 host sshd[30652]: Connection closed by 107.170.240.15 port 41704 [preauth]
Jan 17 01:44:43 host sshd[30780]: User root from 113.53.164.236 not allowed because not listed in AllowUsers
Jan 17 01:44:43 host sshd[30780]: input_userauth_request: invalid user root [preauth]
Jan 17 01:44:43 host unix_chkpwd[30785]: password check failed for user (root)
Jan 17 01:44:43 host sshd[30780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.53.164.236 user=root
Jan 17 01:44:43 host sshd[30780]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 01:44:45 host sshd[30780]: Failed password for invalid user root from 113.53.164.236 port 34829 ssh2
Jan 17 01:44:47 host unix_chkpwd[30814]: password check failed for user (root)
Jan 17 01:44:47 host sshd[30780]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 01:44:48 host sshd[30780]: Failed password for invalid user root from 113.53.164.236 port 34829 ssh2
Jan 17 01:44:50 host sshd[30780]: Connection reset by 113.53.164.236 port 34829 [preauth]
Jan 17 01:44:50 host sshd[30780]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.53.164.236 user=root
Jan 17 01:50:34 host sshd[31916]: Invalid user Admin from 27.105.71.22 port 35904
Jan 17 01:50:34 host sshd[31916]: input_userauth_request: invalid user Admin [preauth]
Jan 17 01:50:34 host sshd[31916]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 01:50:34 host sshd[31916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.105.71.22
Jan 17 01:50:37 host sshd[31916]: Failed password for invalid user Admin from 27.105.71.22 port 35904 ssh2
Jan 17 01:50:37 host sshd[31916]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 01:50:40 host sshd[31916]: Failed password for invalid user Admin from 27.105.71.22 port 35904 ssh2
Jan 17 01:50:40 host sshd[31916]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 01:50:42 host sshd[31916]: Failed password for invalid user Admin from 27.105.71.22 port 35904 ssh2
Jan 17 01:50:42 host sshd[31916]: Connection reset by 27.105.71.22 port 35904 [preauth]
Jan 17 01:50:42 host sshd[31916]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.105.71.22
Jan 17 01:55:05 host sshd[32510]: Invalid user geoclue from 205.185.113.129 port 35352
Jan 17 01:55:05 host sshd[32510]: input_userauth_request: invalid user geoclue [preauth]
Jan 17 01:55:05 host sshd[32510]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 01:55:05 host sshd[32510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 17 01:55:07 host sshd[32510]: Failed password for invalid user geoclue from 205.185.113.129 port 35352 ssh2
Jan 17 01:55:08 host sshd[32510]: Connection closed by 205.185.113.129 port 35352 [preauth]
Jan 17 02:00:20 host sshd[1017]: Connection reset by 221.160.138.136 port 62171 [preauth]
Jan 17 02:00:27 host sshd[1031]: Invalid user admin from 125.134.147.94 port 60733
Jan 17 02:00:27 host sshd[1031]: input_userauth_request: invalid user admin [preauth]
Jan 17 02:00:27 host sshd[1031]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:00:27 host sshd[1031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.134.147.94
Jan 17 02:00:30 host sshd[1031]: Failed password for invalid user admin from 125.134.147.94 port 60733 ssh2
Jan 17 02:00:31 host sshd[1031]: Failed password for invalid user admin from 125.134.147.94 port 60733 ssh2
Jan 17 02:00:32 host sshd[1031]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:00:33 host sshd[1031]: Failed password for invalid user admin from 125.134.147.94 port 60733 ssh2
Jan 17 02:00:33 host sshd[1031]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:00:35 host sshd[1031]: Failed password for invalid user admin from 125.134.147.94 port 60733 ssh2
Jan 17 02:00:36 host sshd[1031]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:00:38 host sshd[1031]: Failed password for invalid user admin from 125.134.147.94 port 60733 ssh2
Jan 17 02:02:38 host sshd[1384]: User root from 178.128.29.118 not allowed because not listed in AllowUsers
Jan 17 02:02:38 host sshd[1384]: input_userauth_request: invalid user root [preauth]
Jan 17 02:02:38 host unix_chkpwd[1386]: password check failed for user (root)
Jan 17 02:02:38 host sshd[1384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.29.118 user=root
Jan 17 02:02:38 host sshd[1384]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:02:39 host sshd[1384]: Failed password for invalid user root from 178.128.29.118 port 40518 ssh2
Jan 17 02:02:39 host sshd[1384]: Received disconnect from 178.128.29.118 port 40518:11: Bye Bye [preauth]
Jan 17 02:02:39 host sshd[1384]: Disconnected from 178.128.29.118 port 40518 [preauth]
Jan 17 02:03:04 host sshd[1439]: User root from 178.154.222.234 not allowed because not listed in AllowUsers
Jan 17 02:03:05 host sshd[1439]: input_userauth_request: invalid user root [preauth]
Jan 17 02:03:05 host unix_chkpwd[1442]: password check failed for user (root)
Jan 17 02:03:05 host sshd[1439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.154.222.234 user=root
Jan 17 02:03:05 host sshd[1439]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:03:07 host sshd[1439]: Failed password for invalid user root from 178.154.222.234 port 36612 ssh2
Jan 17 02:03:07 host sshd[1439]: Received disconnect from 178.154.222.234 port 36612:11: Bye Bye [preauth]
Jan 17 02:03:07 host sshd[1439]: Disconnected from 178.154.222.234 port 36612 [preauth]
Jan 17 02:04:19 host sshd[1585]: Invalid user sammy from 162.240.51.46 port 54418
Jan 17 02:04:19 host sshd[1585]: input_userauth_request: invalid user sammy [preauth]
Jan 17 02:04:19 host sshd[1585]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:04:19 host sshd[1585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.240.51.46
Jan 17 02:04:21 host sshd[1585]: Failed password for invalid user sammy from 162.240.51.46 port 54418 ssh2
Jan 17 02:04:21 host sshd[1585]: Received disconnect from 162.240.51.46 port 54418:11: Bye Bye [preauth]
Jan 17 02:04:21 host sshd[1585]: Disconnected from 162.240.51.46 port 54418 [preauth]
Jan 17 02:04:36 host sshd[1640]: User root from 190.188.217.230 not allowed because not listed in AllowUsers
Jan 17 02:04:36 host sshd[1640]: input_userauth_request: invalid user root [preauth]
Jan 17 02:04:36 host unix_chkpwd[1644]: password check failed for user (root)
Jan 17 02:04:36 host sshd[1640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.188.217.230 user=root
Jan 17 02:04:36 host sshd[1640]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:04:38 host sshd[1640]: Failed password for invalid user root from 190.188.217.230 port 54381 ssh2
Jan 17 02:04:39 host sshd[1640]: Received disconnect from 190.188.217.230 port 54381:11: Bye Bye [preauth]
Jan 17 02:04:39 host sshd[1640]: Disconnected from 190.188.217.230 port 54381 [preauth]
Jan 17 02:04:48 host sshd[1659]: User root from 103.18.74.171 not allowed because not listed in AllowUsers
Jan 17 02:04:48 host sshd[1659]: input_userauth_request: invalid user root [preauth]
Jan 17 02:04:48 host unix_chkpwd[1662]: password check failed for user (root)
Jan 17 02:04:48 host sshd[1659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.74.171 user=root
Jan 17 02:04:48 host sshd[1659]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:04:50 host sshd[1659]: Failed password for invalid user root from 103.18.74.171 port 47164 ssh2
Jan 17 02:04:50 host sshd[1659]: Received disconnect from 103.18.74.171 port 47164:11: Bye Bye [preauth]
Jan 17 02:04:50 host sshd[1659]: Disconnected from 103.18.74.171 port 47164 [preauth]
Jan 17 02:04:59 host sshd[1687]: Invalid user guest from 103.147.5.161 port 48740
Jan 17 02:04:59 host sshd[1687]: input_userauth_request: invalid user guest [preauth]
Jan 17 02:04:59 host sshd[1687]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:04:59 host sshd[1687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.147.5.161
Jan 17 02:05:01 host sshd[1687]: Failed password for invalid user guest from 103.147.5.161 port 48740 ssh2
Jan 17 02:05:01 host sshd[1687]: Received disconnect from 103.147.5.161 port 48740:11: Bye Bye [preauth]
Jan 17 02:05:01 host sshd[1687]: Disconnected from 103.147.5.161 port 48740 [preauth]
Jan 17 02:05:21 host sshd[1892]: User root from 212.60.80.58 not allowed because not listed in AllowUsers
Jan 17 02:05:21 host sshd[1892]: input_userauth_request: invalid user root [preauth]
Jan 17 02:05:21 host unix_chkpwd[1895]: password check failed for user (root)
Jan 17 02:05:21 host sshd[1892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.60.80.58 user=root
Jan 17 02:05:21 host sshd[1892]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:05:22 host sshd[1892]: Failed password for invalid user root from 212.60.80.58 port 35741 ssh2
Jan 17 02:05:23 host sshd[1892]: Received disconnect from 212.60.80.58 port 35741:11: Bye Bye [preauth]
Jan 17 02:05:23 host sshd[1892]: Disconnected from 212.60.80.58 port 35741 [preauth]
Jan 17 02:05:56 host sshd[1991]: Invalid user hotline from 178.128.29.118 port 52268
Jan 17 02:05:56 host sshd[1991]: input_userauth_request: invalid user hotline [preauth]
Jan 17 02:05:56 host sshd[1991]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:05:56 host sshd[1991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.29.118
Jan 17 02:05:59 host sshd[1991]: Failed password for invalid user hotline from 178.128.29.118 port 52268 ssh2
Jan 17 02:05:59 host sshd[1991]: Received disconnect from 178.128.29.118 port 52268:11: Bye Bye [preauth]
Jan 17 02:05:59 host sshd[1991]: Disconnected from 178.128.29.118 port 52268 [preauth]
Jan 17 02:06:05 host sshd[2062]: Invalid user user3 from 178.154.222.234 port 45952
Jan 17 02:06:05 host sshd[2062]: input_userauth_request: invalid user user3 [preauth]
Jan 17 02:06:05 host sshd[2062]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:06:05 host sshd[2062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.154.222.234
Jan 17 02:06:08 host sshd[2062]: Failed password for invalid user user3 from 178.154.222.234 port 45952 ssh2
Jan 17 02:06:08 host sshd[2062]: Received disconnect from 178.154.222.234 port 45952:11: Bye Bye [preauth]
Jan 17 02:06:08 host sshd[2062]: Disconnected from 178.154.222.234 port 45952 [preauth]
Jan 17 02:06:13 host sshd[2074]: Invalid user mapr from 162.240.51.46 port 58062
Jan 17 02:06:13 host sshd[2074]: input_userauth_request: invalid user mapr [preauth]
Jan 17 02:06:13 host sshd[2074]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:06:13 host sshd[2074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.240.51.46
Jan 17 02:06:14 host sshd[2074]: Failed password for invalid user mapr from 162.240.51.46 port 58062 ssh2
Jan 17 02:06:15 host sshd[2074]: Received disconnect from 162.240.51.46 port 58062:11: Bye Bye [preauth]
Jan 17 02:06:15 host sshd[2074]: Disconnected from 162.240.51.46 port 58062 [preauth]
Jan 17 02:06:41 host sshd[2181]: User root from 212.60.80.58 not allowed because not listed in AllowUsers
Jan 17 02:06:41 host sshd[2181]: input_userauth_request: invalid user root [preauth]
Jan 17 02:06:41 host unix_chkpwd[2184]: password check failed for user (root)
Jan 17 02:06:41 host sshd[2181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.60.80.58 user=root
Jan 17 02:06:41 host sshd[2181]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:06:43 host sshd[2181]: Failed password for invalid user root from 212.60.80.58 port 47028 ssh2
Jan 17 02:07:11 host sshd[2276]: User root from 103.147.5.161 not allowed because not listed in AllowUsers
Jan 17 02:07:11 host sshd[2276]: input_userauth_request: invalid user root [preauth]
Jan 17 02:07:11 host unix_chkpwd[2279]: password check failed for user (root)
Jan 17 02:07:11 host sshd[2276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.147.5.161 user=root
Jan 17 02:07:11 host sshd[2276]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:07:13 host sshd[2287]: User root from 162.240.51.46 not allowed because not listed in AllowUsers
Jan 17 02:07:13 host sshd[2287]: input_userauth_request: invalid user root [preauth]
Jan 17 02:07:13 host unix_chkpwd[2290]: password check failed for user (root)
Jan 17 02:07:13 host sshd[2287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.240.51.46 user=root
Jan 17 02:07:13 host sshd[2287]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:07:14 host sshd[2276]: Failed password for invalid user root from 103.147.5.161 port 49060 ssh2
Jan 17 02:07:14 host sshd[2276]: Received disconnect from 103.147.5.161 port 49060:11: Bye Bye [preauth]
Jan 17 02:07:14 host sshd[2276]: Disconnected from 103.147.5.161 port 49060 [preauth]
Jan 17 02:07:16 host sshd[2287]: Failed password for invalid user root from 162.240.51.46 port 53868 ssh2
Jan 17 02:07:16 host sshd[2287]: Received disconnect from 162.240.51.46 port 53868:11: Bye Bye [preauth]
Jan 17 02:07:16 host sshd[2287]: Disconnected from 162.240.51.46 port 53868 [preauth]
Jan 17 02:07:56 host sshd[2446]: User root from 190.188.217.230 not allowed because not listed in AllowUsers
Jan 17 02:07:56 host sshd[2446]: input_userauth_request: invalid user root [preauth]
Jan 17 02:07:56 host unix_chkpwd[2449]: password check failed for user (root)
Jan 17 02:07:56 host sshd[2446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.188.217.230 user=root
Jan 17 02:07:56 host sshd[2446]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:07:58 host sshd[2446]: Failed password for invalid user root from 190.188.217.230 port 43152 ssh2
Jan 17 02:07:58 host sshd[2457]: User root from 103.18.74.171 not allowed because not listed in AllowUsers
Jan 17 02:07:58 host sshd[2457]: input_userauth_request: invalid user root [preauth]
Jan 17 02:07:58 host unix_chkpwd[2462]: password check failed for user (root)
Jan 17 02:07:58 host sshd[2457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.74.171 user=root
Jan 17 02:07:58 host sshd[2457]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:07:58 host sshd[2446]: Received disconnect from 190.188.217.230 port 43152:11: Bye Bye [preauth]
Jan 17 02:07:58 host sshd[2446]: Disconnected from 190.188.217.230 port 43152 [preauth]
Jan 17 02:08:01 host sshd[2457]: Failed password for invalid user root from 103.18.74.171 port 42258 ssh2
Jan 17 02:08:01 host sshd[2457]: Received disconnect from 103.18.74.171 port 42258:11: Bye Bye [preauth]
Jan 17 02:08:01 host sshd[2457]: Disconnected from 103.18.74.171 port 42258 [preauth]
Jan 17 02:15:55 host sshd[3777]: User root from 211.250.232.17 not allowed because not listed in AllowUsers
Jan 17 02:15:55 host sshd[3777]: input_userauth_request: invalid user root [preauth]
Jan 17 02:15:55 host unix_chkpwd[3780]: password check failed for user (root)
Jan 17 02:15:55 host sshd[3777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.250.232.17 user=root
Jan 17 02:15:55 host sshd[3777]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:15:57 host sshd[3777]: Failed password for invalid user root from 211.250.232.17 port 58956 ssh2
Jan 17 02:15:58 host unix_chkpwd[3784]: password check failed for user (root)
Jan 17 02:15:58 host sshd[3777]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:16:00 host sshd[3777]: Failed password for invalid user root from 211.250.232.17 port 58956 ssh2
Jan 17 02:16:01 host unix_chkpwd[3792]: password check failed for user (root)
Jan 17 02:16:01 host sshd[3777]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:16:03 host sshd[3777]: Failed password for invalid user root from 211.250.232.17 port 58956 ssh2
Jan 17 02:16:04 host unix_chkpwd[3807]: password check failed for user (root)
Jan 17 02:16:04 host sshd[3777]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:16:07 host sshd[3777]: Failed password for invalid user root from 211.250.232.17 port 58956 ssh2
Jan 17 02:16:08 host unix_chkpwd[3825]: password check failed for user (root)
Jan 17 02:16:08 host sshd[3777]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:16:10 host sshd[3777]: Failed password for invalid user root from 211.250.232.17 port 58956 ssh2
Jan 17 02:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwevmhonda user-2=bonifacegroup user-3=wwwletsstalkfood user-4=straightcurve user-5=kottayamcalldriv user-6=phmetals user-7=palco123 user-8=gifterman user-9=mrsclean user-10=wwwnexidigital user-11=disposeat user-12=wwwkmaorg user-13=remysagr user-14=wwwkapin user-15=woodpeck user-16=shalinijames user-17=wwwtestugo user-18=vfmassets user-19=pmcresources user-20=wwwpmcresource user-21=travelboniface user-22=ugotscom user-23=keralaholi user-24=wwwresourcehunte user-25=wwwrmswll user-26=wwwkaretakers user-27=cochintaxi user-28=a2zgroup user-29=dartsimp user-30=laundryboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 02:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ayTLzH26iP1xd3cU.~
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ayTLzH26iP1xd3cU.~'
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ayTLzH26iP1xd3cU.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 02:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 02:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:22:53 host sshd[5129]: Invalid user admin from 112.164.67.163 port 61876
Jan 17 02:22:53 host sshd[5129]: input_userauth_request: invalid user admin [preauth]
Jan 17 02:22:53 host sshd[5129]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:22:53 host sshd[5129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.164.67.163
Jan 17 02:22:54 host sshd[5129]: Failed password for invalid user admin from 112.164.67.163 port 61876 ssh2
Jan 17 02:22:55 host sshd[5129]: Failed password for invalid user admin from 112.164.67.163 port 61876 ssh2
Jan 17 02:22:56 host sshd[5129]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:22:58 host sshd[5129]: Failed password for invalid user admin from 112.164.67.163 port 61876 ssh2
Jan 17 02:23:00 host sshd[5129]: Connection reset by 112.164.67.163 port 61876 [preauth]
Jan 17 02:23:00 host sshd[5129]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.164.67.163
Jan 17 02:25:46 host sshd[5520]: Invalid user peertube from 51.15.105.243 port 41576
Jan 17 02:25:46 host sshd[5520]: input_userauth_request: invalid user peertube [preauth]
Jan 17 02:25:46 host sshd[5520]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:25:46 host sshd[5520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.105.243
Jan 17 02:25:48 host sshd[5520]: Failed password for invalid user peertube from 51.15.105.243 port 41576 ssh2
Jan 17 02:25:48 host sshd[5520]: Received disconnect from 51.15.105.243 port 41576:11: Bye Bye [preauth]
Jan 17 02:25:48 host sshd[5520]: Disconnected from 51.15.105.243 port 41576 [preauth]
Jan 17 02:26:26 host sshd[5696]: Invalid user user2 from 51.178.27.210 port 41882
Jan 17 02:26:26 host sshd[5696]: input_userauth_request: invalid user user2 [preauth]
Jan 17 02:26:26 host sshd[5696]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:26:26 host sshd[5696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.27.210
Jan 17 02:26:27 host sshd[5696]: Failed password for invalid user user2 from 51.178.27.210 port 41882 ssh2
Jan 17 02:26:28 host sshd[5696]: Received disconnect from 51.178.27.210 port 41882:11: Bye Bye [preauth]
Jan 17 02:26:28 host sshd[5696]: Disconnected from 51.178.27.210 port 41882 [preauth]
Jan 17 02:26:45 host sshd[5750]: User root from 195.19.97.157 not allowed because not listed in AllowUsers
Jan 17 02:26:45 host sshd[5750]: input_userauth_request: invalid user root [preauth]
Jan 17 02:26:45 host unix_chkpwd[5753]: password check failed for user (root)
Jan 17 02:26:45 host sshd[5750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.97.157 user=root
Jan 17 02:26:45 host sshd[5750]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:26:47 host sshd[5750]: Failed password for invalid user root from 195.19.97.157 port 57608 ssh2
Jan 17 02:26:47 host sshd[5750]: Received disconnect from 195.19.97.157 port 57608:11: Bye Bye [preauth]
Jan 17 02:26:47 host sshd[5750]: Disconnected from 195.19.97.157 port 57608 [preauth]
Jan 17 02:27:05 host sshd[5794]: Invalid user server from 74.208.247.108 port 37542
Jan 17 02:27:05 host sshd[5794]: input_userauth_request: invalid user server [preauth]
Jan 17 02:27:05 host sshd[5794]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:27:05 host sshd[5794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.208.247.108
Jan 17 02:27:08 host sshd[5794]: Failed password for invalid user server from 74.208.247.108 port 37542 ssh2
Jan 17 02:27:08 host sshd[5794]: Received disconnect from 74.208.247.108 port 37542:11: Bye Bye [preauth]
Jan 17 02:27:08 host sshd[5794]: Disconnected from 74.208.247.108 port 37542 [preauth]
Jan 17 02:28:34 host sshd[6010]: User tomcat from 43.131.30.155 not allowed because not listed in AllowUsers
Jan 17 02:28:34 host sshd[6010]: input_userauth_request: invalid user tomcat [preauth]
Jan 17 02:28:34 host unix_chkpwd[6013]: password check failed for user (tomcat)
Jan 17 02:28:34 host sshd[6010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.30.155 user=tomcat
Jan 17 02:28:34 host sshd[6010]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "tomcat"
Jan 17 02:28:36 host sshd[6010]: Failed password for invalid user tomcat from 43.131.30.155 port 46926 ssh2
Jan 17 02:28:36 host sshd[6010]: Received disconnect from 43.131.30.155 port 46926:11: Bye Bye [preauth]
Jan 17 02:28:36 host sshd[6010]: Disconnected from 43.131.30.155 port 46926 [preauth]
Jan 17 02:29:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 02:29:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:29:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:29:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 02:29:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:29:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:29:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 02:29:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:29:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:29:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 02:29:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:29:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:29:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 02:29:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:29:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:29:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=wwwrmswll user-4=keralaholi user-5=wwwresourcehunte user-6=ugotscom user-7=cochintaxi user-8=wwwkaretakers user-9=dartsimp user-10=a2zgroup user-11=laundryboniface user-12=bonifacegroup user-13=wwwevmhonda user-14=wwwletsstalkfood user-15=straightcurve user-16=gifterman user-17=palco123 user-18=kottayamcalldriv user-19=phmetals user-20=mrsclean user-21=wwwnexidigital user-22=disposeat user-23=remysagr user-24=wwwkmaorg user-25=wwwkapin user-26=woodpeck user-27=vfmassets user-28=wwwtestugo user-29=shalinijames user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 02:29:00 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 02:29:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:29:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:29:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwevmhonda --output=json
Jan 17 02:29:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:29:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:29:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/sh -c cd /home/wwwevmhonda/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 17 02:29:14 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 17 02:29:14 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 17 02:29:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwevmhonda LangPHP php_get_vhost_versions --output=json
Jan 17 02:29:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:29:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:29:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 package_manager_get_package_info package-0=ea-php72 --output=json
Jan 17 02:29:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:29:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:29:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwletsstalkfood --output=json
Jan 17 02:29:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:29:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:29:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/sh -c cd /home/wwwletsstalkfood/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 17 02:29:58 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 17 02:29:58 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 17 02:29:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood LangPHP php_get_vhost_versions --output=json
Jan 17 02:29:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:29:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:29:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood DomainInfo single_domain_data domain=letsstalkfood.com return_https_redirect_status=1 --output=json
Jan 17 02:29:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:29:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:29:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 fetch_vhost_ssl_components --output=json
Jan 17 02:29:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:29:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:29:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 fetch_ssl_vhosts --output=json
Jan 17 02:29:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:29:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:29:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood Mime list_redirects --output=json
Jan 17 02:29:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:30:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:30:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood DirectoryPrivacy is_directory_protected dir=/home/wwwletsstalkfood/public_html --output=json
Jan 17 02:30:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:30:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:30:19 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=mrsclean --output=json
Jan 17 02:30:19 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:30:19 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:30:19 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean DomainInfo single_domain_data domain=mrsclean.co.in return_https_redirect_status=1 --output=json
Jan 17 02:30:19 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:30:20 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:30:20 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean Mime list_redirects --output=json
Jan 17 02:30:20 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:30:20 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:30:20 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/sh -c cd /home/mrsclean/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 17 02:30:20 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 17 02:30:20 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 17 02:30:20 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean LangPHP php_get_vhost_versions --output=json
Jan 17 02:30:20 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:30:20 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:30:20 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 02:30:20 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 02:30:20 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 02:30:20 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/sh -c cd /home/mrsclean/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 17 02:30:21 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 17 02:30:21 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 17 02:30:21 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=shalinijames --output=json
Jan 17 02:30:21 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:30:21 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:30:44 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/sh -c cd /home/shalinijames/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 17 02:30:44 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 17 02:30:44 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 17 02:30:44 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames LangPHP php_get_vhost_versions --output=json
Jan 17 02:30:44 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:30:44 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:30:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames DomainInfo single_domain_data domain=shalinijames.com return_https_redirect_status=1 --output=json
Jan 17 02:30:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:30:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:30:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames Mime list_redirects --output=json
Jan 17 02:30:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:30:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:31:14 host sshd[6907]: Invalid user maximo from 51.15.105.243 port 41676
Jan 17 02:31:14 host sshd[6907]: input_userauth_request: invalid user maximo [preauth]
Jan 17 02:31:14 host sshd[6907]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:31:14 host sshd[6907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.105.243
Jan 17 02:31:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames DirectoryPrivacy is_directory_protected dir=/home/shalinijames/public_html --output=json
Jan 17 02:31:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:31:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:31:16 host sshd[6907]: Failed password for invalid user maximo from 51.15.105.243 port 41676 ssh2
Jan 17 02:31:16 host sshd[6907]: Received disconnect from 51.15.105.243 port 41676:11: Bye Bye [preauth]
Jan 17 02:31:16 host sshd[6907]: Disconnected from 51.15.105.243 port 41676 [preauth]
Jan 17 02:31:20 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwtestugo --output=json
Jan 17 02:31:20 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:31:20 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:31:24 host sshd[7167]: User root from 51.178.27.210 not allowed because not listed in AllowUsers
Jan 17 02:31:24 host sshd[7167]: input_userauth_request: invalid user root [preauth]
Jan 17 02:31:24 host unix_chkpwd[7170]: password check failed for user (root)
Jan 17 02:31:24 host sshd[7167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.27.210 user=root
Jan 17 02:31:24 host sshd[7167]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:31:26 host sshd[7167]: Failed password for invalid user root from 51.178.27.210 port 40624 ssh2
Jan 17 02:31:26 host sshd[7167]: Received disconnect from 51.178.27.210 port 40624:11: Bye Bye [preauth]
Jan 17 02:31:26 host sshd[7167]: Disconnected from 51.178.27.210 port 40624 [preauth]
Jan 17 02:31:28 host sshd[7181]: Invalid user asterisk from 46.101.5.100 port 34308
Jan 17 02:31:28 host sshd[7181]: input_userauth_request: invalid user asterisk [preauth]
Jan 17 02:31:28 host sshd[7181]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:31:28 host sshd[7181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.5.100
Jan 17 02:31:30 host sshd[7181]: Failed password for invalid user asterisk from 46.101.5.100 port 34308 ssh2
Jan 17 02:31:30 host sshd[7181]: Received disconnect from 46.101.5.100 port 34308:11: Bye Bye [preauth]
Jan 17 02:31:30 host sshd[7181]: Disconnected from 46.101.5.100 port 34308 [preauth]
Jan 17 02:31:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 17 02:31:32 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 17 02:31:32 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 17 02:31:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo LangPHP php_get_vhost_versions --output=json
Jan 17 02:31:32 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:31:32 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:31:34 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DomainInfo single_domain_data domain=testugo.in return_https_redirect_status=1 --output=json
Jan 17 02:31:34 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:31:34 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:31:34 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo Mime list_redirects --output=json
Jan 17 02:31:34 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:31:34 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:31:51 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/tt1 --output=json
Jan 17 02:31:51 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:31:51 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:32:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 17 02:32:01 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 17 02:32:01 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 17 02:32:06 host sshd[7588]: Invalid user asterisk from 195.19.97.157 port 51308
Jan 17 02:32:06 host sshd[7588]: input_userauth_request: invalid user asterisk [preauth]
Jan 17 02:32:06 host sshd[7588]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:32:06 host sshd[7588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.97.157
Jan 17 02:32:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/tt --output=json
Jan 17 02:32:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:32:08 host sshd[7588]: Failed password for invalid user asterisk from 195.19.97.157 port 51308 ssh2
Jan 17 02:32:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:32:08 host sshd[7588]: Received disconnect from 195.19.97.157 port 51308:11: Bye Bye [preauth]
Jan 17 02:32:08 host sshd[7588]: Disconnected from 195.19.97.157 port 51308 [preauth]
Jan 17 02:32:10 host sshd[7651]: Invalid user ff from 194.110.203.109 port 41190
Jan 17 02:32:10 host sshd[7651]: input_userauth_request: invalid user ff [preauth]
Jan 17 02:32:10 host sshd[7651]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:32:10 host sshd[7651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 02:32:12 host sshd[7651]: Failed password for invalid user ff from 194.110.203.109 port 41190 ssh2
Jan 17 02:32:15 host sshd[7651]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:32:16 host sshd[7785]: Invalid user student from 43.131.30.155 port 58812
Jan 17 02:32:16 host sshd[7785]: input_userauth_request: invalid user student [preauth]
Jan 17 02:32:16 host sshd[7785]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:32:16 host sshd[7785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.30.155
Jan 17 02:32:17 host sshd[7651]: Failed password for invalid user ff from 194.110.203.109 port 41190 ssh2
Jan 17 02:32:18 host sshd[7785]: Failed password for invalid user student from 43.131.30.155 port 58812 ssh2
Jan 17 02:32:18 host sshd[7785]: Received disconnect from 43.131.30.155 port 58812:11: Bye Bye [preauth]
Jan 17 02:32:18 host sshd[7785]: Disconnected from 43.131.30.155 port 58812 [preauth]
Jan 17 02:32:20 host sshd[7797]: Invalid user ansible from 51.15.105.243 port 40054
Jan 17 02:32:20 host sshd[7797]: input_userauth_request: invalid user ansible [preauth]
Jan 17 02:32:20 host sshd[7797]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:32:20 host sshd[7797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.105.243
Jan 17 02:32:20 host sshd[7651]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:32:21 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 17 02:32:21 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 17 02:32:21 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 17 02:32:22 host sshd[7797]: Failed password for invalid user ansible from 51.15.105.243 port 40054 ssh2
Jan 17 02:32:22 host sshd[7797]: Received disconnect from 51.15.105.243 port 40054:11: Bye Bye [preauth]
Jan 17 02:32:22 host sshd[7797]: Disconnected from 51.15.105.243 port 40054 [preauth]
Jan 17 02:32:22 host sshd[7817]: Invalid user kevin from 74.208.247.108 port 51664
Jan 17 02:32:22 host sshd[7817]: input_userauth_request: invalid user kevin [preauth]
Jan 17 02:32:22 host sshd[7817]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:32:22 host sshd[7817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.208.247.108
Jan 17 02:32:22 host sshd[7651]: Failed password for invalid user ff from 194.110.203.109 port 41190 ssh2
Jan 17 02:32:24 host sshd[7817]: Failed password for invalid user kevin from 74.208.247.108 port 51664 ssh2
Jan 17 02:32:24 host sshd[7817]: Received disconnect from 74.208.247.108 port 51664:11: Bye Bye [preauth]
Jan 17 02:32:24 host sshd[7817]: Disconnected from 74.208.247.108 port 51664 [preauth]
Jan 17 02:32:25 host sshd[7651]: Connection closed by 194.110.203.109 port 41190 [preauth]
Jan 17 02:32:25 host sshd[7651]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 02:32:28 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/HYPE --output=json
Jan 17 02:32:28 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:32:28 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:32:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=ugotscom --output=json
Jan 17 02:32:32 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:32:32 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:32:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DomainInfo single_domain_data domain=ugotechnologies.com return_https_redirect_status=1 --output=json
Jan 17 02:32:32 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:32:32 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:32:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom Mime list_redirects --output=json
Jan 17 02:32:32 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:32:32 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:32:33 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 17 02:32:33 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 02:32:33 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 02:32:33 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom LangPHP php_get_vhost_versions --output=json
Jan 17 02:32:33 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:32:33 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:32:35 host sshd[8158]: Invalid user server from 46.101.5.100 port 57526
Jan 17 02:32:35 host sshd[8158]: input_userauth_request: invalid user server [preauth]
Jan 17 02:32:35 host sshd[8158]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:32:35 host sshd[8158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.5.100
Jan 17 02:32:38 host sshd[8158]: Failed password for invalid user server from 46.101.5.100 port 57526 ssh2
Jan 17 02:32:38 host sshd[8158]: Received disconnect from 46.101.5.100 port 57526:11: Bye Bye [preauth]
Jan 17 02:32:38 host sshd[8158]: Disconnected from 46.101.5.100 port 57526 [preauth]
Jan 17 02:32:50 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 17 02:32:51 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 02:32:51 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 02:33:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DirectoryPrivacy is_directory_protected dir=/home/ugotscom/public_html/old/UGOCRM/ugo_blg --output=json
Jan 17 02:33:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:33:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:33:17 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 17 02:33:17 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 02:33:17 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 02:33:21 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DirectoryPrivacy is_directory_protected dir=/home/ugotscom/public_html/old/site --output=json
Jan 17 02:33:21 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:33:21 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:33:25 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=woodpeck --output=json
Jan 17 02:33:25 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:33:25 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:33:25 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck DomainInfo single_domain_data domain=woodpeckerindia.com return_https_redirect_status=1 --output=json
Jan 17 02:33:25 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:33:25 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:33:25 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck Mime list_redirects --output=json
Jan 17 02:33:25 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:33:25 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:33:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/sh -c cd /home/woodpeck/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 17 02:33:26 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 17 02:33:26 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 17 02:33:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck LangPHP php_get_vhost_versions --output=json
Jan 17 02:33:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:33:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:33:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=palco123 --output=json
Jan 17 02:33:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:33:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:33:27 host sshd[8647]: Invalid user ansible from 74.208.247.108 port 35588
Jan 17 02:33:27 host sshd[8647]: input_userauth_request: invalid user ansible [preauth]
Jan 17 02:33:27 host sshd[8647]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:33:27 host sshd[8647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.208.247.108
Jan 17 02:33:28 host sshd[8647]: Failed password for invalid user ansible from 74.208.247.108 port 35588 ssh2
Jan 17 02:33:28 host sshd[8647]: Received disconnect from 74.208.247.108 port 35588:11: Bye Bye [preauth]
Jan 17 02:33:28 host sshd[8647]: Disconnected from 74.208.247.108 port 35588 [preauth]
Jan 17 02:33:39 host sshd[8812]: User root from 46.101.5.100 not allowed because not listed in AllowUsers
Jan 17 02:33:39 host sshd[8812]: input_userauth_request: invalid user root [preauth]
Jan 17 02:33:39 host unix_chkpwd[8815]: password check failed for user (root)
Jan 17 02:33:39 host sshd[8812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.5.100 user=root
Jan 17 02:33:39 host sshd[8812]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 02:33:40 host sshd[8812]: Failed password for invalid user root from 46.101.5.100 port 52406 ssh2
Jan 17 02:33:41 host sshd[8812]: Received disconnect from 46.101.5.100 port 52406:11: Bye Bye [preauth]
Jan 17 02:33:41 host sshd[8812]: Disconnected from 46.101.5.100 port 52406 [preauth]
Jan 17 02:33:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/sh -c cd /home/palco123/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 17 02:33:46 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 17 02:33:46 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 17 02:33:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 LangPHP php_get_vhost_versions --output=json
Jan 17 02:33:46 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:33:46 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:33:47 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 DomainInfo single_domain_data domain=panlys.com return_https_redirect_status=1 --output=json
Jan 17 02:33:47 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:33:47 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:33:47 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 Mime list_redirects --output=json
Jan 17 02:33:47 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:33:47 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 DirectoryPrivacy is_directory_protected dir=/home/palco123/public_html --output=json
Jan 17 02:34:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwresourcehunte --output=json
Jan 17 02:34:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/sh -c cd /home/wwwresourcehunte/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 17 02:34:12 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 17 02:34:12 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 17 02:34:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte LangPHP php_get_vhost_versions --output=json
Jan 17 02:34:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte DomainInfo single_domain_data domain=resourcehunters.com return_https_redirect_status=1 --output=json
Jan 17 02:34:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte Mime list_redirects --output=json
Jan 17 02:34:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:20 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte DirectoryPrivacy is_directory_protected dir=/home/wwwresourcehunte/public_html --output=json
Jan 17 02:34:20 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:20 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwpmcresource WpToolkitNotification send_admin_auto_updates_notification 'available_updates_text=<br/><br/>Updates are available for the following items:<br/><br/>' 'available_updates_list=1. Plugin "Page Builder by SiteOrigin" on (http://ugotechnologies.com/old). Installed version: 2.4.25. Available version: 2.20.4.<br/><br/>' installed_updates_text= installed_updates_list= 'failure_updates_text=Updates were not installed for the following items:<br/><br/>' 'failure_updates_list=1. Website "EVM Honda Cochin" (http://www.evmhonda.com): Failed to reset cache for the instance #1: Fatal error: Uncaught Error: Call to undefined function cardealer_is_wpml_active() in /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-options.php:1041#012Stack trace:#012#0
Jan 17 02:34:23 host sudo: wp-toolkit : (command continued) /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-init.php(22): require_once()#012#1 /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/cardealer-helper-library.php(183): require_once('"'"'/home/wwwevmhon...'"'"')#012#2 /home/wwwevmhonda/public_html/wp-includes/class-wp-hook.php(287): cdhl_include_admin_files('"'"''"'"')#012#3 /home/wwwevmhonda/public_html/wp-includes/class-wp-hook.php(311): WP_Hook->apply_filters(NULL, Array)#012#4 /home/wwwevmhonda/public_html/wp-includes/plugin.php(478): WP_Hook->do_action(Array)#012#5 /home/wwwevmhonda/public_html/wp-settings.php(546): do_action('"'"'init'"'"')#012#6 /usr/local/cpanel/3rdparty/wp-toolkit/plib/vendor/wp-cli/vendor/wp-cli/wp-cli/php/WP_CLI/Runner.php(1356): require('"'"'/home/wwwevmhon...'"'"')#012#7 /usr/local/cpanel/3rdparty/wp-toolkit/plib/ve in
Jan 17 02:34:23 host sudo: wp-toolkit : (command continued) /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-options.php on line 1041#012Error: There has been a critical error on your website.Learn more about debugging in WordPress. There has been a critical error on your website.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>2. Website "/home/mrsclean/public_html/backup" (http://mrsclean.co.in/backup): Failed to reset cache for the instance #5: Error: Error establishing a database connection. This either means that the username and password information in your `wp-config.php` file is incorrect or we can’t contact the database server at `localhost`. This could mean your host’s database server is down.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>3. Website "/home/mrsclean/public_html/blog" (http://mrsclean.co.in/blog): Failed to reset cache for the instance #6: Error: Error
Jan 17 02:34:23 host sudo: wp-toolkit : (command continued) establishing a database connection. This either means that the username and password information in your `wp-config.php` file is incorrect or we can’t contact the database server at `localhost`. This could mean your host’s database server is down.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>4. Website "/home/ugotscom/public_html/boniface/blog" (http://ugotechnologies.com/boniface/blog): Failed to reset cache for the instance #13: Error: Error establishing a database connection.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>5. Website "/home/woodpeck/public_html/wp" (http://woodpeckerindia.com/wp): Failed to reset cache for the instance #16: [error]FailedToExecuteWpCliCommand: chdir /home/woodpeck/public_html/wp: no such file or directory[/error]#012<br/><br/>' --output=json
Jan 17 02:34:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c httpd -v
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/palco123/panlys.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/palco123/panlys.com/wp-toolkit.conf
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/palco123/panlys.com/wp-toolkit.conf
Jan 17 02:34:32 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:32 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/palco123/panlys.com/wp-toolkit.conf
Jan 17 02:34:32 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:32 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 17 02:34:32 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:32 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 17 02:34:32 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:32 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 17 02:34:32 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:32 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:34:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 17 02:34:32 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 02:34:32 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 02:36:15 host sshd[9917]: Invalid user vadmin from 58.163.150.80 port 40798
Jan 17 02:36:15 host sshd[9917]: input_userauth_request: invalid user vadmin [preauth]
Jan 17 02:36:15 host sshd[9917]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:36:15 host sshd[9917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.163.150.80
Jan 17 02:36:17 host sshd[9917]: Failed password for invalid user vadmin from 58.163.150.80 port 40798 ssh2
Jan 17 02:36:17 host sshd[9917]: Connection reset by 58.163.150.80 port 40798 [preauth]
Jan 17 02:41:04 host sshd[10676]: Invalid user zyfwp from 114.33.127.74 port 36317
Jan 17 02:41:05 host sshd[10676]: input_userauth_request: invalid user zyfwp [preauth]
Jan 17 02:41:05 host sshd[10676]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:41:05 host sshd[10676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.127.74
Jan 17 02:41:07 host sshd[10676]: Failed password for invalid user zyfwp from 114.33.127.74 port 36317 ssh2
Jan 17 02:41:07 host sshd[10676]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:41:09 host sshd[10676]: Failed password for invalid user zyfwp from 114.33.127.74 port 36317 ssh2
Jan 17 02:41:10 host sshd[10676]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:41:13 host sshd[10676]: Failed password for invalid user zyfwp from 114.33.127.74 port 36317 ssh2
Jan 17 02:41:13 host sshd[10676]: Connection closed by 114.33.127.74 port 36317 [preauth]
Jan 17 02:41:13 host sshd[10676]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.127.74
Jan 17 02:47:17 host sshd[11561]: Invalid user guest from 104.244.74.6 port 56412
Jan 17 02:47:17 host sshd[11561]: input_userauth_request: invalid user guest [preauth]
Jan 17 02:47:17 host sshd[11561]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:47:17 host sshd[11561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 17 02:47:19 host sshd[11561]: Failed password for invalid user guest from 104.244.74.6 port 56412 ssh2
Jan 17 02:47:19 host sshd[11561]: Connection closed by 104.244.74.6 port 56412 [preauth]
Jan 17 02:59:02 host sshd[13168]: Invalid user guest from 104.244.74.6 port 49462
Jan 17 02:59:02 host sshd[13168]: input_userauth_request: invalid user guest [preauth]
Jan 17 02:59:02 host sshd[13168]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 02:59:02 host sshd[13168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 17 02:59:04 host sshd[13168]: Failed password for invalid user guest from 104.244.74.6 port 49462 ssh2
Jan 17 02:59:04 host sshd[13168]: Connection closed by 104.244.74.6 port 49462 [preauth]
Jan 17 03:00:30 host sshd[13467]: Connection reset by 198.235.24.156 port 57744 [preauth]
Jan 17 03:05:08 host sshd[14075]: Did not receive identification string from 192.241.156.50 port 45168
Jan 17 03:07:02 host sshd[14449]: Invalid user from 64.62.197.165 port 10881
Jan 17 03:07:02 host sshd[14449]: input_userauth_request: invalid user [preauth]
Jan 17 03:07:05 host sshd[14449]: Connection closed by 64.62.197.165 port 10881 [preauth]
Jan 17 03:14:14 host sshd[15471]: Connection reset by 49.142.36.3 port 59935 [preauth]
Jan 17 03:17:00 host sshd[15900]: Invalid user guest from 104.244.74.6 port 53130
Jan 17 03:17:00 host sshd[15900]: input_userauth_request: invalid user guest [preauth]
Jan 17 03:17:00 host sshd[15900]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 03:17:00 host sshd[15900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 17 03:17:03 host sshd[15900]: Failed password for invalid user guest from 104.244.74.6 port 53130 ssh2
Jan 17 03:17:03 host sshd[15900]: Connection closed by 104.244.74.6 port 53130 [preauth]
Jan 17 03:19:47 host sshd[16222]: Invalid user dnsekakf2$$ from 220.133.144.238 port 49797
Jan 17 03:19:47 host sshd[16222]: input_userauth_request: invalid user dnsekakf2$$ [preauth]
Jan 17 03:19:47 host sshd[16222]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 03:19:47 host sshd[16222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.144.238
Jan 17 03:19:49 host sshd[16222]: Failed password for invalid user dnsekakf2$$ from 220.133.144.238 port 49797 ssh2
Jan 17 03:19:50 host sshd[16222]: Failed password for invalid user dnsekakf2$$ from 220.133.144.238 port 49797 ssh2
Jan 17 03:19:50 host sshd[16222]: Connection closed by 220.133.144.238 port 49797 [preauth]
Jan 17 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=cochintaxi user-2=wwwkaretakers user-3=dartsimp user-4=a2zgroup user-5=laundryboniface user-6=wwwpmcresource user-7=travelboniface user-8=wwwrmswll user-9=wwwresourcehunte user-10=keralaholi user-11=ugotscom user-12=disposeat user-13=remysagr user-14=wwwkmaorg user-15=wwwkapin user-16=woodpeck user-17=vfmassets user-18=wwwtestugo user-19=shalinijames user-20=pmcresources user-21=bonifacegroup user-22=wwwevmhonda user-23=straightcurve user-24=wwwletsstalkfood user-25=gifterman user-26=palco123 user-27=phmetals user-28=kottayamcalldriv user-29=wwwnexidigital user-30=mrsclean feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 03:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8xEUIrqrq9YAjvva.~
Jan 17 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8xEUIrqrq9YAjvva.~'
Jan 17 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8xEUIrqrq9YAjvva.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 03:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 03:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 03:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 03:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 03:31:26 host sshd[17995]: User root from 119.207.164.104 not allowed because not listed in AllowUsers
Jan 17 03:31:26 host sshd[17995]: input_userauth_request: invalid user root [preauth]
Jan 17 03:31:26 host unix_chkpwd[18002]: password check failed for user (root)
Jan 17 03:31:26 host sshd[17995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.207.164.104 user=root
Jan 17 03:31:26 host sshd[17995]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 03:31:28 host sshd[17995]: Failed password for invalid user root from 119.207.164.104 port 46345 ssh2
Jan 17 03:31:29 host unix_chkpwd[18026]: password check failed for user (root)
Jan 17 03:31:29 host sshd[17995]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 03:31:31 host sshd[17995]: Failed password for invalid user root from 119.207.164.104 port 46345 ssh2
Jan 17 03:31:32 host unix_chkpwd[18031]: password check failed for user (root)
Jan 17 03:31:32 host sshd[17995]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 03:31:33 host sshd[17995]: Failed password for invalid user root from 119.207.164.104 port 46345 ssh2
Jan 17 03:31:34 host unix_chkpwd[18035]: password check failed for user (root)
Jan 17 03:31:34 host sshd[17995]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 03:31:36 host sshd[17995]: Failed password for invalid user root from 119.207.164.104 port 46345 ssh2
Jan 17 03:52:57 host sshd[21015]: Did not receive identification string from 64.227.181.236 port 61000
Jan 17 03:53:43 host sshd[21120]: Invalid user pi from 222.112.66.163 port 60341
Jan 17 03:53:43 host sshd[21120]: input_userauth_request: invalid user pi [preauth]
Jan 17 03:53:43 host sshd[21120]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 03:53:43 host sshd[21120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.112.66.163
Jan 17 03:53:45 host sshd[21120]: Failed password for invalid user pi from 222.112.66.163 port 60341 ssh2
Jan 17 03:53:46 host sshd[21120]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 03:53:48 host sshd[21120]: Failed password for invalid user pi from 222.112.66.163 port 60341 ssh2
Jan 17 03:53:49 host sshd[21120]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 03:53:51 host sshd[21120]: Failed password for invalid user pi from 222.112.66.163 port 60341 ssh2
Jan 17 03:58:16 host sshd[21757]: User root from 14.102.50.48 not allowed because not listed in AllowUsers
Jan 17 03:58:16 host sshd[21757]: input_userauth_request: invalid user root [preauth]
Jan 17 03:58:16 host unix_chkpwd[21766]: password check failed for user (root)
Jan 17 03:58:16 host sshd[21757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.102.50.48 user=root
Jan 17 03:58:16 host sshd[21757]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 03:58:18 host sshd[21757]: Failed password for invalid user root from 14.102.50.48 port 46383 ssh2
Jan 17 03:58:19 host unix_chkpwd[21771]: password check failed for user (root)
Jan 17 03:58:19 host sshd[21757]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 03:58:21 host sshd[21757]: Failed password for invalid user root from 14.102.50.48 port 46383 ssh2
Jan 17 03:58:21 host sshd[21757]: Connection reset by 14.102.50.48 port 46383 [preauth]
Jan 17 03:58:21 host sshd[21757]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.102.50.48 user=root
Jan 17 04:05:06 host sshd[22626]: Invalid user admin from 179.57.118.220 port 46635
Jan 17 04:05:06 host sshd[22626]: input_userauth_request: invalid user admin [preauth]
Jan 17 04:05:06 host sshd[22626]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:05:06 host sshd[22626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.57.118.220
Jan 17 04:05:08 host sshd[22626]: Failed password for invalid user admin from 179.57.118.220 port 46635 ssh2
Jan 17 04:05:09 host sshd[22626]: Failed password for invalid user admin from 179.57.118.220 port 46635 ssh2
Jan 17 04:05:10 host sshd[22626]: Connection reset by 179.57.118.220 port 46635 [preauth]
Jan 17 04:20:10 host sshd[24807]: Invalid user ONTUSER from 113.173.122.18 port 33657
Jan 17 04:20:10 host sshd[24807]: input_userauth_request: invalid user ONTUSER [preauth]
Jan 17 04:20:10 host sshd[24807]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:20:10 host sshd[24807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.173.122.18
Jan 17 04:20:11 host sshd[24807]: Failed password for invalid user ONTUSER from 113.173.122.18 port 33657 ssh2
Jan 17 04:20:12 host sshd[24807]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:20:14 host sshd[24807]: Failed password for invalid user ONTUSER from 113.173.122.18 port 33657 ssh2
Jan 17 04:20:14 host sshd[24807]: Connection reset by 113.173.122.18 port 33657 [preauth]
Jan 17 04:20:14 host sshd[24807]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.173.122.18
Jan 17 04:20:57 host sshd[24910]: User root from 219.84.218.30 not allowed because not listed in AllowUsers
Jan 17 04:20:57 host sshd[24910]: input_userauth_request: invalid user root [preauth]
Jan 17 04:20:57 host unix_chkpwd[24919]: password check failed for user (root)
Jan 17 04:20:57 host sshd[24910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.84.218.30 user=root
Jan 17 04:20:57 host sshd[24910]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 04:20:58 host sshd[24910]: Failed password for invalid user root from 219.84.218.30 port 42049 ssh2
Jan 17 04:20:58 host unix_chkpwd[24924]: password check failed for user (root)
Jan 17 04:20:58 host sshd[24910]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 04:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 04:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:01 host sshd[24910]: Failed password for invalid user root from 219.84.218.30 port 42049 ssh2
Jan 17 04:21:01 host unix_chkpwd[24985]: password check failed for user (root)
Jan 17 04:21:01 host sshd[24910]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkapin user-2=woodpeck user-3=wwwkmaorg user-4=disposeat user-5=remysagr user-6=pmcresources user-7=wwwtestugo user-8=shalinijames user-9=vfmassets user-10=wwwletsstalkfood user-11=straightcurve user-12=wwwevmhonda user-13=bonifacegroup user-14=mrsclean user-15=wwwnexidigital user-16=kottayamcalldriv user-17=phmetals user-18=gifterman user-19=palco123 user-20=cochintaxi user-21=wwwkaretakers user-22=laundryboniface user-23=dartsimp user-24=a2zgroup user-25=wwwpmcresource user-26=ugotscom user-27=wwwrmswll user-28=keralaholi user-29=wwwresourcehunte user-30=travelboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 04:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Pkr7UeZ4RuQAADiI.~
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Pkr7UeZ4RuQAADiI.~'
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Pkr7UeZ4RuQAADiI.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:03 host sshd[24910]: Failed password for invalid user root from 219.84.218.30 port 42049 ssh2
Jan 17 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 04:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 04:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:04 host unix_chkpwd[25049]: password check failed for user (root)
Jan 17 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:04 host sshd[24910]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 04:21:06 host sshd[24910]: Failed password for invalid user root from 219.84.218.30 port 42049 ssh2
Jan 17 04:21:06 host unix_chkpwd[25084]: password check failed for user (root)
Jan 17 04:21:06 host sshd[24910]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 04:21:08 host sshd[24910]: Failed password for invalid user root from 219.84.218.30 port 42049 ssh2
Jan 17 04:23:35 host sshd[25623]: Invalid user fg from 194.110.203.109 port 59076
Jan 17 04:23:35 host sshd[25623]: input_userauth_request: invalid user fg [preauth]
Jan 17 04:23:35 host sshd[25623]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:23:35 host sshd[25623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 04:23:37 host sshd[25623]: Failed password for invalid user fg from 194.110.203.109 port 59076 ssh2
Jan 17 04:23:40 host sshd[25623]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:23:42 host sshd[25623]: Failed password for invalid user fg from 194.110.203.109 port 59076 ssh2
Jan 17 04:23:45 host sshd[25623]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:23:47 host sshd[25623]: Failed password for invalid user fg from 194.110.203.109 port 59076 ssh2
Jan 17 04:23:50 host sshd[25623]: Connection closed by 194.110.203.109 port 59076 [preauth]
Jan 17 04:23:50 host sshd[25623]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 04:24:11 host sshd[25716]: Invalid user Admin from 80.117.117.187 port 43989
Jan 17 04:24:11 host sshd[25716]: input_userauth_request: invalid user Admin [preauth]
Jan 17 04:24:11 host sshd[25716]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:24:11 host sshd[25716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.117.117.187
Jan 17 04:24:13 host sshd[25716]: Failed password for invalid user Admin from 80.117.117.187 port 43989 ssh2
Jan 17 04:24:14 host sshd[25716]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:24:17 host sshd[25716]: Failed password for invalid user Admin from 80.117.117.187 port 43989 ssh2
Jan 17 04:24:18 host sshd[25716]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:24:20 host sshd[25716]: Failed password for invalid user Admin from 80.117.117.187 port 43989 ssh2
Jan 17 04:24:22 host sshd[25716]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:24:24 host sshd[25716]: Failed password for invalid user Admin from 80.117.117.187 port 43989 ssh2
Jan 17 04:24:25 host sshd[25716]: Failed password for invalid user Admin from 80.117.117.187 port 43989 ssh2
Jan 17 04:24:25 host sshd[25716]: Connection reset by 80.117.117.187 port 43989 [preauth]
Jan 17 04:24:25 host sshd[25716]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.117.117.187
Jan 17 04:24:25 host sshd[25716]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 17 04:27:52 host sshd[26465]: Invalid user dmdba from 74.128.116.0 port 34706
Jan 17 04:27:52 host sshd[26465]: input_userauth_request: invalid user dmdba [preauth]
Jan 17 04:27:52 host sshd[26465]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:27:52 host sshd[26465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.128.116.0
Jan 17 04:27:53 host sshd[26465]: Failed password for invalid user dmdba from 74.128.116.0 port 34706 ssh2
Jan 17 04:27:54 host sshd[26465]: Failed password for invalid user dmdba from 74.128.116.0 port 34706 ssh2
Jan 17 04:27:54 host sshd[26465]: Connection closed by 74.128.116.0 port 34706 [preauth]
Jan 17 04:34:07 host sshd[27292]: Invalid user nginx from 106.246.224.154 port 59398
Jan 17 04:34:07 host sshd[27292]: input_userauth_request: invalid user nginx [preauth]
Jan 17 04:34:07 host sshd[27292]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:34:07 host sshd[27292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.246.224.154
Jan 17 04:34:07 host sshd[27295]: User root from 192.241.156.50 not allowed because not listed in AllowUsers
Jan 17 04:34:07 host sshd[27295]: input_userauth_request: invalid user root [preauth]
Jan 17 04:34:07 host unix_chkpwd[27300]: password check failed for user (root)
Jan 17 04:34:07 host sshd[27295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.156.50 user=root
Jan 17 04:34:07 host sshd[27295]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 04:34:09 host sshd[27292]: Failed password for invalid user nginx from 106.246.224.154 port 59398 ssh2
Jan 17 04:34:09 host sshd[27295]: Failed password for invalid user root from 192.241.156.50 port 60926 ssh2
Jan 17 04:34:09 host sshd[27292]: Received disconnect from 106.246.224.154 port 59398:11: Bye Bye [preauth]
Jan 17 04:34:09 host sshd[27292]: Disconnected from 106.246.224.154 port 59398 [preauth]
Jan 17 04:34:09 host sshd[27295]: Received disconnect from 192.241.156.50 port 60926:11: Bye Bye [preauth]
Jan 17 04:34:09 host sshd[27295]: Disconnected from 192.241.156.50 port 60926 [preauth]
Jan 17 04:34:38 host sshd[27370]: Invalid user hikvision from 122.117.97.117 port 33641
Jan 17 04:34:38 host sshd[27370]: input_userauth_request: invalid user hikvision [preauth]
Jan 17 04:34:38 host sshd[27370]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:34:38 host sshd[27370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.97.117
Jan 17 04:34:40 host sshd[27370]: Failed password for invalid user hikvision from 122.117.97.117 port 33641 ssh2
Jan 17 04:34:40 host sshd[27370]: Connection reset by 122.117.97.117 port 33641 [preauth]
Jan 17 04:34:53 host sshd[27395]: User root from 49.0.129.3 not allowed because not listed in AllowUsers
Jan 17 04:34:53 host sshd[27395]: input_userauth_request: invalid user root [preauth]
Jan 17 04:34:53 host unix_chkpwd[27398]: password check failed for user (root)
Jan 17 04:34:53 host sshd[27395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.0.129.3 user=root
Jan 17 04:34:53 host sshd[27395]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 04:34:55 host sshd[27395]: Failed password for invalid user root from 49.0.129.3 port 48636 ssh2
Jan 17 04:34:55 host sshd[27395]: Received disconnect from 49.0.129.3 port 48636:11: Bye Bye [preauth]
Jan 17 04:34:55 host sshd[27395]: Disconnected from 49.0.129.3 port 48636 [preauth]
Jan 17 04:38:18 host sshd[27904]: User root from 223.197.186.7 not allowed because not listed in AllowUsers
Jan 17 04:38:18 host sshd[27904]: input_userauth_request: invalid user root [preauth]
Jan 17 04:38:18 host unix_chkpwd[27906]: password check failed for user (root)
Jan 17 04:38:18 host sshd[27904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.197.186.7 user=root
Jan 17 04:38:18 host sshd[27904]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 04:38:20 host sshd[27904]: Failed password for invalid user root from 223.197.186.7 port 48948 ssh2
Jan 17 04:38:20 host sshd[27904]: Received disconnect from 223.197.186.7 port 48948:11: Bye Bye [preauth]
Jan 17 04:38:20 host sshd[27904]: Disconnected from 223.197.186.7 port 48948 [preauth]
Jan 17 04:38:32 host sshd[27948]: Invalid user sysadmin from 175.118.152.100 port 44290
Jan 17 04:38:32 host sshd[27948]: input_userauth_request: invalid user sysadmin [preauth]
Jan 17 04:38:32 host sshd[27948]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:38:32 host sshd[27948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.118.152.100
Jan 17 04:38:35 host sshd[27948]: Failed password for invalid user sysadmin from 175.118.152.100 port 44290 ssh2
Jan 17 04:38:35 host sshd[27948]: Received disconnect from 175.118.152.100 port 44290:11: Bye Bye [preauth]
Jan 17 04:38:35 host sshd[27948]: Disconnected from 175.118.152.100 port 44290 [preauth]
Jan 17 04:39:08 host sshd[28061]: Invalid user jack from 192.241.156.50 port 57926
Jan 17 04:39:08 host sshd[28061]: input_userauth_request: invalid user jack [preauth]
Jan 17 04:39:08 host sshd[28061]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:39:08 host sshd[28061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.156.50
Jan 17 04:39:10 host sshd[28061]: Failed password for invalid user jack from 192.241.156.50 port 57926 ssh2
Jan 17 04:39:10 host sshd[28061]: Received disconnect from 192.241.156.50 port 57926:11: Bye Bye [preauth]
Jan 17 04:39:10 host sshd[28061]: Disconnected from 192.241.156.50 port 57926 [preauth]
Jan 17 04:39:15 host sshd[28100]: Invalid user jack from 187.33.56.200 port 39543
Jan 17 04:39:15 host sshd[28100]: input_userauth_request: invalid user jack [preauth]
Jan 17 04:39:15 host sshd[28100]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:39:15 host sshd[28100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.56.200
Jan 17 04:39:17 host sshd[28100]: Failed password for invalid user jack from 187.33.56.200 port 39543 ssh2
Jan 17 04:39:17 host sshd[28100]: Received disconnect from 187.33.56.200 port 39543:11: Bye Bye [preauth]
Jan 17 04:39:17 host sshd[28100]: Disconnected from 187.33.56.200 port 39543 [preauth]
Jan 17 04:40:14 host sshd[28271]: User root from 106.246.224.154 not allowed because not listed in AllowUsers
Jan 17 04:40:14 host sshd[28271]: input_userauth_request: invalid user root [preauth]
Jan 17 04:40:14 host unix_chkpwd[28279]: password check failed for user (root)
Jan 17 04:40:14 host sshd[28271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.246.224.154 user=root
Jan 17 04:40:14 host sshd[28271]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 04:40:16 host sshd[28271]: Failed password for invalid user root from 106.246.224.154 port 44700 ssh2
Jan 17 04:40:16 host sshd[28271]: Received disconnect from 106.246.224.154 port 44700:11: Bye Bye [preauth]
Jan 17 04:40:16 host sshd[28271]: Disconnected from 106.246.224.154 port 44700 [preauth]
Jan 17 04:40:32 host sshd[28379]: Invalid user newuser from 200.187.161.84 port 52764
Jan 17 04:40:32 host sshd[28379]: input_userauth_request: invalid user newuser [preauth]
Jan 17 04:40:32 host sshd[28379]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:40:32 host sshd[28379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.187.161.84
Jan 17 04:40:34 host sshd[28379]: Failed password for invalid user newuser from 200.187.161.84 port 52764 ssh2
Jan 17 04:40:35 host sshd[28379]: Received disconnect from 200.187.161.84 port 52764:11: Bye Bye [preauth]
Jan 17 04:40:35 host sshd[28379]: Disconnected from 200.187.161.84 port 52764 [preauth]
Jan 17 04:40:48 host sshd[28430]: Invalid user halo from 49.0.129.3 port 52402
Jan 17 04:40:48 host sshd[28430]: input_userauth_request: invalid user halo [preauth]
Jan 17 04:40:48 host sshd[28430]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:40:48 host sshd[28430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.0.129.3
Jan 17 04:40:51 host sshd[28430]: Failed password for invalid user halo from 49.0.129.3 port 52402 ssh2
Jan 17 04:40:51 host sshd[28430]: Received disconnect from 49.0.129.3 port 52402:11: Bye Bye [preauth]
Jan 17 04:40:51 host sshd[28430]: Disconnected from 49.0.129.3 port 52402 [preauth]
Jan 17 04:40:54 host sshd[28449]: Invalid user admin from 59.13.161.124 port 63189
Jan 17 04:40:54 host sshd[28449]: input_userauth_request: invalid user admin [preauth]
Jan 17 04:40:54 host sshd[28449]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:40:54 host sshd[28449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.13.161.124
Jan 17 04:40:56 host sshd[28449]: Failed password for invalid user admin from 59.13.161.124 port 63189 ssh2
Jan 17 04:40:57 host sshd[28449]: Connection reset by 59.13.161.124 port 63189 [preauth]
Jan 17 04:40:59 host sshd[28482]: Invalid user es from 187.33.56.200 port 53751
Jan 17 04:40:59 host sshd[28482]: input_userauth_request: invalid user es [preauth]
Jan 17 04:40:59 host sshd[28482]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:40:59 host sshd[28482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.56.200
Jan 17 04:41:01 host sshd[28482]: Failed password for invalid user es from 187.33.56.200 port 53751 ssh2
Jan 17 04:41:01 host sshd[28482]: Received disconnect from 187.33.56.200 port 53751:11: Bye Bye [preauth]
Jan 17 04:41:01 host sshd[28482]: Disconnected from 187.33.56.200 port 53751 [preauth]
Jan 17 04:41:24 host sshd[28539]: User root from 175.118.152.100 not allowed because not listed in AllowUsers
Jan 17 04:41:24 host sshd[28539]: input_userauth_request: invalid user root [preauth]
Jan 17 04:41:24 host unix_chkpwd[28541]: password check failed for user (root)
Jan 17 04:41:24 host sshd[28539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.118.152.100 user=root
Jan 17 04:41:24 host sshd[28539]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 04:41:26 host sshd[28539]: Failed password for invalid user root from 175.118.152.100 port 60878 ssh2
Jan 17 04:41:26 host sshd[28539]: Received disconnect from 175.118.152.100 port 60878:11: Bye Bye [preauth]
Jan 17 04:41:26 host sshd[28539]: Disconnected from 175.118.152.100 port 60878 [preauth]
Jan 17 04:41:43 host sshd[28619]: User root from 223.197.186.7 not allowed because not listed in AllowUsers
Jan 17 04:41:43 host sshd[28619]: input_userauth_request: invalid user root [preauth]
Jan 17 04:41:43 host unix_chkpwd[28622]: password check failed for user (root)
Jan 17 04:41:43 host sshd[28619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.197.186.7 user=root
Jan 17 04:41:43 host sshd[28619]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 04:41:44 host sshd[28619]: Failed password for invalid user root from 223.197.186.7 port 55070 ssh2
Jan 17 04:41:44 host sshd[28619]: Received disconnect from 223.197.186.7 port 55070:11: Bye Bye [preauth]
Jan 17 04:41:44 host sshd[28619]: Disconnected from 223.197.186.7 port 55070 [preauth]
Jan 17 04:42:18 host sshd[28707]: Invalid user ftpuser from 200.187.161.84 port 53010
Jan 17 04:42:18 host sshd[28707]: input_userauth_request: invalid user ftpuser [preauth]
Jan 17 04:42:18 host sshd[28707]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:42:18 host sshd[28707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.187.161.84
Jan 17 04:42:20 host sshd[28707]: Failed password for invalid user ftpuser from 200.187.161.84 port 53010 ssh2
Jan 17 04:42:20 host sshd[28707]: Received disconnect from 200.187.161.84 port 53010:11: Bye Bye [preauth]
Jan 17 04:42:20 host sshd[28707]: Disconnected from 200.187.161.84 port 53010 [preauth]
Jan 17 04:42:29 host sshd[28733]: Invalid user a from 187.33.56.200 port 39217
Jan 17 04:42:29 host sshd[28733]: input_userauth_request: invalid user a [preauth]
Jan 17 04:42:29 host sshd[28733]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:42:29 host sshd[28733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.56.200
Jan 17 04:42:31 host sshd[28733]: Failed password for invalid user a from 187.33.56.200 port 39217 ssh2
Jan 17 04:42:31 host sshd[28733]: Received disconnect from 187.33.56.200 port 39217:11: Bye Bye [preauth]
Jan 17 04:42:31 host sshd[28733]: Disconnected from 187.33.56.200 port 39217 [preauth]
Jan 17 04:43:52 host sshd[29053]: Invalid user jenkins from 200.187.161.84 port 52104
Jan 17 04:43:52 host sshd[29053]: input_userauth_request: invalid user jenkins [preauth]
Jan 17 04:43:52 host sshd[29053]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:43:52 host sshd[29053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.187.161.84
Jan 17 04:43:54 host sshd[29053]: Failed password for invalid user jenkins from 200.187.161.84 port 52104 ssh2
Jan 17 04:47:48 host sshd[29534]: Invalid user default from 59.127.77.7 port 35671
Jan 17 04:47:48 host sshd[29534]: input_userauth_request: invalid user default [preauth]
Jan 17 04:47:48 host sshd[29534]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:47:48 host sshd[29534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.77.7
Jan 17 04:47:50 host sshd[29534]: Failed password for invalid user default from 59.127.77.7 port 35671 ssh2
Jan 17 04:47:50 host sshd[29534]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:47:52 host sshd[29534]: Failed password for invalid user default from 59.127.77.7 port 35671 ssh2
Jan 17 04:47:53 host sshd[29534]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:47:55 host sshd[29534]: Failed password for invalid user default from 59.127.77.7 port 35671 ssh2
Jan 17 04:47:55 host sshd[29534]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:47:57 host sshd[29534]: Failed password for invalid user default from 59.127.77.7 port 35671 ssh2
Jan 17 04:47:58 host sshd[29534]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:48:00 host sshd[29534]: Failed password for invalid user default from 59.127.77.7 port 35671 ssh2
Jan 17 04:48:00 host sshd[29534]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:48:02 host sshd[29534]: Failed password for invalid user default from 59.127.77.7 port 35671 ssh2
Jan 17 04:48:02 host sshd[29534]: error: maximum authentication attempts exceeded for invalid user default from 59.127.77.7 port 35671 ssh2 [preauth]
Jan 17 04:48:02 host sshd[29534]: Disconnecting: Too many authentication failures [preauth]
Jan 17 04:48:02 host sshd[29534]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.77.7
Jan 17 04:48:02 host sshd[29534]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 17 04:49:46 host sshd[29877]: Invalid user ubuntu from 101.191.143.212 port 42912
Jan 17 04:49:46 host sshd[29877]: input_userauth_request: invalid user ubuntu [preauth]
Jan 17 04:49:46 host sshd[29877]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:49:46 host sshd[29877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.191.143.212
Jan 17 04:49:48 host sshd[29877]: Failed password for invalid user ubuntu from 101.191.143.212 port 42912 ssh2
Jan 17 04:49:49 host sshd[29877]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:49:51 host sshd[29877]: Failed password for invalid user ubuntu from 101.191.143.212 port 42912 ssh2
Jan 17 04:49:54 host sshd[29877]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:49:56 host sshd[29877]: Failed password for invalid user ubuntu from 101.191.143.212 port 42912 ssh2
Jan 17 04:49:57 host sshd[29877]: Failed password for invalid user ubuntu from 101.191.143.212 port 42912 ssh2
Jan 17 04:49:57 host sshd[29877]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 04:49:59 host sshd[29877]: Failed password for invalid user ubuntu from 101.191.143.212 port 42912 ssh2
Jan 17 05:02:43 host sshd[31845]: User root from 187.191.60.178 not allowed because not listed in AllowUsers
Jan 17 05:02:43 host sshd[31845]: input_userauth_request: invalid user root [preauth]
Jan 17 05:02:43 host unix_chkpwd[31852]: password check failed for user (root)
Jan 17 05:02:43 host sshd[31845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.191.60.178 user=root
Jan 17 05:02:43 host sshd[31845]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 05:02:45 host sshd[31845]: Failed password for invalid user root from 187.191.60.178 port 43791 ssh2
Jan 17 05:02:45 host sshd[31845]: Received disconnect from 187.191.60.178 port 43791:11: Bye Bye [preauth]
Jan 17 05:02:45 host sshd[31845]: Disconnected from 187.191.60.178 port 43791 [preauth]
Jan 17 05:04:04 host sshd[32166]: Invalid user admin1 from 97.74.94.252 port 45372
Jan 17 05:04:04 host sshd[32166]: input_userauth_request: invalid user admin1 [preauth]
Jan 17 05:04:04 host sshd[32166]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:04:04 host sshd[32166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.74.94.252
Jan 17 05:04:06 host sshd[32166]: Failed password for invalid user admin1 from 97.74.94.252 port 45372 ssh2
Jan 17 05:04:06 host sshd[32166]: Received disconnect from 97.74.94.252 port 45372:11: Bye Bye [preauth]
Jan 17 05:04:06 host sshd[32166]: Disconnected from 97.74.94.252 port 45372 [preauth]
Jan 17 05:04:59 host sshd[32261]: Invalid user manager from 97.74.86.61 port 53666
Jan 17 05:04:59 host sshd[32261]: input_userauth_request: invalid user manager [preauth]
Jan 17 05:04:59 host sshd[32261]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:04:59 host sshd[32261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.74.86.61
Jan 17 05:05:00 host sshd[32261]: Failed password for invalid user manager from 97.74.86.61 port 53666 ssh2
Jan 17 05:05:00 host sshd[32261]: Received disconnect from 97.74.86.61 port 53666:11: Bye Bye [preauth]
Jan 17 05:05:00 host sshd[32261]: Disconnected from 97.74.86.61 port 53666 [preauth]
Jan 17 05:05:32 host sshd[32377]: Invalid user odoo from 126.77.170.137 port 34140
Jan 17 05:05:32 host sshd[32377]: input_userauth_request: invalid user odoo [preauth]
Jan 17 05:05:32 host sshd[32377]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:05:32 host sshd[32377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=126.77.170.137
Jan 17 05:05:34 host sshd[32377]: Failed password for invalid user odoo from 126.77.170.137 port 34140 ssh2
Jan 17 05:05:34 host sshd[32377]: Received disconnect from 126.77.170.137 port 34140:11: Bye Bye [preauth]
Jan 17 05:05:34 host sshd[32377]: Disconnected from 126.77.170.137 port 34140 [preauth]
Jan 17 05:06:43 host sshd[32522]: Invalid user gpadmin from 97.74.94.252 port 49226
Jan 17 05:06:43 host sshd[32522]: input_userauth_request: invalid user gpadmin [preauth]
Jan 17 05:06:43 host sshd[32522]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:06:43 host sshd[32522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.74.94.252
Jan 17 05:06:45 host sshd[32522]: Failed password for invalid user gpadmin from 97.74.94.252 port 49226 ssh2
Jan 17 05:06:45 host sshd[32522]: Received disconnect from 97.74.94.252 port 49226:11: Bye Bye [preauth]
Jan 17 05:06:45 host sshd[32522]: Disconnected from 97.74.94.252 port 49226 [preauth]
Jan 17 05:08:05 host sshd[32696]: User root from 97.74.94.252 not allowed because not listed in AllowUsers
Jan 17 05:08:05 host sshd[32696]: input_userauth_request: invalid user root [preauth]
Jan 17 05:08:05 host unix_chkpwd[32699]: password check failed for user (root)
Jan 17 05:08:05 host sshd[32696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.74.94.252 user=root
Jan 17 05:08:05 host sshd[32696]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 05:08:07 host sshd[32696]: Failed password for invalid user root from 97.74.94.252 port 43966 ssh2
Jan 17 05:08:07 host sshd[32696]: Received disconnect from 97.74.94.252 port 43966:11: Bye Bye [preauth]
Jan 17 05:08:07 host sshd[32696]: Disconnected from 97.74.94.252 port 43966 [preauth]
Jan 17 05:08:24 host sshd[32757]: Invalid user guest from 13.208.185.44 port 49532
Jan 17 05:08:24 host sshd[32757]: input_userauth_request: invalid user guest [preauth]
Jan 17 05:08:24 host sshd[32757]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:08:24 host sshd[32757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.208.185.44
Jan 17 05:08:27 host sshd[32757]: Failed password for invalid user guest from 13.208.185.44 port 49532 ssh2
Jan 17 05:08:27 host sshd[32757]: Received disconnect from 13.208.185.44 port 49532:11: Bye Bye [preauth]
Jan 17 05:08:27 host sshd[32757]: Disconnected from 13.208.185.44 port 49532 [preauth]
Jan 17 05:08:27 host sshd[32762]: Invalid user user01 from 97.74.86.61 port 58598
Jan 17 05:08:27 host sshd[32762]: input_userauth_request: invalid user user01 [preauth]
Jan 17 05:08:27 host sshd[32762]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:08:27 host sshd[32762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.74.86.61
Jan 17 05:08:29 host sshd[32762]: Failed password for invalid user user01 from 97.74.86.61 port 58598 ssh2
Jan 17 05:08:29 host sshd[32762]: Received disconnect from 97.74.86.61 port 58598:11: Bye Bye [preauth]
Jan 17 05:08:29 host sshd[32762]: Disconnected from 97.74.86.61 port 58598 [preauth]
Jan 17 05:08:59 host sshd[371]: Invalid user usuario from 126.77.170.137 port 49216
Jan 17 05:08:59 host sshd[371]: input_userauth_request: invalid user usuario [preauth]
Jan 17 05:08:59 host sshd[371]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:08:59 host sshd[371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=126.77.170.137
Jan 17 05:09:01 host sshd[371]: Failed password for invalid user usuario from 126.77.170.137 port 49216 ssh2
Jan 17 05:09:01 host sshd[371]: Received disconnect from 126.77.170.137 port 49216:11: Bye Bye [preauth]
Jan 17 05:09:01 host sshd[371]: Disconnected from 126.77.170.137 port 49216 [preauth]
Jan 17 05:10:00 host sshd[604]: User root from 97.74.86.61 not allowed because not listed in AllowUsers
Jan 17 05:10:00 host sshd[604]: input_userauth_request: invalid user root [preauth]
Jan 17 05:10:00 host unix_chkpwd[607]: password check failed for user (root)
Jan 17 05:10:00 host sshd[604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=97.74.86.61 user=root
Jan 17 05:10:00 host sshd[604]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 05:10:02 host sshd[604]: Failed password for invalid user root from 97.74.86.61 port 53438 ssh2
Jan 17 05:10:02 host sshd[604]: Received disconnect from 97.74.86.61 port 53438:11: Bye Bye [preauth]
Jan 17 05:10:02 host sshd[604]: Disconnected from 97.74.86.61 port 53438 [preauth]
Jan 17 05:10:24 host sshd[716]: Invalid user ONTUSER from 125.228.30.214 port 35938
Jan 17 05:10:24 host sshd[716]: input_userauth_request: invalid user ONTUSER [preauth]
Jan 17 05:10:24 host sshd[716]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:10:24 host sshd[716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.30.214
Jan 17 05:10:27 host sshd[716]: Failed password for invalid user ONTUSER from 125.228.30.214 port 35938 ssh2
Jan 17 05:10:28 host sshd[716]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:10:30 host sshd[716]: Failed password for invalid user ONTUSER from 125.228.30.214 port 35938 ssh2
Jan 17 05:10:30 host sshd[716]: Connection reset by 125.228.30.214 port 35938 [preauth]
Jan 17 05:10:30 host sshd[716]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.30.214
Jan 17 05:10:47 host sshd[783]: User root from 187.191.60.178 not allowed because not listed in AllowUsers
Jan 17 05:10:47 host sshd[783]: input_userauth_request: invalid user root [preauth]
Jan 17 05:10:47 host unix_chkpwd[786]: password check failed for user (root)
Jan 17 05:10:47 host sshd[783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.191.60.178 user=root
Jan 17 05:10:47 host sshd[783]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 05:10:49 host sshd[783]: Failed password for invalid user root from 187.191.60.178 port 18914 ssh2
Jan 17 05:10:54 host sshd[824]: User root from 126.77.170.137 not allowed because not listed in AllowUsers
Jan 17 05:10:54 host sshd[824]: input_userauth_request: invalid user root [preauth]
Jan 17 05:10:54 host unix_chkpwd[826]: password check failed for user (root)
Jan 17 05:10:54 host sshd[824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=126.77.170.137 user=root
Jan 17 05:10:54 host sshd[824]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 05:10:57 host sshd[824]: Failed password for invalid user root from 126.77.170.137 port 58958 ssh2
Jan 17 05:10:57 host sshd[824]: Received disconnect from 126.77.170.137 port 58958:11: Bye Bye [preauth]
Jan 17 05:10:57 host sshd[824]: Disconnected from 126.77.170.137 port 58958 [preauth]
Jan 17 05:13:22 host sshd[1166]: Invalid user sysadmin from 13.208.185.44 port 49172
Jan 17 05:13:22 host sshd[1166]: input_userauth_request: invalid user sysadmin [preauth]
Jan 17 05:13:22 host sshd[1166]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:13:22 host sshd[1166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.208.185.44
Jan 17 05:13:23 host sshd[1166]: Failed password for invalid user sysadmin from 13.208.185.44 port 49172 ssh2
Jan 17 05:13:24 host sshd[1166]: Received disconnect from 13.208.185.44 port 49172:11: Bye Bye [preauth]
Jan 17 05:13:24 host sshd[1166]: Disconnected from 13.208.185.44 port 49172 [preauth]
Jan 17 05:16:50 host sshd[1707]: Invalid user user01 from 13.208.185.44 port 49494
Jan 17 05:16:50 host sshd[1707]: input_userauth_request: invalid user user01 [preauth]
Jan 17 05:16:50 host sshd[1707]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:16:50 host sshd[1707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.208.185.44
Jan 17 05:16:52 host sshd[1707]: Failed password for invalid user user01 from 13.208.185.44 port 49494 ssh2
Jan 17 05:16:53 host sshd[1707]: Received disconnect from 13.208.185.44 port 49494:11: Bye Bye [preauth]
Jan 17 05:16:53 host sshd[1707]: Disconnected from 13.208.185.44 port 49494 [preauth]
Jan 17 05:17:40 host sshd[1885]: Did not receive identification string from 154.89.5.218 port 59992
Jan 17 05:17:55 host sshd[1886]: Connection closed by 154.89.5.218 port 60036 [preauth]
Jan 17 05:19:47 host sshd[2293]: Invalid user albert from 209.141.56.48 port 46100
Jan 17 05:19:47 host sshd[2293]: input_userauth_request: invalid user albert [preauth]
Jan 17 05:19:47 host sshd[2293]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:19:47 host sshd[2293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 17 05:19:49 host sshd[2293]: Failed password for invalid user albert from 209.141.56.48 port 46100 ssh2
Jan 17 05:19:49 host sshd[2293]: Connection closed by 209.141.56.48 port 46100 [preauth]
Jan 17 05:20:20 host sshd[2392]: Invalid user albert from 209.141.56.48 port 37604
Jan 17 05:20:20 host sshd[2392]: input_userauth_request: invalid user albert [preauth]
Jan 17 05:20:20 host sshd[2392]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:20:20 host sshd[2392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 17 05:20:22 host sshd[2392]: Failed password for invalid user albert from 209.141.56.48 port 37604 ssh2
Jan 17 05:20:22 host sshd[2392]: Connection closed by 209.141.56.48 port 37604 [preauth]
Jan 17 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 05:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 05:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 05:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwnexidigital user-2=mrsclean user-3=palco123 user-4=gifterman user-5=kottayamcalldriv user-6=phmetals user-7=wwwletsstalkfood user-8=straightcurve user-9=bonifacegroup user-10=wwwevmhonda user-11=pmcresources user-12=vfmassets user-13=shalinijames user-14=wwwtestugo user-15=wwwkapin user-16=woodpeck user-17=disposeat user-18=wwwkmaorg user-19=remysagr user-20=wwwresourcehunte user-21=keralaholi user-22=wwwrmswll user-23=ugotscom user-24=travelboniface user-25=wwwpmcresource user-26=laundryboniface user-27=a2zgroup user-28=dartsimp user-29=cochintaxi user-30=wwwkaretakers feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 05:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=evmhonda.com --output=json
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/test -e /home/wwwevmhonda/wordpress-backups
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 17 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=letsstalkfood.com --output=json
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/test -e /home/wwwletsstalkfood/wordpress-backups
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 17 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=mrsclean.co.in --output=json
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/test -e /home/mrsclean/wordpress-backups
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 17 05:21:04 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 17 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/test -e /home/mrsclean/wordpress-backups
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 17 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=shalinijames.com --output=json
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/test -e /home/shalinijames/wordpress-backups
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 17 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=testugo.in --output=json
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 17 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 17 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 17 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=ugotechnologies.com --output=json
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 05:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=woodpeckerindia.com --output=json
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/test -e /home/woodpeck/wordpress-backups
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=panlys.com --output=json
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/test -e /home/palco123/wordpress-backups
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=resourcehunters.com --output=json
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/test -e /home/wwwresourcehunte/wordpress-backups
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /var/cpanel/licenseid_credentials.json
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwnexidigital ; COMMAND=/bin/cat /home/wwwnexidigital/.wp-toolkit-identifier
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user wwwnexidigital by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user wwwnexidigital
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/cat /home/mrsclean/.wp-toolkit-identifier
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/cat /home/palco123/.wp-toolkit-identifier
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=gifterman ; COMMAND=/bin/cat /home/gifterman/.wp-toolkit-identifier
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user gifterman by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user gifterman
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=kottayamcalldriv ; COMMAND=/bin/cat /home/kottayamcalldriv/.wp-toolkit-identifier
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user kottayamcalldriv by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user kottayamcalldriv
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=phmetals ; COMMAND=/bin/cat /home/phmetals/.wp-toolkit-identifier
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user phmetals by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user phmetals
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/cat /home/wwwletsstalkfood/.wp-toolkit-identifier
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=straightcurve ; COMMAND=/bin/cat /home/straightcurve/.wp-toolkit-identifier
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session opened for user straightcurve by (uid=0)
Jan 17 05:21:06 host sudo: pam_unix(sudo:session): session closed for user straightcurve
Jan 17 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=bonifacegroup ; COMMAND=/bin/cat /home/bonifacegroup/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user bonifacegroup by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user bonifacegroup
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/cat /home/wwwevmhonda/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=pmcresources ; COMMAND=/bin/cat /home/pmcresources/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user pmcresources by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user pmcresources
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=vfmassets ; COMMAND=/bin/cat /home/vfmassets/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user vfmassets by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user vfmassets
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/cat /home/shalinijames/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/cat /home/wwwtestugo/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkapin ; COMMAND=/bin/cat /home/wwwkapin/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwkapin by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwkapin
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/cat /home/woodpeck/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=disposeat ; COMMAND=/bin/cat /home/disposeat/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user disposeat by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user disposeat
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkmaorg ; COMMAND=/bin/cat /home/wwwkmaorg/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwkmaorg by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwkmaorg
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=remysagr ; COMMAND=/bin/cat /home/remysagr/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user remysagr by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user remysagr
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/cat /home/wwwresourcehunte/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/cat /home/keralaholi/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -f /home/keralaholi/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -e /home/keralaholi/-wpt-tmp-1rdjXEbdW2123GzP.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/sh -c cat > /home/keralaholi/-wpt-tmp-1rdjXEbdW2123GzP.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwrmswll ; COMMAND=/bin/cat /home/wwwrmswll/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwrmswll by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwrmswll
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=travelboniface ; COMMAND=/bin/cat /home/travelboniface/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user travelboniface by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user travelboniface
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwpmcresource ; COMMAND=/bin/cat /home/wwwpmcresource/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwpmcresource by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwpmcresource
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=laundryboniface ; COMMAND=/bin/cat /home/laundryboniface/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user laundryboniface by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user laundryboniface
Jan 17 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=a2zgroup ; COMMAND=/bin/cat /home/a2zgroup/.wp-toolkit-identifier
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session opened for user a2zgroup by (uid=0)
Jan 17 05:21:07 host sudo: pam_unix(sudo:session): session closed for user a2zgroup
Jan 17 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=dartsimp ; COMMAND=/bin/cat /home/dartsimp/.wp-toolkit-identifier
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session opened for user dartsimp by (uid=0)
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session closed for user dartsimp
Jan 17 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=cochintaxi ; COMMAND=/bin/cat /home/cochintaxi/.wp-toolkit-identifier
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session opened for user cochintaxi by (uid=0)
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session closed for user cochintaxi
Jan 17 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkaretakers ; COMMAND=/bin/cat /home/wwwkaretakers/.wp-toolkit-identifier
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwkaretakers by (uid=0)
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwkaretakers
Jan 17 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/cat /home/keralaholi/.wp-toolkit-identifier
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 17 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -f /home/keralaholi/.wp-toolkit-identifier
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 17 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -e /home/keralaholi/-wpt-tmp-ODbtUGmoDikXBpZ3.wp-toolkit-identifier
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 17 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/sh -c cat > /home/keralaholi/-wpt-tmp-ODbtUGmoDikXBpZ3.wp-toolkit-identifier
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 17 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_shared_ip --output=json
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_public_ip ip=167.71.234.10 --output=json
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ZHP02OsIp13SDntl.~
Jan 17 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ZHP02OsIp13SDntl.~'
Jan 17 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ZHP02OsIp13SDntl.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 05:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 05:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 05:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 05:21:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 05:21:44 host sshd[3220]: Connection reset by 222.112.19.89 port 62218 [preauth]
Jan 17 05:23:30 host sshd[3471]: Invalid user pi from 151.52.124.160 port 45082
Jan 17 05:23:30 host sshd[3471]: input_userauth_request: invalid user pi [preauth]
Jan 17 05:23:30 host sshd[3471]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:23:30 host sshd[3471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.52.124.160
Jan 17 05:23:30 host sshd[3472]: Invalid user pi from 151.52.124.160 port 45084
Jan 17 05:23:30 host sshd[3472]: input_userauth_request: invalid user pi [preauth]
Jan 17 05:23:30 host sshd[3472]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:23:30 host sshd[3472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.52.124.160
Jan 17 05:23:33 host sshd[3471]: Failed password for invalid user pi from 151.52.124.160 port 45082 ssh2
Jan 17 05:23:33 host sshd[3471]: Connection closed by 151.52.124.160 port 45082 [preauth]
Jan 17 05:23:33 host sshd[3472]: Failed password for invalid user pi from 151.52.124.160 port 45084 ssh2
Jan 17 05:23:33 host sshd[3472]: Connection closed by 151.52.124.160 port 45084 [preauth]
Jan 17 05:25:19 host sshd[3875]: User root from 121.155.171.79 not allowed because not listed in AllowUsers
Jan 17 05:25:19 host sshd[3875]: input_userauth_request: invalid user root [preauth]
Jan 17 05:25:19 host unix_chkpwd[3890]: password check failed for user (root)
Jan 17 05:25:19 host sshd[3875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.155.171.79 user=root
Jan 17 05:25:19 host sshd[3875]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 05:25:21 host sshd[3875]: Failed password for invalid user root from 121.155.171.79 port 42592 ssh2
Jan 17 05:25:22 host sshd[3875]: Connection reset by 121.155.171.79 port 42592 [preauth]
Jan 17 05:32:21 host sshd[4966]: Connection reset by 125.228.34.140 port 45650 [preauth]
Jan 17 05:33:09 host sshd[5073]: User root from 209.141.55.27 not allowed because not listed in AllowUsers
Jan 17 05:33:09 host sshd[5073]: input_userauth_request: invalid user root [preauth]
Jan 17 05:33:09 host unix_chkpwd[5076]: password check failed for user (root)
Jan 17 05:33:09 host sshd[5073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.55.27 user=root
Jan 17 05:33:09 host sshd[5073]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 05:33:11 host sshd[5073]: Failed password for invalid user root from 209.141.55.27 port 51998 ssh2
Jan 17 05:33:11 host sshd[5073]: Received disconnect from 209.141.55.27 port 51998:11: Normal Shutdown, Thank you for playing [preauth]
Jan 17 05:33:11 host sshd[5073]: Disconnected from 209.141.55.27 port 51998 [preauth]
Jan 17 05:39:50 host sshd[6209]: Invalid user default from 116.15.64.17 port 61034
Jan 17 05:39:50 host sshd[6209]: input_userauth_request: invalid user default [preauth]
Jan 17 05:39:50 host sshd[6209]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:39:50 host sshd[6209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.15.64.17
Jan 17 05:39:52 host sshd[6209]: Failed password for invalid user default from 116.15.64.17 port 61034 ssh2
Jan 17 05:39:52 host sshd[6209]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:39:54 host sshd[6209]: Failed password for invalid user default from 116.15.64.17 port 61034 ssh2
Jan 17 05:46:00 host sshd[7181]: Invalid user albert from 209.141.56.48 port 36770
Jan 17 05:46:00 host sshd[7181]: input_userauth_request: invalid user albert [preauth]
Jan 17 05:46:00 host sshd[7181]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 05:46:00 host sshd[7181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 17 05:46:03 host sshd[7181]: Failed password for invalid user albert from 209.141.56.48 port 36770 ssh2
Jan 17 05:46:03 host sshd[7181]: Connection closed by 209.141.56.48 port 36770 [preauth]
Jan 17 06:04:20 host sshd[9731]: User root from 220.84.192.131 not allowed because not listed in AllowUsers
Jan 17 06:04:20 host sshd[9731]: input_userauth_request: invalid user root [preauth]
Jan 17 06:04:20 host unix_chkpwd[9740]: password check failed for user (root)
Jan 17 06:04:20 host sshd[9731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.84.192.131 user=root
Jan 17 06:04:20 host sshd[9731]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:04:22 host sshd[9731]: Failed password for invalid user root from 220.84.192.131 port 61890 ssh2
Jan 17 06:04:23 host unix_chkpwd[9743]: password check failed for user (root)
Jan 17 06:04:23 host sshd[9731]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:04:24 host sshd[9731]: Failed password for invalid user root from 220.84.192.131 port 61890 ssh2
Jan 17 06:04:25 host unix_chkpwd[9746]: password check failed for user (root)
Jan 17 06:04:25 host sshd[9731]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:04:26 host sshd[9731]: Failed password for invalid user root from 220.84.192.131 port 61890 ssh2
Jan 17 06:04:27 host unix_chkpwd[9756]: password check failed for user (root)
Jan 17 06:04:27 host sshd[9731]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:04:30 host sshd[9731]: Failed password for invalid user root from 220.84.192.131 port 61890 ssh2
Jan 17 06:04:30 host unix_chkpwd[9802]: password check failed for user (root)
Jan 17 06:04:30 host sshd[9731]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:04:32 host sshd[9731]: Failed password for invalid user root from 220.84.192.131 port 61890 ssh2
Jan 17 06:12:02 host sshd[11118]: User root from 217.96.146.145 not allowed because not listed in AllowUsers
Jan 17 06:12:02 host sshd[11118]: input_userauth_request: invalid user root [preauth]
Jan 17 06:12:02 host unix_chkpwd[11123]: password check failed for user (root)
Jan 17 06:12:02 host sshd[11118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.96.146.145 user=root
Jan 17 06:12:02 host sshd[11118]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:12:04 host sshd[11118]: Failed password for invalid user root from 217.96.146.145 port 42235 ssh2
Jan 17 06:12:05 host unix_chkpwd[11128]: password check failed for user (root)
Jan 17 06:12:05 host sshd[11118]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:12:07 host sshd[11118]: Failed password for invalid user root from 217.96.146.145 port 42235 ssh2
Jan 17 06:12:07 host unix_chkpwd[11132]: password check failed for user (root)
Jan 17 06:12:07 host sshd[11118]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:12:10 host sshd[11118]: Failed password for invalid user root from 217.96.146.145 port 42235 ssh2
Jan 17 06:12:10 host unix_chkpwd[11136]: password check failed for user (root)
Jan 17 06:12:10 host sshd[11118]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:12:12 host sshd[11118]: Failed password for invalid user root from 217.96.146.145 port 42235 ssh2
Jan 17 06:15:45 host sshd[11692]: Invalid user fh from 194.110.203.109 port 54470
Jan 17 06:15:45 host sshd[11692]: input_userauth_request: invalid user fh [preauth]
Jan 17 06:15:45 host sshd[11692]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:15:45 host sshd[11692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 06:15:46 host sshd[11692]: Failed password for invalid user fh from 194.110.203.109 port 54470 ssh2
Jan 17 06:15:49 host sshd[11692]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:15:51 host sshd[11692]: Failed password for invalid user fh from 194.110.203.109 port 54470 ssh2
Jan 17 06:15:54 host sshd[11692]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:15:56 host sshd[11692]: Failed password for invalid user fh from 194.110.203.109 port 54470 ssh2
Jan 17 06:15:59 host sshd[11692]: Connection closed by 194.110.203.109 port 54470 [preauth]
Jan 17 06:15:59 host sshd[11692]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 06:20:20 host sshd[12538]: Invalid user manuel from 107.189.30.59 port 54168
Jan 17 06:20:20 host sshd[12538]: input_userauth_request: invalid user manuel [preauth]
Jan 17 06:20:20 host sshd[12538]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:20:20 host sshd[12538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 17 06:20:23 host sshd[12538]: Failed password for invalid user manuel from 107.189.30.59 port 54168 ssh2
Jan 17 06:20:23 host sshd[12538]: Connection closed by 107.189.30.59 port 54168 [preauth]
Jan 17 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 06:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=ugotscom user-4=wwwresourcehunte user-5=keralaholi user-6=wwwrmswll user-7=wwwkaretakers user-8=cochintaxi user-9=a2zgroup user-10=dartsimp user-11=laundryboniface user-12=wwwevmhonda user-13=bonifacegroup user-14=wwwletsstalkfood user-15=straightcurve user-16=kottayamcalldriv user-17=phmetals user-18=palco123 user-19=gifterman user-20=mrsclean user-21=wwwnexidigital user-22=disposeat user-23=remysagr user-24=wwwkmaorg user-25=wwwkapin user-26=woodpeck user-27=shalinijames user-28=wwwtestugo user-29=vfmassets user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 06:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 06:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 06:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-FZx450qD7t5Y05qY.~
Jan 17 06:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-FZx450qD7t5Y05qY.~'
Jan 17 06:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-FZx450qD7t5Y05qY.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 06:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 06:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 06:21:09 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 06:21:09 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 06:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 06:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 06:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 06:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 06:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 06:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:21:56 host sshd[13091]: Connection closed by 45.79.172.21 port 36130 [preauth]
Jan 17 06:21:59 host sshd[13098]: Connection closed by 45.79.172.21 port 11012 [preauth]
Jan 17 06:22:01 host sshd[13103]: Connection closed by 45.79.172.21 port 11020 [preauth]
Jan 17 06:38:22 host sshd[15858]: Invalid user admin from 222.230.21.66 port 41973
Jan 17 06:38:22 host sshd[15858]: input_userauth_request: invalid user admin [preauth]
Jan 17 06:38:22 host sshd[15858]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:38:22 host sshd[15858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.230.21.66
Jan 17 06:38:24 host sshd[15858]: Failed password for invalid user admin from 222.230.21.66 port 41973 ssh2
Jan 17 06:38:25 host sshd[15858]: Failed password for invalid user admin from 222.230.21.66 port 41973 ssh2
Jan 17 06:38:26 host sshd[15858]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:38:28 host sshd[15858]: Failed password for invalid user admin from 222.230.21.66 port 41973 ssh2
Jan 17 06:38:28 host sshd[15858]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:38:30 host sshd[15858]: Failed password for invalid user admin from 222.230.21.66 port 41973 ssh2
Jan 17 06:38:30 host sshd[15858]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:38:32 host sshd[15858]: Failed password for invalid user admin from 222.230.21.66 port 41973 ssh2
Jan 17 06:38:33 host sshd[15924]: Invalid user mike from 210.16.201.188 port 59472
Jan 17 06:38:33 host sshd[15924]: input_userauth_request: invalid user mike [preauth]
Jan 17 06:38:33 host sshd[15924]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:38:33 host sshd[15924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.201.188
Jan 17 06:38:36 host sshd[15924]: Failed password for invalid user mike from 210.16.201.188 port 59472 ssh2
Jan 17 06:38:36 host sshd[15924]: Received disconnect from 210.16.201.188 port 59472:11: Bye Bye [preauth]
Jan 17 06:38:36 host sshd[15924]: Disconnected from 210.16.201.188 port 59472 [preauth]
Jan 17 06:43:47 host sshd[16708]: Invalid user user from 162.194.48.181 port 55918
Jan 17 06:43:47 host sshd[16708]: input_userauth_request: invalid user user [preauth]
Jan 17 06:43:47 host sshd[16708]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:43:47 host sshd[16708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.194.48.181
Jan 17 06:43:49 host sshd[16708]: Failed password for invalid user user from 162.194.48.181 port 55918 ssh2
Jan 17 06:43:52 host sshd[16708]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:43:54 host sshd[16708]: Failed password for invalid user user from 162.194.48.181 port 55918 ssh2
Jan 17 06:43:55 host sshd[16708]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:43:57 host sshd[16708]: Failed password for invalid user user from 162.194.48.181 port 55918 ssh2
Jan 17 06:43:58 host sshd[16708]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:43:59 host sshd[16708]: Failed password for invalid user user from 162.194.48.181 port 55918 ssh2
Jan 17 06:44:00 host sshd[16708]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:44:02 host sshd[16708]: Failed password for invalid user user from 162.194.48.181 port 55918 ssh2
Jan 17 06:44:11 host sshd[16839]: User root from 210.16.201.188 not allowed because not listed in AllowUsers
Jan 17 06:44:11 host sshd[16839]: input_userauth_request: invalid user root [preauth]
Jan 17 06:44:11 host unix_chkpwd[16843]: password check failed for user (root)
Jan 17 06:44:11 host sshd[16839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.16.201.188 user=root
Jan 17 06:44:11 host sshd[16839]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:44:13 host sshd[16839]: Failed password for invalid user root from 210.16.201.188 port 56250 ssh2
Jan 17 06:44:13 host sshd[16839]: Received disconnect from 210.16.201.188 port 56250:11: Bye Bye [preauth]
Jan 17 06:44:13 host sshd[16839]: Disconnected from 210.16.201.188 port 56250 [preauth]
Jan 17 06:48:09 host sshd[17545]: Invalid user steam from 220.134.113.234 port 47480
Jan 17 06:48:09 host sshd[17545]: input_userauth_request: invalid user steam [preauth]
Jan 17 06:48:09 host sshd[17545]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:48:09 host sshd[17545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.113.234
Jan 17 06:48:11 host sshd[17545]: Failed password for invalid user steam from 220.134.113.234 port 47480 ssh2
Jan 17 06:48:11 host sshd[17545]: Connection reset by 220.134.113.234 port 47480 [preauth]
Jan 17 06:50:40 host sshd[17929]: User root from 157.245.53.239 not allowed because not listed in AllowUsers
Jan 17 06:50:40 host sshd[17929]: input_userauth_request: invalid user root [preauth]
Jan 17 06:50:40 host unix_chkpwd[17932]: password check failed for user (root)
Jan 17 06:50:40 host sshd[17929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.53.239 user=root
Jan 17 06:50:40 host sshd[17929]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:50:42 host sshd[17929]: Failed password for invalid user root from 157.245.53.239 port 47406 ssh2
Jan 17 06:50:42 host sshd[17929]: Received disconnect from 157.245.53.239 port 47406:11: Bye Bye [preauth]
Jan 17 06:50:42 host sshd[17929]: Disconnected from 157.245.53.239 port 47406 [preauth]
Jan 17 06:51:09 host sshd[17984]: Invalid user panda from 37.193.112.180 port 39674
Jan 17 06:51:09 host sshd[17984]: input_userauth_request: invalid user panda [preauth]
Jan 17 06:51:09 host sshd[17984]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:51:09 host sshd[17984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.193.112.180
Jan 17 06:51:11 host sshd[17984]: Failed password for invalid user panda from 37.193.112.180 port 39674 ssh2
Jan 17 06:51:11 host sshd[17984]: Received disconnect from 37.193.112.180 port 39674:11: Bye Bye [preauth]
Jan 17 06:51:11 host sshd[17984]: Disconnected from 37.193.112.180 port 39674 [preauth]
Jan 17 06:51:39 host sshd[18058]: Invalid user zookeeper from 34.23.17.138 port 1111
Jan 17 06:51:39 host sshd[18058]: input_userauth_request: invalid user zookeeper [preauth]
Jan 17 06:51:39 host sshd[18058]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:51:39 host sshd[18058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.23.17.138
Jan 17 06:51:40 host sshd[18058]: Failed password for invalid user zookeeper from 34.23.17.138 port 1111 ssh2
Jan 17 06:51:41 host sshd[18058]: Received disconnect from 34.23.17.138 port 1111:11: Bye Bye [preauth]
Jan 17 06:51:41 host sshd[18058]: Disconnected from 34.23.17.138 port 1111 [preauth]
Jan 17 06:51:59 host sshd[18185]: Invalid user ts2 from 5.255.106.239 port 21974
Jan 17 06:51:59 host sshd[18185]: input_userauth_request: invalid user ts2 [preauth]
Jan 17 06:51:59 host sshd[18185]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:51:59 host sshd[18185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.255.106.239
Jan 17 06:52:01 host sshd[18185]: Failed password for invalid user ts2 from 5.255.106.239 port 21974 ssh2
Jan 17 06:52:01 host sshd[18185]: Received disconnect from 5.255.106.239 port 21974:11: Bye Bye [preauth]
Jan 17 06:52:01 host sshd[18185]: Disconnected from 5.255.106.239 port 21974 [preauth]
Jan 17 06:52:40 host sshd[18285]: User root from 113.125.41.74 not allowed because not listed in AllowUsers
Jan 17 06:52:40 host sshd[18285]: input_userauth_request: invalid user root [preauth]
Jan 17 06:52:40 host unix_chkpwd[18293]: password check failed for user (root)
Jan 17 06:52:40 host sshd[18285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.41.74 user=root
Jan 17 06:52:40 host sshd[18285]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:52:41 host sshd[18285]: Failed password for invalid user root from 113.125.41.74 port 33978 ssh2
Jan 17 06:52:42 host unix_chkpwd[18297]: password check failed for user (root)
Jan 17 06:52:42 host sshd[18285]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:52:45 host sshd[18285]: Failed password for invalid user root from 113.125.41.74 port 33978 ssh2
Jan 17 06:52:45 host unix_chkpwd[18302]: password check failed for user (root)
Jan 17 06:52:45 host sshd[18285]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:52:47 host sshd[18285]: Failed password for invalid user root from 113.125.41.74 port 33978 ssh2
Jan 17 06:52:47 host unix_chkpwd[18308]: password check failed for user (root)
Jan 17 06:52:47 host sshd[18285]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:52:49 host sshd[18285]: Failed password for invalid user root from 113.125.41.74 port 33978 ssh2
Jan 17 06:52:49 host unix_chkpwd[18312]: password check failed for user (root)
Jan 17 06:52:49 host sshd[18285]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:52:52 host sshd[18285]: Failed password for invalid user root from 113.125.41.74 port 33978 ssh2
Jan 17 06:53:02 host sshd[18361]: User root from 186.67.248.8 not allowed because not listed in AllowUsers
Jan 17 06:53:02 host sshd[18361]: input_userauth_request: invalid user root [preauth]
Jan 17 06:53:02 host unix_chkpwd[18375]: password check failed for user (root)
Jan 17 06:53:02 host sshd[18361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.67.248.8 user=root
Jan 17 06:53:02 host sshd[18361]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:53:03 host sshd[18361]: Failed password for invalid user root from 186.67.248.8 port 50134 ssh2
Jan 17 06:53:04 host sshd[18361]: Received disconnect from 186.67.248.8 port 50134:11: Bye Bye [preauth]
Jan 17 06:53:04 host sshd[18361]: Disconnected from 186.67.248.8 port 50134 [preauth]
Jan 17 06:53:25 host sshd[18413]: Invalid user db2inst1 from 43.156.241.142 port 55258
Jan 17 06:53:25 host sshd[18413]: input_userauth_request: invalid user db2inst1 [preauth]
Jan 17 06:53:25 host sshd[18413]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:53:25 host sshd[18413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.241.142
Jan 17 06:53:27 host sshd[18413]: Failed password for invalid user db2inst1 from 43.156.241.142 port 55258 ssh2
Jan 17 06:53:27 host sshd[18413]: Received disconnect from 43.156.241.142 port 55258:11: Bye Bye [preauth]
Jan 17 06:53:27 host sshd[18413]: Disconnected from 43.156.241.142 port 55258 [preauth]
Jan 17 06:54:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 06:54:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:54:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:54:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 06:54:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:54:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:54:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 06:54:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:54:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:54:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 06:54:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:54:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:54:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 06:54:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:54:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:54:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 06:54:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:54:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:54:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 06:54:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 06:54:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 06:54:32 host sshd[18668]: Invalid user oracle from 182.71.142.252 port 37438
Jan 17 06:54:32 host sshd[18668]: input_userauth_request: invalid user oracle [preauth]
Jan 17 06:54:32 host sshd[18668]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:54:32 host sshd[18668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.71.142.252
Jan 17 06:54:33 host sshd[18668]: Failed password for invalid user oracle from 182.71.142.252 port 37438 ssh2
Jan 17 06:54:33 host sshd[18668]: Received disconnect from 182.71.142.252 port 37438:11: Bye Bye [preauth]
Jan 17 06:54:33 host sshd[18668]: Disconnected from 182.71.142.252 port 37438 [preauth]
Jan 17 06:55:07 host sshd[18744]: Invalid user mike from 64.225.70.42 port 34782
Jan 17 06:55:07 host sshd[18744]: input_userauth_request: invalid user mike [preauth]
Jan 17 06:55:07 host sshd[18744]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:55:07 host sshd[18744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.70.42
Jan 17 06:55:09 host sshd[18744]: Failed password for invalid user mike from 64.225.70.42 port 34782 ssh2
Jan 17 06:55:09 host sshd[18744]: Received disconnect from 64.225.70.42 port 34782:11: Bye Bye [preauth]
Jan 17 06:55:09 host sshd[18744]: Disconnected from 64.225.70.42 port 34782 [preauth]
Jan 17 06:55:30 host sshd[18805]: Invalid user zookeeper from 43.159.49.49 port 37394
Jan 17 06:55:30 host sshd[18805]: input_userauth_request: invalid user zookeeper [preauth]
Jan 17 06:55:30 host sshd[18805]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:55:30 host sshd[18805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.49.49
Jan 17 06:55:32 host sshd[18805]: Failed password for invalid user zookeeper from 43.159.49.49 port 37394 ssh2
Jan 17 06:55:32 host sshd[18805]: Received disconnect from 43.159.49.49 port 37394:11: Bye Bye [preauth]
Jan 17 06:55:32 host sshd[18805]: Disconnected from 43.159.49.49 port 37394 [preauth]
Jan 17 06:55:44 host sshd[18820]: User root from 186.145.254.158 not allowed because not listed in AllowUsers
Jan 17 06:55:44 host sshd[18820]: input_userauth_request: invalid user root [preauth]
Jan 17 06:55:44 host unix_chkpwd[18824]: password check failed for user (root)
Jan 17 06:55:44 host sshd[18820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.145.254.158 user=root
Jan 17 06:55:44 host sshd[18820]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:55:45 host sshd[18820]: Failed password for invalid user root from 186.145.254.158 port 40125 ssh2
Jan 17 06:55:45 host sshd[18820]: Received disconnect from 186.145.254.158 port 40125:11: Bye Bye [preauth]
Jan 17 06:55:45 host sshd[18820]: Disconnected from 186.145.254.158 port 40125 [preauth]
Jan 17 06:56:50 host sshd[18947]: User root from 34.23.17.138 not allowed because not listed in AllowUsers
Jan 17 06:56:50 host sshd[18947]: input_userauth_request: invalid user root [preauth]
Jan 17 06:56:50 host unix_chkpwd[18950]: password check failed for user (root)
Jan 17 06:56:50 host sshd[18947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.23.17.138 user=root
Jan 17 06:56:50 host sshd[18947]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:56:51 host sshd[18947]: Failed password for invalid user root from 34.23.17.138 port 1112 ssh2
Jan 17 06:56:51 host sshd[18947]: Received disconnect from 34.23.17.138 port 1112:11: Bye Bye [preauth]
Jan 17 06:56:51 host sshd[18947]: Disconnected from 34.23.17.138 port 1112 [preauth]
Jan 17 06:56:56 host sshd[19005]: Invalid user postgres from 5.255.106.239 port 58768
Jan 17 06:56:56 host sshd[19005]: input_userauth_request: invalid user postgres [preauth]
Jan 17 06:56:56 host sshd[19005]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:56:56 host sshd[19005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.255.106.239
Jan 17 06:56:58 host sshd[19005]: Failed password for invalid user postgres from 5.255.106.239 port 58768 ssh2
Jan 17 06:56:58 host sshd[19005]: Received disconnect from 5.255.106.239 port 58768:11: Bye Bye [preauth]
Jan 17 06:56:58 host sshd[19005]: Disconnected from 5.255.106.239 port 58768 [preauth]
Jan 17 06:57:07 host sshd[19111]: User root from 43.156.241.142 not allowed because not listed in AllowUsers
Jan 17 06:57:07 host sshd[19111]: input_userauth_request: invalid user root [preauth]
Jan 17 06:57:07 host unix_chkpwd[19113]: password check failed for user (root)
Jan 17 06:57:07 host sshd[19111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.241.142 user=root
Jan 17 06:57:07 host sshd[19111]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:57:09 host sshd[19111]: Failed password for invalid user root from 43.156.241.142 port 41832 ssh2
Jan 17 06:57:09 host sshd[19111]: Received disconnect from 43.156.241.142 port 41832:11: Bye Bye [preauth]
Jan 17 06:57:09 host sshd[19111]: Disconnected from 43.156.241.142 port 41832 [preauth]
Jan 17 06:57:19 host sshd[19158]: User root from 37.193.112.180 not allowed because not listed in AllowUsers
Jan 17 06:57:19 host sshd[19158]: input_userauth_request: invalid user root [preauth]
Jan 17 06:57:20 host unix_chkpwd[19161]: password check failed for user (root)
Jan 17 06:57:20 host sshd[19158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.193.112.180 user=root
Jan 17 06:57:20 host sshd[19158]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:57:22 host sshd[19158]: Failed password for invalid user root from 37.193.112.180 port 41392 ssh2
Jan 17 06:57:22 host sshd[19158]: Received disconnect from 37.193.112.180 port 41392:11: Bye Bye [preauth]
Jan 17 06:57:22 host sshd[19158]: Disconnected from 37.193.112.180 port 41392 [preauth]
Jan 17 06:57:55 host sshd[19258]: Invalid user zookeeper from 64.225.70.42 port 38454
Jan 17 06:57:55 host sshd[19258]: input_userauth_request: invalid user zookeeper [preauth]
Jan 17 06:57:55 host sshd[19258]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:57:55 host sshd[19258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.70.42
Jan 17 06:57:57 host sshd[19258]: Failed password for invalid user zookeeper from 64.225.70.42 port 38454 ssh2
Jan 17 06:57:57 host sshd[19258]: Received disconnect from 64.225.70.42 port 38454:11: Bye Bye [preauth]
Jan 17 06:57:57 host sshd[19258]: Disconnected from 64.225.70.42 port 38454 [preauth]
Jan 17 06:58:06 host sshd[19295]: Invalid user es from 157.245.53.239 port 43966
Jan 17 06:58:06 host sshd[19295]: input_userauth_request: invalid user es [preauth]
Jan 17 06:58:06 host sshd[19295]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:58:06 host sshd[19295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.53.239
Jan 17 06:58:07 host sshd[19297]: Invalid user dev from 5.255.106.239 port 20592
Jan 17 06:58:07 host sshd[19297]: input_userauth_request: invalid user dev [preauth]
Jan 17 06:58:07 host sshd[19297]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:58:07 host sshd[19297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.255.106.239
Jan 17 06:58:08 host sshd[19295]: Failed password for invalid user es from 157.245.53.239 port 43966 ssh2
Jan 17 06:58:08 host sshd[19295]: Received disconnect from 157.245.53.239 port 43966:11: Bye Bye [preauth]
Jan 17 06:58:08 host sshd[19295]: Disconnected from 157.245.53.239 port 43966 [preauth]
Jan 17 06:58:09 host sshd[19297]: Failed password for invalid user dev from 5.255.106.239 port 20592 ssh2
Jan 17 06:58:16 host sshd[19378]: User root from 43.159.49.49 not allowed because not listed in AllowUsers
Jan 17 06:58:16 host sshd[19378]: input_userauth_request: invalid user root [preauth]
Jan 17 06:58:16 host unix_chkpwd[19381]: password check failed for user (root)
Jan 17 06:58:16 host sshd[19378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.49.49 user=root
Jan 17 06:58:16 host sshd[19378]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:58:18 host sshd[19378]: Failed password for invalid user root from 43.159.49.49 port 43590 ssh2
Jan 17 06:58:18 host sshd[19378]: Received disconnect from 43.159.49.49 port 43590:11: Bye Bye [preauth]
Jan 17 06:58:18 host sshd[19378]: Disconnected from 43.159.49.49 port 43590 [preauth]
Jan 17 06:58:20 host sshd[19391]: Invalid user admin1 from 182.71.142.252 port 56704
Jan 17 06:58:20 host sshd[19391]: input_userauth_request: invalid user admin1 [preauth]
Jan 17 06:58:20 host sshd[19391]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:58:20 host sshd[19391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.71.142.252
Jan 17 06:58:22 host sshd[19393]: User root from 186.145.254.158 not allowed because not listed in AllowUsers
Jan 17 06:58:22 host sshd[19393]: input_userauth_request: invalid user root [preauth]
Jan 17 06:58:22 host unix_chkpwd[19398]: password check failed for user (root)
Jan 17 06:58:22 host sshd[19393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.145.254.158 user=root
Jan 17 06:58:22 host sshd[19393]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:58:22 host sshd[19391]: Failed password for invalid user admin1 from 182.71.142.252 port 56704 ssh2
Jan 17 06:58:22 host sshd[19391]: Received disconnect from 182.71.142.252 port 56704:11: Bye Bye [preauth]
Jan 17 06:58:22 host sshd[19391]: Disconnected from 182.71.142.252 port 56704 [preauth]
Jan 17 06:58:24 host sshd[19393]: Failed password for invalid user root from 186.145.254.158 port 43064 ssh2
Jan 17 06:59:03 host sshd[19562]: User root from 64.225.70.42 not allowed because not listed in AllowUsers
Jan 17 06:59:03 host sshd[19562]: input_userauth_request: invalid user root [preauth]
Jan 17 06:59:03 host unix_chkpwd[19567]: password check failed for user (root)
Jan 17 06:59:03 host sshd[19562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.70.42 user=root
Jan 17 06:59:03 host sshd[19562]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 06:59:05 host sshd[19562]: Failed password for invalid user root from 64.225.70.42 port 37982 ssh2
Jan 17 06:59:06 host sshd[19562]: Received disconnect from 64.225.70.42 port 37982:11: Bye Bye [preauth]
Jan 17 06:59:06 host sshd[19562]: Disconnected from 64.225.70.42 port 37982 [preauth]
Jan 17 06:59:44 host sshd[19686]: Invalid user sales1 from 182.71.142.252 port 39855
Jan 17 06:59:44 host sshd[19686]: input_userauth_request: invalid user sales1 [preauth]
Jan 17 06:59:44 host sshd[19686]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 06:59:44 host sshd[19686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.71.142.252
Jan 17 06:59:46 host sshd[19686]: Failed password for invalid user sales1 from 182.71.142.252 port 39855 ssh2
Jan 17 06:59:46 host sshd[19686]: Received disconnect from 182.71.142.252 port 39855:11: Bye Bye [preauth]
Jan 17 06:59:46 host sshd[19686]: Disconnected from 182.71.142.252 port 39855 [preauth]
Jan 17 07:04:57 host sshd[20658]: Invalid user super from 80.15.59.182 port 51949
Jan 17 07:04:57 host sshd[20658]: input_userauth_request: invalid user super [preauth]
Jan 17 07:04:57 host sshd[20658]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:04:57 host sshd[20658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.15.59.182
Jan 17 07:04:59 host sshd[20658]: Failed password for invalid user super from 80.15.59.182 port 51949 ssh2
Jan 17 07:04:59 host sshd[20658]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:05:02 host sshd[20658]: Failed password for invalid user super from 80.15.59.182 port 51949 ssh2
Jan 17 07:05:02 host sshd[20658]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:05:04 host sshd[20658]: Failed password for invalid user super from 80.15.59.182 port 51949 ssh2
Jan 17 07:05:05 host sshd[20658]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:05:07 host sshd[20658]: Failed password for invalid user super from 80.15.59.182 port 51949 ssh2
Jan 17 07:05:07 host sshd[20658]: Failed password for invalid user super from 80.15.59.182 port 51949 ssh2
Jan 17 07:05:07 host sshd[20658]: Connection closed by 80.15.59.182 port 51949 [preauth]
Jan 17 07:05:07 host sshd[20658]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.15.59.182
Jan 17 07:05:07 host sshd[20658]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 17 07:05:12 host sshd[20735]: Invalid user zookeeper from 186.67.248.8 port 59132
Jan 17 07:05:12 host sshd[20735]: input_userauth_request: invalid user zookeeper [preauth]
Jan 17 07:05:12 host sshd[20735]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:05:12 host sshd[20735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.67.248.8
Jan 17 07:05:15 host sshd[20735]: Failed password for invalid user zookeeper from 186.67.248.8 port 59132 ssh2
Jan 17 07:05:15 host sshd[20735]: Received disconnect from 186.67.248.8 port 59132:11: Bye Bye [preauth]
Jan 17 07:05:15 host sshd[20735]: Disconnected from 186.67.248.8 port 59132 [preauth]
Jan 17 07:18:00 host sshd[22937]: Connection reset by 220.132.179.205 port 37307 [preauth]
Jan 17 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 07:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=ugotscom user-2=wwwrmswll user-3=wwwresourcehunte user-4=keralaholi user-5=travelboniface user-6=wwwpmcresource user-7=laundryboniface user-8=dartsimp user-9=a2zgroup user-10=cochintaxi user-11=wwwkaretakers user-12=mrsclean user-13=wwwnexidigital user-14=phmetals user-15=kottayamcalldriv user-16=gifterman user-17=palco123 user-18=straightcurve user-19=wwwletsstalkfood user-20=wwwevmhonda user-21=bonifacegroup user-22=pmcresources user-23=wwwtestugo user-24=shalinijames user-25=vfmassets user-26=wwwkapin user-27=woodpeck user-28=disposeat user-29=wwwkmaorg user-30=remysagr feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 07:21:08 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-MwvvGLhzyEnSV8L7.~
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-MwvvGLhzyEnSV8L7.~'
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-MwvvGLhzyEnSV8L7.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 07:21:09 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 07:21:09 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 07:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 07:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 07:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 07:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 07:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 07:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 07:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 07:32:30 host sshd[25458]: Invalid user admin from 175.214.46.72 port 40940
Jan 17 07:32:30 host sshd[25458]: input_userauth_request: invalid user admin [preauth]
Jan 17 07:32:30 host sshd[25458]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:32:30 host sshd[25458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.214.46.72
Jan 17 07:32:32 host sshd[25458]: Failed password for invalid user admin from 175.214.46.72 port 40940 ssh2
Jan 17 07:32:35 host sshd[25458]: Failed password for invalid user admin from 175.214.46.72 port 40940 ssh2
Jan 17 07:32:37 host sshd[25458]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:32:39 host sshd[25458]: Failed password for invalid user admin from 175.214.46.72 port 40940 ssh2
Jan 17 07:32:43 host sshd[25458]: Connection reset by 175.214.46.72 port 40940 [preauth]
Jan 17 07:32:43 host sshd[25458]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.214.46.72
Jan 17 07:32:44 host sshd[25499]: Invalid user user3 from 201.149.20.162 port 27622
Jan 17 07:32:44 host sshd[25499]: input_userauth_request: invalid user user3 [preauth]
Jan 17 07:32:44 host sshd[25499]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:32:44 host sshd[25499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.20.162
Jan 17 07:32:46 host sshd[25499]: Failed password for invalid user user3 from 201.149.20.162 port 27622 ssh2
Jan 17 07:32:46 host sshd[25499]: Received disconnect from 201.149.20.162 port 27622:11: Bye Bye [preauth]
Jan 17 07:32:46 host sshd[25499]: Disconnected from 201.149.20.162 port 27622 [preauth]
Jan 17 07:32:47 host sshd[25504]: Invalid user terraria from 27.254.163.228 port 46474
Jan 17 07:32:47 host sshd[25504]: input_userauth_request: invalid user terraria [preauth]
Jan 17 07:32:47 host sshd[25504]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:32:47 host sshd[25504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.163.228
Jan 17 07:32:49 host sshd[25504]: Failed password for invalid user terraria from 27.254.163.228 port 46474 ssh2
Jan 17 07:32:49 host sshd[25504]: Received disconnect from 27.254.163.228 port 46474:11: Bye Bye [preauth]
Jan 17 07:32:49 host sshd[25504]: Disconnected from 27.254.163.228 port 46474 [preauth]
Jan 17 07:33:33 host sshd[25597]: Invalid user minecraft from 138.91.110.181 port 50428
Jan 17 07:33:33 host sshd[25597]: input_userauth_request: invalid user minecraft [preauth]
Jan 17 07:33:33 host sshd[25597]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:33:33 host sshd[25597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.91.110.181
Jan 17 07:33:34 host sshd[25597]: Failed password for invalid user minecraft from 138.91.110.181 port 50428 ssh2
Jan 17 07:33:35 host sshd[25597]: Received disconnect from 138.91.110.181 port 50428:11: Bye Bye [preauth]
Jan 17 07:33:35 host sshd[25597]: Disconnected from 138.91.110.181 port 50428 [preauth]
Jan 17 07:36:51 host sshd[26109]: Invalid user user3 from 27.254.163.228 port 38826
Jan 17 07:36:51 host sshd[26109]: input_userauth_request: invalid user user3 [preauth]
Jan 17 07:36:51 host sshd[26109]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:36:51 host sshd[26109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.163.228
Jan 17 07:36:53 host sshd[26109]: Failed password for invalid user user3 from 27.254.163.228 port 38826 ssh2
Jan 17 07:36:53 host sshd[26109]: Received disconnect from 27.254.163.228 port 38826:11: Bye Bye [preauth]
Jan 17 07:36:53 host sshd[26109]: Disconnected from 27.254.163.228 port 38826 [preauth]
Jan 17 07:36:54 host sshd[26115]: Invalid user kafka from 138.91.110.181 port 42856
Jan 17 07:36:54 host sshd[26115]: input_userauth_request: invalid user kafka [preauth]
Jan 17 07:36:54 host sshd[26115]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:36:54 host sshd[26115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.91.110.181
Jan 17 07:36:57 host sshd[26115]: Failed password for invalid user kafka from 138.91.110.181 port 42856 ssh2
Jan 17 07:36:57 host sshd[26115]: Received disconnect from 138.91.110.181 port 42856:11: Bye Bye [preauth]
Jan 17 07:36:57 host sshd[26115]: Disconnected from 138.91.110.181 port 42856 [preauth]
Jan 17 07:38:01 host sshd[26247]: User root from 138.91.110.181 not allowed because not listed in AllowUsers
Jan 17 07:38:01 host sshd[26247]: input_userauth_request: invalid user root [preauth]
Jan 17 07:38:01 host unix_chkpwd[26260]: password check failed for user (root)
Jan 17 07:38:01 host sshd[26247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.91.110.181 user=root
Jan 17 07:38:01 host sshd[26247]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 07:38:03 host sshd[26247]: Failed password for invalid user root from 138.91.110.181 port 40978 ssh2
Jan 17 07:38:03 host sshd[26247]: Received disconnect from 138.91.110.181 port 40978:11: Bye Bye [preauth]
Jan 17 07:38:04 host sshd[26247]: Disconnected from 138.91.110.181 port 40978 [preauth]
Jan 17 07:38:06 host sshd[26296]: Invalid user ts2 from 27.254.163.228 port 35684
Jan 17 07:38:06 host sshd[26296]: input_userauth_request: invalid user ts2 [preauth]
Jan 17 07:38:06 host sshd[26296]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:38:06 host sshd[26296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.163.228
Jan 17 07:38:08 host sshd[26296]: Failed password for invalid user ts2 from 27.254.163.228 port 35684 ssh2
Jan 17 07:38:08 host sshd[26296]: Received disconnect from 27.254.163.228 port 35684:11: Bye Bye [preauth]
Jan 17 07:38:08 host sshd[26296]: Disconnected from 27.254.163.228 port 35684 [preauth]
Jan 17 07:38:42 host sshd[26392]: User root from 104.128.88.83 not allowed because not listed in AllowUsers
Jan 17 07:38:42 host sshd[26392]: input_userauth_request: invalid user root [preauth]
Jan 17 07:38:42 host unix_chkpwd[26395]: password check failed for user (root)
Jan 17 07:38:42 host sshd[26392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.128.88.83 user=root
Jan 17 07:38:42 host sshd[26392]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 07:38:45 host sshd[26392]: Failed password for invalid user root from 104.128.88.83 port 50256 ssh2
Jan 17 07:38:45 host sshd[26392]: Received disconnect from 104.128.88.83 port 50256:11: Bye Bye [preauth]
Jan 17 07:38:45 host sshd[26392]: Disconnected from 104.128.88.83 port 50256 [preauth]
Jan 17 07:39:51 host sshd[26663]: User root from 201.149.20.162 not allowed because not listed in AllowUsers
Jan 17 07:39:51 host sshd[26663]: input_userauth_request: invalid user root [preauth]
Jan 17 07:39:51 host unix_chkpwd[26666]: password check failed for user (root)
Jan 17 07:39:51 host sshd[26663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.149.20.162 user=root
Jan 17 07:39:51 host sshd[26663]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 07:39:53 host sshd[26663]: Failed password for invalid user root from 201.149.20.162 port 14228 ssh2
Jan 17 07:39:53 host sshd[26663]: Received disconnect from 201.149.20.162 port 14228:11: Bye Bye [preauth]
Jan 17 07:39:53 host sshd[26663]: Disconnected from 201.149.20.162 port 14228 [preauth]
Jan 17 07:45:22 host sshd[27496]: User root from 104.128.88.83 not allowed because not listed in AllowUsers
Jan 17 07:45:22 host sshd[27496]: input_userauth_request: invalid user root [preauth]
Jan 17 07:45:22 host unix_chkpwd[27501]: password check failed for user (root)
Jan 17 07:45:22 host sshd[27496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.128.88.83 user=root
Jan 17 07:45:22 host sshd[27496]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 07:45:24 host sshd[27496]: Failed password for invalid user root from 104.128.88.83 port 50460 ssh2
Jan 17 07:45:24 host sshd[27496]: Received disconnect from 104.128.88.83 port 50460:11: Bye Bye [preauth]
Jan 17 07:45:24 host sshd[27496]: Disconnected from 104.128.88.83 port 50460 [preauth]
Jan 17 07:50:05 host sshd[28332]: Did not receive identification string from 167.235.77.67 port 51210
Jan 17 07:50:06 host sshd[28335]: Invalid user user from 167.235.77.67 port 51300
Jan 17 07:50:06 host sshd[28336]: Invalid user admin from 167.235.77.67 port 51236
Jan 17 07:50:06 host sshd[28343]: Invalid user admin from 167.235.77.67 port 51250
Jan 17 07:50:06 host sshd[28337]: User root from 167.235.77.67 not allowed because not listed in AllowUsers
Jan 17 07:50:06 host sshd[28338]: Invalid user test from 167.235.77.67 port 51320
Jan 17 07:50:06 host sshd[28339]: Invalid user student from 167.235.77.67 port 51342
Jan 17 07:50:06 host sshd[28337]: input_userauth_request: invalid user root [preauth]
Jan 17 07:50:06 host sshd[28343]: input_userauth_request: invalid user admin [preauth]
Jan 17 07:50:06 host sshd[28338]: input_userauth_request: invalid user test [preauth]
Jan 17 07:50:06 host sshd[28335]: input_userauth_request: invalid user user [preauth]
Jan 17 07:50:06 host sshd[28340]: User root from 167.235.77.67 not allowed because not listed in AllowUsers
Jan 17 07:50:06 host sshd[28340]: input_userauth_request: invalid user root [preauth]
Jan 17 07:50:06 host sshd[28339]: input_userauth_request: invalid user student [preauth]
Jan 17 07:50:06 host sshd[28336]: input_userauth_request: invalid user admin [preauth]
Jan 17 07:50:06 host sshd[28333]: User centos from 167.235.77.67 not allowed because not listed in AllowUsers
Jan 17 07:50:06 host sshd[28333]: input_userauth_request: invalid user centos [preauth]
Jan 17 07:50:06 host sshd[28334]: Invalid user postgres from 167.235.77.67 port 51234
Jan 17 07:50:06 host sshd[28334]: input_userauth_request: invalid user postgres [preauth]
Jan 17 07:50:06 host sshd[28342]: Invalid user hadoop from 167.235.77.67 port 51326
Jan 17 07:50:06 host sshd[28342]: input_userauth_request: invalid user hadoop [preauth]
Jan 17 07:50:06 host sshd[28345]: Invalid user testuser from 167.235.77.67 port 51376
Jan 17 07:50:06 host sshd[28345]: input_userauth_request: invalid user testuser [preauth]
Jan 17 07:50:06 host sshd[28353]: Invalid user hadoop from 167.235.77.67 port 51306
Jan 17 07:50:06 host sshd[28353]: input_userauth_request: invalid user hadoop [preauth]
Jan 17 07:50:06 host sshd[28346]: Invalid user test from 167.235.77.67 port 51388
Jan 17 07:50:06 host sshd[28346]: input_userauth_request: invalid user test [preauth]
Jan 17 07:50:06 host sshd[28348]: Invalid user halo from 167.235.77.67 port 51496
Jan 17 07:50:06 host sshd[28348]: input_userauth_request: invalid user halo [preauth]
Jan 17 07:50:06 host sshd[28341]: Invalid user devops from 167.235.77.67 port 51272
Jan 17 07:50:06 host sshd[28349]: User root from 167.235.77.67 not allowed because not listed in AllowUsers
Jan 17 07:50:06 host sshd[28341]: input_userauth_request: invalid user devops [preauth]
Jan 17 07:50:06 host sshd[28349]: input_userauth_request: invalid user root [preauth]
Jan 17 07:50:06 host sshd[28344]: Invalid user admin from 167.235.77.67 port 51312
Jan 17 07:50:06 host sshd[28344]: input_userauth_request: invalid user admin [preauth]
Jan 17 07:50:06 host sshd[28350]: Invalid user oracle from 167.235.77.67 port 51510
Jan 17 07:50:06 host sshd[28350]: input_userauth_request: invalid user oracle [preauth]
Jan 17 07:50:07 host sshd[28352]: User root from 167.235.77.67 not allowed because not listed in AllowUsers
Jan 17 07:50:07 host sshd[28352]: input_userauth_request: invalid user root [preauth]
Jan 17 07:50:07 host sshd[28355]: User root from 167.235.77.67 not allowed because not listed in AllowUsers
Jan 17 07:50:07 host sshd[28355]: input_userauth_request: invalid user root [preauth]
Jan 17 07:50:07 host sshd[28356]: Invalid user student from 167.235.77.67 port 51482
Jan 17 07:50:07 host sshd[28356]: input_userauth_request: invalid user student [preauth]
Jan 17 07:50:07 host sshd[28338]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host sshd[28334]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host sshd[28339]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host sshd[28343]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host sshd[28342]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host sshd[28351]: User root from 167.235.77.67 not allowed because not listed in AllowUsers
Jan 17 07:50:07 host sshd[28351]: input_userauth_request: invalid user root [preauth]
Jan 17 07:50:07 host sshd[28354]: Invalid user esuser from 167.235.77.67 port 51542
Jan 17 07:50:07 host sshd[28354]: input_userauth_request: invalid user esuser [preauth]
Jan 17 07:50:07 host sshd[28346]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28336]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host sshd[28336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host sshd[28345]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host sshd[28366]: Invalid user es from 167.235.77.67 port 51468
Jan 17 07:50:07 host sshd[28366]: input_userauth_request: invalid user es [preauth]
Jan 17 07:50:07 host sshd[28367]: Invalid user postgres from 167.235.77.67 port 51494
Jan 17 07:50:07 host sshd[28367]: input_userauth_request: invalid user postgres [preauth]
Jan 17 07:50:07 host sshd[28335]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host sshd[28341]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host unix_chkpwd[28385]: password check failed for user (root)
Jan 17 07:50:07 host unix_chkpwd[28386]: password check failed for user (centos)
Jan 17 07:50:07 host sshd[28337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67 user=root
Jan 17 07:50:07 host sshd[28337]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 07:50:07 host sshd[28348]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host sshd[28333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67 user=centos
Jan 17 07:50:07 host sshd[28353]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host unix_chkpwd[28384]: password check failed for user (root)
Jan 17 07:50:07 host sshd[28340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67 user=root
Jan 17 07:50:07 host sshd[28340]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 07:50:07 host sshd[28350]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host sshd[28344]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host unix_chkpwd[28387]: password check failed for user (root)
Jan 17 07:50:07 host sshd[28349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67 user=root
Jan 17 07:50:07 host sshd[28349]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 07:50:07 host sshd[28356]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host sshd[28354]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host unix_chkpwd[28388]: password check failed for user (root)
Jan 17 07:50:07 host sshd[28352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67 user=root
Jan 17 07:50:07 host sshd[28352]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 07:50:07 host unix_chkpwd[28389]: password check failed for user (root)
Jan 17 07:50:07 host sshd[28355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67 user=root
Jan 17 07:50:07 host sshd[28355]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 07:50:07 host sshd[28366]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host sshd[28367]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 07:50:07 host sshd[28367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67
Jan 17 07:50:07 host unix_chkpwd[28390]: password check failed for user (root)
Jan 17 07:50:07 host sshd[28351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.235.77.67 user=root
Jan 17 07:50:07 host sshd[28351]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 07:50:09 host sshd[28338]: Failed password for invalid user test from 167.235.77.67 port 51320 ssh2
Jan 17 07:50:09 host sshd[28334]: Failed password for invalid user postgres from 167.235.77.67 port 51234 ssh2
Jan 17 07:50:09 host sshd[28343]: Failed password for invalid user admin from 167.235.77.67 port 51250 ssh2
Jan 17 07:50:09 host sshd[28339]: Failed password for invalid user student from 167.235.77.67 port 51342 ssh2
Jan 17 07:50:09 host sshd[28342]: Failed password for invalid user hadoop from 167.235.77.67 port 51326 ssh2
Jan 17 07:50:09 host sshd[28336]: Failed password for invalid user admin from 167.235.77.67 port 51236 ssh2
Jan 17 07:50:09 host sshd[28346]: Failed password for invalid user test from 167.235.77.67 port 51388 ssh2
Jan 17 07:50:09 host sshd[28345]: Failed password for invalid user testuser from 167.235.77.67 port 51376 ssh2
Jan 17 07:50:09 host sshd[28335]: Failed password for invalid user user from 167.235.77.67 port 51300 ssh2
Jan 17 07:50:09 host sshd[28341]: Failed password for invalid user devops from 167.235.77.67 port 51272 ssh2
Jan 17 07:50:09 host sshd[28337]: Failed password for invalid user root from 167.235.77.67 port 51350 ssh2
Jan 17 07:50:09 host sshd[28333]: Failed password for invalid user centos from 167.235.77.67 port 51224 ssh2
Jan 17 07:50:09 host sshd[28353]: Failed password for invalid user hadoop from 167.235.77.67 port 51306 ssh2
Jan 17 07:50:09 host sshd[28348]: Failed password for invalid user halo from 167.235.77.67 port 51496 ssh2
Jan 17 07:50:09 host sshd[28340]: Failed password for invalid user root from 167.235.77.67 port 51266 ssh2
Jan 17 07:50:09 host sshd[28350]: Failed password for invalid user oracle from 167.235.77.67 port 51510 ssh2
Jan 17 07:50:09 host sshd[28344]: Failed password for invalid user admin from 167.235.77.67 port 51312 ssh2
Jan 17 07:50:09 host sshd[28349]: Failed password for invalid user root from 167.235.77.67 port 51512 ssh2
Jan 17 07:50:09 host sshd[28334]: Connection closed by 167.235.77.67 port 51234 [preauth]
Jan 17 07:50:09 host sshd[28335]: Connection closed by 167.235.77.67 port 51300 [preauth]
Jan 17 07:50:09 host sshd[28336]: Connection closed by 167.235.77.67 port 51236 [preauth]
Jan 17 07:50:09 host sshd[28338]: Connection closed by 167.235.77.67 port 51320 [preauth]
Jan 17 07:50:09 host sshd[28348]: Connection closed by 167.235.77.67 port 51496 [preauth]
Jan 17 07:50:09 host sshd[28337]: Connection closed by 167.235.77.67 port 51350 [preauth]
Jan 17 07:50:09 host sshd[28339]: Connection closed by 167.235.77.67 port 51342 [preauth]
Jan 17 07:50:09 host sshd[28340]: Connection closed by 167.235.77.67 port 51266 [preauth]
Jan 17 07:50:09 host sshd[28350]: Connection closed by 167.235.77.67 port 51510 [preauth]
Jan 17 07:50:09 host sshd[28343]: Connection closed by 167.235.77.67 port 51250 [preauth]
Jan 17 07:50:09 host sshd[28341]: Connection closed by 167.235.77.67 port 51272 [preauth]
Jan 17 07:50:09 host sshd[28342]: Connection closed by 167.235.77.67 port 51326 [preauth]
Jan 17 07:50:09 host sshd[28344]: Connection closed by 167.235.77.67 port 51312 [preauth]
Jan 17 07:50:09 host sshd[28345]: Connection closed by 167.235.77.67 port 51376 [preauth]
Jan 17 07:50:09 host sshd[28349]: Connection closed by 167.235.77.67 port 51512 [preauth]
Jan 17 07:50:09 host sshd[28353]: Connection closed by 167.235.77.67 port 51306 [preauth]
Jan 17 07:50:09 host sshd[28346]: Connection closed by 167.235.77.67 port 51388 [preauth]
Jan 17 07:50:09 host sshd[28333]: Connection closed by 167.235.77.67 port 51224 [preauth]
Jan 17 07:50:09 host sshd[28356]: Failed password for invalid user student from 167.235.77.67 port 51482 ssh2
Jan 17 07:50:09 host sshd[28354]: Failed password for invalid user esuser from 167.235.77.67 port 51542 ssh2
Jan 17 07:50:09 host sshd[28352]: Failed password for invalid user root from 167.235.77.67 port 51574 ssh2
Jan 17 07:50:09 host sshd[28355]: Failed password for invalid user root from 167.235.77.67 port 51534 ssh2
Jan 17 07:50:09 host sshd[28366]: Failed password for invalid user es from 167.235.77.67 port 51468 ssh2
Jan 17 07:50:09 host sshd[28367]: Failed password for invalid user postgres from 167.235.77.67 port 51494 ssh2
Jan 17 07:50:09 host sshd[28351]: Failed password for invalid user root from 167.235.77.67 port 51524 ssh2
Jan 17 07:50:09 host sshd[28356]: Connection closed by 167.235.77.67 port 51482 [preauth]
Jan 17 07:50:09 host sshd[28352]: Connection closed by 167.235.77.67 port 51574 [preauth]
Jan 17 07:50:09 host sshd[28354]: Connection closed by 167.235.77.67 port 51542 [preauth]
Jan 17 07:50:09 host sshd[28355]: Connection closed by 167.235.77.67 port 51534 [preauth]
Jan 17 07:50:09 host sshd[28351]: Connection closed by 167.235.77.67 port 51524 [preauth]
Jan 17 07:50:09 host sshd[28366]: Connection closed by 167.235.77.67 port 51468 [preauth]
Jan 17 07:50:09 host sshd[28367]: Connection closed by 167.235.77.67 port 51494 [preauth]
Jan 17 08:01:16 host sshd[29910]: Invalid user bigipuser3 from 107.204.9.145 port 38429
Jan 17 08:01:16 host sshd[29910]: input_userauth_request: invalid user bigipuser3 [preauth]
Jan 17 08:01:16 host sshd[29910]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:01:16 host sshd[29910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.204.9.145
Jan 17 08:01:18 host sshd[29910]: Failed password for invalid user bigipuser3 from 107.204.9.145 port 38429 ssh2
Jan 17 08:01:19 host sshd[29910]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:01:21 host sshd[29910]: Failed password for invalid user bigipuser3 from 107.204.9.145 port 38429 ssh2
Jan 17 08:01:22 host sshd[29910]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:01:23 host sshd[29910]: Failed password for invalid user bigipuser3 from 107.204.9.145 port 38429 ssh2
Jan 17 08:01:24 host sshd[29910]: Failed password for invalid user bigipuser3 from 107.204.9.145 port 38429 ssh2
Jan 17 08:01:24 host sshd[29910]: Connection closed by 107.204.9.145 port 38429 [preauth]
Jan 17 08:01:24 host sshd[29910]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.204.9.145
Jan 17 08:02:30 host sshd[30127]: Invalid user fi from 194.110.203.109 port 54172
Jan 17 08:02:30 host sshd[30127]: input_userauth_request: invalid user fi [preauth]
Jan 17 08:02:30 host sshd[30127]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:02:30 host sshd[30127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 08:02:32 host sshd[30127]: Failed password for invalid user fi from 194.110.203.109 port 54172 ssh2
Jan 17 08:02:35 host sshd[30127]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:02:37 host sshd[30127]: Failed password for invalid user fi from 194.110.203.109 port 54172 ssh2
Jan 17 08:02:40 host sshd[30127]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:02:42 host sshd[30127]: Failed password for invalid user fi from 194.110.203.109 port 54172 ssh2
Jan 17 08:02:45 host sshd[30127]: Connection closed by 194.110.203.109 port 54172 [preauth]
Jan 17 08:02:45 host sshd[30127]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 08:06:26 host sshd[30698]: User root from 167.99.84.28 not allowed because not listed in AllowUsers
Jan 17 08:06:26 host sshd[30698]: input_userauth_request: invalid user root [preauth]
Jan 17 08:06:26 host unix_chkpwd[30707]: password check failed for user (root)
Jan 17 08:06:26 host sshd[30698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.84.28 user=root
Jan 17 08:06:26 host sshd[30698]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:06:28 host sshd[30698]: Failed password for invalid user root from 167.99.84.28 port 36564 ssh2
Jan 17 08:06:28 host sshd[30698]: Received disconnect from 167.99.84.28 port 36564:11: Bye Bye [preauth]
Jan 17 08:06:28 host sshd[30698]: Disconnected from 167.99.84.28 port 36564 [preauth]
Jan 17 08:07:39 host sshd[30851]: Invalid user devops from 135.125.234.221 port 42258
Jan 17 08:07:39 host sshd[30851]: input_userauth_request: invalid user devops [preauth]
Jan 17 08:07:39 host sshd[30851]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:07:39 host sshd[30851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.125.234.221
Jan 17 08:07:42 host sshd[30851]: Failed password for invalid user devops from 135.125.234.221 port 42258 ssh2
Jan 17 08:07:42 host sshd[30851]: Received disconnect from 135.125.234.221 port 42258:11: Bye Bye [preauth]
Jan 17 08:07:42 host sshd[30851]: Disconnected from 135.125.234.221 port 42258 [preauth]
Jan 17 08:11:45 host sshd[31500]: User root from 198.199.86.89 not allowed because not listed in AllowUsers
Jan 17 08:11:45 host sshd[31500]: input_userauth_request: invalid user root [preauth]
Jan 17 08:11:45 host unix_chkpwd[31503]: password check failed for user (root)
Jan 17 08:11:45 host sshd[31500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.86.89 user=root
Jan 17 08:11:45 host sshd[31500]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:11:47 host sshd[31500]: Failed password for invalid user root from 198.199.86.89 port 39838 ssh2
Jan 17 08:11:47 host sshd[31500]: Received disconnect from 198.199.86.89 port 39838:11: Bye Bye [preauth]
Jan 17 08:11:47 host sshd[31500]: Disconnected from 198.199.86.89 port 39838 [preauth]
Jan 17 08:12:02 host sshd[31522]: Invalid user installer from 167.99.84.28 port 53514
Jan 17 08:12:02 host sshd[31522]: input_userauth_request: invalid user installer [preauth]
Jan 17 08:12:02 host sshd[31522]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:12:02 host sshd[31522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.84.28
Jan 17 08:12:04 host sshd[31522]: Failed password for invalid user installer from 167.99.84.28 port 53514 ssh2
Jan 17 08:12:04 host sshd[31522]: Received disconnect from 167.99.84.28 port 53514:11: Bye Bye [preauth]
Jan 17 08:12:04 host sshd[31522]: Disconnected from 167.99.84.28 port 53514 [preauth]
Jan 17 08:12:12 host sshd[31574]: Invalid user manager from 86.105.27.140 port 34310
Jan 17 08:12:12 host sshd[31574]: input_userauth_request: invalid user manager [preauth]
Jan 17 08:12:12 host sshd[31574]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:12:12 host sshd[31574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.105.27.140
Jan 17 08:12:14 host sshd[31574]: Failed password for invalid user manager from 86.105.27.140 port 34310 ssh2
Jan 17 08:12:14 host sshd[31574]: Received disconnect from 86.105.27.140 port 34310:11: Bye Bye [preauth]
Jan 17 08:12:14 host sshd[31574]: Disconnected from 86.105.27.140 port 34310 [preauth]
Jan 17 08:12:57 host sshd[31643]: User root from 198.199.86.89 not allowed because not listed in AllowUsers
Jan 17 08:12:57 host sshd[31643]: input_userauth_request: invalid user root [preauth]
Jan 17 08:12:57 host unix_chkpwd[31646]: password check failed for user (root)
Jan 17 08:12:57 host sshd[31643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.86.89 user=root
Jan 17 08:12:57 host sshd[31643]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:12:59 host sshd[31643]: Failed password for invalid user root from 198.199.86.89 port 49940 ssh2
Jan 17 08:12:59 host sshd[31643]: Received disconnect from 198.199.86.89 port 49940:11: Bye Bye [preauth]
Jan 17 08:12:59 host sshd[31643]: Disconnected from 198.199.86.89 port 49940 [preauth]
Jan 17 08:13:05 host sshd[31702]: Invalid user media from 135.125.234.221 port 41872
Jan 17 08:13:05 host sshd[31702]: input_userauth_request: invalid user media [preauth]
Jan 17 08:13:05 host sshd[31702]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:13:05 host sshd[31702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.125.234.221
Jan 17 08:13:07 host sshd[31702]: Failed password for invalid user media from 135.125.234.221 port 41872 ssh2
Jan 17 08:13:07 host sshd[31702]: Received disconnect from 135.125.234.221 port 41872:11: Bye Bye [preauth]
Jan 17 08:13:07 host sshd[31702]: Disconnected from 135.125.234.221 port 41872 [preauth]
Jan 17 08:13:23 host sshd[31733]: Invalid user oracle from 86.142.215.150 port 33519
Jan 17 08:13:23 host sshd[31733]: input_userauth_request: invalid user oracle [preauth]
Jan 17 08:13:23 host sshd[31733]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:13:23 host sshd[31733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.142.215.150
Jan 17 08:13:24 host sshd[31733]: Failed password for invalid user oracle from 86.142.215.150 port 33519 ssh2
Jan 17 08:13:25 host sshd[31733]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:13:27 host sshd[31733]: Failed password for invalid user oracle from 86.142.215.150 port 33519 ssh2
Jan 17 08:13:27 host sshd[31733]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:13:29 host sshd[31733]: Failed password for invalid user oracle from 86.142.215.150 port 33519 ssh2
Jan 17 08:13:30 host sshd[31733]: Failed password for invalid user oracle from 86.142.215.150 port 33519 ssh2
Jan 17 08:13:31 host sshd[31733]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:13:33 host sshd[31733]: Failed password for invalid user oracle from 86.142.215.150 port 33519 ssh2
Jan 17 08:13:33 host sshd[31733]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:13:36 host sshd[31733]: Failed password for invalid user oracle from 86.142.215.150 port 33519 ssh2
Jan 17 08:13:36 host sshd[31733]: error: maximum authentication attempts exceeded for invalid user oracle from 86.142.215.150 port 33519 ssh2 [preauth]
Jan 17 08:13:36 host sshd[31733]: Disconnecting: Too many authentication failures [preauth]
Jan 17 08:13:36 host sshd[31733]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.142.215.150
Jan 17 08:13:36 host sshd[31733]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 17 08:13:42 host sshd[31810]: Invalid user media from 86.105.27.140 port 42188
Jan 17 08:13:42 host sshd[31810]: input_userauth_request: invalid user media [preauth]
Jan 17 08:13:42 host sshd[31810]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:13:42 host sshd[31810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.105.27.140
Jan 17 08:13:44 host sshd[31810]: Failed password for invalid user media from 86.105.27.140 port 42188 ssh2
Jan 17 08:13:44 host sshd[31810]: Received disconnect from 86.105.27.140 port 42188:11: Bye Bye [preauth]
Jan 17 08:13:44 host sshd[31810]: Disconnected from 86.105.27.140 port 42188 [preauth]
Jan 17 08:14:21 host sshd[31929]: Invalid user hadoop from 135.125.234.221 port 40716
Jan 17 08:14:21 host sshd[31929]: input_userauth_request: invalid user hadoop [preauth]
Jan 17 08:14:21 host sshd[31929]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:14:21 host sshd[31929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.125.234.221
Jan 17 08:14:23 host sshd[31929]: Failed password for invalid user hadoop from 135.125.234.221 port 40716 ssh2
Jan 17 08:14:23 host sshd[31929]: Received disconnect from 135.125.234.221 port 40716:11: Bye Bye [preauth]
Jan 17 08:14:23 host sshd[31929]: Disconnected from 135.125.234.221 port 40716 [preauth]
Jan 17 08:14:52 host sshd[32047]: Invalid user abc from 86.105.27.140 port 51004
Jan 17 08:14:52 host sshd[32047]: input_userauth_request: invalid user abc [preauth]
Jan 17 08:14:52 host sshd[32047]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:14:52 host sshd[32047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=86.105.27.140
Jan 17 08:14:54 host sshd[32047]: Failed password for invalid user abc from 86.105.27.140 port 51004 ssh2
Jan 17 08:14:54 host sshd[32047]: Received disconnect from 86.105.27.140 port 51004:11: Bye Bye [preauth]
Jan 17 08:14:54 host sshd[32047]: Disconnected from 86.105.27.140 port 51004 [preauth]
Jan 17 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 08:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwletsstalkfood user-2=straightcurve user-3=bonifacegroup user-4=wwwevmhonda user-5=mrsclean user-6=wwwnexidigital user-7=palco123 user-8=gifterman user-9=kottayamcalldriv user-10=phmetals user-11=wwwkapin user-12=woodpeck user-13=disposeat user-14=wwwkmaorg user-15=remysagr user-16=pmcresources user-17=vfmassets user-18=shalinijames user-19=wwwtestugo user-20=wwwpmcresource user-21=keralaholi user-22=wwwresourcehunte user-23=wwwrmswll user-24=ugotscom user-25=travelboniface user-26=cochintaxi user-27=wwwkaretakers user-28=laundryboniface user-29=a2zgroup user-30=dartsimp feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 08:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ail8c8QyESUq7UmB.~
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ail8c8QyESUq7UmB.~'
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ail8c8QyESUq7UmB.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 08:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 08:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 08:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 08:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 08:22:17 host sshd[1085]: Invalid user dnsekakf2$$ from 42.200.237.165 port 50978
Jan 17 08:22:17 host sshd[1085]: input_userauth_request: invalid user dnsekakf2$$ [preauth]
Jan 17 08:22:17 host sshd[1085]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:22:17 host sshd[1085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.200.237.165
Jan 17 08:22:19 host sshd[1085]: Failed password for invalid user dnsekakf2$$ from 42.200.237.165 port 50978 ssh2
Jan 17 08:22:20 host sshd[1085]: Failed password for invalid user dnsekakf2$$ from 42.200.237.165 port 50978 ssh2
Jan 17 08:22:20 host sshd[1085]: Connection closed by 42.200.237.165 port 50978 [preauth]
Jan 17 08:34:22 host sshd[2838]: User root from 122.116.44.235 not allowed because not listed in AllowUsers
Jan 17 08:34:22 host sshd[2838]: input_userauth_request: invalid user root [preauth]
Jan 17 08:34:22 host unix_chkpwd[2842]: password check failed for user (root)
Jan 17 08:34:22 host sshd[2838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.44.235 user=root
Jan 17 08:34:22 host sshd[2838]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:34:24 host sshd[2838]: Failed password for invalid user root from 122.116.44.235 port 36069 ssh2
Jan 17 08:34:24 host sshd[2838]: Connection reset by 122.116.44.235 port 36069 [preauth]
Jan 17 08:42:15 host sshd[4054]: Did not receive identification string from 206.189.23.129 port 61000
Jan 17 08:50:53 host sshd[5232]: User root from 167.172.150.24 not allowed because not listed in AllowUsers
Jan 17 08:50:53 host sshd[5232]: input_userauth_request: invalid user root [preauth]
Jan 17 08:50:53 host unix_chkpwd[5236]: password check failed for user (root)
Jan 17 08:50:53 host sshd[5232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.150.24 user=root
Jan 17 08:50:53 host sshd[5232]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:50:55 host sshd[5232]: Failed password for invalid user root from 167.172.150.24 port 52058 ssh2
Jan 17 08:50:55 host sshd[5232]: Received disconnect from 167.172.150.24 port 52058:11: Bye Bye [preauth]
Jan 17 08:50:55 host sshd[5232]: Disconnected from 167.172.150.24 port 52058 [preauth]
Jan 17 08:51:04 host sshd[5259]: User root from 181.114.109.54 not allowed because not listed in AllowUsers
Jan 17 08:51:04 host sshd[5259]: input_userauth_request: invalid user root [preauth]
Jan 17 08:51:04 host unix_chkpwd[5263]: password check failed for user (root)
Jan 17 08:51:04 host sshd[5259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.114.109.54 user=root
Jan 17 08:51:04 host sshd[5259]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:51:06 host sshd[5259]: Failed password for invalid user root from 181.114.109.54 port 50598 ssh2
Jan 17 08:51:06 host sshd[5259]: Received disconnect from 181.114.109.54 port 50598:11: Bye Bye [preauth]
Jan 17 08:51:06 host sshd[5259]: Disconnected from 181.114.109.54 port 50598 [preauth]
Jan 17 08:51:59 host sshd[5360]: User root from 190.60.110.240 not allowed because not listed in AllowUsers
Jan 17 08:51:59 host sshd[5360]: input_userauth_request: invalid user root [preauth]
Jan 17 08:51:59 host unix_chkpwd[5364]: password check failed for user (root)
Jan 17 08:51:59 host sshd[5360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.110.240 user=root
Jan 17 08:51:59 host sshd[5360]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:52:01 host sshd[5360]: Failed password for invalid user root from 190.60.110.240 port 65078 ssh2
Jan 17 08:52:01 host sshd[5360]: Received disconnect from 190.60.110.240 port 65078:11: Bye Bye [preauth]
Jan 17 08:52:01 host sshd[5360]: Disconnected from 190.60.110.240 port 65078 [preauth]
Jan 17 08:52:10 host sshd[5388]: Invalid user asterisk from 104.248.159.207 port 15032
Jan 17 08:52:10 host sshd[5388]: input_userauth_request: invalid user asterisk [preauth]
Jan 17 08:52:10 host sshd[5388]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:52:10 host sshd[5388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.159.207
Jan 17 08:52:12 host sshd[5391]: User mysql from 178.46.163.191 not allowed because not listed in AllowUsers
Jan 17 08:52:12 host sshd[5391]: input_userauth_request: invalid user mysql [preauth]
Jan 17 08:52:12 host unix_chkpwd[5396]: password check failed for user (mysql)
Jan 17 08:52:12 host sshd[5391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.46.163.191 user=mysql
Jan 17 08:52:12 host sshd[5391]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 17 08:52:12 host sshd[5388]: Failed password for invalid user asterisk from 104.248.159.207 port 15032 ssh2
Jan 17 08:52:12 host sshd[5388]: Received disconnect from 104.248.159.207 port 15032:11: Bye Bye [preauth]
Jan 17 08:52:12 host sshd[5388]: Disconnected from 104.248.159.207 port 15032 [preauth]
Jan 17 08:52:14 host sshd[5391]: Failed password for invalid user mysql from 178.46.163.191 port 53284 ssh2
Jan 17 08:52:14 host sshd[5391]: Received disconnect from 178.46.163.191 port 53284:11: Bye Bye [preauth]
Jan 17 08:52:14 host sshd[5391]: Disconnected from 178.46.163.191 port 53284 [preauth]
Jan 17 08:52:39 host sshd[5456]: User root from 200.70.56.202 not allowed because not listed in AllowUsers
Jan 17 08:52:39 host sshd[5456]: input_userauth_request: invalid user root [preauth]
Jan 17 08:52:39 host unix_chkpwd[5461]: password check failed for user (root)
Jan 17 08:52:39 host sshd[5456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.70.56.202 user=root
Jan 17 08:52:39 host sshd[5456]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:52:42 host sshd[5456]: Failed password for invalid user root from 200.70.56.202 port 38076 ssh2
Jan 17 08:52:42 host sshd[5456]: Received disconnect from 200.70.56.202 port 38076:11: Bye Bye [preauth]
Jan 17 08:52:42 host sshd[5456]: Disconnected from 200.70.56.202 port 38076 [preauth]
Jan 17 08:53:22 host sshd[5632]: Invalid user amir from 186.248.219.34 port 42088
Jan 17 08:53:22 host sshd[5632]: input_userauth_request: invalid user amir [preauth]
Jan 17 08:53:22 host sshd[5632]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:53:22 host sshd[5632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.248.219.34
Jan 17 08:53:24 host sshd[5632]: Failed password for invalid user amir from 186.248.219.34 port 42088 ssh2
Jan 17 08:53:25 host sshd[5632]: Received disconnect from 186.248.219.34 port 42088:11: Bye Bye [preauth]
Jan 17 08:53:25 host sshd[5632]: Disconnected from 186.248.219.34 port 42088 [preauth]
Jan 17 08:53:46 host sshd[5701]: Invalid user nagios from 41.82.208.182 port 13613
Jan 17 08:53:46 host sshd[5701]: input_userauth_request: invalid user nagios [preauth]
Jan 17 08:53:46 host sshd[5701]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:53:46 host sshd[5701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.208.182
Jan 17 08:53:48 host sshd[5701]: Failed password for invalid user nagios from 41.82.208.182 port 13613 ssh2
Jan 17 08:53:48 host sshd[5701]: Received disconnect from 41.82.208.182 port 13613:11: Bye Bye [preauth]
Jan 17 08:53:48 host sshd[5701]: Disconnected from 41.82.208.182 port 13613 [preauth]
Jan 17 08:54:34 host sshd[5831]: Invalid user hotline from 103.84.236.242 port 51372
Jan 17 08:54:34 host sshd[5831]: input_userauth_request: invalid user hotline [preauth]
Jan 17 08:54:34 host sshd[5831]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:54:34 host sshd[5831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.84.236.242
Jan 17 08:54:36 host sshd[5831]: Failed password for invalid user hotline from 103.84.236.242 port 51372 ssh2
Jan 17 08:54:36 host sshd[5831]: Received disconnect from 103.84.236.242 port 51372:11: Bye Bye [preauth]
Jan 17 08:54:36 host sshd[5831]: Disconnected from 103.84.236.242 port 51372 [preauth]
Jan 17 08:54:38 host sshd[5841]: User root from 162.243.237.90 not allowed because not listed in AllowUsers
Jan 17 08:54:38 host sshd[5841]: input_userauth_request: invalid user root [preauth]
Jan 17 08:54:38 host unix_chkpwd[5845]: password check failed for user (root)
Jan 17 08:54:38 host sshd[5841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.243.237.90 user=root
Jan 17 08:54:38 host sshd[5841]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:54:40 host sshd[5841]: Failed password for invalid user root from 162.243.237.90 port 44204 ssh2
Jan 17 08:54:40 host sshd[5841]: Received disconnect from 162.243.237.90 port 44204:11: Bye Bye [preauth]
Jan 17 08:54:40 host sshd[5841]: Disconnected from 162.243.237.90 port 44204 [preauth]
Jan 17 08:54:45 host sshd[5856]: User root from 99.130.111.161 not allowed because not listed in AllowUsers
Jan 17 08:54:45 host sshd[5856]: input_userauth_request: invalid user root [preauth]
Jan 17 08:54:45 host unix_chkpwd[5864]: password check failed for user (root)
Jan 17 08:54:45 host sshd[5856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=99.130.111.161 user=root
Jan 17 08:54:45 host sshd[5856]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:54:47 host sshd[5856]: Failed password for invalid user root from 99.130.111.161 port 56694 ssh2
Jan 17 08:54:47 host sshd[5856]: Received disconnect from 99.130.111.161 port 56694:11: Bye Bye [preauth]
Jan 17 08:54:47 host sshd[5856]: Disconnected from 99.130.111.161 port 56694 [preauth]
Jan 17 08:54:52 host sshd[5880]: User root from 162.55.126.28 not allowed because not listed in AllowUsers
Jan 17 08:54:52 host sshd[5880]: input_userauth_request: invalid user root [preauth]
Jan 17 08:54:52 host unix_chkpwd[5888]: password check failed for user (root)
Jan 17 08:54:52 host sshd[5880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.55.126.28 user=root
Jan 17 08:54:52 host sshd[5880]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:54:54 host sshd[5880]: Failed password for invalid user root from 162.55.126.28 port 47748 ssh2
Jan 17 08:54:54 host sshd[5880]: Received disconnect from 162.55.126.28 port 47748:11: Bye Bye [preauth]
Jan 17 08:54:54 host sshd[5880]: Disconnected from 162.55.126.28 port 47748 [preauth]
Jan 17 08:55:10 host sshd[5942]: User root from 185.205.12.132 not allowed because not listed in AllowUsers
Jan 17 08:55:10 host sshd[5942]: input_userauth_request: invalid user root [preauth]
Jan 17 08:55:10 host unix_chkpwd[5946]: password check failed for user (root)
Jan 17 08:55:10 host sshd[5942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.205.12.132 user=root
Jan 17 08:55:10 host sshd[5942]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:55:13 host sshd[5942]: Failed password for invalid user root from 185.205.12.132 port 37520 ssh2
Jan 17 08:55:13 host sshd[5942]: Received disconnect from 185.205.12.132 port 37520:11: Bye Bye [preauth]
Jan 17 08:55:13 host sshd[5942]: Disconnected from 185.205.12.132 port 37520 [preauth]
Jan 17 08:56:05 host sshd[6096]: User root from 58.186.85.94 not allowed because not listed in AllowUsers
Jan 17 08:56:05 host sshd[6096]: input_userauth_request: invalid user root [preauth]
Jan 17 08:56:05 host unix_chkpwd[6098]: password check failed for user (root)
Jan 17 08:56:05 host sshd[6096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.186.85.94 user=root
Jan 17 08:56:05 host sshd[6096]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:56:07 host sshd[6096]: Failed password for invalid user root from 58.186.85.94 port 42464 ssh2
Jan 17 08:56:07 host sshd[6096]: Received disconnect from 58.186.85.94 port 42464:11: Bye Bye [preauth]
Jan 17 08:56:07 host sshd[6096]: Disconnected from 58.186.85.94 port 42464 [preauth]
Jan 17 08:56:23 host sshd[6127]: User root from 167.71.233.59 not allowed because not listed in AllowUsers
Jan 17 08:56:23 host sshd[6127]: input_userauth_request: invalid user root [preauth]
Jan 17 08:56:23 host unix_chkpwd[6129]: password check failed for user (root)
Jan 17 08:56:23 host sshd[6127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.233.59 user=root
Jan 17 08:56:23 host sshd[6127]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:56:26 host sshd[6127]: Failed password for invalid user root from 167.71.233.59 port 45860 ssh2
Jan 17 08:56:26 host sshd[6127]: Received disconnect from 167.71.233.59 port 45860:11: Bye Bye [preauth]
Jan 17 08:56:26 host sshd[6127]: Disconnected from 167.71.233.59 port 45860 [preauth]
Jan 17 08:56:28 host sshd[6145]: User root from 204.48.27.25 not allowed because not listed in AllowUsers
Jan 17 08:56:28 host sshd[6145]: input_userauth_request: invalid user root [preauth]
Jan 17 08:56:28 host unix_chkpwd[6149]: password check failed for user (root)
Jan 17 08:56:28 host sshd[6145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=204.48.27.25 user=root
Jan 17 08:56:28 host sshd[6145]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:56:31 host sshd[6145]: Failed password for invalid user root from 204.48.27.25 port 35892 ssh2
Jan 17 08:56:31 host sshd[6145]: Received disconnect from 204.48.27.25 port 35892:11: Bye Bye [preauth]
Jan 17 08:56:31 host sshd[6145]: Disconnected from 204.48.27.25 port 35892 [preauth]
Jan 17 08:57:01 host sshd[6229]: User root from 92.255.195.59 not allowed because not listed in AllowUsers
Jan 17 08:57:01 host sshd[6229]: input_userauth_request: invalid user root [preauth]
Jan 17 08:57:01 host unix_chkpwd[6236]: password check failed for user (root)
Jan 17 08:57:01 host sshd[6229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.255.195.59 user=root
Jan 17 08:57:01 host sshd[6229]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:57:03 host sshd[6229]: Failed password for invalid user root from 92.255.195.59 port 54674 ssh2
Jan 17 08:57:03 host sshd[6229]: Received disconnect from 92.255.195.59 port 54674:11: Bye Bye [preauth]
Jan 17 08:57:03 host sshd[6229]: Disconnected from 92.255.195.59 port 54674 [preauth]
Jan 17 08:57:16 host sshd[6269]: Invalid user halo from 181.114.109.54 port 52944
Jan 17 08:57:16 host sshd[6269]: input_userauth_request: invalid user halo [preauth]
Jan 17 08:57:16 host sshd[6269]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:57:16 host sshd[6269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.114.109.54
Jan 17 08:57:18 host sshd[6269]: Failed password for invalid user halo from 181.114.109.54 port 52944 ssh2
Jan 17 08:57:18 host sshd[6269]: Received disconnect from 181.114.109.54 port 52944:11: Bye Bye [preauth]
Jan 17 08:57:18 host sshd[6269]: Disconnected from 181.114.109.54 port 52944 [preauth]
Jan 17 08:57:34 host sshd[6349]: User root from 167.172.150.24 not allowed because not listed in AllowUsers
Jan 17 08:57:34 host sshd[6349]: input_userauth_request: invalid user root [preauth]
Jan 17 08:57:34 host unix_chkpwd[6352]: password check failed for user (root)
Jan 17 08:57:34 host sshd[6349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.150.24 user=root
Jan 17 08:57:34 host sshd[6349]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:57:36 host sshd[6349]: Failed password for invalid user root from 167.172.150.24 port 34716 ssh2
Jan 17 08:57:36 host sshd[6349]: Received disconnect from 167.172.150.24 port 34716:11: Bye Bye [preauth]
Jan 17 08:57:36 host sshd[6349]: Disconnected from 167.172.150.24 port 34716 [preauth]
Jan 17 08:57:38 host sshd[6361]: Invalid user amir from 162.243.237.90 port 35611
Jan 17 08:57:38 host sshd[6361]: input_userauth_request: invalid user amir [preauth]
Jan 17 08:57:38 host sshd[6361]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:57:38 host sshd[6361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.243.237.90
Jan 17 08:57:40 host sshd[6390]: User root from 99.130.111.161 not allowed because not listed in AllowUsers
Jan 17 08:57:40 host sshd[6390]: input_userauth_request: invalid user root [preauth]
Jan 17 08:57:40 host unix_chkpwd[6393]: password check failed for user (root)
Jan 17 08:57:40 host sshd[6390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=99.130.111.161 user=root
Jan 17 08:57:40 host sshd[6390]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:57:40 host sshd[6361]: Failed password for invalid user amir from 162.243.237.90 port 35611 ssh2
Jan 17 08:57:40 host sshd[6361]: Received disconnect from 162.243.237.90 port 35611:11: Bye Bye [preauth]
Jan 17 08:57:40 host sshd[6361]: Disconnected from 162.243.237.90 port 35611 [preauth]
Jan 17 08:57:42 host sshd[6390]: Failed password for invalid user root from 99.130.111.161 port 38682 ssh2
Jan 17 08:57:42 host sshd[6390]: Received disconnect from 99.130.111.161 port 38682:11: Bye Bye [preauth]
Jan 17 08:57:42 host sshd[6390]: Disconnected from 99.130.111.161 port 38682 [preauth]
Jan 17 08:57:50 host sshd[6463]: Invalid user sam from 204.48.27.25 port 36020
Jan 17 08:57:50 host sshd[6463]: input_userauth_request: invalid user sam [preauth]
Jan 17 08:57:50 host sshd[6463]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:57:50 host sshd[6463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=204.48.27.25
Jan 17 08:57:52 host sshd[6470]: Invalid user mc from 41.82.208.182 port 54200
Jan 17 08:57:52 host sshd[6470]: input_userauth_request: invalid user mc [preauth]
Jan 17 08:57:52 host sshd[6470]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:57:52 host sshd[6470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.208.182
Jan 17 08:57:52 host sshd[6463]: Failed password for invalid user sam from 204.48.27.25 port 36020 ssh2
Jan 17 08:57:53 host sshd[6463]: Received disconnect from 204.48.27.25 port 36020:11: Bye Bye [preauth]
Jan 17 08:57:53 host sshd[6463]: Disconnected from 204.48.27.25 port 36020 [preauth]
Jan 17 08:57:54 host sshd[6470]: Failed password for invalid user mc from 41.82.208.182 port 54200 ssh2
Jan 17 08:57:54 host sshd[6470]: Received disconnect from 41.82.208.182 port 54200:11: Bye Bye [preauth]
Jan 17 08:57:54 host sshd[6470]: Disconnected from 41.82.208.182 port 54200 [preauth]
Jan 17 08:57:59 host sshd[6513]: Invalid user nagios from 162.55.126.28 port 57078
Jan 17 08:57:59 host sshd[6513]: input_userauth_request: invalid user nagios [preauth]
Jan 17 08:57:59 host sshd[6513]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:57:59 host sshd[6513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.55.126.28
Jan 17 08:58:01 host sshd[6516]: Invalid user abc from 185.205.12.132 port 56636
Jan 17 08:58:01 host sshd[6516]: input_userauth_request: invalid user abc [preauth]
Jan 17 08:58:01 host sshd[6516]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:58:01 host sshd[6516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.205.12.132
Jan 17 08:58:01 host sshd[6513]: Failed password for invalid user nagios from 162.55.126.28 port 57078 ssh2
Jan 17 08:58:01 host sshd[6513]: Received disconnect from 162.55.126.28 port 57078:11: Bye Bye [preauth]
Jan 17 08:58:01 host sshd[6513]: Disconnected from 162.55.126.28 port 57078 [preauth]
Jan 17 08:58:02 host sshd[6520]: Invalid user packer from 186.248.219.34 port 41170
Jan 17 08:58:02 host sshd[6520]: input_userauth_request: invalid user packer [preauth]
Jan 17 08:58:02 host sshd[6520]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:58:02 host sshd[6520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.248.219.34
Jan 17 08:58:03 host sshd[6516]: Failed password for invalid user abc from 185.205.12.132 port 56636 ssh2
Jan 17 08:58:04 host sshd[6516]: Received disconnect from 185.205.12.132 port 56636:11: Bye Bye [preauth]
Jan 17 08:58:04 host sshd[6516]: Disconnected from 185.205.12.132 port 56636 [preauth]
Jan 17 08:58:05 host sshd[6520]: Failed password for invalid user packer from 186.248.219.34 port 41170 ssh2
Jan 17 08:58:05 host sshd[6520]: Received disconnect from 186.248.219.34 port 41170:11: Bye Bye [preauth]
Jan 17 08:58:05 host sshd[6520]: Disconnected from 186.248.219.34 port 41170 [preauth]
Jan 17 08:58:11 host sshd[6676]: Invalid user ali from 104.248.159.207 port 12634
Jan 17 08:58:11 host sshd[6676]: input_userauth_request: invalid user ali [preauth]
Jan 17 08:58:11 host sshd[6676]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:58:11 host sshd[6676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.159.207
Jan 17 08:58:13 host sshd[6676]: Failed password for invalid user ali from 104.248.159.207 port 12634 ssh2
Jan 17 08:58:13 host sshd[6676]: Received disconnect from 104.248.159.207 port 12634:11: Bye Bye [preauth]
Jan 17 08:58:13 host sshd[6676]: Disconnected from 104.248.159.207 port 12634 [preauth]
Jan 17 08:58:19 host sshd[6719]: Invalid user elemental from 103.84.236.242 port 35362
Jan 17 08:58:19 host sshd[6719]: input_userauth_request: invalid user elemental [preauth]
Jan 17 08:58:19 host sshd[6719]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:58:19 host sshd[6719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.84.236.242
Jan 17 08:58:22 host sshd[6719]: Failed password for invalid user elemental from 103.84.236.242 port 35362 ssh2
Jan 17 08:58:22 host sshd[6719]: Received disconnect from 103.84.236.242 port 35362:11: Bye Bye [preauth]
Jan 17 08:58:22 host sshd[6719]: Disconnected from 103.84.236.242 port 35362 [preauth]
Jan 17 08:58:33 host sshd[6768]: Invalid user minikube from 178.46.163.191 port 38388
Jan 17 08:58:33 host sshd[6768]: input_userauth_request: invalid user minikube [preauth]
Jan 17 08:58:33 host sshd[6768]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:58:33 host sshd[6768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.46.163.191
Jan 17 08:58:35 host sshd[6768]: Failed password for invalid user minikube from 178.46.163.191 port 38388 ssh2
Jan 17 08:58:35 host sshd[6768]: Received disconnect from 178.46.163.191 port 38388:11: Bye Bye [preauth]
Jan 17 08:58:35 host sshd[6768]: Disconnected from 178.46.163.191 port 38388 [preauth]
Jan 17 08:58:36 host sshd[6776]: Invalid user amir from 190.60.110.240 port 19611
Jan 17 08:58:36 host sshd[6776]: input_userauth_request: invalid user amir [preauth]
Jan 17 08:58:36 host sshd[6776]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:58:36 host sshd[6776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.110.240
Jan 17 08:58:37 host sshd[6779]: Invalid user elemental from 200.70.56.202 port 39008
Jan 17 08:58:37 host sshd[6779]: input_userauth_request: invalid user elemental [preauth]
Jan 17 08:58:37 host sshd[6779]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:58:37 host sshd[6779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.70.56.202
Jan 17 08:58:38 host sshd[6776]: Failed password for invalid user amir from 190.60.110.240 port 19611 ssh2
Jan 17 08:58:39 host sshd[6776]: Received disconnect from 190.60.110.240 port 19611:11: Bye Bye [preauth]
Jan 17 08:58:39 host sshd[6776]: Disconnected from 190.60.110.240 port 19611 [preauth]
Jan 17 08:58:39 host sshd[6779]: Failed password for invalid user elemental from 200.70.56.202 port 39008 ssh2
Jan 17 08:58:40 host sshd[6779]: Received disconnect from 200.70.56.202 port 39008:11: Bye Bye [preauth]
Jan 17 08:58:40 host sshd[6779]: Disconnected from 200.70.56.202 port 39008 [preauth]
Jan 17 08:58:48 host sshd[6892]: User root from 92.255.195.59 not allowed because not listed in AllowUsers
Jan 17 08:58:48 host sshd[6892]: input_userauth_request: invalid user root [preauth]
Jan 17 08:58:48 host unix_chkpwd[6896]: password check failed for user (root)
Jan 17 08:58:48 host sshd[6892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.255.195.59 user=root
Jan 17 08:58:48 host sshd[6892]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:58:50 host sshd[6892]: Failed password for invalid user root from 92.255.195.59 port 60394 ssh2
Jan 17 08:58:50 host sshd[6892]: Received disconnect from 92.255.195.59 port 60394:11: Bye Bye [preauth]
Jan 17 08:58:50 host sshd[6892]: Disconnected from 92.255.195.59 port 60394 [preauth]
Jan 17 08:59:09 host sshd[6969]: Invalid user zabbix from 58.186.85.94 port 48206
Jan 17 08:59:09 host sshd[6969]: input_userauth_request: invalid user zabbix [preauth]
Jan 17 08:59:09 host sshd[6969]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:59:09 host sshd[6969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.186.85.94
Jan 17 08:59:11 host sshd[6969]: Failed password for invalid user zabbix from 58.186.85.94 port 48206 ssh2
Jan 17 08:59:11 host sshd[6969]: Received disconnect from 58.186.85.94 port 48206:11: Bye Bye [preauth]
Jan 17 08:59:11 host sshd[6969]: Disconnected from 58.186.85.94 port 48206 [preauth]
Jan 17 08:59:12 host sshd[6977]: User root from 41.82.208.182 not allowed because not listed in AllowUsers
Jan 17 08:59:12 host sshd[6977]: input_userauth_request: invalid user root [preauth]
Jan 17 08:59:12 host unix_chkpwd[6986]: password check failed for user (root)
Jan 17 08:59:12 host sshd[6977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.208.182 user=root
Jan 17 08:59:12 host sshd[6977]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:59:14 host sshd[6977]: Failed password for invalid user root from 41.82.208.182 port 52397 ssh2
Jan 17 08:59:14 host sshd[6977]: Received disconnect from 41.82.208.182 port 52397:11: Bye Bye [preauth]
Jan 17 08:59:14 host sshd[6977]: Disconnected from 41.82.208.182 port 52397 [preauth]
Jan 17 08:59:21 host sshd[7058]: User root from 186.248.219.34 not allowed because not listed in AllowUsers
Jan 17 08:59:21 host sshd[7058]: input_userauth_request: invalid user root [preauth]
Jan 17 08:59:21 host unix_chkpwd[7061]: password check failed for user (root)
Jan 17 08:59:21 host sshd[7058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.248.219.34 user=root
Jan 17 08:59:21 host sshd[7058]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:59:23 host sshd[7058]: Failed password for invalid user root from 186.248.219.34 port 42438 ssh2
Jan 17 08:59:43 host sshd[7150]: Invalid user grid from 104.248.159.207 port 39524
Jan 17 08:59:43 host sshd[7150]: input_userauth_request: invalid user grid [preauth]
Jan 17 08:59:43 host sshd[7150]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:59:43 host sshd[7150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.159.207
Jan 17 08:59:46 host sshd[7150]: Failed password for invalid user grid from 104.248.159.207 port 39524 ssh2
Jan 17 08:59:46 host sshd[7150]: Received disconnect from 104.248.159.207 port 39524:11: Bye Bye [preauth]
Jan 17 08:59:46 host sshd[7150]: Disconnected from 104.248.159.207 port 39524 [preauth]
Jan 17 08:59:46 host sshd[7156]: User root from 167.71.233.59 not allowed because not listed in AllowUsers
Jan 17 08:59:46 host sshd[7156]: input_userauth_request: invalid user root [preauth]
Jan 17 08:59:46 host unix_chkpwd[7158]: password check failed for user (root)
Jan 17 08:59:46 host sshd[7156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.233.59 user=root
Jan 17 08:59:46 host sshd[7156]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 08:59:48 host sshd[7156]: Failed password for invalid user root from 167.71.233.59 port 52842 ssh2
Jan 17 08:59:57 host sshd[7235]: Invalid user asterisk from 103.84.236.242 port 34168
Jan 17 08:59:57 host sshd[7235]: input_userauth_request: invalid user asterisk [preauth]
Jan 17 08:59:57 host sshd[7235]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 08:59:57 host sshd[7235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.84.236.242
Jan 17 08:59:58 host sshd[7235]: Failed password for invalid user asterisk from 103.84.236.242 port 34168 ssh2
Jan 17 08:59:58 host sshd[7235]: Received disconnect from 103.84.236.242 port 34168:11: Bye Bye [preauth]
Jan 17 08:59:58 host sshd[7235]: Disconnected from 103.84.236.242 port 34168 [preauth]
Jan 17 09:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 09:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 09:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 09:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=vfmassets user-2=wwwtestugo user-3=shalinijames user-4=pmcresources user-5=disposeat user-6=wwwkmaorg user-7=remysagr user-8=wwwkapin user-9=woodpeck user-10=gifterman user-11=palco123 user-12=kottayamcalldriv user-13=phmetals user-14=mrsclean user-15=wwwnexidigital user-16=bonifacegroup user-17=wwwevmhonda user-18=wwwletsstalkfood user-19=straightcurve user-20=dartsimp user-21=a2zgroup user-22=laundryboniface user-23=cochintaxi user-24=wwwkaretakers user-25=travelboniface user-26=wwwrmswll user-27=wwwresourcehunte user-28=keralaholi user-29=ugotscom user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 09:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-se53eXUJhaV3y0Y3.~
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-se53eXUJhaV3y0Y3.~'
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-se53eXUJhaV3y0Y3.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 09:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 09:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 09:31:29 host sshd[13023]: User root from 196.179.231.103 not allowed because not listed in AllowUsers
Jan 17 09:31:29 host sshd[13023]: input_userauth_request: invalid user root [preauth]
Jan 17 09:31:29 host unix_chkpwd[13032]: password check failed for user (root)
Jan 17 09:31:29 host sshd[13023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.179.231.103 user=root
Jan 17 09:31:29 host sshd[13023]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 09:31:31 host sshd[13023]: Failed password for invalid user root from 196.179.231.103 port 47698 ssh2
Jan 17 09:31:31 host sshd[13023]: Received disconnect from 196.179.231.103 port 47698:11: Bye Bye [preauth]
Jan 17 09:31:31 host sshd[13023]: Disconnected from 196.179.231.103 port 47698 [preauth]
Jan 17 09:32:57 host sshd[13215]: User root from 182.253.115.155 not allowed because not listed in AllowUsers
Jan 17 09:32:57 host sshd[13215]: input_userauth_request: invalid user root [preauth]
Jan 17 09:32:57 host unix_chkpwd[13217]: password check failed for user (root)
Jan 17 09:32:57 host sshd[13215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.253.115.155 user=root
Jan 17 09:32:57 host sshd[13215]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 09:32:59 host sshd[13215]: Failed password for invalid user root from 182.253.115.155 port 45280 ssh2
Jan 17 09:32:59 host sshd[13215]: Received disconnect from 182.253.115.155 port 45280:11: Bye Bye [preauth]
Jan 17 09:32:59 host sshd[13215]: Disconnected from 182.253.115.155 port 45280 [preauth]
Jan 17 09:34:02 host sshd[13373]: Invalid user apache from 167.172.246.83 port 49348
Jan 17 09:34:02 host sshd[13373]: input_userauth_request: invalid user apache [preauth]
Jan 17 09:34:02 host sshd[13373]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:34:02 host sshd[13373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.246.83
Jan 17 09:34:04 host sshd[13373]: Failed password for invalid user apache from 167.172.246.83 port 49348 ssh2
Jan 17 09:34:04 host sshd[13373]: Received disconnect from 167.172.246.83 port 49348:11: Bye Bye [preauth]
Jan 17 09:34:04 host sshd[13373]: Disconnected from 167.172.246.83 port 49348 [preauth]
Jan 17 09:34:11 host sshd[13400]: Invalid user miner from 13.87.204.143 port 59646
Jan 17 09:34:11 host sshd[13400]: input_userauth_request: invalid user miner [preauth]
Jan 17 09:34:11 host sshd[13400]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:34:11 host sshd[13400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.87.204.143
Jan 17 09:34:13 host sshd[13400]: Failed password for invalid user miner from 13.87.204.143 port 59646 ssh2
Jan 17 09:34:13 host sshd[13400]: Received disconnect from 13.87.204.143 port 59646:11: Bye Bye [preauth]
Jan 17 09:34:13 host sshd[13400]: Disconnected from 13.87.204.143 port 59646 [preauth]
Jan 17 09:35:25 host sshd[13703]: User root from 93.115.53.27 not allowed because not listed in AllowUsers
Jan 17 09:35:25 host sshd[13703]: input_userauth_request: invalid user root [preauth]
Jan 17 09:35:25 host unix_chkpwd[13708]: password check failed for user (root)
Jan 17 09:35:25 host sshd[13703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.115.53.27 user=root
Jan 17 09:35:25 host sshd[13703]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 09:35:27 host sshd[13703]: Failed password for invalid user root from 93.115.53.27 port 55306 ssh2
Jan 17 09:35:27 host sshd[13703]: Received disconnect from 93.115.53.27 port 55306:11: Bye Bye [preauth]
Jan 17 09:35:27 host sshd[13703]: Disconnected from 93.115.53.27 port 55306 [preauth]
Jan 17 09:35:36 host sshd[13749]: User root from 165.154.243.252 not allowed because not listed in AllowUsers
Jan 17 09:35:36 host sshd[13749]: input_userauth_request: invalid user root [preauth]
Jan 17 09:35:36 host unix_chkpwd[13753]: password check failed for user (root)
Jan 17 09:35:36 host sshd[13749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.243.252 user=root
Jan 17 09:35:36 host sshd[13749]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 09:35:38 host sshd[13749]: Failed password for invalid user root from 165.154.243.252 port 26686 ssh2
Jan 17 09:35:38 host sshd[13749]: Received disconnect from 165.154.243.252 port 26686:11: Bye Bye [preauth]
Jan 17 09:35:38 host sshd[13749]: Disconnected from 165.154.243.252 port 26686 [preauth]
Jan 17 09:36:40 host sshd[13875]: User root from 196.179.231.103 not allowed because not listed in AllowUsers
Jan 17 09:36:40 host sshd[13875]: input_userauth_request: invalid user root [preauth]
Jan 17 09:36:40 host unix_chkpwd[13878]: password check failed for user (root)
Jan 17 09:36:40 host sshd[13875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.179.231.103 user=root
Jan 17 09:36:40 host sshd[13875]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 09:36:42 host sshd[13875]: Failed password for invalid user root from 196.179.231.103 port 45730 ssh2
Jan 17 09:36:42 host sshd[13875]: Received disconnect from 196.179.231.103 port 45730:11: Bye Bye [preauth]
Jan 17 09:36:42 host sshd[13875]: Disconnected from 196.179.231.103 port 45730 [preauth]
Jan 17 09:37:34 host sshd[14016]: User root from 13.87.204.143 not allowed because not listed in AllowUsers
Jan 17 09:37:34 host sshd[14016]: input_userauth_request: invalid user root [preauth]
Jan 17 09:37:34 host unix_chkpwd[14019]: password check failed for user (root)
Jan 17 09:37:34 host sshd[14016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.87.204.143 user=root
Jan 17 09:37:34 host sshd[14016]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 09:37:37 host sshd[14016]: Failed password for invalid user root from 13.87.204.143 port 33422 ssh2
Jan 17 09:37:37 host sshd[14016]: Received disconnect from 13.87.204.143 port 33422:11: Bye Bye [preauth]
Jan 17 09:37:37 host sshd[14016]: Disconnected from 13.87.204.143 port 33422 [preauth]
Jan 17 09:37:38 host sshd[14023]: User root from 167.172.246.83 not allowed because not listed in AllowUsers
Jan 17 09:37:38 host sshd[14023]: input_userauth_request: invalid user root [preauth]
Jan 17 09:37:38 host unix_chkpwd[14029]: password check failed for user (root)
Jan 17 09:37:38 host sshd[14023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.246.83 user=root
Jan 17 09:37:38 host sshd[14023]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 09:37:39 host sshd[14052]: Invalid user rancher from 182.253.115.155 port 57964
Jan 17 09:37:39 host sshd[14052]: input_userauth_request: invalid user rancher [preauth]
Jan 17 09:37:39 host sshd[14052]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:37:39 host sshd[14052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.253.115.155
Jan 17 09:37:40 host sshd[14023]: Failed password for invalid user root from 167.172.246.83 port 59014 ssh2
Jan 17 09:37:40 host sshd[14023]: Received disconnect from 167.172.246.83 port 59014:11: Bye Bye [preauth]
Jan 17 09:37:40 host sshd[14023]: Disconnected from 167.172.246.83 port 59014 [preauth]
Jan 17 09:37:41 host sshd[14072]: User root from 58.82.155.197 not allowed because not listed in AllowUsers
Jan 17 09:37:41 host sshd[14072]: input_userauth_request: invalid user root [preauth]
Jan 17 09:37:41 host unix_chkpwd[14084]: password check failed for user (root)
Jan 17 09:37:41 host sshd[14072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.82.155.197 user=root
Jan 17 09:37:41 host sshd[14072]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 09:37:41 host sshd[14052]: Failed password for invalid user rancher from 182.253.115.155 port 57964 ssh2
Jan 17 09:37:41 host sshd[14052]: Received disconnect from 182.253.115.155 port 57964:11: Bye Bye [preauth]
Jan 17 09:37:41 host sshd[14052]: Disconnected from 182.253.115.155 port 57964 [preauth]
Jan 17 09:37:43 host sshd[14072]: Failed password for invalid user root from 58.82.155.197 port 59082 ssh2
Jan 17 09:37:43 host sshd[14072]: Received disconnect from 58.82.155.197 port 59082:11: Bye Bye [preauth]
Jan 17 09:37:43 host sshd[14072]: Disconnected from 58.82.155.197 port 59082 [preauth]
Jan 17 09:37:49 host sshd[14156]: User root from 165.154.243.252 not allowed because not listed in AllowUsers
Jan 17 09:37:49 host sshd[14156]: input_userauth_request: invalid user root [preauth]
Jan 17 09:37:49 host unix_chkpwd[14165]: password check failed for user (root)
Jan 17 09:37:49 host sshd[14156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.243.252 user=root
Jan 17 09:37:49 host sshd[14156]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 09:37:51 host sshd[14156]: Failed password for invalid user root from 165.154.243.252 port 55966 ssh2
Jan 17 09:37:51 host sshd[14156]: Received disconnect from 165.154.243.252 port 55966:11: Bye Bye [preauth]
Jan 17 09:37:51 host sshd[14156]: Disconnected from 165.154.243.252 port 55966 [preauth]
Jan 17 09:37:59 host sshd[14207]: User root from 93.115.53.27 not allowed because not listed in AllowUsers
Jan 17 09:37:59 host sshd[14207]: input_userauth_request: invalid user root [preauth]
Jan 17 09:37:59 host unix_chkpwd[14212]: password check failed for user (root)
Jan 17 09:37:59 host sshd[14207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.115.53.27 user=root
Jan 17 09:37:59 host sshd[14207]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 09:38:01 host sshd[14207]: Failed password for invalid user root from 93.115.53.27 port 52474 ssh2
Jan 17 09:38:01 host sshd[14207]: Received disconnect from 93.115.53.27 port 52474:11: Bye Bye [preauth]
Jan 17 09:38:01 host sshd[14207]: Disconnected from 93.115.53.27 port 52474 [preauth]
Jan 17 09:39:09 host sshd[14389]: Invalid user redis from 68.183.132.72 port 38124
Jan 17 09:39:09 host sshd[14389]: input_userauth_request: invalid user redis [preauth]
Jan 17 09:39:09 host sshd[14389]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:39:09 host sshd[14389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.132.72
Jan 17 09:39:11 host sshd[14389]: Failed password for invalid user redis from 68.183.132.72 port 38124 ssh2
Jan 17 09:39:11 host sshd[14389]: Received disconnect from 68.183.132.72 port 38124:11: Bye Bye [preauth]
Jan 17 09:39:11 host sshd[14389]: Disconnected from 68.183.132.72 port 38124 [preauth]
Jan 17 09:39:41 host sshd[14480]: User root from 58.82.155.197 not allowed because not listed in AllowUsers
Jan 17 09:39:41 host sshd[14480]: input_userauth_request: invalid user root [preauth]
Jan 17 09:39:41 host unix_chkpwd[14484]: password check failed for user (root)
Jan 17 09:39:41 host sshd[14480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.82.155.197 user=root
Jan 17 09:39:41 host sshd[14480]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 09:39:43 host sshd[14480]: Failed password for invalid user root from 58.82.155.197 port 34010 ssh2
Jan 17 09:39:43 host sshd[14480]: Received disconnect from 58.82.155.197 port 34010:11: Bye Bye [preauth]
Jan 17 09:39:43 host sshd[14480]: Disconnected from 58.82.155.197 port 34010 [preauth]
Jan 17 09:45:42 host sshd[15540]: Invalid user gitlab-runner from 125.228.30.74 port 48200
Jan 17 09:45:42 host sshd[15540]: input_userauth_request: invalid user gitlab-runner [preauth]
Jan 17 09:45:42 host sshd[15540]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:45:42 host sshd[15540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.30.74
Jan 17 09:45:44 host sshd[15540]: Failed password for invalid user gitlab-runner from 125.228.30.74 port 48200 ssh2
Jan 17 09:45:45 host sshd[15540]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:45:47 host sshd[15540]: Failed password for invalid user gitlab-runner from 125.228.30.74 port 48200 ssh2
Jan 17 09:45:48 host sshd[15540]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:45:49 host sshd[15540]: Failed password for invalid user gitlab-runner from 125.228.30.74 port 48200 ssh2
Jan 17 09:45:50 host sshd[15540]: Failed password for invalid user gitlab-runner from 125.228.30.74 port 48200 ssh2
Jan 17 09:45:50 host sshd[15540]: Connection closed by 125.228.30.74 port 48200 [preauth]
Jan 17 09:45:50 host sshd[15540]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.30.74
Jan 17 09:48:01 host sshd[15830]: Invalid user bitnami from 68.183.132.72 port 49596
Jan 17 09:48:01 host sshd[15830]: input_userauth_request: invalid user bitnami [preauth]
Jan 17 09:48:01 host sshd[15830]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:48:01 host sshd[15830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.132.72
Jan 17 09:48:02 host sshd[15830]: Failed password for invalid user bitnami from 68.183.132.72 port 49596 ssh2
Jan 17 09:48:03 host sshd[15830]: Received disconnect from 68.183.132.72 port 49596:11: Bye Bye [preauth]
Jan 17 09:48:03 host sshd[15830]: Disconnected from 68.183.132.72 port 49596 [preauth]
Jan 17 09:49:23 host sshd[15996]: Invalid user fj from 194.110.203.109 port 41128
Jan 17 09:49:23 host sshd[15996]: input_userauth_request: invalid user fj [preauth]
Jan 17 09:49:23 host sshd[15996]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:49:23 host sshd[15996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 09:49:25 host sshd[15996]: Failed password for invalid user fj from 194.110.203.109 port 41128 ssh2
Jan 17 09:49:29 host sshd[15996]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:49:30 host sshd[15996]: Failed password for invalid user fj from 194.110.203.109 port 41128 ssh2
Jan 17 09:49:34 host sshd[15996]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:49:35 host sshd[15996]: Failed password for invalid user fj from 194.110.203.109 port 41128 ssh2
Jan 17 09:49:38 host sshd[15996]: Connection closed by 194.110.203.109 port 41128 [preauth]
Jan 17 09:49:38 host sshd[15996]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 09:53:30 host sshd[16666]: Invalid user admin from 68.183.132.72 port 50940
Jan 17 09:53:30 host sshd[16666]: input_userauth_request: invalid user admin [preauth]
Jan 17 09:53:30 host sshd[16666]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:53:30 host sshd[16666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.132.72
Jan 17 09:53:32 host sshd[16666]: Failed password for invalid user admin from 68.183.132.72 port 50940 ssh2
Jan 17 09:53:32 host sshd[16666]: Received disconnect from 68.183.132.72 port 50940:11: Bye Bye [preauth]
Jan 17 09:53:32 host sshd[16666]: Disconnected from 68.183.132.72 port 50940 [preauth]
Jan 17 09:54:40 host sshd[16810]: Invalid user Admin from 36.228.90.92 port 51325
Jan 17 09:54:40 host sshd[16810]: input_userauth_request: invalid user Admin [preauth]
Jan 17 09:54:40 host sshd[16810]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:54:40 host sshd[16810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.228.90.92
Jan 17 09:54:42 host sshd[16810]: Failed password for invalid user Admin from 36.228.90.92 port 51325 ssh2
Jan 17 09:54:43 host sshd[16810]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:54:45 host sshd[16810]: Failed password for invalid user Admin from 36.228.90.92 port 51325 ssh2
Jan 17 09:54:45 host sshd[16810]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:54:48 host sshd[16810]: Failed password for invalid user Admin from 36.228.90.92 port 51325 ssh2
Jan 17 09:54:50 host sshd[16810]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:54:52 host sshd[16810]: Failed password for invalid user Admin from 36.228.90.92 port 51325 ssh2
Jan 17 09:54:53 host sshd[16810]: Failed password for invalid user Admin from 36.228.90.92 port 51325 ssh2
Jan 17 09:54:54 host sshd[16810]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 09:54:56 host sshd[16810]: Failed password for invalid user Admin from 36.228.90.92 port 51325 ssh2
Jan 17 09:54:56 host sshd[16810]: error: maximum authentication attempts exceeded for invalid user Admin from 36.228.90.92 port 51325 ssh2 [preauth]
Jan 17 09:54:56 host sshd[16810]: Disconnecting: Too many authentication failures [preauth]
Jan 17 09:54:56 host sshd[16810]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.228.90.92
Jan 17 09:54:56 host sshd[16810]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 17 10:02:23 host sshd[18131]: User root from 34.93.223.12 not allowed because not listed in AllowUsers
Jan 17 10:02:23 host sshd[18131]: input_userauth_request: invalid user root [preauth]
Jan 17 10:02:23 host unix_chkpwd[18133]: password check failed for user (root)
Jan 17 10:02:23 host sshd[18131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.93.223.12 user=root
Jan 17 10:02:23 host sshd[18131]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 10:02:25 host sshd[18131]: Failed password for invalid user root from 34.93.223.12 port 48410 ssh2
Jan 17 10:02:25 host sshd[18131]: Received disconnect from 34.93.223.12 port 48410:11: Bye Bye [preauth]
Jan 17 10:02:25 host sshd[18131]: Disconnected from 34.93.223.12 port 48410 [preauth]
Jan 17 10:03:47 host sshd[18292]: Invalid user hb from 188.166.52.232 port 42942
Jan 17 10:03:47 host sshd[18292]: input_userauth_request: invalid user hb [preauth]
Jan 17 10:03:47 host sshd[18292]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:03:47 host sshd[18292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.52.232
Jan 17 10:03:49 host sshd[18292]: Failed password for invalid user hb from 188.166.52.232 port 42942 ssh2
Jan 17 10:03:49 host sshd[18292]: Received disconnect from 188.166.52.232 port 42942:11: Bye Bye [preauth]
Jan 17 10:03:49 host sshd[18292]: Disconnected from 188.166.52.232 port 42942 [preauth]
Jan 17 10:06:00 host sshd[18651]: Invalid user zyfwp from 73.58.47.72 port 45198
Jan 17 10:06:00 host sshd[18651]: input_userauth_request: invalid user zyfwp [preauth]
Jan 17 10:06:00 host sshd[18651]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:06:00 host sshd[18651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=73.58.47.72
Jan 17 10:06:02 host sshd[18651]: Failed password for invalid user zyfwp from 73.58.47.72 port 45198 ssh2
Jan 17 10:06:02 host sshd[18651]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:06:05 host sshd[18651]: Failed password for invalid user zyfwp from 73.58.47.72 port 45198 ssh2
Jan 17 10:06:06 host sshd[18651]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:06:07 host sshd[18651]: Failed password for invalid user zyfwp from 73.58.47.72 port 45198 ssh2
Jan 17 10:06:08 host sshd[18651]: Connection closed by 73.58.47.72 port 45198 [preauth]
Jan 17 10:06:08 host sshd[18651]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=73.58.47.72
Jan 17 10:06:12 host sshd[18777]: Invalid user trojanuser from 79.59.251.230 port 37522
Jan 17 10:06:12 host sshd[18777]: input_userauth_request: invalid user trojanuser [preauth]
Jan 17 10:06:12 host sshd[18777]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:06:12 host sshd[18777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.59.251.230
Jan 17 10:06:14 host sshd[18777]: Failed password for invalid user trojanuser from 79.59.251.230 port 37522 ssh2
Jan 17 10:06:14 host sshd[18777]: Received disconnect from 79.59.251.230 port 37522:11: Bye Bye [preauth]
Jan 17 10:06:14 host sshd[18777]: Disconnected from 79.59.251.230 port 37522 [preauth]
Jan 17 10:07:12 host sshd[18888]: User root from 188.166.52.232 not allowed because not listed in AllowUsers
Jan 17 10:07:12 host sshd[18888]: input_userauth_request: invalid user root [preauth]
Jan 17 10:07:12 host unix_chkpwd[18894]: password check failed for user (root)
Jan 17 10:07:12 host sshd[18888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.52.232 user=root
Jan 17 10:07:12 host sshd[18888]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 10:07:14 host sshd[18888]: Failed password for invalid user root from 188.166.52.232 port 44372 ssh2
Jan 17 10:07:14 host sshd[18888]: Received disconnect from 188.166.52.232 port 44372:11: Bye Bye [preauth]
Jan 17 10:07:14 host sshd[18888]: Disconnected from 188.166.52.232 port 44372 [preauth]
Jan 17 10:08:32 host sshd[19151]: Invalid user wordpress from 34.93.223.12 port 59220
Jan 17 10:08:32 host sshd[19151]: input_userauth_request: invalid user wordpress [preauth]
Jan 17 10:08:32 host sshd[19151]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:08:32 host sshd[19151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.93.223.12
Jan 17 10:08:34 host sshd[19151]: Failed password for invalid user wordpress from 34.93.223.12 port 59220 ssh2
Jan 17 10:08:34 host sshd[19151]: Received disconnect from 34.93.223.12 port 59220:11: Bye Bye [preauth]
Jan 17 10:08:34 host sshd[19151]: Disconnected from 34.93.223.12 port 59220 [preauth]
Jan 17 10:09:08 host sshd[19317]: Invalid user user2 from 79.59.251.230 port 43182
Jan 17 10:09:08 host sshd[19317]: input_userauth_request: invalid user user2 [preauth]
Jan 17 10:09:08 host sshd[19317]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:09:08 host sshd[19317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.59.251.230
Jan 17 10:09:10 host sshd[19317]: Failed password for invalid user user2 from 79.59.251.230 port 43182 ssh2
Jan 17 10:09:11 host sshd[19317]: Received disconnect from 79.59.251.230 port 43182:11: Bye Bye [preauth]
Jan 17 10:09:11 host sshd[19317]: Disconnected from 79.59.251.230 port 43182 [preauth]
Jan 17 10:10:16 host sshd[19481]: Invalid user plex from 79.59.251.230 port 37554
Jan 17 10:10:16 host sshd[19481]: input_userauth_request: invalid user plex [preauth]
Jan 17 10:10:16 host sshd[19481]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:10:16 host sshd[19481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.59.251.230
Jan 17 10:10:19 host sshd[19481]: Failed password for invalid user plex from 79.59.251.230 port 37554 ssh2
Jan 17 10:10:19 host sshd[19481]: Received disconnect from 79.59.251.230 port 37554:11: Bye Bye [preauth]
Jan 17 10:10:19 host sshd[19481]: Disconnected from 79.59.251.230 port 37554 [preauth]
Jan 17 10:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 10:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 10:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 10:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=ugotscom user-3=wwwresourcehunte user-4=keralaholi user-5=wwwrmswll user-6=travelboniface user-7=cochintaxi user-8=wwwkaretakers user-9=laundryboniface user-10=a2zgroup user-11=dartsimp user-12=straightcurve user-13=wwwletsstalkfood user-14=wwwevmhonda user-15=bonifacegroup user-16=mrsclean user-17=wwwnexidigital user-18=phmetals user-19=kottayamcalldriv user-20=palco123 user-21=gifterman user-22=woodpeck user-23=wwwkapin user-24=disposeat user-25=remysagr user-26=wwwkmaorg user-27=pmcresources user-28=shalinijames user-29=wwwtestugo user-30=vfmassets feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 10:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 10:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-qJiw4XsTURgymrTi.~
Jan 17 10:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-qJiw4XsTURgymrTi.~'
Jan 17 10:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-qJiw4XsTURgymrTi.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 10:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 10:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 10:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 10:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 10:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 10:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 10:23:58 host sshd[22069]: User sshd from 194.169.175.102 not allowed because not listed in AllowUsers
Jan 17 10:23:58 host sshd[22069]: input_userauth_request: invalid user sshd [preauth]
Jan 17 10:23:58 host unix_chkpwd[22072]: password check failed for user (sshd)
Jan 17 10:23:58 host sshd[22069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 user=sshd
Jan 17 10:23:58 host sshd[22069]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd"
Jan 17 10:24:00 host sshd[22069]: Failed password for invalid user sshd from 194.169.175.102 port 65271 ssh2
Jan 17 10:24:01 host sshd[22069]: Received disconnect from 194.169.175.102 port 65271:11: Client disconnecting normally [preauth]
Jan 17 10:24:01 host sshd[22069]: Disconnected from 194.169.175.102 port 65271 [preauth]
Jan 17 10:33:40 host sshd[23600]: Invalid user default from 125.228.30.214 port 45818
Jan 17 10:33:40 host sshd[23600]: input_userauth_request: invalid user default [preauth]
Jan 17 10:33:40 host sshd[23600]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:33:40 host sshd[23600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.30.214
Jan 17 10:33:42 host sshd[23600]: Failed password for invalid user default from 125.228.30.214 port 45818 ssh2
Jan 17 10:33:43 host sshd[23600]: Connection reset by 125.228.30.214 port 45818 [preauth]
Jan 17 10:37:20 host sshd[24075]: Invalid user vpn from 123.31.20.81 port 56420
Jan 17 10:37:20 host sshd[24075]: input_userauth_request: invalid user vpn [preauth]
Jan 17 10:37:20 host sshd[24075]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:37:20 host sshd[24075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.31.20.81
Jan 17 10:37:22 host sshd[24075]: Failed password for invalid user vpn from 123.31.20.81 port 56420 ssh2
Jan 17 10:37:22 host sshd[24075]: Received disconnect from 123.31.20.81 port 56420:11: Bye Bye [preauth]
Jan 17 10:37:22 host sshd[24075]: Disconnected from 123.31.20.81 port 56420 [preauth]
Jan 17 10:39:59 host sshd[24524]: Invalid user vpn from 197.153.57.103 port 50038
Jan 17 10:39:59 host sshd[24524]: input_userauth_request: invalid user vpn [preauth]
Jan 17 10:39:59 host sshd[24524]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:39:59 host sshd[24524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.153.57.103
Jan 17 10:40:01 host sshd[24524]: Failed password for invalid user vpn from 197.153.57.103 port 50038 ssh2
Jan 17 10:40:01 host sshd[24524]: Received disconnect from 197.153.57.103 port 50038:11: Bye Bye [preauth]
Jan 17 10:40:01 host sshd[24524]: Disconnected from 197.153.57.103 port 50038 [preauth]
Jan 17 10:41:31 host sshd[24738]: Invalid user db2inst1 from 197.153.57.103 port 36245
Jan 17 10:41:31 host sshd[24738]: input_userauth_request: invalid user db2inst1 [preauth]
Jan 17 10:41:32 host sshd[24738]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:41:32 host sshd[24738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.153.57.103
Jan 17 10:41:34 host sshd[24738]: Failed password for invalid user db2inst1 from 197.153.57.103 port 36245 ssh2
Jan 17 10:41:34 host sshd[24738]: Received disconnect from 197.153.57.103 port 36245:11: Bye Bye [preauth]
Jan 17 10:41:34 host sshd[24738]: Disconnected from 197.153.57.103 port 36245 [preauth]
Jan 17 10:42:08 host sshd[24788]: Invalid user mapr from 123.31.20.81 port 44972
Jan 17 10:42:08 host sshd[24788]: input_userauth_request: invalid user mapr [preauth]
Jan 17 10:42:08 host sshd[24788]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:42:08 host sshd[24788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.31.20.81
Jan 17 10:42:10 host sshd[24788]: Failed password for invalid user mapr from 123.31.20.81 port 44972 ssh2
Jan 17 10:42:10 host sshd[24788]: Received disconnect from 123.31.20.81 port 44972:11: Bye Bye [preauth]
Jan 17 10:42:10 host sshd[24788]: Disconnected from 123.31.20.81 port 44972 [preauth]
Jan 17 10:42:44 host sshd[24853]: Invalid user dockeradmin from 197.153.57.103 port 49875
Jan 17 10:42:44 host sshd[24853]: input_userauth_request: invalid user dockeradmin [preauth]
Jan 17 10:42:44 host sshd[24853]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:42:44 host sshd[24853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.153.57.103
Jan 17 10:42:46 host sshd[24853]: Failed password for invalid user dockeradmin from 197.153.57.103 port 49875 ssh2
Jan 17 10:43:34 host sshd[24985]: User root from 123.31.20.81 not allowed because not listed in AllowUsers
Jan 17 10:43:34 host sshd[24985]: input_userauth_request: invalid user root [preauth]
Jan 17 10:43:34 host unix_chkpwd[24994]: password check failed for user (root)
Jan 17 10:43:34 host sshd[24985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.31.20.81 user=root
Jan 17 10:43:34 host sshd[24985]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 10:43:36 host sshd[24985]: Failed password for invalid user root from 123.31.20.81 port 40124 ssh2
Jan 17 10:43:36 host sshd[24985]: Received disconnect from 123.31.20.81 port 40124:11: Bye Bye [preauth]
Jan 17 10:43:36 host sshd[24985]: Disconnected from 123.31.20.81 port 40124 [preauth]
Jan 17 10:47:47 host sshd[25780]: User root from 18.183.240.136 not allowed because not listed in AllowUsers
Jan 17 10:47:47 host sshd[25780]: input_userauth_request: invalid user root [preauth]
Jan 17 10:47:47 host unix_chkpwd[25811]: password check failed for user (root)
Jan 17 10:47:47 host sshd[25780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=18.183.240.136 user=root
Jan 17 10:47:47 host sshd[25780]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 10:47:49 host sshd[25780]: Failed password for invalid user root from 18.183.240.136 port 50072 ssh2
Jan 17 10:47:49 host sshd[25780]: Received disconnect from 18.183.240.136 port 50072:11: Bye Bye [preauth]
Jan 17 10:47:49 host sshd[25780]: Disconnected from 18.183.240.136 port 50072 [preauth]
Jan 17 10:58:40 host sshd[27666]: Invalid user ubnt from 121.176.85.158 port 4069
Jan 17 10:58:40 host sshd[27666]: input_userauth_request: invalid user ubnt [preauth]
Jan 17 10:58:40 host sshd[27666]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:58:40 host sshd[27666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.176.85.158
Jan 17 10:58:42 host sshd[27666]: Failed password for invalid user ubnt from 121.176.85.158 port 4069 ssh2
Jan 17 10:58:43 host sshd[27666]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:58:45 host sshd[27666]: Failed password for invalid user ubnt from 121.176.85.158 port 4069 ssh2
Jan 17 10:58:46 host sshd[27666]: Failed password for invalid user ubnt from 121.176.85.158 port 4069 ssh2
Jan 17 10:58:46 host sshd[27666]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:58:49 host sshd[27666]: Failed password for invalid user ubnt from 121.176.85.158 port 4069 ssh2
Jan 17 10:58:49 host sshd[27666]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:58:51 host sshd[27666]: Failed password for invalid user ubnt from 121.176.85.158 port 4069 ssh2
Jan 17 10:58:52 host sshd[27666]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 10:58:54 host sshd[27666]: Failed password for invalid user ubnt from 121.176.85.158 port 4069 ssh2
Jan 17 10:58:54 host sshd[27666]: error: maximum authentication attempts exceeded for invalid user ubnt from 121.176.85.158 port 4069 ssh2 [preauth]
Jan 17 10:58:54 host sshd[27666]: Disconnecting: Too many authentication failures [preauth]
Jan 17 10:58:54 host sshd[27666]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.176.85.158
Jan 17 10:58:54 host sshd[27666]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 17 10:59:07 host sshd[27718]: Connection closed by 18.183.240.136 port 41988 [preauth]
Jan 17 11:02:42 host sshd[28294]: Connection closed by 18.183.240.136 port 38192 [preauth]
Jan 17 11:06:58 host sshd[28974]: Connection closed by 18.183.240.136 port 35240 [preauth]
Jan 17 11:11:09 host sshd[29683]: Connection closed by 18.183.240.136 port 52916 [preauth]
Jan 17 11:14:42 host sshd[30258]: Connection closed by 18.183.240.136 port 48404 [preauth]
Jan 17 11:16:25 host sshd[30594]: User root from 61.73.109.78 not allowed because not listed in AllowUsers
Jan 17 11:16:25 host sshd[30594]: input_userauth_request: invalid user root [preauth]
Jan 17 11:16:25 host unix_chkpwd[30601]: password check failed for user (root)
Jan 17 11:16:25 host sshd[30594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.73.109.78 user=root
Jan 17 11:16:25 host sshd[30594]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 11:16:27 host sshd[30594]: Failed password for invalid user root from 61.73.109.78 port 62703 ssh2
Jan 17 11:16:28 host sshd[30594]: Connection reset by 61.73.109.78 port 62703 [preauth]
Jan 17 11:17:24 host sshd[30753]: Connection reset by 125.229.91.139 port 35763 [preauth]
Jan 17 11:18:26 host sshd[30919]: Connection closed by 18.183.240.136 port 39364 [preauth]
Jan 17 11:19:40 host sshd[31127]: Invalid user rodney from 107.189.30.59 port 40628
Jan 17 11:19:40 host sshd[31127]: input_userauth_request: invalid user rodney [preauth]
Jan 17 11:19:40 host sshd[31127]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 11:19:40 host sshd[31127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 17 11:19:43 host sshd[31127]: Failed password for invalid user rodney from 107.189.30.59 port 40628 ssh2
Jan 17 11:19:44 host sshd[31127]: Connection closed by 107.189.30.59 port 40628 [preauth]
Jan 17 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 11:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 11:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=shalinijames user-2=wwwtestugo user-3=vfmassets user-4=pmcresources user-5=remysagr user-6=disposeat user-7=wwwkmaorg user-8=woodpeck user-9=wwwkapin user-10=kottayamcalldriv user-11=phmetals user-12=palco123 user-13=gifterman user-14=wwwnexidigital user-15=mrsclean user-16=wwwevmhonda user-17=bonifacegroup user-18=wwwletsstalkfood user-19=straightcurve user-20=a2zgroup user-21=dartsimp user-22=laundryboniface user-23=wwwkaretakers user-24=cochintaxi user-25=travelboniface user-26=ugotscom user-27=keralaholi user-28=wwwresourcehunte user-29=wwwrmswll user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 11:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 11:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 11:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-W6NPfn5Q5hWyiq8I.~
Jan 17 11:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-W6NPfn5Q5hWyiq8I.~'
Jan 17 11:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-W6NPfn5Q5hWyiq8I.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 11:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 11:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 11:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 11:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 11:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 11:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 11:21:58 host sshd[31698]: Connection closed by 18.183.240.136 port 55062 [preauth]
Jan 17 11:23:17 host sshd[31852]: User root from 175.203.66.34 not allowed because not listed in AllowUsers
Jan 17 11:23:17 host sshd[31852]: input_userauth_request: invalid user root [preauth]
Jan 17 11:23:17 host unix_chkpwd[31856]: password check failed for user (root)
Jan 17 11:23:17 host sshd[31852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.203.66.34 user=root
Jan 17 11:23:17 host sshd[31852]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 11:23:18 host sshd[31852]: Failed password for invalid user root from 175.203.66.34 port 36582 ssh2
Jan 17 11:23:19 host unix_chkpwd[31861]: password check failed for user (root)
Jan 17 11:23:19 host sshd[31852]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 11:23:21 host sshd[31852]: Failed password for invalid user root from 175.203.66.34 port 36582 ssh2
Jan 17 11:23:22 host sshd[31852]: Connection reset by 175.203.66.34 port 36582 [preauth]
Jan 17 11:23:22 host sshd[31852]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.203.66.34 user=root
Jan 17 11:23:58 host sshd[31930]: Invalid user zyfwp from 49.213.228.22 port 37176
Jan 17 11:23:58 host sshd[31930]: input_userauth_request: invalid user zyfwp [preauth]
Jan 17 11:23:58 host sshd[31930]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 11:23:58 host sshd[31930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.228.22
Jan 17 11:24:00 host sshd[31930]: Failed password for invalid user zyfwp from 49.213.228.22 port 37176 ssh2
Jan 17 11:24:00 host sshd[31930]: Connection reset by 49.213.228.22 port 37176 [preauth]
Jan 17 11:25:40 host sshd[32183]: Invalid user default from 180.189.105.83 port 42642
Jan 17 11:25:40 host sshd[32183]: input_userauth_request: invalid user default [preauth]
Jan 17 11:25:40 host sshd[32183]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 11:25:40 host sshd[32183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.189.105.83
Jan 17 11:25:42 host sshd[32183]: Failed password for invalid user default from 180.189.105.83 port 42642 ssh2
Jan 17 11:25:42 host sshd[32183]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 11:25:44 host sshd[32183]: Failed password for invalid user default from 180.189.105.83 port 42642 ssh2
Jan 17 11:25:44 host sshd[32183]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 11:25:47 host sshd[32183]: Failed password for invalid user default from 180.189.105.83 port 42642 ssh2
Jan 17 11:25:47 host sshd[32183]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 11:25:49 host sshd[32183]: Failed password for invalid user default from 180.189.105.83 port 42642 ssh2
Jan 17 11:25:50 host sshd[32183]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 11:25:52 host sshd[32183]: Failed password for invalid user default from 180.189.105.83 port 42642 ssh2
Jan 17 11:25:52 host sshd[32183]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 11:25:55 host sshd[32183]: Failed password for invalid user default from 180.189.105.83 port 42642 ssh2
Jan 17 11:25:55 host sshd[32183]: error: maximum authentication attempts exceeded for invalid user default from 180.189.105.83 port 42642 ssh2 [preauth]
Jan 17 11:25:55 host sshd[32183]: Disconnecting: Too many authentication failures [preauth]
Jan 17 11:25:55 host sshd[32183]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.189.105.83
Jan 17 11:25:55 host sshd[32183]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 17 11:26:23 host sshd[32267]: Connection closed by 18.183.240.136 port 60844 [preauth]
Jan 17 11:29:36 host sshd[304]: User root from 18.183.240.136 not allowed because not listed in AllowUsers
Jan 17 11:29:36 host sshd[304]: input_userauth_request: invalid user root [preauth]
Jan 17 11:29:36 host unix_chkpwd[311]: password check failed for user (root)
Jan 17 11:29:36 host sshd[304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=18.183.240.136 user=root
Jan 17 11:29:36 host sshd[304]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 11:29:38 host sshd[304]: Failed password for invalid user root from 18.183.240.136 port 39072 ssh2
Jan 17 11:39:49 host sshd[2102]: Invalid user fk from 194.110.203.109 port 36228
Jan 17 11:39:49 host sshd[2102]: input_userauth_request: invalid user fk [preauth]
Jan 17 11:39:49 host sshd[2102]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 11:39:49 host sshd[2102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 11:39:51 host sshd[2102]: Failed password for invalid user fk from 194.110.203.109 port 36228 ssh2
Jan 17 11:39:54 host sshd[2102]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 11:39:56 host sshd[2102]: Failed password for invalid user fk from 194.110.203.109 port 36228 ssh2
Jan 17 11:39:59 host sshd[2102]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 11:40:02 host sshd[2102]: Failed password for invalid user fk from 194.110.203.109 port 36228 ssh2
Jan 17 11:40:05 host sshd[2102]: Connection closed by 194.110.203.109 port 36228 [preauth]
Jan 17 11:40:05 host sshd[2102]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 11:42:49 host sshd[2555]: User root from 222.117.36.204 not allowed because not listed in AllowUsers
Jan 17 11:42:49 host sshd[2555]: input_userauth_request: invalid user root [preauth]
Jan 17 11:42:49 host unix_chkpwd[2563]: password check failed for user (root)
Jan 17 11:42:49 host sshd[2555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.117.36.204 user=root
Jan 17 11:42:49 host sshd[2555]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 11:42:50 host sshd[2555]: Failed password for invalid user root from 222.117.36.204 port 51852 ssh2
Jan 17 11:42:52 host unix_chkpwd[2571]: password check failed for user (root)
Jan 17 11:42:52 host sshd[2555]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 11:42:54 host sshd[2555]: Failed password for invalid user root from 222.117.36.204 port 51852 ssh2
Jan 17 11:42:55 host unix_chkpwd[2578]: password check failed for user (root)
Jan 17 11:42:55 host sshd[2555]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 11:42:57 host sshd[2555]: Failed password for invalid user root from 222.117.36.204 port 51852 ssh2
Jan 17 12:08:22 host sshd[6560]: Invalid user hikvision from 125.228.150.187 port 52826
Jan 17 12:08:22 host sshd[6560]: input_userauth_request: invalid user hikvision [preauth]
Jan 17 12:08:22 host sshd[6560]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 12:08:22 host sshd[6560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.150.187
Jan 17 12:08:24 host sshd[6560]: Failed password for invalid user hikvision from 125.228.150.187 port 52826 ssh2
Jan 17 12:08:25 host sshd[6560]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 12:08:27 host sshd[6560]: Failed password for invalid user hikvision from 125.228.150.187 port 52826 ssh2
Jan 17 12:08:28 host sshd[6560]: Failed password for invalid user hikvision from 125.228.150.187 port 52826 ssh2
Jan 17 12:08:28 host sshd[6560]: Connection reset by 125.228.150.187 port 52826 [preauth]
Jan 17 12:08:28 host sshd[6560]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.150.187
Jan 17 12:17:23 host sshd[8771]: User root from 119.196.161.183 not allowed because not listed in AllowUsers
Jan 17 12:17:23 host sshd[8771]: input_userauth_request: invalid user root [preauth]
Jan 17 12:17:23 host unix_chkpwd[8779]: password check failed for user (root)
Jan 17 12:17:23 host sshd[8771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.196.161.183 user=root
Jan 17 12:17:23 host sshd[8771]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 12:17:26 host sshd[8771]: Failed password for invalid user root from 119.196.161.183 port 60657 ssh2
Jan 17 12:17:27 host sshd[8771]: Connection reset by 119.196.161.183 port 60657 [preauth]
Jan 17 12:18:25 host sshd[8986]: Connection closed by 172.104.11.4 port 48496 [preauth]
Jan 17 12:18:26 host sshd[8989]: Connection closed by 172.104.11.4 port 48502 [preauth]
Jan 17 12:18:28 host sshd[8992]: Connection closed by 172.104.11.4 port 48508 [preauth]
Jan 17 12:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 12:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 12:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=straightcurve user-2=wwwletsstalkfood user-3=wwwevmhonda user-4=bonifacegroup user-5=wwwnexidigital user-6=mrsclean user-7=kottayamcalldriv user-8=phmetals user-9=gifterman user-10=palco123 user-11=woodpeck user-12=wwwkapin user-13=wwwkmaorg user-14=disposeat user-15=remysagr user-16=pmcresources user-17=wwwtestugo user-18=shalinijames user-19=vfmassets user-20=wwwpmcresource user-21=ugotscom user-22=wwwrmswll user-23=wwwresourcehunte user-24=keralaholi user-25=travelboniface user-26=wwwkaretakers user-27=cochintaxi user-28=laundryboniface user-29=dartsimp user-30=a2zgroup feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 12:21:07 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vu1uEcM2v6jQcFYK.~
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vu1uEcM2v6jQcFYK.~'
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vu1uEcM2v6jQcFYK.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 12:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 12:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 12:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 12:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 12:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 12:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 12:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 12:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 12:35:01 host sshd[11606]: Invalid user admin from 1.219.220.158 port 47994
Jan 17 12:35:01 host sshd[11606]: input_userauth_request: invalid user admin [preauth]
Jan 17 12:35:01 host sshd[11606]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 12:35:01 host sshd[11606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.219.220.158
Jan 17 12:35:03 host sshd[11606]: Failed password for invalid user admin from 1.219.220.158 port 47994 ssh2
Jan 17 12:35:04 host sshd[11606]: Failed password for invalid user admin from 1.219.220.158 port 47994 ssh2
Jan 17 12:35:05 host sshd[11606]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 12:35:06 host sshd[11606]: Failed password for invalid user admin from 1.219.220.158 port 47994 ssh2
Jan 17 12:35:07 host sshd[11606]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 12:35:09 host sshd[11606]: Failed password for invalid user admin from 1.219.220.158 port 47994 ssh2
Jan 17 12:35:09 host sshd[11606]: Connection reset by 1.219.220.158 port 47994 [preauth]
Jan 17 12:35:09 host sshd[11606]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.219.220.158
Jan 17 12:38:04 host sshd[12163]: User root from 122.117.118.183 not allowed because not listed in AllowUsers
Jan 17 12:38:04 host sshd[12163]: input_userauth_request: invalid user root [preauth]
Jan 17 12:38:04 host unix_chkpwd[12166]: password check failed for user (root)
Jan 17 12:38:04 host sshd[12163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.118.183 user=root
Jan 17 12:38:04 host sshd[12163]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 12:38:06 host sshd[12163]: Failed password for invalid user root from 122.117.118.183 port 49015 ssh2
Jan 17 12:38:07 host unix_chkpwd[12171]: password check failed for user (root)
Jan 17 12:38:07 host sshd[12163]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 12:38:09 host sshd[12163]: Failed password for invalid user root from 122.117.118.183 port 49015 ssh2
Jan 17 12:38:10 host unix_chkpwd[12174]: password check failed for user (root)
Jan 17 12:38:10 host sshd[12163]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 12:38:12 host sshd[12163]: Failed password for invalid user root from 122.117.118.183 port 49015 ssh2
Jan 17 12:38:13 host unix_chkpwd[12178]: password check failed for user (root)
Jan 17 12:38:13 host sshd[12163]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 12:38:14 host sshd[12163]: Failed password for invalid user root from 122.117.118.183 port 49015 ssh2
Jan 17 12:38:15 host sshd[12163]: Connection reset by 122.117.118.183 port 49015 [preauth]
Jan 17 12:38:15 host sshd[12163]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.118.183 user=root
Jan 17 12:38:15 host sshd[12163]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 17 12:45:22 host sshd[13687]: Invalid user telnet from 210.223.20.229 port 38702
Jan 17 12:45:22 host sshd[13687]: input_userauth_request: invalid user telnet [preauth]
Jan 17 12:45:22 host sshd[13687]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 12:45:22 host sshd[13687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.223.20.229
Jan 17 12:45:24 host sshd[13687]: Failed password for invalid user telnet from 210.223.20.229 port 38702 ssh2
Jan 17 12:45:25 host sshd[13687]: Connection reset by 210.223.20.229 port 38702 [preauth]
Jan 17 12:52:35 host sshd[15575]: Invalid user usr from 220.132.60.127 port 40753
Jan 17 12:52:35 host sshd[15575]: input_userauth_request: invalid user usr [preauth]
Jan 17 12:52:35 host sshd[15575]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 12:52:35 host sshd[15575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.60.127
Jan 17 12:52:37 host sshd[15575]: Failed password for invalid user usr from 220.132.60.127 port 40753 ssh2
Jan 17 12:52:37 host sshd[15575]: Connection reset by 220.132.60.127 port 40753 [preauth]
Jan 17 13:04:43 host sshd[19152]: User root from 118.46.245.47 not allowed because not listed in AllowUsers
Jan 17 13:04:43 host sshd[19152]: input_userauth_request: invalid user root [preauth]
Jan 17 13:04:44 host unix_chkpwd[19167]: password check failed for user (root)
Jan 17 13:04:44 host sshd[19152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.46.245.47 user=root
Jan 17 13:04:44 host sshd[19152]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 13:04:45 host sshd[19152]: Failed password for invalid user root from 118.46.245.47 port 63091 ssh2
Jan 17 13:04:45 host sshd[19152]: Connection reset by 118.46.245.47 port 63091 [preauth]
Jan 17 13:09:08 host sshd[19880]: Invalid user default from 42.191.77.59 port 51042
Jan 17 13:09:08 host sshd[19880]: input_userauth_request: invalid user default [preauth]
Jan 17 13:09:08 host sshd[19880]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:09:08 host sshd[19880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.191.77.59
Jan 17 13:09:10 host sshd[19880]: Failed password for invalid user default from 42.191.77.59 port 51042 ssh2
Jan 17 13:09:10 host sshd[19880]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:09:12 host sshd[19880]: Failed password for invalid user default from 42.191.77.59 port 51042 ssh2
Jan 17 13:09:12 host sshd[19880]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:09:14 host sshd[19880]: Failed password for invalid user default from 42.191.77.59 port 51042 ssh2
Jan 17 13:09:15 host sshd[19880]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:09:17 host sshd[19880]: Failed password for invalid user default from 42.191.77.59 port 51042 ssh2
Jan 17 13:09:17 host sshd[19880]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:09:19 host sshd[19880]: Failed password for invalid user default from 42.191.77.59 port 51042 ssh2
Jan 17 13:09:19 host sshd[19880]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:09:22 host sshd[19880]: Failed password for invalid user default from 42.191.77.59 port 51042 ssh2
Jan 17 13:09:22 host sshd[19880]: error: maximum authentication attempts exceeded for invalid user default from 42.191.77.59 port 51042 ssh2 [preauth]
Jan 17 13:09:22 host sshd[19880]: Disconnecting: Too many authentication failures [preauth]
Jan 17 13:09:22 host sshd[19880]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.191.77.59
Jan 17 13:09:22 host sshd[19880]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 17 13:09:55 host sshd[19997]: Invalid user ubnt from 112.173.206.245 port 48215
Jan 17 13:09:55 host sshd[19997]: input_userauth_request: invalid user ubnt [preauth]
Jan 17 13:09:55 host sshd[19997]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:09:55 host sshd[19997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.173.206.245
Jan 17 13:09:57 host sshd[19997]: Failed password for invalid user ubnt from 112.173.206.245 port 48215 ssh2
Jan 17 13:12:21 host sshd[20371]: Invalid user usr from 122.117.72.216 port 42708
Jan 17 13:12:21 host sshd[20371]: input_userauth_request: invalid user usr [preauth]
Jan 17 13:12:21 host sshd[20371]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:12:21 host sshd[20371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.72.216
Jan 17 13:12:23 host sshd[20371]: Failed password for invalid user usr from 122.117.72.216 port 42708 ssh2
Jan 17 13:12:23 host sshd[20371]: Connection reset by 122.117.72.216 port 42708 [preauth]
Jan 17 13:16:56 host sshd[20893]: Invalid user super from 121.153.245.38 port 49384
Jan 17 13:16:56 host sshd[20893]: input_userauth_request: invalid user super [preauth]
Jan 17 13:16:56 host sshd[20893]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:16:56 host sshd[20893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.153.245.38
Jan 17 13:16:58 host sshd[20893]: Failed password for invalid user super from 121.153.245.38 port 49384 ssh2
Jan 17 13:16:59 host sshd[20893]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:17:01 host sshd[20893]: Failed password for invalid user super from 121.153.245.38 port 49384 ssh2
Jan 17 13:17:04 host sshd[20893]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:17:06 host sshd[20893]: Failed password for invalid user super from 121.153.245.38 port 49384 ssh2
Jan 17 13:17:06 host sshd[20893]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:17:08 host sshd[20893]: Failed password for invalid user super from 121.153.245.38 port 49384 ssh2
Jan 17 13:17:09 host sshd[20893]: Connection reset by 121.153.245.38 port 49384 [preauth]
Jan 17 13:17:09 host sshd[20893]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.153.245.38
Jan 17 13:17:09 host sshd[20893]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 17 13:18:31 host sshd[21209]: User root from 220.134.174.154 not allowed because not listed in AllowUsers
Jan 17 13:18:31 host sshd[21209]: input_userauth_request: invalid user root [preauth]
Jan 17 13:18:31 host unix_chkpwd[21213]: password check failed for user (root)
Jan 17 13:18:31 host sshd[21209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.174.154 user=root
Jan 17 13:18:31 host sshd[21209]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 13:18:33 host sshd[21209]: Failed password for invalid user root from 220.134.174.154 port 44264 ssh2
Jan 17 13:18:34 host unix_chkpwd[21217]: password check failed for user (root)
Jan 17 13:18:34 host sshd[21209]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 13:18:36 host sshd[21209]: Failed password for invalid user root from 220.134.174.154 port 44264 ssh2
Jan 17 13:18:37 host unix_chkpwd[21227]: password check failed for user (root)
Jan 17 13:18:37 host sshd[21209]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 13:18:39 host sshd[21209]: Failed password for invalid user root from 220.134.174.154 port 44264 ssh2
Jan 17 13:18:40 host unix_chkpwd[21230]: password check failed for user (root)
Jan 17 13:18:40 host sshd[21209]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 13:18:43 host sshd[21209]: Failed password for invalid user root from 220.134.174.154 port 44264 ssh2
Jan 17 13:20:49 host sshd[21533]: Invalid user pi from 46.205.211.100 port 13332
Jan 17 13:20:49 host sshd[21533]: input_userauth_request: invalid user pi [preauth]
Jan 17 13:20:49 host sshd[21532]: Invalid user pi from 46.205.211.100 port 9238
Jan 17 13:20:49 host sshd[21532]: input_userauth_request: invalid user pi [preauth]
Jan 17 13:20:49 host sshd[21533]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:20:49 host sshd[21533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.205.211.100
Jan 17 13:20:49 host sshd[21532]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:20:49 host sshd[21532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.205.211.100
Jan 17 13:20:51 host sshd[21533]: Failed password for invalid user pi from 46.205.211.100 port 13332 ssh2
Jan 17 13:20:51 host sshd[21532]: Failed password for invalid user pi from 46.205.211.100 port 9238 ssh2
Jan 17 13:20:51 host sshd[21533]: Connection closed by 46.205.211.100 port 13332 [preauth]
Jan 17 13:20:51 host sshd[21532]: Connection closed by 46.205.211.100 port 9238 [preauth]
Jan 17 13:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 13:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 13:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 13:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkmaorg user-2=disposeat user-3=remysagr user-4=wwwkapin user-5=woodpeck user-6=vfmassets user-7=wwwtestugo user-8=shalinijames user-9=pmcresources user-10=bonifacegroup user-11=wwwevmhonda user-12=straightcurve user-13=wwwletsstalkfood user-14=gifterman user-15=palco123 user-16=kottayamcalldriv user-17=phmetals user-18=mrsclean user-19=wwwnexidigital user-20=cochintaxi user-21=wwwkaretakers user-22=dartsimp user-23=a2zgroup user-24=laundryboniface user-25=wwwpmcresource user-26=travelboniface user-27=wwwrmswll user-28=keralaholi user-29=wwwresourcehunte user-30=ugotscom feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 13:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 13:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 13:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ZjHyYbQKf0kzhLkQ.~
Jan 17 13:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ZjHyYbQKf0kzhLkQ.~'
Jan 17 13:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ZjHyYbQKf0kzhLkQ.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 13:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 13:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 13:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 13:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 13:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 13:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 13:27:21 host sshd[22734]: Invalid user Admin from 118.173.203.29 port 33382
Jan 17 13:27:21 host sshd[22734]: input_userauth_request: invalid user Admin [preauth]
Jan 17 13:27:21 host sshd[22734]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:27:21 host sshd[22734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.173.203.29
Jan 17 13:27:23 host sshd[22734]: Failed password for invalid user Admin from 118.173.203.29 port 33382 ssh2
Jan 17 13:27:24 host sshd[22734]: Connection reset by 118.173.203.29 port 33382 [preauth]
Jan 17 13:30:10 host sshd[23184]: Invalid user fl from 194.110.203.109 port 33088
Jan 17 13:30:10 host sshd[23184]: input_userauth_request: invalid user fl [preauth]
Jan 17 13:30:10 host sshd[23184]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:30:10 host sshd[23184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 13:30:12 host sshd[23184]: Failed password for invalid user fl from 194.110.203.109 port 33088 ssh2
Jan 17 13:30:15 host sshd[23184]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:30:17 host sshd[23184]: Failed password for invalid user fl from 194.110.203.109 port 33088 ssh2
Jan 17 13:30:20 host sshd[23184]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:30:22 host sshd[23184]: Failed password for invalid user fl from 194.110.203.109 port 33088 ssh2
Jan 17 13:30:25 host sshd[23184]: Connection closed by 194.110.203.109 port 33088 [preauth]
Jan 17 13:30:25 host sshd[23184]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 13:30:25 host sshd[23221]: Did not receive identification string from 64.227.181.236 port 61000
Jan 17 13:49:36 host sshd[26073]: Invalid user ec2-user from 218.156.128.226 port 34736
Jan 17 13:49:36 host sshd[26073]: input_userauth_request: invalid user ec2-user [preauth]
Jan 17 13:49:36 host sshd[26073]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:49:36 host sshd[26073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.156.128.226
Jan 17 13:49:39 host sshd[26073]: Failed password for invalid user ec2-user from 218.156.128.226 port 34736 ssh2
Jan 17 13:49:39 host sshd[26073]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:49:41 host sshd[26073]: Failed password for invalid user ec2-user from 218.156.128.226 port 34736 ssh2
Jan 17 13:49:42 host sshd[26073]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:49:44 host sshd[26073]: Failed password for invalid user ec2-user from 218.156.128.226 port 34736 ssh2
Jan 17 13:49:44 host sshd[26073]: Failed password for invalid user ec2-user from 218.156.128.226 port 34736 ssh2
Jan 17 13:49:45 host sshd[26073]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:49:47 host sshd[26073]: Failed password for invalid user ec2-user from 218.156.128.226 port 34736 ssh2
Jan 17 13:49:47 host sshd[26073]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:49:49 host sshd[26073]: Failed password for invalid user ec2-user from 218.156.128.226 port 34736 ssh2
Jan 17 13:49:49 host sshd[26073]: error: maximum authentication attempts exceeded for invalid user ec2-user from 218.156.128.226 port 34736 ssh2 [preauth]
Jan 17 13:49:49 host sshd[26073]: Disconnecting: Too many authentication failures [preauth]
Jan 17 13:49:49 host sshd[26073]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.156.128.226
Jan 17 13:49:49 host sshd[26073]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 17 13:53:29 host sshd[26660]: Invalid user admin from 210.206.3.119 port 60153
Jan 17 13:53:29 host sshd[26660]: input_userauth_request: invalid user admin [preauth]
Jan 17 13:53:29 host sshd[26660]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 13:53:29 host sshd[26660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.206.3.119
Jan 17 13:53:31 host sshd[26660]: Failed password for invalid user admin from 210.206.3.119 port 60153 ssh2
Jan 17 13:53:32 host sshd[26660]: Connection reset by 210.206.3.119 port 60153 [preauth]
Jan 17 14:00:52 host sshd[27628]: Did not receive identification string from 82.157.194.152 port 56270
Jan 17 14:03:32 host sshd[27973]: User root from 146.190.227.169 not allowed because not listed in AllowUsers
Jan 17 14:03:32 host sshd[27973]: input_userauth_request: invalid user root [preauth]
Jan 17 14:03:32 host unix_chkpwd[27976]: password check failed for user (root)
Jan 17 14:03:32 host sshd[27973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.227.169 user=root
Jan 17 14:03:32 host sshd[27973]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:03:34 host sshd[27973]: Failed password for invalid user root from 146.190.227.169 port 41826 ssh2
Jan 17 14:03:35 host sshd[27973]: Received disconnect from 146.190.227.169 port 41826:11: Bye Bye [preauth]
Jan 17 14:03:35 host sshd[27973]: Disconnected from 146.190.227.169 port 41826 [preauth]
Jan 17 14:07:07 host sshd[28498]: Invalid user slave from 129.205.208.20 port 61003
Jan 17 14:07:07 host sshd[28498]: input_userauth_request: invalid user slave [preauth]
Jan 17 14:07:07 host sshd[28498]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:07:07 host sshd[28498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.205.208.20
Jan 17 14:07:09 host sshd[28498]: Failed password for invalid user slave from 129.205.208.20 port 61003 ssh2
Jan 17 14:07:09 host sshd[28498]: Received disconnect from 129.205.208.20 port 61003:11: Bye Bye [preauth]
Jan 17 14:07:09 host sshd[28498]: Disconnected from 129.205.208.20 port 61003 [preauth]
Jan 17 14:07:24 host sshd[28532]: Invalid user admin from 122.117.92.132 port 35298
Jan 17 14:07:24 host sshd[28532]: input_userauth_request: invalid user admin [preauth]
Jan 17 14:07:24 host sshd[28532]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:07:24 host sshd[28532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.92.132
Jan 17 14:07:26 host sshd[28532]: Failed password for invalid user admin from 122.117.92.132 port 35298 ssh2
Jan 17 14:07:28 host sshd[28532]: Failed password for invalid user admin from 122.117.92.132 port 35298 ssh2
Jan 17 14:07:28 host sshd[28532]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:07:31 host sshd[28532]: Failed password for invalid user admin from 122.117.92.132 port 35298 ssh2
Jan 17 14:07:32 host sshd[28532]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:07:34 host sshd[28532]: Failed password for invalid user admin from 122.117.92.132 port 35298 ssh2
Jan 17 14:07:34 host sshd[28567]: Invalid user terraria from 164.90.191.216 port 42078
Jan 17 14:07:34 host sshd[28567]: input_userauth_request: invalid user terraria [preauth]
Jan 17 14:07:34 host sshd[28567]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:07:34 host sshd[28567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.191.216
Jan 17 14:07:34 host sshd[28532]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:07:36 host sshd[28567]: Failed password for invalid user terraria from 164.90.191.216 port 42078 ssh2
Jan 17 14:07:36 host sshd[28567]: Received disconnect from 164.90.191.216 port 42078:11: Bye Bye [preauth]
Jan 17 14:07:36 host sshd[28567]: Disconnected from 164.90.191.216 port 42078 [preauth]
Jan 17 14:07:36 host sshd[28532]: Failed password for invalid user admin from 122.117.92.132 port 35298 ssh2
Jan 17 14:07:37 host sshd[28532]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:07:39 host sshd[28532]: Failed password for invalid user admin from 122.117.92.132 port 35298 ssh2
Jan 17 14:07:39 host sshd[28532]: error: maximum authentication attempts exceeded for invalid user admin from 122.117.92.132 port 35298 ssh2 [preauth]
Jan 17 14:07:39 host sshd[28532]: Disconnecting: Too many authentication failures [preauth]
Jan 17 14:07:39 host sshd[28532]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.92.132
Jan 17 14:07:39 host sshd[28532]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 17 14:08:08 host sshd[28655]: Connection closed by 60.217.75.70 port 54710 [preauth]
Jan 17 14:09:10 host sshd[28788]: User root from 146.190.227.169 not allowed because not listed in AllowUsers
Jan 17 14:09:10 host sshd[28788]: input_userauth_request: invalid user root [preauth]
Jan 17 14:09:10 host unix_chkpwd[28791]: password check failed for user (root)
Jan 17 14:09:10 host sshd[28788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.227.169 user=root
Jan 17 14:09:10 host sshd[28788]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:09:12 host sshd[28788]: Failed password for invalid user root from 146.190.227.169 port 42536 ssh2
Jan 17 14:09:13 host sshd[28788]: Received disconnect from 146.190.227.169 port 42536:11: Bye Bye [preauth]
Jan 17 14:09:13 host sshd[28788]: Disconnected from 146.190.227.169 port 42536 [preauth]
Jan 17 14:09:44 host sshd[28883]: Invalid user devops from 164.90.191.216 port 47554
Jan 17 14:09:44 host sshd[28883]: input_userauth_request: invalid user devops [preauth]
Jan 17 14:09:44 host sshd[28883]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:09:44 host sshd[28883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.191.216
Jan 17 14:09:47 host sshd[28883]: Failed password for invalid user devops from 164.90.191.216 port 47554 ssh2
Jan 17 14:09:47 host sshd[28883]: Received disconnect from 164.90.191.216 port 47554:11: Bye Bye [preauth]
Jan 17 14:09:47 host sshd[28883]: Disconnected from 164.90.191.216 port 47554 [preauth]
Jan 17 14:10:52 host sshd[29130]: User root from 164.90.191.216 not allowed because not listed in AllowUsers
Jan 17 14:10:52 host sshd[29130]: input_userauth_request: invalid user root [preauth]
Jan 17 14:10:52 host unix_chkpwd[29133]: password check failed for user (root)
Jan 17 14:10:52 host sshd[29130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.191.216 user=root
Jan 17 14:10:52 host sshd[29130]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:10:54 host sshd[29130]: Failed password for invalid user root from 164.90.191.216 port 46008 ssh2
Jan 17 14:11:09 host sshd[29193]: Connection reset by 114.32.62.25 port 50550 [preauth]
Jan 17 14:12:08 host sshd[29302]: Did not receive identification string from 20.163.208.188 port 39998
Jan 17 14:12:11 host sshd[29315]: Invalid user user from 20.163.208.188 port 40050
Jan 17 14:12:11 host sshd[29315]: input_userauth_request: invalid user user [preauth]
Jan 17 14:12:11 host sshd[29309]: Invalid user admin from 20.163.208.188 port 40080
Jan 17 14:12:11 host sshd[29310]: Invalid user admin from 20.163.208.188 port 40064
Jan 17 14:12:11 host sshd[29310]: input_userauth_request: invalid user admin [preauth]
Jan 17 14:12:11 host sshd[29309]: input_userauth_request: invalid user admin [preauth]
Jan 17 14:12:11 host sshd[29312]: Invalid user es from 20.163.208.188 port 40046
Jan 17 14:12:11 host sshd[29313]: Invalid user test from 20.163.208.188 port 40090
Jan 17 14:12:11 host sshd[29312]: input_userauth_request: invalid user es [preauth]
Jan 17 14:12:11 host sshd[29313]: input_userauth_request: invalid user test [preauth]
Jan 17 14:12:11 host sshd[29316]: Invalid user oracle from 20.163.208.188 port 40130
Jan 17 14:12:11 host sshd[29316]: input_userauth_request: invalid user oracle [preauth]
Jan 17 14:12:11 host sshd[29317]: Invalid user halo from 20.163.208.188 port 40026
Jan 17 14:12:11 host sshd[29317]: input_userauth_request: invalid user halo [preauth]
Jan 17 14:12:11 host sshd[29308]: Invalid user testuser from 20.163.208.188 port 40034
Jan 17 14:12:11 host sshd[29308]: input_userauth_request: invalid user testuser [preauth]
Jan 17 14:12:11 host sshd[29311]: Invalid user es from 20.163.208.188 port 40118
Jan 17 14:12:11 host sshd[29311]: input_userauth_request: invalid user es [preauth]
Jan 17 14:12:11 host sshd[29307]: Invalid user esuser from 20.163.208.188 port 40016
Jan 17 14:12:11 host sshd[29307]: input_userauth_request: invalid user esuser [preauth]
Jan 17 14:12:11 host sshd[29306]: Invalid user student from 20.163.208.188 port 40014
Jan 17 14:12:11 host sshd[29306]: input_userauth_request: invalid user student [preauth]
Jan 17 14:12:12 host sshd[29314]: Invalid user steam from 20.163.208.188 port 40074
Jan 17 14:12:12 host sshd[29314]: input_userauth_request: invalid user steam [preauth]
Jan 17 14:12:12 host sshd[29337]: Invalid user guest from 20.163.208.188 port 40182
Jan 17 14:12:12 host sshd[29337]: input_userauth_request: invalid user guest [preauth]
Jan 17 14:12:12 host sshd[29332]: Invalid user oracle from 20.163.208.188 port 40236
Jan 17 14:12:12 host sshd[29333]: Invalid user testuser from 20.163.208.188 port 40220
Jan 17 14:12:12 host sshd[29332]: input_userauth_request: invalid user oracle [preauth]
Jan 17 14:12:12 host sshd[29333]: input_userauth_request: invalid user testuser [preauth]
Jan 17 14:12:12 host sshd[29315]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29331]: Invalid user test from 20.163.208.188 port 40168
Jan 17 14:12:12 host sshd[29331]: input_userauth_request: invalid user test [preauth]
Jan 17 14:12:12 host sshd[29339]: Invalid user admin from 20.163.208.188 port 40262
Jan 17 14:12:12 host sshd[29339]: input_userauth_request: invalid user admin [preauth]
Jan 17 14:12:12 host sshd[29330]: Invalid user oracle from 20.163.208.188 port 40138
Jan 17 14:12:12 host sshd[29330]: input_userauth_request: invalid user oracle [preauth]
Jan 17 14:12:12 host sshd[29336]: Invalid user user from 20.163.208.188 port 40190
Jan 17 14:12:12 host sshd[29335]: User root from 20.163.208.188 not allowed because not listed in AllowUsers
Jan 17 14:12:12 host sshd[29344]: Invalid user testuser from 20.163.208.188 port 40362
Jan 17 14:12:12 host sshd[29336]: input_userauth_request: invalid user user [preauth]
Jan 17 14:12:12 host sshd[29344]: input_userauth_request: invalid user testuser [preauth]
Jan 17 14:12:12 host sshd[29335]: input_userauth_request: invalid user root [preauth]
Jan 17 14:12:12 host sshd[29334]: Invalid user oracle from 20.163.208.188 port 40142
Jan 17 14:12:12 host sshd[29334]: input_userauth_request: invalid user oracle [preauth]
Jan 17 14:12:12 host sshd[29309]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29310]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29345]: Invalid user admin from 20.163.208.188 port 40288
Jan 17 14:12:12 host sshd[29313]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29345]: input_userauth_request: invalid user admin [preauth]
Jan 17 14:12:12 host sshd[29312]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29316]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29346]: Invalid user ansible from 20.163.208.188 port 40314
Jan 17 14:12:12 host sshd[29346]: input_userauth_request: invalid user ansible [preauth]
Jan 17 14:12:12 host sshd[29317]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29340]: Invalid user postgres from 20.163.208.188 port 40208
Jan 17 14:12:12 host sshd[29340]: input_userauth_request: invalid user postgres [preauth]
Jan 17 14:12:12 host sshd[29308]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29314]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29338]: User root from 20.163.208.188 not allowed because not listed in AllowUsers
Jan 17 14:12:12 host sshd[29338]: input_userauth_request: invalid user root [preauth]
Jan 17 14:12:12 host sshd[29337]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29333]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29332]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29311]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29307]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29306]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29339]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29331]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29336]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29330]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29345]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29305]: Invalid user ansadmin from 20.163.208.188 port 40002
Jan 17 14:12:12 host sshd[29305]: input_userauth_request: invalid user ansadmin [preauth]
Jan 17 14:12:12 host sshd[29334]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host sshd[29344]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:12 host sshd[29344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:12 host unix_chkpwd[29369]: password check failed for user (root)
Jan 17 14:12:12 host sshd[29335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188 user=root
Jan 17 14:12:12 host sshd[29335]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:12:13 host sshd[29346]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:13 host sshd[29346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:13 host sshd[29340]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:13 host sshd[29340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:13 host sshd[29350]: Invalid user ansible from 20.163.208.188 port 40364
Jan 17 14:12:13 host sshd[29350]: input_userauth_request: invalid user ansible [preauth]
Jan 17 14:12:13 host sshd[29315]: Failed password for invalid user user from 20.163.208.188 port 40050 ssh2
Jan 17 14:12:13 host sshd[29341]: User root from 20.163.208.188 not allowed because not listed in AllowUsers
Jan 17 14:12:13 host sshd[29341]: input_userauth_request: invalid user root [preauth]
Jan 17 14:12:13 host unix_chkpwd[29377]: password check failed for user (root)
Jan 17 14:12:13 host sshd[29338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188 user=root
Jan 17 14:12:13 host sshd[29338]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:12:13 host sshd[29309]: Failed password for invalid user admin from 20.163.208.188 port 40080 ssh2
Jan 17 14:12:13 host sshd[29310]: Failed password for invalid user admin from 20.163.208.188 port 40064 ssh2
Jan 17 14:12:13 host sshd[29316]: Failed password for invalid user oracle from 20.163.208.188 port 40130 ssh2
Jan 17 14:12:13 host sshd[29313]: Failed password for invalid user test from 20.163.208.188 port 40090 ssh2
Jan 17 14:12:13 host sshd[29312]: Failed password for invalid user es from 20.163.208.188 port 40046 ssh2
Jan 17 14:12:13 host sshd[29305]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:13 host sshd[29305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.208.188
Jan 17 14:12:13 host sshd[29317]: Failed password for invalid user halo from 20.163.208.188 port 40026 ssh2
Jan 17 14:12:14 host sshd[29308]: Failed password for invalid user testuser from 20.163.208.188 port 40034 ssh2
Jan 17 14:12:14 host sshd[29314]: Failed password for invalid user steam from 20.163.208.188 port 40074 ssh2
Jan 17 14:12:14 host sshd[29337]: Failed password for invalid user guest from 20.163.208.188 port 40182 ssh2
Jan 17 14:12:14 host sshd[29333]: Failed password for invalid user testuser from 20.163.208.188 port 40220 ssh2
Jan 17 14:12:14 host sshd[29332]: Failed password for invalid user oracle from 20.163.208.188 port 40236 ssh2
Jan 17 14:12:14 host sshd[29307]: Failed password for invalid user esuser from 20.163.208.188 port 40016 ssh2
Jan 17 14:12:14 host sshd[29311]: Failed password for invalid user es from 20.163.208.188 port 40118 ssh2
Jan 17 14:12:14 host sshd[29306]: Failed password for invalid user student from 20.163.208.188 port 40014 ssh2
Jan 17 14:12:14 host sshd[29339]: Failed password for invalid user admin from 20.163.208.188 port 40262 ssh2
Jan 17 14:12:14 host sshd[29331]: Failed password for invalid user test from 20.163.208.188 port 40168 ssh2
Jan 17 14:12:14 host sshd[29336]: Failed password for invalid user user from 20.163.208.188 port 40190 ssh2
Jan 17 14:12:14 host sshd[29330]: Failed password for invalid user oracle from 20.163.208.188 port 40138 ssh2
Jan 17 14:12:14 host sshd[29345]: Failed password for invalid user admin from 20.163.208.188 port 40288 ssh2
Jan 17 14:12:14 host sshd[29334]: Failed password for invalid user oracle from 20.163.208.188 port 40142 ssh2
Jan 17 14:12:14 host sshd[29344]: Failed password for invalid user testuser from 20.163.208.188 port 40362 ssh2
Jan 17 14:12:14 host sshd[29335]: Failed password for invalid user root from 20.163.208.188 port 40156 ssh2
Jan 17 14:12:14 host sshd[29346]: Failed password for invalid user ansible from 20.163.208.188 port 40314 ssh2
Jan 17 14:12:14 host sshd[29340]: Failed password for invalid user postgres from 20.163.208.188 port 40208 ssh2
Jan 17 14:12:14 host sshd[29338]: Failed password for invalid user root from 20.163.208.188 port 40226 ssh2
Jan 17 14:12:15 host sshd[29305]: Failed password for invalid user ansadmin from 20.163.208.188 port 40002 ssh2
Jan 17 14:12:58 host sshd[29475]: Invalid user admin from 114.33.94.206 port 50635
Jan 17 14:12:58 host sshd[29475]: input_userauth_request: invalid user admin [preauth]
Jan 17 14:12:58 host sshd[29475]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:12:58 host sshd[29475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.94.206
Jan 17 14:13:01 host sshd[29475]: Failed password for invalid user admin from 114.33.94.206 port 50635 ssh2
Jan 17 14:13:01 host sshd[29475]: Failed password for invalid user admin from 114.33.94.206 port 50635 ssh2
Jan 17 14:13:02 host sshd[29475]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:13:04 host sshd[29475]: Failed password for invalid user admin from 114.33.94.206 port 50635 ssh2
Jan 17 14:13:05 host sshd[29475]: Connection reset by 114.33.94.206 port 50635 [preauth]
Jan 17 14:13:05 host sshd[29475]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.94.206
Jan 17 14:13:43 host sshd[29577]: Invalid user albert from 129.205.208.20 port 38989
Jan 17 14:13:43 host sshd[29577]: input_userauth_request: invalid user albert [preauth]
Jan 17 14:13:43 host sshd[29577]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:13:43 host sshd[29577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.205.208.20
Jan 17 14:13:44 host sshd[29577]: Failed password for invalid user albert from 129.205.208.20 port 38989 ssh2
Jan 17 14:13:44 host sshd[29577]: Received disconnect from 129.205.208.20 port 38989:11: Bye Bye [preauth]
Jan 17 14:13:44 host sshd[29577]: Disconnected from 129.205.208.20 port 38989 [preauth]
Jan 17 14:15:07 host sshd[29754]: Invalid user training from 129.205.208.20 port 49718
Jan 17 14:15:07 host sshd[29754]: input_userauth_request: invalid user training [preauth]
Jan 17 14:15:07 host sshd[29754]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:15:07 host sshd[29754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.205.208.20
Jan 17 14:15:10 host sshd[29754]: Failed password for invalid user training from 129.205.208.20 port 49718 ssh2
Jan 17 14:20:25 host sshd[30474]: Connection reset by 114.33.162.97 port 47858 [preauth]
Jan 17 14:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 14:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwevmhonda user-2=bonifacegroup user-3=straightcurve user-4=wwwletsstalkfood user-5=phmetals user-6=kottayamcalldriv user-7=gifterman user-8=palco123 user-9=mrsclean user-10=wwwnexidigital user-11=disposeat user-12=remysagr user-13=wwwkmaorg user-14=wwwkapin user-15=woodpeck user-16=wwwtestugo user-17=shalinijames user-18=vfmassets user-19=pmcresources user-20=wwwpmcresource user-21=travelboniface user-22=ugotscom user-23=wwwrmswll user-24=keralaholi user-25=wwwresourcehunte user-26=cochintaxi user-27=wwwkaretakers user-28=dartsimp user-29=a2zgroup user-30=laundryboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 14:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-7V5TKPkc96ZGM28A.~
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-7V5TKPkc96ZGM28A.~'
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-7V5TKPkc96ZGM28A.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 14:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 14:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 14:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 14:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 14:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 14:32:18 host sshd[32448]: Invalid user maximo from 103.253.147.160 port 44518
Jan 17 14:32:18 host sshd[32448]: input_userauth_request: invalid user maximo [preauth]
Jan 17 14:32:18 host sshd[32448]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:32:18 host sshd[32448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.253.147.160
Jan 17 14:32:20 host sshd[32448]: Failed password for invalid user maximo from 103.253.147.160 port 44518 ssh2
Jan 17 14:32:20 host sshd[32448]: Received disconnect from 103.253.147.160 port 44518:11: Bye Bye [preauth]
Jan 17 14:32:20 host sshd[32448]: Disconnected from 103.253.147.160 port 44518 [preauth]
Jan 17 14:32:22 host sshd[32453]: User root from 123.0.236.125 not allowed because not listed in AllowUsers
Jan 17 14:32:22 host sshd[32453]: input_userauth_request: invalid user root [preauth]
Jan 17 14:32:22 host unix_chkpwd[32456]: password check failed for user (root)
Jan 17 14:32:22 host sshd[32453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.0.236.125 user=root
Jan 17 14:32:22 host sshd[32453]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:32:25 host sshd[32453]: Failed password for invalid user root from 123.0.236.125 port 54588 ssh2
Jan 17 14:32:25 host sshd[32458]: User root from 138.68.239.113 not allowed because not listed in AllowUsers
Jan 17 14:32:25 host sshd[32458]: input_userauth_request: invalid user root [preauth]
Jan 17 14:32:25 host unix_chkpwd[32463]: password check failed for user (root)
Jan 17 14:32:25 host sshd[32458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.239.113 user=root
Jan 17 14:32:25 host sshd[32458]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:32:26 host unix_chkpwd[32465]: password check failed for user (root)
Jan 17 14:32:26 host sshd[32453]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:32:26 host sshd[32458]: Failed password for invalid user root from 138.68.239.113 port 48758 ssh2
Jan 17 14:32:26 host sshd[32458]: Received disconnect from 138.68.239.113 port 48758:11: Bye Bye [preauth]
Jan 17 14:32:26 host sshd[32458]: Disconnected from 138.68.239.113 port 48758 [preauth]
Jan 17 14:32:28 host sshd[32453]: Failed password for invalid user root from 123.0.236.125 port 54588 ssh2
Jan 17 14:32:28 host unix_chkpwd[32472]: password check failed for user (root)
Jan 17 14:32:28 host sshd[32453]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:32:30 host sshd[32453]: Failed password for invalid user root from 123.0.236.125 port 54588 ssh2
Jan 17 14:32:32 host unix_chkpwd[32498]: password check failed for user (root)
Jan 17 14:32:32 host sshd[32453]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:32:34 host sshd[32453]: Failed password for invalid user root from 123.0.236.125 port 54588 ssh2
Jan 17 14:32:35 host unix_chkpwd[32522]: password check failed for user (root)
Jan 17 14:32:35 host sshd[32453]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:32:37 host sshd[32453]: Failed password for invalid user root from 123.0.236.125 port 54588 ssh2
Jan 17 14:34:19 host sshd[32698]: Invalid user hotline from 20.40.81.0 port 41244
Jan 17 14:34:19 host sshd[32698]: input_userauth_request: invalid user hotline [preauth]
Jan 17 14:34:19 host sshd[32698]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:34:19 host sshd[32698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.81.0
Jan 17 14:34:21 host sshd[32698]: Failed password for invalid user hotline from 20.40.81.0 port 41244 ssh2
Jan 17 14:34:21 host sshd[32698]: Received disconnect from 20.40.81.0 port 41244:11: Bye Bye [preauth]
Jan 17 14:34:21 host sshd[32698]: Disconnected from 20.40.81.0 port 41244 [preauth]
Jan 17 14:36:35 host sshd[708]: Invalid user test2 from 67.205.187.133 port 34350
Jan 17 14:36:35 host sshd[708]: input_userauth_request: invalid user test2 [preauth]
Jan 17 14:36:35 host sshd[708]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:36:35 host sshd[708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.205.187.133
Jan 17 14:36:37 host sshd[708]: Failed password for invalid user test2 from 67.205.187.133 port 34350 ssh2
Jan 17 14:36:38 host sshd[708]: Received disconnect from 67.205.187.133 port 34350:11: Bye Bye [preauth]
Jan 17 14:36:38 host sshd[708]: Disconnected from 67.205.187.133 port 34350 [preauth]
Jan 17 14:37:43 host sshd[874]: User root from 138.68.239.113 not allowed because not listed in AllowUsers
Jan 17 14:37:43 host sshd[874]: input_userauth_request: invalid user root [preauth]
Jan 17 14:37:43 host unix_chkpwd[878]: password check failed for user (root)
Jan 17 14:37:43 host sshd[874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.239.113 user=root
Jan 17 14:37:43 host sshd[874]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:37:45 host sshd[874]: Failed password for invalid user root from 138.68.239.113 port 46780 ssh2
Jan 17 14:37:55 host sshd[930]: User root from 103.253.147.160 not allowed because not listed in AllowUsers
Jan 17 14:37:55 host sshd[930]: input_userauth_request: invalid user root [preauth]
Jan 17 14:37:55 host unix_chkpwd[932]: password check failed for user (root)
Jan 17 14:37:55 host sshd[930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.253.147.160 user=root
Jan 17 14:37:55 host sshd[930]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:37:57 host sshd[930]: Failed password for invalid user root from 103.253.147.160 port 43806 ssh2
Jan 17 14:37:57 host sshd[930]: Received disconnect from 103.253.147.160 port 43806:11: Bye Bye [preauth]
Jan 17 14:37:57 host sshd[930]: Disconnected from 103.253.147.160 port 43806 [preauth]
Jan 17 14:38:08 host sshd[994]: User root from 67.205.187.133 not allowed because not listed in AllowUsers
Jan 17 14:38:08 host sshd[994]: input_userauth_request: invalid user root [preauth]
Jan 17 14:38:08 host unix_chkpwd[999]: password check failed for user (root)
Jan 17 14:38:08 host sshd[994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.205.187.133 user=root
Jan 17 14:38:08 host sshd[994]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:38:09 host sshd[994]: Failed password for invalid user root from 67.205.187.133 port 35606 ssh2
Jan 17 14:38:10 host sshd[994]: Received disconnect from 67.205.187.133 port 35606:11: Bye Bye [preauth]
Jan 17 14:38:10 host sshd[994]: Disconnected from 67.205.187.133 port 35606 [preauth]
Jan 17 14:38:28 host sshd[1070]: Invalid user redis from 20.40.81.0 port 59440
Jan 17 14:38:28 host sshd[1070]: input_userauth_request: invalid user redis [preauth]
Jan 17 14:38:28 host sshd[1070]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:38:28 host sshd[1070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.81.0
Jan 17 14:38:30 host sshd[1070]: Failed password for invalid user redis from 20.40.81.0 port 59440 ssh2
Jan 17 14:38:30 host sshd[1070]: Received disconnect from 20.40.81.0 port 59440:11: Bye Bye [preauth]
Jan 17 14:38:30 host sshd[1070]: Disconnected from 20.40.81.0 port 59440 [preauth]
Jan 17 14:38:51 host sshd[1135]: User root from 85.237.57.44 not allowed because not listed in AllowUsers
Jan 17 14:38:51 host sshd[1135]: input_userauth_request: invalid user root [preauth]
Jan 17 14:38:51 host unix_chkpwd[1146]: password check failed for user (root)
Jan 17 14:38:51 host sshd[1135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.237.57.44 user=root
Jan 17 14:38:51 host sshd[1135]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 14:38:52 host sshd[1135]: Failed password for invalid user root from 85.237.57.44 port 54460 ssh2
Jan 17 14:38:53 host sshd[1135]: Received disconnect from 85.237.57.44 port 54460:11: Bye Bye [preauth]
Jan 17 14:38:53 host sshd[1135]: Disconnected from 85.237.57.44 port 54460 [preauth]
Jan 17 14:39:52 host sshd[1333]: Invalid user bet from 20.40.81.0 port 39166
Jan 17 14:39:52 host sshd[1333]: input_userauth_request: invalid user bet [preauth]
Jan 17 14:39:52 host sshd[1333]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:39:52 host sshd[1333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.81.0
Jan 17 14:39:54 host sshd[1333]: Failed password for invalid user bet from 20.40.81.0 port 39166 ssh2
Jan 17 14:39:54 host sshd[1333]: Received disconnect from 20.40.81.0 port 39166:11: Bye Bye [preauth]
Jan 17 14:39:54 host sshd[1333]: Disconnected from 20.40.81.0 port 39166 [preauth]
Jan 17 14:42:07 host sshd[1833]: Invalid user auditor from 205.185.113.129 port 51196
Jan 17 14:42:07 host sshd[1833]: input_userauth_request: invalid user auditor [preauth]
Jan 17 14:42:07 host sshd[1833]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 14:42:07 host sshd[1833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 17 14:42:09 host sshd[1833]: Failed password for invalid user auditor from 205.185.113.129 port 51196 ssh2
Jan 17 14:42:10 host sshd[1833]: Connection closed by 205.185.113.129 port 51196 [preauth]
Jan 17 14:42:47 host sshd[1932]: Connection closed by 85.237.57.44 port 60436 [preauth]
Jan 17 14:48:50 host sshd[2814]: Connection closed by 85.237.57.44 port 42746 [preauth]
Jan 17 14:54:56 host sshd[3821]: Connection closed by 85.237.57.44 port 33324 [preauth]
Jan 17 15:01:38 host sshd[4935]: Received disconnect from 85.237.57.44 port 57176:11: Bye Bye [preauth]
Jan 17 15:01:38 host sshd[4935]: Disconnected from 85.237.57.44 port 57176 [preauth]
Jan 17 15:04:06 host sshd[5455]: Invalid user docker from 85.237.57.44 port 55360
Jan 17 15:04:06 host sshd[5455]: input_userauth_request: invalid user docker [preauth]
Jan 17 15:04:06 host sshd[5455]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:04:06 host sshd[5455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.237.57.44
Jan 17 15:04:08 host sshd[5455]: Failed password for invalid user docker from 85.237.57.44 port 55360 ssh2
Jan 17 15:04:08 host sshd[5455]: Received disconnect from 85.237.57.44 port 55360:11: Bye Bye [preauth]
Jan 17 15:04:08 host sshd[5455]: Disconnected from 85.237.57.44 port 55360 [preauth]
Jan 17 15:14:42 host sshd[7003]: Invalid user fm from 194.110.203.109 port 36538
Jan 17 15:14:42 host sshd[7003]: input_userauth_request: invalid user fm [preauth]
Jan 17 15:14:42 host sshd[7003]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:14:42 host sshd[7003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 15:14:45 host sshd[7003]: Failed password for invalid user fm from 194.110.203.109 port 36538 ssh2
Jan 17 15:14:48 host sshd[7003]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:14:50 host sshd[7003]: Failed password for invalid user fm from 194.110.203.109 port 36538 ssh2
Jan 17 15:14:53 host sshd[7003]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:14:55 host sshd[7003]: Failed password for invalid user fm from 194.110.203.109 port 36538 ssh2
Jan 17 15:14:59 host sshd[7003]: Connection closed by 194.110.203.109 port 36538 [preauth]
Jan 17 15:14:59 host sshd[7003]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 15:19:25 host sshd[7515]: Invalid user vadmin from 114.33.83.127 port 54058
Jan 17 15:19:25 host sshd[7515]: input_userauth_request: invalid user vadmin [preauth]
Jan 17 15:19:25 host sshd[7515]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:19:25 host sshd[7515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.83.127
Jan 17 15:19:28 host sshd[7515]: Failed password for invalid user vadmin from 114.33.83.127 port 54058 ssh2
Jan 17 15:19:28 host sshd[7515]: Connection reset by 114.33.83.127 port 54058 [preauth]
Jan 17 15:20:41 host sshd[7796]: Invalid user pi from 220.132.183.154 port 47276
Jan 17 15:20:41 host sshd[7796]: input_userauth_request: invalid user pi [preauth]
Jan 17 15:20:41 host sshd[7796]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:20:41 host sshd[7796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.183.154
Jan 17 15:20:43 host sshd[7796]: Failed password for invalid user pi from 220.132.183.154 port 47276 ssh2
Jan 17 15:20:44 host sshd[7796]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:20:45 host sshd[7796]: Failed password for invalid user pi from 220.132.183.154 port 47276 ssh2
Jan 17 15:20:46 host sshd[7796]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:20:48 host sshd[7796]: Failed password for invalid user pi from 220.132.183.154 port 47276 ssh2
Jan 17 15:20:49 host sshd[7796]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:20:51 host sshd[7796]: Failed password for invalid user pi from 220.132.183.154 port 47276 ssh2
Jan 17 15:20:52 host sshd[7796]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:20:54 host sshd[7796]: Failed password for invalid user pi from 220.132.183.154 port 47276 ssh2
Jan 17 15:20:55 host sshd[7796]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:20:58 host sshd[7796]: Failed password for invalid user pi from 220.132.183.154 port 47276 ssh2
Jan 17 15:20:58 host sshd[7796]: error: maximum authentication attempts exceeded for invalid user pi from 220.132.183.154 port 47276 ssh2 [preauth]
Jan 17 15:20:58 host sshd[7796]: Disconnecting: Too many authentication failures [preauth]
Jan 17 15:20:58 host sshd[7796]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.183.154
Jan 17 15:20:58 host sshd[7796]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 17 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=straightcurve user-2=wwwletsstalkfood user-3=wwwevmhonda user-4=bonifacegroup user-5=wwwnexidigital user-6=mrsclean user-7=phmetals user-8=kottayamcalldriv user-9=gifterman user-10=palco123 user-11=wwwkapin user-12=woodpeck user-13=remysagr user-14=disposeat user-15=wwwkmaorg user-16=pmcresources user-17=wwwtestugo user-18=shalinijames user-19=vfmassets user-20=wwwpmcresource user-21=ugotscom user-22=wwwrmswll user-23=keralaholi user-24=wwwresourcehunte user-25=travelboniface user-26=wwwkaretakers user-27=cochintaxi user-28=laundryboniface user-29=dartsimp user-30=a2zgroup feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 15:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-TBdEAEErpUziEQND.~
Jan 17 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-TBdEAEErpUziEQND.~'
Jan 17 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-TBdEAEErpUziEQND.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 15:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 15:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 15:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 15:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 15:25:56 host sshd[8733]: Invalid user ali from 203.151.81.77 port 44786
Jan 17 15:25:56 host sshd[8733]: input_userauth_request: invalid user ali [preauth]
Jan 17 15:25:56 host sshd[8733]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:25:56 host sshd[8733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.151.81.77
Jan 17 15:25:59 host sshd[8733]: Failed password for invalid user ali from 203.151.81.77 port 44786 ssh2
Jan 17 15:25:59 host sshd[8733]: Received disconnect from 203.151.81.77 port 44786:11: Bye Bye [preauth]
Jan 17 15:25:59 host sshd[8733]: Disconnected from 203.151.81.77 port 44786 [preauth]
Jan 17 15:34:57 host sshd[9828]: Invalid user abc from 203.151.81.77 port 41704
Jan 17 15:34:57 host sshd[9828]: input_userauth_request: invalid user abc [preauth]
Jan 17 15:34:57 host sshd[9828]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:34:57 host sshd[9828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.151.81.77
Jan 17 15:34:59 host sshd[9828]: Failed password for invalid user abc from 203.151.81.77 port 41704 ssh2
Jan 17 15:35:00 host sshd[9828]: Received disconnect from 203.151.81.77 port 41704:11: Bye Bye [preauth]
Jan 17 15:35:00 host sshd[9828]: Disconnected from 203.151.81.77 port 41704 [preauth]
Jan 17 15:36:42 host sshd[10149]: User root from 203.151.81.77 not allowed because not listed in AllowUsers
Jan 17 15:36:42 host sshd[10149]: input_userauth_request: invalid user root [preauth]
Jan 17 15:36:42 host unix_chkpwd[10151]: password check failed for user (root)
Jan 17 15:36:42 host sshd[10149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.151.81.77 user=root
Jan 17 15:36:42 host sshd[10149]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 15:36:44 host sshd[10149]: Failed password for invalid user root from 203.151.81.77 port 55430 ssh2
Jan 17 15:36:44 host sshd[10149]: Received disconnect from 203.151.81.77 port 55430:11: Bye Bye [preauth]
Jan 17 15:36:44 host sshd[10149]: Disconnected from 203.151.81.77 port 55430 [preauth]
Jan 17 15:44:06 host sshd[11133]: Invalid user pi from 211.105.29.162 port 56951
Jan 17 15:44:06 host sshd[11133]: input_userauth_request: invalid user pi [preauth]
Jan 17 15:44:06 host sshd[11133]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:44:06 host sshd[11133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.105.29.162
Jan 17 15:44:08 host sshd[11133]: Failed password for invalid user pi from 211.105.29.162 port 56951 ssh2
Jan 17 15:44:09 host sshd[11133]: Connection reset by 211.105.29.162 port 56951 [preauth]
Jan 17 15:47:42 host sshd[11681]: User ftp from 220.89.4.100 not allowed because not listed in AllowUsers
Jan 17 15:47:42 host sshd[11681]: input_userauth_request: invalid user ftp [preauth]
Jan 17 15:47:42 host unix_chkpwd[11692]: password check failed for user (ftp)
Jan 17 15:47:42 host sshd[11681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.89.4.100 user=ftp
Jan 17 15:47:42 host sshd[11681]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 17 15:47:44 host sshd[11681]: Failed password for invalid user ftp from 220.89.4.100 port 54226 ssh2
Jan 17 15:47:44 host unix_chkpwd[11697]: password check failed for user (ftp)
Jan 17 15:47:44 host sshd[11681]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 17 15:47:46 host sshd[11681]: Failed password for invalid user ftp from 220.89.4.100 port 54226 ssh2
Jan 17 15:47:46 host unix_chkpwd[11708]: password check failed for user (ftp)
Jan 17 15:47:46 host sshd[11681]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 17 15:47:48 host sshd[11681]: Failed password for invalid user ftp from 220.89.4.100 port 54226 ssh2
Jan 17 15:47:48 host sshd[11681]: Connection reset by 220.89.4.100 port 54226 [preauth]
Jan 17 15:47:48 host sshd[11681]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.89.4.100 user=ftp
Jan 17 15:54:04 host sshd[12577]: Invalid user admin from 71.150.143.34 port 51358
Jan 17 15:54:04 host sshd[12577]: input_userauth_request: invalid user admin [preauth]
Jan 17 15:54:04 host sshd[12577]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 15:54:04 host sshd[12577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71.150.143.34
Jan 17 15:54:06 host sshd[12577]: Failed password for invalid user admin from 71.150.143.34 port 51358 ssh2
Jan 17 15:54:06 host sshd[12577]: Failed password for invalid user admin from 71.150.143.34 port 51358 ssh2
Jan 17 15:54:07 host sshd[12577]: Connection reset by 71.150.143.34 port 51358 [preauth]
Jan 17 16:08:12 host sshd[14548]: Invalid user user from 114.34.67.128 port 50540
Jan 17 16:08:12 host sshd[14548]: input_userauth_request: invalid user user [preauth]
Jan 17 16:08:12 host sshd[14548]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 16:08:12 host sshd[14548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.67.128
Jan 17 16:08:13 host sshd[14548]: Failed password for invalid user user from 114.34.67.128 port 50540 ssh2
Jan 17 16:08:15 host sshd[14548]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 16:08:17 host sshd[14548]: Failed password for invalid user user from 114.34.67.128 port 50540 ssh2
Jan 17 16:08:17 host sshd[14548]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 16:08:20 host sshd[14548]: Failed password for invalid user user from 114.34.67.128 port 50540 ssh2
Jan 17 16:08:20 host sshd[14548]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 16:08:22 host sshd[14548]: Failed password for invalid user user from 114.34.67.128 port 50540 ssh2
Jan 17 16:08:23 host sshd[14548]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 16:08:25 host sshd[14548]: Failed password for invalid user user from 114.34.67.128 port 50540 ssh2
Jan 17 16:08:25 host sshd[14548]: Connection reset by 114.34.67.128 port 50540 [preauth]
Jan 17 16:08:25 host sshd[14548]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.67.128
Jan 17 16:08:25 host sshd[14548]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 17 16:14:58 host sshd[15488]: Invalid user from 64.62.197.164 port 18465
Jan 17 16:14:58 host sshd[15488]: input_userauth_request: invalid user [preauth]
Jan 17 16:15:02 host sshd[15488]: Connection closed by 64.62.197.164 port 18465 [preauth]
Jan 17 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=laundryboniface user-2=a2zgroup user-3=dartsimp user-4=wwwkaretakers user-5=cochintaxi user-6=ugotscom user-7=keralaholi user-8=wwwresourcehunte user-9=wwwrmswll user-10=travelboniface user-11=wwwpmcresource user-12=pmcresources user-13=shalinijames user-14=wwwtestugo user-15=vfmassets user-16=wwwkapin user-17=woodpeck user-18=disposeat user-19=remysagr user-20=wwwkmaorg user-21=mrsclean user-22=wwwnexidigital user-23=kottayamcalldriv user-24=phmetals user-25=palco123 user-26=gifterman user-27=straightcurve user-28=wwwletsstalkfood user-29=wwwevmhonda user-30=bonifacegroup feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 16:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-kBQwAC2R4dGoHQtD.~
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-kBQwAC2R4dGoHQtD.~'
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-kBQwAC2R4dGoHQtD.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 16:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 16:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 16:22:44 host sshd[16910]: Invalid user admin from 211.224.185.55 port 63623
Jan 17 16:22:44 host sshd[16910]: input_userauth_request: invalid user admin [preauth]
Jan 17 16:22:44 host sshd[16910]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 16:22:44 host sshd[16910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.224.185.55
Jan 17 16:22:46 host sshd[16910]: Failed password for invalid user admin from 211.224.185.55 port 63623 ssh2
Jan 17 16:22:47 host sshd[16910]: Connection reset by 211.224.185.55 port 63623 [preauth]
Jan 17 16:26:41 host sshd[17355]: Invalid user curtis from 107.189.30.59 port 55320
Jan 17 16:26:41 host sshd[17355]: input_userauth_request: invalid user curtis [preauth]
Jan 17 16:26:41 host sshd[17355]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 16:26:41 host sshd[17355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 17 16:26:43 host sshd[17355]: Failed password for invalid user curtis from 107.189.30.59 port 55320 ssh2
Jan 17 16:26:43 host sshd[17355]: Connection closed by 107.189.30.59 port 55320 [preauth]
Jan 17 16:38:41 host sshd[18873]: Connection reset by 119.196.240.38 port 63359 [preauth]
Jan 17 16:44:30 host sshd[19636]: Did not receive identification string from 89.248.163.210 port 46758
Jan 17 16:45:39 host sshd[19766]: Invalid user admin from 59.126.116.8 port 58384
Jan 17 16:45:39 host sshd[19766]: input_userauth_request: invalid user admin [preauth]
Jan 17 16:45:39 host sshd[19766]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 16:45:39 host sshd[19766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.116.8
Jan 17 16:45:40 host sshd[19766]: Failed password for invalid user admin from 59.126.116.8 port 58384 ssh2
Jan 17 16:45:41 host sshd[19766]: Failed password for invalid user admin from 59.126.116.8 port 58384 ssh2
Jan 17 16:45:43 host sshd[19766]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 16:45:46 host sshd[19766]: Failed password for invalid user admin from 59.126.116.8 port 58384 ssh2
Jan 17 16:45:46 host sshd[19766]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 16:45:48 host sshd[19766]: Failed password for invalid user admin from 59.126.116.8 port 58384 ssh2
Jan 17 16:48:46 host sshd[20255]: User root from 2.216.243.211 not allowed because not listed in AllowUsers
Jan 17 16:48:46 host sshd[20255]: input_userauth_request: invalid user root [preauth]
Jan 17 16:48:46 host unix_chkpwd[20258]: password check failed for user (root)
Jan 17 16:48:46 host sshd[20255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.216.243.211 user=root
Jan 17 16:48:46 host sshd[20255]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 16:48:48 host sshd[20255]: Failed password for invalid user root from 2.216.243.211 port 52628 ssh2
Jan 17 16:48:49 host unix_chkpwd[20264]: password check failed for user (root)
Jan 17 16:48:49 host sshd[20255]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 16:48:52 host sshd[20255]: Failed password for invalid user root from 2.216.243.211 port 52628 ssh2
Jan 17 16:48:52 host unix_chkpwd[20267]: password check failed for user (root)
Jan 17 16:48:52 host sshd[20255]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 16:48:54 host sshd[20255]: Failed password for invalid user root from 2.216.243.211 port 52628 ssh2
Jan 17 16:48:54 host sshd[20255]: Connection reset by 2.216.243.211 port 52628 [preauth]
Jan 17 16:48:54 host sshd[20255]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.216.243.211 user=root
Jan 17 16:50:28 host sshd[20472]: Invalid user admin from 59.126.39.217 port 36167
Jan 17 16:50:28 host sshd[20472]: input_userauth_request: invalid user admin [preauth]
Jan 17 16:50:28 host sshd[20472]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 16:50:28 host sshd[20472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.39.217
Jan 17 16:50:31 host sshd[20472]: Failed password for invalid user admin from 59.126.39.217 port 36167 ssh2
Jan 17 16:50:31 host sshd[20472]: Connection reset by 59.126.39.217 port 36167 [preauth]
Jan 17 16:53:04 host sshd[20856]: User root from 125.228.149.62 not allowed because not listed in AllowUsers
Jan 17 16:53:04 host sshd[20856]: input_userauth_request: invalid user root [preauth]
Jan 17 16:53:04 host unix_chkpwd[20860]: password check failed for user (root)
Jan 17 16:53:04 host sshd[20856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.149.62 user=root
Jan 17 16:53:04 host sshd[20856]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 16:53:06 host sshd[20856]: Failed password for invalid user root from 125.228.149.62 port 38262 ssh2
Jan 17 16:53:06 host sshd[20856]: Connection reset by 125.228.149.62 port 38262 [preauth]
Jan 17 16:58:10 host sshd[21493]: Invalid user fn from 194.110.203.109 port 50878
Jan 17 16:58:10 host sshd[21493]: input_userauth_request: invalid user fn [preauth]
Jan 17 16:58:10 host sshd[21493]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 16:58:10 host sshd[21493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 16:58:12 host sshd[21493]: Failed password for invalid user fn from 194.110.203.109 port 50878 ssh2
Jan 17 16:58:15 host sshd[21493]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 16:58:17 host sshd[21493]: Failed password for invalid user fn from 194.110.203.109 port 50878 ssh2
Jan 17 16:58:20 host sshd[21493]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 16:58:22 host sshd[21493]: Failed password for invalid user fn from 194.110.203.109 port 50878 ssh2
Jan 17 16:58:25 host sshd[21493]: Connection closed by 194.110.203.109 port 50878 [preauth]
Jan 17 16:58:25 host sshd[21493]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 17:07:31 host sshd[22848]: Invalid user nginx from 103.58.93.234 port 36695
Jan 17 17:07:31 host sshd[22848]: input_userauth_request: invalid user nginx [preauth]
Jan 17 17:07:31 host sshd[22848]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:07:31 host sshd[22848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.58.93.234
Jan 17 17:07:33 host sshd[22848]: Failed password for invalid user nginx from 103.58.93.234 port 36695 ssh2
Jan 17 17:07:35 host sshd[22848]: Connection reset by 103.58.93.234 port 36695 [preauth]
Jan 17 17:15:24 host sshd[23866]: Invalid user installer from 157.230.232.227 port 53780
Jan 17 17:15:24 host sshd[23866]: input_userauth_request: invalid user installer [preauth]
Jan 17 17:15:24 host sshd[23866]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:15:24 host sshd[23866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.232.227
Jan 17 17:15:27 host sshd[23866]: Failed password for invalid user installer from 157.230.232.227 port 53780 ssh2
Jan 17 17:15:27 host sshd[23866]: Received disconnect from 157.230.232.227 port 53780:11: Bye Bye [preauth]
Jan 17 17:15:27 host sshd[23866]: Disconnected from 157.230.232.227 port 53780 [preauth]
Jan 17 17:16:14 host sshd[23962]: Invalid user peertube from 130.162.165.255 port 58734
Jan 17 17:16:14 host sshd[23962]: input_userauth_request: invalid user peertube [preauth]
Jan 17 17:16:14 host sshd[23962]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:16:14 host sshd[23962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.162.165.255
Jan 17 17:16:15 host sshd[23962]: Failed password for invalid user peertube from 130.162.165.255 port 58734 ssh2
Jan 17 17:16:15 host sshd[23962]: Received disconnect from 130.162.165.255 port 58734:11: Bye Bye [preauth]
Jan 17 17:16:15 host sshd[23962]: Disconnected from 130.162.165.255 port 58734 [preauth]
Jan 17 17:17:31 host sshd[24272]: User root from 27.112.78.12 not allowed because not listed in AllowUsers
Jan 17 17:17:31 host sshd[24272]: input_userauth_request: invalid user root [preauth]
Jan 17 17:17:31 host unix_chkpwd[24275]: password check failed for user (root)
Jan 17 17:17:31 host sshd[24272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.12 user=root
Jan 17 17:17:31 host sshd[24272]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 17:17:33 host sshd[24272]: Failed password for invalid user root from 27.112.78.12 port 46404 ssh2
Jan 17 17:17:33 host sshd[24272]: Received disconnect from 27.112.78.12 port 46404:11: Bye Bye [preauth]
Jan 17 17:17:33 host sshd[24272]: Disconnected from 27.112.78.12 port 46404 [preauth]
Jan 17 17:19:21 host sshd[24482]: Invalid user administrator from 43.153.106.58 port 53552
Jan 17 17:19:21 host sshd[24482]: input_userauth_request: invalid user administrator [preauth]
Jan 17 17:19:21 host sshd[24482]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:19:21 host sshd[24482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.106.58
Jan 17 17:19:23 host sshd[24482]: Failed password for invalid user administrator from 43.153.106.58 port 53552 ssh2
Jan 17 17:19:23 host sshd[24482]: Received disconnect from 43.153.106.58 port 53552:11: Bye Bye [preauth]
Jan 17 17:19:23 host sshd[24482]: Disconnected from 43.153.106.58 port 53552 [preauth]
Jan 17 17:20:23 host sshd[24639]: User root from 134.122.56.34 not allowed because not listed in AllowUsers
Jan 17 17:20:23 host sshd[24639]: input_userauth_request: invalid user root [preauth]
Jan 17 17:20:24 host unix_chkpwd[24642]: password check failed for user (root)
Jan 17 17:20:24 host sshd[24639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.56.34 user=root
Jan 17 17:20:24 host sshd[24639]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 17:20:25 host sshd[24639]: Failed password for invalid user root from 134.122.56.34 port 48232 ssh2
Jan 17 17:20:26 host sshd[24639]: Received disconnect from 134.122.56.34 port 48232:11: Bye Bye [preauth]
Jan 17 17:20:26 host sshd[24639]: Disconnected from 134.122.56.34 port 48232 [preauth]
Jan 17 17:20:47 host sshd[24699]: Connection reset by 220.132.32.134 port 58074 [preauth]
Jan 17 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=ugotscom user-4=wwwresourcehunte user-5=keralaholi user-6=wwwrmswll user-7=wwwkaretakers user-8=cochintaxi user-9=a2zgroup user-10=dartsimp user-11=laundryboniface user-12=wwwevmhonda user-13=bonifacegroup user-14=wwwletsstalkfood user-15=straightcurve user-16=kottayamcalldriv user-17=phmetals user-18=palco123 user-19=gifterman user-20=mrsclean user-21=wwwnexidigital user-22=disposeat user-23=remysagr user-24=wwwkmaorg user-25=woodpeck user-26=wwwkapin user-27=shalinijames user-28=wwwtestugo user-29=vfmassets user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 17:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-lgjIgPIIe4Z7PMrK.~
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-lgjIgPIIe4Z7PMrK.~'
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-lgjIgPIIe4Z7PMrK.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 17:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 17:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 17:21:21 host sshd[24982]: Invalid user esuser from 130.162.165.255 port 58984
Jan 17 17:21:21 host sshd[24982]: input_userauth_request: invalid user esuser [preauth]
Jan 17 17:21:21 host sshd[24982]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:21:21 host sshd[24982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.162.165.255
Jan 17 17:21:23 host sshd[24982]: Failed password for invalid user esuser from 130.162.165.255 port 58984 ssh2
Jan 17 17:21:24 host sshd[24982]: Received disconnect from 130.162.165.255 port 58984:11: Bye Bye [preauth]
Jan 17 17:21:24 host sshd[24982]: Disconnected from 130.162.165.255 port 58984 [preauth]
Jan 17 17:22:21 host sshd[25214]: Invalid user max from 27.112.78.12 port 39748
Jan 17 17:22:21 host sshd[25214]: input_userauth_request: invalid user max [preauth]
Jan 17 17:22:21 host sshd[25214]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:22:21 host sshd[25214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.12
Jan 17 17:22:22 host sshd[25214]: Failed password for invalid user max from 27.112.78.12 port 39748 ssh2
Jan 17 17:22:23 host sshd[25214]: Received disconnect from 27.112.78.12 port 39748:11: Bye Bye [preauth]
Jan 17 17:22:23 host sshd[25214]: Disconnected from 27.112.78.12 port 39748 [preauth]
Jan 17 17:22:39 host sshd[25294]: Invalid user installer from 134.122.56.34 port 48370
Jan 17 17:22:39 host sshd[25294]: input_userauth_request: invalid user installer [preauth]
Jan 17 17:22:39 host sshd[25294]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:22:39 host sshd[25294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.56.34
Jan 17 17:22:41 host sshd[25294]: Failed password for invalid user installer from 134.122.56.34 port 48370 ssh2
Jan 17 17:22:42 host sshd[25294]: Received disconnect from 134.122.56.34 port 48370:11: Bye Bye [preauth]
Jan 17 17:22:42 host sshd[25294]: Disconnected from 134.122.56.34 port 48370 [preauth]
Jan 17 17:23:39 host sshd[25437]: User root from 130.162.165.255 not allowed because not listed in AllowUsers
Jan 17 17:23:39 host sshd[25437]: input_userauth_request: invalid user root [preauth]
Jan 17 17:23:39 host unix_chkpwd[25440]: password check failed for user (root)
Jan 17 17:23:39 host sshd[25437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.162.165.255 user=root
Jan 17 17:23:39 host sshd[25437]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 17:23:41 host sshd[25437]: Failed password for invalid user root from 130.162.165.255 port 59094 ssh2
Jan 17 17:24:30 host sshd[25556]: User root from 157.230.232.227 not allowed because not listed in AllowUsers
Jan 17 17:24:30 host sshd[25556]: input_userauth_request: invalid user root [preauth]
Jan 17 17:24:30 host unix_chkpwd[25559]: password check failed for user (root)
Jan 17 17:24:30 host sshd[25556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.232.227 user=root
Jan 17 17:24:30 host sshd[25556]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 17:24:32 host sshd[25556]: Failed password for invalid user root from 157.230.232.227 port 55054 ssh2
Jan 17 17:24:32 host sshd[25556]: Received disconnect from 157.230.232.227 port 55054:11: Bye Bye [preauth]
Jan 17 17:24:32 host sshd[25556]: Disconnected from 157.230.232.227 port 55054 [preauth]
Jan 17 17:27:58 host sshd[25960]: Invalid user pi from 1.34.127.198 port 37120
Jan 17 17:27:58 host sshd[25960]: input_userauth_request: invalid user pi [preauth]
Jan 17 17:27:58 host sshd[25960]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:27:58 host sshd[25960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.127.198
Jan 17 17:28:00 host sshd[25960]: Failed password for invalid user pi from 1.34.127.198 port 37120 ssh2
Jan 17 17:28:00 host sshd[25960]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:28:02 host sshd[25960]: Failed password for invalid user pi from 1.34.127.198 port 37120 ssh2
Jan 17 17:28:02 host sshd[25960]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:28:05 host sshd[25960]: Failed password for invalid user pi from 1.34.127.198 port 37120 ssh2
Jan 17 17:28:05 host sshd[25960]: Connection reset by 1.34.127.198 port 37120 [preauth]
Jan 17 17:28:05 host sshd[25960]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.127.198
Jan 17 17:29:03 host sshd[26167]: Invalid user user01 from 43.153.106.58 port 56108
Jan 17 17:29:03 host sshd[26167]: input_userauth_request: invalid user user01 [preauth]
Jan 17 17:29:03 host sshd[26167]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:29:03 host sshd[26167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.106.58
Jan 17 17:29:05 host sshd[26167]: Failed password for invalid user user01 from 43.153.106.58 port 56108 ssh2
Jan 17 17:29:05 host sshd[26167]: Received disconnect from 43.153.106.58 port 56108:11: Bye Bye [preauth]
Jan 17 17:29:05 host sshd[26167]: Disconnected from 43.153.106.58 port 56108 [preauth]
Jan 17 17:32:28 host sshd[26576]: Invalid user kali from 43.153.106.58 port 52036
Jan 17 17:32:28 host sshd[26576]: input_userauth_request: invalid user kali [preauth]
Jan 17 17:32:28 host sshd[26576]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:32:28 host sshd[26576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.106.58
Jan 17 17:32:30 host sshd[26576]: Failed password for invalid user kali from 43.153.106.58 port 52036 ssh2
Jan 17 17:32:30 host sshd[26576]: Received disconnect from 43.153.106.58 port 52036:11: Bye Bye [preauth]
Jan 17 17:32:30 host sshd[26576]: Disconnected from 43.153.106.58 port 52036 [preauth]
Jan 17 17:36:05 host sshd[27239]: Invalid user user from 1.34.183.18 port 47107
Jan 17 17:36:05 host sshd[27239]: input_userauth_request: invalid user user [preauth]
Jan 17 17:36:05 host sshd[27239]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:36:05 host sshd[27239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.183.18
Jan 17 17:36:07 host sshd[27239]: Failed password for invalid user user from 1.34.183.18 port 47107 ssh2
Jan 17 17:36:07 host sshd[27239]: Connection reset by 1.34.183.18 port 47107 [preauth]
Jan 17 17:37:00 host sshd[27342]: Did not receive identification string from 92.255.85.115 port 15625
Jan 17 17:50:38 host sshd[29629]: User root from 211.219.59.7 not allowed because not listed in AllowUsers
Jan 17 17:50:38 host sshd[29629]: input_userauth_request: invalid user root [preauth]
Jan 17 17:50:38 host unix_chkpwd[29639]: password check failed for user (root)
Jan 17 17:50:38 host sshd[29629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.219.59.7 user=root
Jan 17 17:50:38 host sshd[29629]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 17:50:39 host sshd[29629]: Failed password for invalid user root from 211.219.59.7 port 63421 ssh2
Jan 17 17:50:40 host unix_chkpwd[29642]: password check failed for user (root)
Jan 17 17:50:40 host sshd[29629]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 17:50:42 host sshd[29629]: Failed password for invalid user root from 211.219.59.7 port 63421 ssh2
Jan 17 17:50:42 host unix_chkpwd[29653]: password check failed for user (root)
Jan 17 17:50:42 host sshd[29629]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 17:50:44 host sshd[29629]: Failed password for invalid user root from 211.219.59.7 port 63421 ssh2
Jan 17 17:50:44 host unix_chkpwd[29656]: password check failed for user (root)
Jan 17 17:50:44 host sshd[29629]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 17:50:46 host sshd[29629]: Failed password for invalid user root from 211.219.59.7 port 63421 ssh2
Jan 17 17:50:46 host unix_chkpwd[29683]: password check failed for user (root)
Jan 17 17:50:46 host sshd[29629]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 17:50:48 host sshd[29629]: Failed password for invalid user root from 211.219.59.7 port 63421 ssh2
Jan 17 17:52:26 host sshd[29920]: Invalid user usr from 87.80.150.130 port 36765
Jan 17 17:52:26 host sshd[29920]: input_userauth_request: invalid user usr [preauth]
Jan 17 17:52:26 host sshd[29920]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:52:26 host sshd[29920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.80.150.130
Jan 17 17:52:28 host sshd[29920]: Failed password for invalid user usr from 87.80.150.130 port 36765 ssh2
Jan 17 17:52:29 host sshd[29920]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:52:31 host sshd[29920]: Failed password for invalid user usr from 87.80.150.130 port 36765 ssh2
Jan 17 17:52:32 host sshd[29920]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:52:33 host sshd[29920]: Failed password for invalid user usr from 87.80.150.130 port 36765 ssh2
Jan 17 17:52:41 host sshd[29920]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 17:52:44 host sshd[29920]: Failed password for invalid user usr from 87.80.150.130 port 36765 ssh2
Jan 17 17:52:44 host sshd[29920]: Connection reset by 87.80.150.130 port 36765 [preauth]
Jan 17 17:52:44 host sshd[29920]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.80.150.130
Jan 17 17:52:44 host sshd[29920]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 17 17:56:35 host sshd[30588]: User root from 210.61.131.216 not allowed because not listed in AllowUsers
Jan 17 17:56:35 host sshd[30588]: input_userauth_request: invalid user root [preauth]
Jan 17 17:56:35 host unix_chkpwd[30591]: password check failed for user (root)
Jan 17 17:56:35 host sshd[30588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.61.131.216 user=root
Jan 17 17:56:35 host sshd[30588]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 17:56:36 host sshd[30588]: Failed password for invalid user root from 210.61.131.216 port 34079 ssh2
Jan 17 17:56:37 host unix_chkpwd[30599]: password check failed for user (root)
Jan 17 17:56:37 host sshd[30588]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 17:56:39 host sshd[30588]: Failed password for invalid user root from 210.61.131.216 port 34079 ssh2
Jan 17 17:56:39 host unix_chkpwd[30602]: password check failed for user (root)
Jan 17 17:56:39 host sshd[30588]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 17:56:40 host sshd[30588]: Failed password for invalid user root from 210.61.131.216 port 34079 ssh2
Jan 17 17:56:41 host sshd[30588]: Connection reset by 210.61.131.216 port 34079 [preauth]
Jan 17 17:56:41 host sshd[30588]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.61.131.216 user=root
Jan 17 18:01:02 host sshd[31217]: User root from 121.178.83.200 not allowed because not listed in AllowUsers
Jan 17 18:01:02 host sshd[31217]: input_userauth_request: invalid user root [preauth]
Jan 17 18:01:03 host unix_chkpwd[31246]: password check failed for user (root)
Jan 17 18:01:03 host sshd[31217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.178.83.200 user=root
Jan 17 18:01:03 host sshd[31217]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 18:01:05 host sshd[31217]: Failed password for invalid user root from 121.178.83.200 port 62913 ssh2
Jan 17 18:01:05 host unix_chkpwd[31249]: password check failed for user (root)
Jan 17 18:01:05 host sshd[31217]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 18:01:07 host sshd[31251]: Invalid user admin from 92.255.85.115 port 53626
Jan 17 18:01:07 host sshd[31251]: input_userauth_request: invalid user admin [preauth]
Jan 17 18:01:07 host sshd[31251]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 18:01:07 host sshd[31251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.255.85.115
Jan 17 18:01:08 host sshd[31217]: Failed password for invalid user root from 121.178.83.200 port 62913 ssh2
Jan 17 18:01:08 host unix_chkpwd[31255]: password check failed for user (root)
Jan 17 18:01:08 host sshd[31217]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 18:01:09 host sshd[31251]: Failed password for invalid user admin from 92.255.85.115 port 53626 ssh2
Jan 17 18:01:09 host sshd[31251]: Connection reset by 92.255.85.115 port 53626 [preauth]
Jan 17 18:01:09 host sshd[31217]: Failed password for invalid user root from 121.178.83.200 port 62913 ssh2
Jan 17 18:01:10 host sshd[31217]: Connection reset by 121.178.83.200 port 62913 [preauth]
Jan 17 18:01:10 host sshd[31217]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.178.83.200 user=root
Jan 17 18:04:56 host sshd[31684]: Invalid user admin from 182.155.177.142 port 41535
Jan 17 18:04:56 host sshd[31684]: input_userauth_request: invalid user admin [preauth]
Jan 17 18:04:56 host sshd[31684]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 18:04:56 host sshd[31684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.155.177.142
Jan 17 18:04:58 host sshd[31684]: Failed password for invalid user admin from 182.155.177.142 port 41535 ssh2
Jan 17 18:05:00 host sshd[31684]: Failed password for invalid user admin from 182.155.177.142 port 41535 ssh2
Jan 17 18:05:00 host sshd[31684]: Connection reset by 182.155.177.142 port 41535 [preauth]
Jan 17 18:07:52 host sshd[32154]: Invalid user support from 92.255.85.115 port 58721
Jan 17 18:07:52 host sshd[32154]: input_userauth_request: invalid user support [preauth]
Jan 17 18:07:52 host sshd[32154]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 18:07:52 host sshd[32154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.255.85.115
Jan 17 18:07:55 host sshd[32154]: Failed password for invalid user support from 92.255.85.115 port 58721 ssh2
Jan 17 18:07:55 host sshd[32154]: Connection reset by 92.255.85.115 port 58721 [preauth]
Jan 17 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkapin user-2=woodpeck user-3=wwwkmaorg user-4=disposeat user-5=remysagr user-6=pmcresources user-7=vfmassets user-8=shalinijames user-9=wwwtestugo user-10=wwwletsstalkfood user-11=straightcurve user-12=bonifacegroup user-13=wwwevmhonda user-14=wwwnexidigital user-15=mrsclean user-16=palco123 user-17=gifterman user-18=kottayamcalldriv user-19=phmetals user-20=wwwkaretakers user-21=cochintaxi user-22=laundryboniface user-23=a2zgroup user-24=dartsimp user-25=wwwpmcresource user-26=keralaholi user-27=wwwresourcehunte user-28=wwwrmswll user-29=ugotscom user-30=travelboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 18:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-mrarrDyV7saGw9Mt.~
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-mrarrDyV7saGw9Mt.~'
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-mrarrDyV7saGw9Mt.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 18:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 18:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 18:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 18:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 18:23:04 host sshd[2069]: Connection closed by 45.79.181.223 port 11848 [preauth]
Jan 17 18:23:06 host sshd[2074]: Connection closed by 45.79.181.223 port 11850 [preauth]
Jan 17 18:23:09 host sshd[2078]: Connection closed by 45.79.181.223 port 10034 [preauth]
Jan 17 18:25:08 host sshd[2318]: Did not receive identification string from 206.189.23.129 port 61000
Jan 17 18:41:35 host sshd[4630]: Invalid user fo from 194.110.203.109 port 59704
Jan 17 18:41:35 host sshd[4630]: input_userauth_request: invalid user fo [preauth]
Jan 17 18:41:35 host sshd[4630]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 18:41:35 host sshd[4630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 18:41:37 host sshd[4630]: Failed password for invalid user fo from 194.110.203.109 port 59704 ssh2
Jan 17 18:41:40 host sshd[4630]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 18:41:42 host sshd[4630]: Failed password for invalid user fo from 194.110.203.109 port 59704 ssh2
Jan 17 18:41:45 host sshd[4630]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 18:41:47 host sshd[4630]: Failed password for invalid user fo from 194.110.203.109 port 59704 ssh2
Jan 17 18:41:50 host sshd[4630]: Connection closed by 194.110.203.109 port 59704 [preauth]
Jan 17 18:41:50 host sshd[4630]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 18:50:07 host sshd[5735]: User root from 108.80.30.229 not allowed because not listed in AllowUsers
Jan 17 18:50:07 host sshd[5735]: input_userauth_request: invalid user root [preauth]
Jan 17 18:50:07 host unix_chkpwd[5739]: password check failed for user (root)
Jan 17 18:50:07 host sshd[5735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.80.30.229 user=root
Jan 17 18:50:07 host sshd[5735]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 18:50:10 host sshd[5735]: Failed password for invalid user root from 108.80.30.229 port 43233 ssh2
Jan 17 18:50:10 host sshd[5735]: Connection reset by 108.80.30.229 port 43233 [preauth]
Jan 17 18:55:31 host sshd[6445]: User root from 61.89.135.4 not allowed because not listed in AllowUsers
Jan 17 18:55:31 host sshd[6445]: input_userauth_request: invalid user root [preauth]
Jan 17 18:55:31 host unix_chkpwd[6447]: password check failed for user (root)
Jan 17 18:55:31 host sshd[6445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.89.135.4 user=root
Jan 17 18:55:31 host sshd[6445]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 18:55:34 host sshd[6445]: Failed password for invalid user root from 61.89.135.4 port 60244 ssh2
Jan 17 18:55:34 host sshd[6445]: Connection reset by 61.89.135.4 port 60244 [preauth]
Jan 17 19:00:24 host sshd[7078]: Invalid user bcim from 205.185.113.129 port 37656
Jan 17 19:00:24 host sshd[7078]: input_userauth_request: invalid user bcim [preauth]
Jan 17 19:00:24 host sshd[7078]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:00:24 host sshd[7078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 17 19:00:27 host sshd[7078]: Failed password for invalid user bcim from 205.185.113.129 port 37656 ssh2
Jan 17 19:00:28 host sshd[7078]: Connection closed by 205.185.113.129 port 37656 [preauth]
Jan 17 19:00:54 host sshd[7256]: Invalid user oracle from 125.228.34.110 port 47790
Jan 17 19:00:54 host sshd[7256]: input_userauth_request: invalid user oracle [preauth]
Jan 17 19:00:54 host sshd[7256]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:00:54 host sshd[7256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.34.110
Jan 17 19:00:56 host sshd[7256]: Failed password for invalid user oracle from 125.228.34.110 port 47790 ssh2
Jan 17 19:00:57 host sshd[7256]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:00:59 host sshd[7256]: Failed password for invalid user oracle from 125.228.34.110 port 47790 ssh2
Jan 17 19:01:00 host sshd[7256]: Connection reset by 125.228.34.110 port 47790 [preauth]
Jan 17 19:01:00 host sshd[7256]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.34.110
Jan 17 19:03:55 host sshd[7604]: User root from 146.190.127.28 not allowed because not listed in AllowUsers
Jan 17 19:03:55 host sshd[7604]: input_userauth_request: invalid user root [preauth]
Jan 17 19:03:55 host unix_chkpwd[7607]: password check failed for user (root)
Jan 17 19:03:55 host sshd[7604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.127.28 user=root
Jan 17 19:03:55 host sshd[7604]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 19:03:57 host sshd[7604]: Failed password for invalid user root from 146.190.127.28 port 51830 ssh2
Jan 17 19:03:57 host sshd[7604]: Received disconnect from 146.190.127.28 port 51830:11: Bye Bye [preauth]
Jan 17 19:03:57 host sshd[7604]: Disconnected from 146.190.127.28 port 51830 [preauth]
Jan 17 19:06:47 host sshd[8033]: Invalid user training from 181.114.116.98 port 33724
Jan 17 19:06:47 host sshd[8033]: input_userauth_request: invalid user training [preauth]
Jan 17 19:06:47 host sshd[8033]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:06:47 host sshd[8033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.114.116.98
Jan 17 19:06:49 host sshd[8033]: Failed password for invalid user training from 181.114.116.98 port 33724 ssh2
Jan 17 19:06:49 host sshd[8033]: Received disconnect from 181.114.116.98 port 33724:11: Bye Bye [preauth]
Jan 17 19:06:49 host sshd[8033]: Disconnected from 181.114.116.98 port 33724 [preauth]
Jan 17 19:07:13 host sshd[8079]: Invalid user demo from 104.236.182.223 port 36670
Jan 17 19:07:13 host sshd[8079]: input_userauth_request: invalid user demo [preauth]
Jan 17 19:07:13 host sshd[8079]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:07:13 host sshd[8079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.236.182.223
Jan 17 19:07:15 host sshd[8079]: Failed password for invalid user demo from 104.236.182.223 port 36670 ssh2
Jan 17 19:07:15 host sshd[8079]: Received disconnect from 104.236.182.223 port 36670:11: Bye Bye [preauth]
Jan 17 19:07:15 host sshd[8079]: Disconnected from 104.236.182.223 port 36670 [preauth]
Jan 17 19:07:39 host sshd[8127]: Invalid user admin1 from 182.70.115.11 port 52176
Jan 17 19:07:39 host sshd[8127]: input_userauth_request: invalid user admin1 [preauth]
Jan 17 19:07:39 host sshd[8127]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:07:39 host sshd[8127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.70.115.11
Jan 17 19:07:41 host sshd[8127]: Failed password for invalid user admin1 from 182.70.115.11 port 52176 ssh2
Jan 17 19:07:41 host sshd[8127]: Received disconnect from 182.70.115.11 port 52176:11: Bye Bye [preauth]
Jan 17 19:07:41 host sshd[8127]: Disconnected from 182.70.115.11 port 52176 [preauth]
Jan 17 19:09:34 host sshd[8366]: Invalid user admin123 from 146.190.127.28 port 57140
Jan 17 19:09:34 host sshd[8366]: input_userauth_request: invalid user admin123 [preauth]
Jan 17 19:09:34 host sshd[8366]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:09:34 host sshd[8366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.127.28
Jan 17 19:09:36 host sshd[8366]: Failed password for invalid user admin123 from 146.190.127.28 port 57140 ssh2
Jan 17 19:09:36 host sshd[8366]: Received disconnect from 146.190.127.28 port 57140:11: Bye Bye [preauth]
Jan 17 19:09:36 host sshd[8366]: Disconnected from 146.190.127.28 port 57140 [preauth]
Jan 17 19:09:50 host sshd[8412]: Invalid user halo from 190.129.122.3 port 1212
Jan 17 19:09:50 host sshd[8412]: input_userauth_request: invalid user halo [preauth]
Jan 17 19:09:50 host sshd[8412]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:09:50 host sshd[8412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.3
Jan 17 19:09:52 host sshd[8412]: Failed password for invalid user halo from 190.129.122.3 port 1212 ssh2
Jan 17 19:09:52 host sshd[8412]: Received disconnect from 190.129.122.3 port 1212:11: Bye Bye [preauth]
Jan 17 19:09:52 host sshd[8412]: Disconnected from 190.129.122.3 port 1212 [preauth]
Jan 17 19:10:29 host sshd[8491]: Invalid user panda from 104.236.182.223 port 49428
Jan 17 19:10:29 host sshd[8491]: input_userauth_request: invalid user panda [preauth]
Jan 17 19:10:29 host sshd[8491]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:10:29 host sshd[8491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.236.182.223
Jan 17 19:10:30 host sshd[8523]: Invalid user oscar from 211.245.31.15 port 50606
Jan 17 19:10:30 host sshd[8523]: input_userauth_request: invalid user oscar [preauth]
Jan 17 19:10:30 host sshd[8523]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:10:30 host sshd[8523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.245.31.15
Jan 17 19:10:31 host sshd[8491]: Failed password for invalid user panda from 104.236.182.223 port 49428 ssh2
Jan 17 19:10:32 host sshd[8491]: Received disconnect from 104.236.182.223 port 49428:11: Bye Bye [preauth]
Jan 17 19:10:32 host sshd[8491]: Disconnected from 104.236.182.223 port 49428 [preauth]
Jan 17 19:10:33 host sshd[8523]: Failed password for invalid user oscar from 211.245.31.15 port 50606 ssh2
Jan 17 19:10:33 host sshd[8523]: Received disconnect from 211.245.31.15 port 50606:11: Bye Bye [preauth]
Jan 17 19:10:33 host sshd[8523]: Disconnected from 211.245.31.15 port 50606 [preauth]
Jan 17 19:11:07 host sshd[8679]: User root from 181.114.116.98 not allowed because not listed in AllowUsers
Jan 17 19:11:07 host sshd[8679]: input_userauth_request: invalid user root [preauth]
Jan 17 19:11:07 host unix_chkpwd[8683]: password check failed for user (root)
Jan 17 19:11:07 host sshd[8679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.114.116.98 user=root
Jan 17 19:11:07 host sshd[8679]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 19:11:10 host sshd[8679]: Failed password for invalid user root from 181.114.116.98 port 48270 ssh2
Jan 17 19:11:10 host sshd[8679]: Received disconnect from 181.114.116.98 port 48270:11: Bye Bye [preauth]
Jan 17 19:11:10 host sshd[8679]: Disconnected from 181.114.116.98 port 48270 [preauth]
Jan 17 19:11:46 host sshd[8800]: Invalid user osboxes from 104.236.182.223 port 48412
Jan 17 19:11:46 host sshd[8800]: input_userauth_request: invalid user osboxes [preauth]
Jan 17 19:11:46 host sshd[8800]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:11:46 host sshd[8800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.236.182.223
Jan 17 19:11:48 host sshd[8800]: Failed password for invalid user osboxes from 104.236.182.223 port 48412 ssh2
Jan 17 19:11:49 host sshd[8800]: Received disconnect from 104.236.182.223 port 48412:11: Bye Bye [preauth]
Jan 17 19:11:49 host sshd[8800]: Disconnected from 104.236.182.223 port 48412 [preauth]
Jan 17 19:12:23 host sshd[8906]: Invalid user admin from 182.70.115.11 port 42762
Jan 17 19:12:23 host sshd[8906]: input_userauth_request: invalid user admin [preauth]
Jan 17 19:12:23 host sshd[8906]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:12:23 host sshd[8906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.70.115.11
Jan 17 19:12:25 host sshd[8906]: Failed password for invalid user admin from 182.70.115.11 port 42762 ssh2
Jan 17 19:12:25 host sshd[8906]: Received disconnect from 182.70.115.11 port 42762:11: Bye Bye [preauth]
Jan 17 19:12:25 host sshd[8906]: Disconnected from 182.70.115.11 port 42762 [preauth]
Jan 17 19:12:43 host sshd[8946]: User root from 190.129.122.3 not allowed because not listed in AllowUsers
Jan 17 19:12:43 host sshd[8946]: input_userauth_request: invalid user root [preauth]
Jan 17 19:12:43 host unix_chkpwd[8951]: password check failed for user (root)
Jan 17 19:12:43 host sshd[8946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.3 user=root
Jan 17 19:12:43 host sshd[8946]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 19:12:45 host sshd[8946]: Failed password for invalid user root from 190.129.122.3 port 1208 ssh2
Jan 17 19:12:45 host sshd[8946]: Received disconnect from 190.129.122.3 port 1208:11: Bye Bye [preauth]
Jan 17 19:12:45 host sshd[8946]: Disconnected from 190.129.122.3 port 1208 [preauth]
Jan 17 19:13:53 host sshd[9110]: Invalid user foundry from 182.70.115.11 port 38978
Jan 17 19:13:53 host sshd[9110]: input_userauth_request: invalid user foundry [preauth]
Jan 17 19:13:53 host sshd[9110]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:13:53 host sshd[9110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.70.115.11
Jan 17 19:13:55 host sshd[9110]: Failed password for invalid user foundry from 182.70.115.11 port 38978 ssh2
Jan 17 19:15:33 host sshd[9329]: User root from 211.245.31.15 not allowed because not listed in AllowUsers
Jan 17 19:15:33 host sshd[9329]: input_userauth_request: invalid user root [preauth]
Jan 17 19:15:33 host unix_chkpwd[9334]: password check failed for user (root)
Jan 17 19:15:33 host sshd[9329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.245.31.15 user=root
Jan 17 19:15:33 host sshd[9329]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 19:15:36 host sshd[9329]: Failed password for invalid user root from 211.245.31.15 port 39610 ssh2
Jan 17 19:15:36 host sshd[9329]: Received disconnect from 211.245.31.15 port 39610:11: Bye Bye [preauth]
Jan 17 19:15:36 host sshd[9329]: Disconnected from 211.245.31.15 port 39610 [preauth]
Jan 17 19:20:32 host sshd[9976]: User root from 72.190.53.59 not allowed because not listed in AllowUsers
Jan 17 19:20:32 host sshd[9976]: input_userauth_request: invalid user root [preauth]
Jan 17 19:20:32 host unix_chkpwd[9980]: password check failed for user (root)
Jan 17 19:20:32 host sshd[9976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.190.53.59 user=root
Jan 17 19:20:32 host sshd[9976]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 19:20:34 host sshd[9976]: Failed password for invalid user root from 72.190.53.59 port 41384 ssh2
Jan 17 19:20:35 host unix_chkpwd[9983]: password check failed for user (root)
Jan 17 19:20:35 host sshd[9976]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 19:20:36 host sshd[9976]: Failed password for invalid user root from 72.190.53.59 port 41384 ssh2
Jan 17 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwnexidigital user-2=mrsclean user-3=gifterman user-4=palco123 user-5=phmetals user-6=kottayamcalldriv user-7=straightcurve user-8=wwwletsstalkfood user-9=bonifacegroup user-10=wwwevmhonda user-11=pmcresources user-12=vfmassets user-13=wwwtestugo user-14=shalinijames user-15=wwwkapin user-16=woodpeck user-17=remysagr user-18=disposeat user-19=wwwkmaorg user-20=wwwrmswll user-21=wwwresourcehunte user-22=keralaholi user-23=ugotscom user-24=travelboniface user-25=wwwpmcresource user-26=laundryboniface user-27=dartsimp user-28=a2zgroup user-29=cochintaxi user-30=wwwkaretakers feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 19:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Lng6hUVkmfqHFhfw.~
Jan 17 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Lng6hUVkmfqHFhfw.~'
Jan 17 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Lng6hUVkmfqHFhfw.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 19:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 19:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 19:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 19:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 19:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 19:49:30 host sshd[14576]: Did not receive identification string from 120.48.120.83 port 43362
Jan 17 19:49:38 host sshd[14579]: Invalid user ubuntu from 120.48.120.83 port 46908
Jan 17 19:49:38 host sshd[14579]: input_userauth_request: invalid user ubuntu [preauth]
Jan 17 19:49:39 host sshd[14588]: Invalid user postgres from 120.48.120.83 port 46978
Jan 17 19:49:39 host sshd[14588]: input_userauth_request: invalid user postgres [preauth]
Jan 17 19:49:39 host sshd[14593]: Invalid user zjw from 120.48.120.83 port 46922
Jan 17 19:49:39 host sshd[14593]: input_userauth_request: invalid user zjw [preauth]
Jan 17 19:49:39 host sshd[14579]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:49:39 host sshd[14579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.120.83
Jan 17 19:49:40 host sshd[14604]: Invalid user user from 120.48.120.83 port 46902
Jan 17 19:49:40 host sshd[14604]: input_userauth_request: invalid user user [preauth]
Jan 17 19:49:40 host sshd[14597]: Invalid user ubuntu from 120.48.120.83 port 46962
Jan 17 19:49:40 host sshd[14597]: input_userauth_request: invalid user ubuntu [preauth]
Jan 17 19:49:40 host sshd[14604]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:49:40 host sshd[14604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.120.83
Jan 17 19:49:41 host sshd[14579]: Failed password for invalid user ubuntu from 120.48.120.83 port 46908 ssh2
Jan 17 19:49:43 host sshd[14604]: Failed password for invalid user user from 120.48.120.83 port 46902 ssh2
Jan 17 19:54:59 host sshd[15368]: Invalid user admin from 125.228.183.150 port 37518
Jan 17 19:54:59 host sshd[15368]: input_userauth_request: invalid user admin [preauth]
Jan 17 19:54:59 host sshd[15368]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:54:59 host sshd[15368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.183.150
Jan 17 19:55:01 host sshd[15368]: Failed password for invalid user admin from 125.228.183.150 port 37518 ssh2
Jan 17 19:55:03 host sshd[15368]: Connection reset by 125.228.183.150 port 37518 [preauth]
Jan 17 19:55:11 host sshd[15407]: Invalid user ts3 from 159.89.40.119 port 60152
Jan 17 19:55:11 host sshd[15407]: input_userauth_request: invalid user ts3 [preauth]
Jan 17 19:55:11 host sshd[15407]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:55:11 host sshd[15407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.40.119
Jan 17 19:55:13 host sshd[15407]: Failed password for invalid user ts3 from 159.89.40.119 port 60152 ssh2
Jan 17 19:55:13 host sshd[15407]: Received disconnect from 159.89.40.119 port 60152:11: Bye Bye [preauth]
Jan 17 19:55:13 host sshd[15407]: Disconnected from 159.89.40.119 port 60152 [preauth]
Jan 17 19:55:20 host sshd[15419]: User root from 157.245.148.189 not allowed because not listed in AllowUsers
Jan 17 19:55:20 host sshd[15419]: input_userauth_request: invalid user root [preauth]
Jan 17 19:55:20 host unix_chkpwd[15421]: password check failed for user (root)
Jan 17 19:55:20 host sshd[15419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.148.189 user=root
Jan 17 19:55:20 host sshd[15419]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 19:55:22 host sshd[15419]: Failed password for invalid user root from 157.245.148.189 port 45668 ssh2
Jan 17 19:55:22 host sshd[15419]: Received disconnect from 157.245.148.189 port 45668:11: Bye Bye [preauth]
Jan 17 19:55:22 host sshd[15419]: Disconnected from 157.245.148.189 port 45668 [preauth]
Jan 17 19:55:37 host sshd[15462]: User centos from 43.153.12.71 not allowed because not listed in AllowUsers
Jan 17 19:55:37 host sshd[15462]: input_userauth_request: invalid user centos [preauth]
Jan 17 19:55:37 host unix_chkpwd[15465]: password check failed for user (centos)
Jan 17 19:55:37 host sshd[15462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.12.71 user=centos
Jan 17 19:55:39 host sshd[15462]: Failed password for invalid user centos from 43.153.12.71 port 56742 ssh2
Jan 17 19:55:39 host sshd[15462]: Received disconnect from 43.153.12.71 port 56742:11: Bye Bye [preauth]
Jan 17 19:55:39 host sshd[15462]: Disconnected from 43.153.12.71 port 56742 [preauth]
Jan 17 19:57:11 host sshd[15696]: Connection reset by 221.165.87.21 port 52707 [preauth]
Jan 17 19:57:15 host sshd[15707]: Invalid user local from 209.97.183.120 port 58532
Jan 17 19:57:15 host sshd[15707]: input_userauth_request: invalid user local [preauth]
Jan 17 19:57:15 host sshd[15707]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:57:15 host sshd[15707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.97.183.120
Jan 17 19:57:17 host sshd[15707]: Failed password for invalid user local from 209.97.183.120 port 58532 ssh2
Jan 17 19:57:17 host sshd[15707]: Received disconnect from 209.97.183.120 port 58532:11: Bye Bye [preauth]
Jan 17 19:57:17 host sshd[15707]: Disconnected from 209.97.183.120 port 58532 [preauth]
Jan 17 19:58:46 host sshd[15975]: Invalid user oscar from 79.59.125.253 port 44620
Jan 17 19:58:46 host sshd[15975]: input_userauth_request: invalid user oscar [preauth]
Jan 17 19:58:46 host sshd[15975]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:58:46 host sshd[15975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.59.125.253
Jan 17 19:58:48 host sshd[15975]: Failed password for invalid user oscar from 79.59.125.253 port 44620 ssh2
Jan 17 19:58:48 host sshd[15975]: Received disconnect from 79.59.125.253 port 44620:11: Bye Bye [preauth]
Jan 17 19:58:48 host sshd[15975]: Disconnected from 79.59.125.253 port 44620 [preauth]
Jan 17 19:59:29 host sshd[16078]: Invalid user max from 101.36.108.106 port 10340
Jan 17 19:59:29 host sshd[16078]: input_userauth_request: invalid user max [preauth]
Jan 17 19:59:29 host sshd[16078]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:59:29 host sshd[16078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.106
Jan 17 19:59:32 host sshd[16078]: Failed password for invalid user max from 101.36.108.106 port 10340 ssh2
Jan 17 19:59:32 host sshd[16078]: Received disconnect from 101.36.108.106 port 10340:11: Bye Bye [preauth]
Jan 17 19:59:32 host sshd[16078]: Disconnected from 101.36.108.106 port 10340 [preauth]
Jan 17 19:59:38 host sshd[16089]: Invalid user node from 82.196.113.78 port 8257
Jan 17 19:59:38 host sshd[16089]: input_userauth_request: invalid user node [preauth]
Jan 17 19:59:38 host sshd[16089]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 19:59:38 host sshd[16089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.196.113.78
Jan 17 19:59:40 host sshd[16089]: Failed password for invalid user node from 82.196.113.78 port 8257 ssh2
Jan 17 19:59:40 host sshd[16089]: Received disconnect from 82.196.113.78 port 8257:11: Bye Bye [preauth]
Jan 17 19:59:40 host sshd[16089]: Disconnected from 82.196.113.78 port 8257 [preauth]
Jan 17 20:00:04 host sshd[16155]: User root from 89.109.32.143 not allowed because not listed in AllowUsers
Jan 17 20:00:04 host sshd[16155]: input_userauth_request: invalid user root [preauth]
Jan 17 20:00:05 host unix_chkpwd[16162]: password check failed for user (root)
Jan 17 20:00:05 host sshd[16155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.109.32.143 user=root
Jan 17 20:00:05 host sshd[16155]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:00:05 host sshd[16158]: Invalid user max from 178.91.57.74 port 48784
Jan 17 20:00:05 host sshd[16158]: input_userauth_request: invalid user max [preauth]
Jan 17 20:00:05 host sshd[16158]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:00:05 host sshd[16158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.91.57.74
Jan 17 20:00:07 host sshd[16155]: Failed password for invalid user root from 89.109.32.143 port 35992 ssh2
Jan 17 20:00:07 host unix_chkpwd[16166]: password check failed for user (root)
Jan 17 20:00:07 host sshd[16155]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:00:07 host sshd[16158]: Failed password for invalid user max from 178.91.57.74 port 48784 ssh2
Jan 17 20:00:08 host sshd[16158]: Received disconnect from 178.91.57.74 port 48784:11: Bye Bye [preauth]
Jan 17 20:00:08 host sshd[16158]: Disconnected from 178.91.57.74 port 48784 [preauth]
Jan 17 20:00:09 host sshd[16155]: Failed password for invalid user root from 89.109.32.143 port 35992 ssh2
Jan 17 20:00:09 host unix_chkpwd[16169]: password check failed for user (root)
Jan 17 20:00:09 host sshd[16155]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:00:11 host sshd[16155]: Failed password for invalid user root from 89.109.32.143 port 35992 ssh2
Jan 17 20:00:11 host unix_chkpwd[16173]: password check failed for user (root)
Jan 17 20:00:11 host sshd[16155]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:00:13 host sshd[16155]: Failed password for invalid user root from 89.109.32.143 port 35992 ssh2
Jan 17 20:00:14 host unix_chkpwd[16177]: password check failed for user (root)
Jan 17 20:00:14 host sshd[16155]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:00:16 host sshd[16155]: Failed password for invalid user root from 89.109.32.143 port 35992 ssh2
Jan 17 20:00:16 host unix_chkpwd[16187]: password check failed for user (root)
Jan 17 20:00:16 host sshd[16155]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:00:18 host sshd[16155]: Failed password for invalid user root from 89.109.32.143 port 35992 ssh2
Jan 17 20:00:18 host sshd[16155]: error: maximum authentication attempts exceeded for invalid user root from 89.109.32.143 port 35992 ssh2 [preauth]
Jan 17 20:00:18 host sshd[16155]: Disconnecting: Too many authentication failures [preauth]
Jan 17 20:00:18 host sshd[16155]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.109.32.143 user=root
Jan 17 20:00:18 host sshd[16155]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 17 20:01:03 host sshd[16343]: Invalid user debian from 159.89.40.119 port 58760
Jan 17 20:01:03 host sshd[16343]: input_userauth_request: invalid user debian [preauth]
Jan 17 20:01:03 host sshd[16343]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:01:03 host sshd[16343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.40.119
Jan 17 20:01:05 host sshd[16343]: Failed password for invalid user debian from 159.89.40.119 port 58760 ssh2
Jan 17 20:01:05 host sshd[16343]: Received disconnect from 159.89.40.119 port 58760:11: Bye Bye [preauth]
Jan 17 20:01:05 host sshd[16343]: Disconnected from 159.89.40.119 port 58760 [preauth]
Jan 17 20:01:18 host sshd[16370]: User root from 209.97.183.120 not allowed because not listed in AllowUsers
Jan 17 20:01:18 host sshd[16370]: input_userauth_request: invalid user root [preauth]
Jan 17 20:01:18 host unix_chkpwd[16373]: password check failed for user (root)
Jan 17 20:01:18 host sshd[16370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.97.183.120 user=root
Jan 17 20:01:18 host sshd[16370]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:01:21 host sshd[16370]: Failed password for invalid user root from 209.97.183.120 port 51234 ssh2
Jan 17 20:01:21 host sshd[16370]: Received disconnect from 209.97.183.120 port 51234:11: Bye Bye [preauth]
Jan 17 20:01:21 host sshd[16370]: Disconnected from 209.97.183.120 port 51234 [preauth]
Jan 17 20:01:43 host sshd[16468]: Invalid user deployer from 82.196.113.78 port 63208
Jan 17 20:01:43 host sshd[16468]: input_userauth_request: invalid user deployer [preauth]
Jan 17 20:01:43 host sshd[16468]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:01:43 host sshd[16468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.196.113.78
Jan 17 20:01:46 host sshd[16468]: Failed password for invalid user deployer from 82.196.113.78 port 63208 ssh2
Jan 17 20:01:46 host sshd[16468]: Received disconnect from 82.196.113.78 port 63208:11: Bye Bye [preauth]
Jan 17 20:01:46 host sshd[16468]: Disconnected from 82.196.113.78 port 63208 [preauth]
Jan 17 20:01:48 host sshd[16482]: Invalid user esuser from 157.245.148.189 port 35186
Jan 17 20:01:48 host sshd[16482]: input_userauth_request: invalid user esuser [preauth]
Jan 17 20:01:48 host sshd[16482]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:01:48 host sshd[16482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.148.189
Jan 17 20:01:50 host sshd[16482]: Failed password for invalid user esuser from 157.245.148.189 port 35186 ssh2
Jan 17 20:01:50 host sshd[16482]: Received disconnect from 157.245.148.189 port 35186:11: Bye Bye [preauth]
Jan 17 20:01:50 host sshd[16482]: Disconnected from 157.245.148.189 port 35186 [preauth]
Jan 17 20:02:06 host sshd[16559]: User root from 79.59.125.253 not allowed because not listed in AllowUsers
Jan 17 20:02:06 host sshd[16559]: input_userauth_request: invalid user root [preauth]
Jan 17 20:02:06 host unix_chkpwd[16563]: password check failed for user (root)
Jan 17 20:02:06 host sshd[16559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.59.125.253 user=root
Jan 17 20:02:06 host sshd[16559]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:02:09 host sshd[16559]: Failed password for invalid user root from 79.59.125.253 port 53028 ssh2
Jan 17 20:02:09 host sshd[16559]: Received disconnect from 79.59.125.253 port 53028:11: Bye Bye [preauth]
Jan 17 20:02:09 host sshd[16559]: Disconnected from 79.59.125.253 port 53028 [preauth]
Jan 17 20:02:10 host sshd[16571]: Invalid user deployer from 159.89.40.119 port 53498
Jan 17 20:02:10 host sshd[16571]: input_userauth_request: invalid user deployer [preauth]
Jan 17 20:02:10 host sshd[16571]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:02:10 host sshd[16571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.40.119
Jan 17 20:02:12 host sshd[16571]: Failed password for invalid user deployer from 159.89.40.119 port 53498 ssh2
Jan 17 20:02:35 host sshd[16697]: Invalid user nextcloud from 178.91.57.74 port 46046
Jan 17 20:02:35 host sshd[16697]: input_userauth_request: invalid user nextcloud [preauth]
Jan 17 20:02:35 host sshd[16697]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:02:35 host sshd[16697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.91.57.74
Jan 17 20:02:36 host sshd[16697]: Failed password for invalid user nextcloud from 178.91.57.74 port 46046 ssh2
Jan 17 20:02:37 host sshd[16697]: Received disconnect from 178.91.57.74 port 46046:11: Bye Bye [preauth]
Jan 17 20:02:37 host sshd[16697]: Disconnected from 178.91.57.74 port 46046 [preauth]
Jan 17 20:02:51 host sshd[16661]: Connection closed by 101.36.108.106 port 41288 [preauth]
Jan 17 20:03:07 host sshd[16772]: User root from 82.196.113.78 not allowed because not listed in AllowUsers
Jan 17 20:03:07 host sshd[16772]: input_userauth_request: invalid user root [preauth]
Jan 17 20:03:07 host unix_chkpwd[16776]: password check failed for user (root)
Jan 17 20:03:08 host sshd[16772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.196.113.78 user=root
Jan 17 20:03:08 host sshd[16772]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:03:10 host sshd[16772]: Failed password for invalid user root from 82.196.113.78 port 65286 ssh2
Jan 17 20:03:10 host sshd[16772]: Received disconnect from 82.196.113.78 port 65286:11: Bye Bye [preauth]
Jan 17 20:03:10 host sshd[16772]: Disconnected from 82.196.113.78 port 65286 [preauth]
Jan 17 20:03:55 host sshd[17007]: Invalid user admin123 from 43.153.12.71 port 51996
Jan 17 20:03:55 host sshd[17007]: input_userauth_request: invalid user admin123 [preauth]
Jan 17 20:03:55 host sshd[17007]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:03:55 host sshd[17007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.12.71
Jan 17 20:03:55 host sshd[17009]: Invalid user hb from 178.91.57.74 port 40080
Jan 17 20:03:55 host sshd[17009]: input_userauth_request: invalid user hb [preauth]
Jan 17 20:03:55 host sshd[17009]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:03:55 host sshd[17009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.91.57.74
Jan 17 20:03:57 host sshd[17007]: Failed password for invalid user admin123 from 43.153.12.71 port 51996 ssh2
Jan 17 20:03:57 host sshd[17007]: Received disconnect from 43.153.12.71 port 51996:11: Bye Bye [preauth]
Jan 17 20:03:57 host sshd[17007]: Disconnected from 43.153.12.71 port 51996 [preauth]
Jan 17 20:03:57 host sshd[17009]: Failed password for invalid user hb from 178.91.57.74 port 40080 ssh2
Jan 17 20:04:57 host sshd[17211]: User root from 101.36.108.106 not allowed because not listed in AllowUsers
Jan 17 20:04:57 host sshd[17211]: input_userauth_request: invalid user root [preauth]
Jan 17 20:04:57 host unix_chkpwd[17215]: password check failed for user (root)
Jan 17 20:04:57 host sshd[17211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.106 user=root
Jan 17 20:04:57 host sshd[17211]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:04:59 host sshd[17211]: Failed password for invalid user root from 101.36.108.106 port 13484 ssh2
Jan 17 20:04:59 host sshd[17211]: Received disconnect from 101.36.108.106 port 13484:11: Bye Bye [preauth]
Jan 17 20:04:59 host sshd[17211]: Disconnected from 101.36.108.106 port 13484 [preauth]
Jan 17 20:09:10 host sshd[18023]: Invalid user zyfwp from 49.164.92.247 port 47515
Jan 17 20:09:10 host sshd[18023]: input_userauth_request: invalid user zyfwp [preauth]
Jan 17 20:09:10 host sshd[18023]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:09:10 host sshd[18023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.164.92.247
Jan 17 20:09:12 host sshd[18023]: Failed password for invalid user zyfwp from 49.164.92.247 port 47515 ssh2
Jan 17 20:09:13 host sshd[18023]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:09:15 host sshd[18023]: Failed password for invalid user zyfwp from 49.164.92.247 port 47515 ssh2
Jan 17 20:09:15 host sshd[18023]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:09:16 host sshd[18023]: Failed password for invalid user zyfwp from 49.164.92.247 port 47515 ssh2
Jan 17 20:09:17 host sshd[18023]: Connection closed by 49.164.92.247 port 47515 [preauth]
Jan 17 20:09:17 host sshd[18023]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.164.92.247
Jan 17 20:10:03 host sshd[18121]: User root from 220.135.222.190 not allowed because not listed in AllowUsers
Jan 17 20:10:03 host sshd[18121]: input_userauth_request: invalid user root [preauth]
Jan 17 20:10:03 host unix_chkpwd[18149]: password check failed for user (root)
Jan 17 20:10:03 host sshd[18121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.222.190 user=root
Jan 17 20:10:03 host sshd[18121]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:10:04 host sshd[18121]: Failed password for invalid user root from 220.135.222.190 port 54112 ssh2
Jan 17 20:10:05 host unix_chkpwd[18156]: password check failed for user (root)
Jan 17 20:10:05 host sshd[18121]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:10:07 host sshd[18121]: Failed password for invalid user root from 220.135.222.190 port 54112 ssh2
Jan 17 20:10:08 host unix_chkpwd[18161]: password check failed for user (root)
Jan 17 20:10:08 host sshd[18121]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:10:10 host sshd[18121]: Failed password for invalid user root from 220.135.222.190 port 54112 ssh2
Jan 17 20:10:11 host sshd[18121]: Connection reset by 220.135.222.190 port 54112 [preauth]
Jan 17 20:10:11 host sshd[18121]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.222.190 user=root
Jan 17 20:18:27 host sshd[19372]: Invalid user admin from 220.133.53.249 port 42205
Jan 17 20:18:27 host sshd[19372]: input_userauth_request: invalid user admin [preauth]
Jan 17 20:18:27 host sshd[19372]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:18:27 host sshd[19372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.53.249
Jan 17 20:18:30 host sshd[19372]: Failed password for invalid user admin from 220.133.53.249 port 42205 ssh2
Jan 17 20:18:30 host sshd[19372]: Connection reset by 220.133.53.249 port 42205 [preauth]
Jan 17 20:20:46 host sshd[19773]: User root from 49.213.216.230 not allowed because not listed in AllowUsers
Jan 17 20:20:46 host sshd[19773]: input_userauth_request: invalid user root [preauth]
Jan 17 20:20:46 host unix_chkpwd[19776]: password check failed for user (root)
Jan 17 20:20:46 host sshd[19773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.216.230 user=root
Jan 17 20:20:46 host sshd[19773]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:20:47 host sshd[19773]: Failed password for invalid user root from 49.213.216.230 port 57989 ssh2
Jan 17 20:20:48 host unix_chkpwd[19786]: password check failed for user (root)
Jan 17 20:20:48 host sshd[19773]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:20:50 host sshd[19773]: Failed password for invalid user root from 49.213.216.230 port 57989 ssh2
Jan 17 20:20:51 host unix_chkpwd[19789]: password check failed for user (root)
Jan 17 20:20:51 host sshd[19773]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:20:53 host sshd[19773]: Failed password for invalid user root from 49.213.216.230 port 57989 ssh2
Jan 17 20:20:54 host unix_chkpwd[19797]: password check failed for user (root)
Jan 17 20:20:54 host sshd[19773]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:20:56 host sshd[19773]: Failed password for invalid user root from 49.213.216.230 port 57989 ssh2
Jan 17 20:20:56 host unix_chkpwd[19800]: password check failed for user (root)
Jan 17 20:20:56 host sshd[19773]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 20:20:58 host sshd[19773]: Failed password for invalid user root from 49.213.216.230 port 57989 ssh2
Jan 17 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=vfmassets user-2=wwwtestugo user-3=shalinijames user-4=pmcresources user-5=disposeat user-6=remysagr user-7=wwwkmaorg user-8=wwwkapin user-9=woodpeck user-10=gifterman user-11=palco123 user-12=phmetals user-13=kottayamcalldriv user-14=mrsclean user-15=wwwnexidigital user-16=bonifacegroup user-17=wwwevmhonda user-18=straightcurve user-19=wwwletsstalkfood user-20=dartsimp user-21=a2zgroup user-22=laundryboniface user-23=cochintaxi user-24=wwwkaretakers user-25=travelboniface user-26=wwwrmswll user-27=keralaholi user-28=wwwresourcehunte user-29=ugotscom user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 20:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-fpSle9JaLlwhSF0y.~
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-fpSle9JaLlwhSF0y.~'
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-fpSle9JaLlwhSF0y.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 20:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 20:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 20:25:06 host sshd[20674]: Invalid user fp from 194.110.203.109 port 36174
Jan 17 20:25:06 host sshd[20674]: input_userauth_request: invalid user fp [preauth]
Jan 17 20:25:06 host sshd[20674]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:25:06 host sshd[20674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 20:25:08 host sshd[20674]: Failed password for invalid user fp from 194.110.203.109 port 36174 ssh2
Jan 17 20:25:11 host sshd[20674]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:25:13 host sshd[20674]: Failed password for invalid user fp from 194.110.203.109 port 36174 ssh2
Jan 17 20:25:17 host sshd[20674]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:25:18 host sshd[20674]: Failed password for invalid user fp from 194.110.203.109 port 36174 ssh2
Jan 17 20:25:22 host sshd[20674]: Connection closed by 194.110.203.109 port 36174 [preauth]
Jan 17 20:25:22 host sshd[20674]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 20:34:27 host sshd[22670]: Invalid user odroid from 195.226.194.142 port 41410
Jan 17 20:34:27 host sshd[22670]: input_userauth_request: invalid user odroid [preauth]
Jan 17 20:34:28 host sshd[22670]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 20:34:28 host sshd[22670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 17 20:34:30 host sshd[22670]: Failed password for invalid user odroid from 195.226.194.142 port 41410 ssh2
Jan 17 20:34:30 host sshd[22670]: Received disconnect from 195.226.194.142 port 41410:11: Bye Bye [preauth]
Jan 17 20:34:30 host sshd[22670]: Disconnected from 195.226.194.142 port 41410 [preauth]
Jan 17 21:03:40 host sshd[27213]: Did not receive identification string from 205.210.31.25 port 56284
Jan 17 21:12:13 host sshd[28276]: Invalid user admin from 222.114.154.132 port 34590
Jan 17 21:12:13 host sshd[28276]: input_userauth_request: invalid user admin [preauth]
Jan 17 21:12:13 host sshd[28276]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 21:12:13 host sshd[28276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.114.154.132
Jan 17 21:12:15 host sshd[28276]: Failed password for invalid user admin from 222.114.154.132 port 34590 ssh2
Jan 17 21:12:23 host sshd[28276]: Connection closed by 222.114.154.132 port 34590 [preauth]
Jan 17 21:15:22 host sshd[28761]: Invalid user nginx from 118.174.109.65 port 39158
Jan 17 21:15:22 host sshd[28761]: input_userauth_request: invalid user nginx [preauth]
Jan 17 21:15:22 host sshd[28761]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 21:15:22 host sshd[28761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.174.109.65
Jan 17 21:15:23 host sshd[28761]: Failed password for invalid user nginx from 118.174.109.65 port 39158 ssh2
Jan 17 21:15:25 host sshd[28761]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 21:15:27 host sshd[28761]: Failed password for invalid user nginx from 118.174.109.65 port 39158 ssh2
Jan 17 21:15:28 host sshd[28761]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 21:15:30 host sshd[28761]: Failed password for invalid user nginx from 118.174.109.65 port 39158 ssh2
Jan 17 21:15:31 host sshd[28761]: Connection reset by 118.174.109.65 port 39158 [preauth]
Jan 17 21:15:31 host sshd[28761]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.174.109.65
Jan 17 21:17:06 host sshd[28942]: Invalid user pi from 147.53.204.69 port 49098
Jan 17 21:17:06 host sshd[28942]: input_userauth_request: invalid user pi [preauth]
Jan 17 21:17:06 host sshd[28942]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 21:17:06 host sshd[28942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.53.204.69
Jan 17 21:17:08 host sshd[28942]: Failed password for invalid user pi from 147.53.204.69 port 49098 ssh2
Jan 17 21:17:08 host sshd[28942]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 21:17:10 host sshd[28942]: Failed password for invalid user pi from 147.53.204.69 port 49098 ssh2
Jan 17 21:17:11 host sshd[28942]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 21:17:13 host sshd[28942]: Failed password for invalid user pi from 147.53.204.69 port 49098 ssh2
Jan 17 21:17:14 host sshd[28942]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 21:17:15 host sshd[28942]: Failed password for invalid user pi from 147.53.204.69 port 49098 ssh2
Jan 17 21:17:16 host sshd[28942]: Connection reset by 147.53.204.69 port 49098 [preauth]
Jan 17 21:17:16 host sshd[28942]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.53.204.69
Jan 17 21:17:16 host sshd[28942]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 17 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 21:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 21:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=travelboniface user-2=wwwrmswll user-3=keralaholi user-4=wwwresourcehunte user-5=ugotscom user-6=wwwpmcresource user-7=dartsimp user-8=a2zgroup user-9=laundryboniface user-10=wwwkaretakers user-11=cochintaxi user-12=gifterman user-13=palco123 user-14=kottayamcalldriv user-15=phmetals user-16=wwwnexidigital user-17=mrsclean user-18=bonifacegroup user-19=wwwevmhonda user-20=wwwletsstalkfood user-21=straightcurve user-22=vfmassets user-23=wwwtestugo user-24=shalinijames user-25=pmcresources user-26=remysagr user-27=disposeat user-28=wwwkmaorg user-29=woodpeck user-30=wwwkapin feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 21:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 21:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 21:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-9esMQj6HyPwblzMM.~
Jan 17 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-9esMQj6HyPwblzMM.~'
Jan 17 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-9esMQj6HyPwblzMM.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 21:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 21:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 21:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 21:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 21:35:07 host sshd[31883]: Invalid user default from 195.226.194.142 port 35090
Jan 17 21:35:07 host sshd[31883]: input_userauth_request: invalid user default [preauth]
Jan 17 21:35:07 host sshd[31883]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 21:35:07 host sshd[31883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 17 21:35:09 host sshd[31883]: Failed password for invalid user default from 195.226.194.142 port 35090 ssh2
Jan 17 21:35:09 host sshd[31883]: Received disconnect from 195.226.194.142 port 35090:11: Bye Bye [preauth]
Jan 17 21:35:09 host sshd[31883]: Disconnected from 195.226.194.142 port 35090 [preauth]
Jan 17 21:36:42 host sshd[32147]: Invalid user norman from 107.189.30.59 port 41780
Jan 17 21:36:42 host sshd[32147]: input_userauth_request: invalid user norman [preauth]
Jan 17 21:36:42 host sshd[32147]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 21:36:42 host sshd[32147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 17 21:36:44 host sshd[32147]: Failed password for invalid user norman from 107.189.30.59 port 41780 ssh2
Jan 17 21:36:45 host sshd[32147]: Connection closed by 107.189.30.59 port 41780 [preauth]
Jan 17 21:43:41 host sshd[587]: User sshd from 194.169.175.102 not allowed because not listed in AllowUsers
Jan 17 21:43:41 host sshd[587]: input_userauth_request: invalid user sshd [preauth]
Jan 17 21:43:41 host unix_chkpwd[590]: password check failed for user (sshd)
Jan 17 21:43:41 host sshd[587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 user=sshd
Jan 17 21:43:41 host sshd[587]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd"
Jan 17 21:43:43 host sshd[587]: Failed password for invalid user sshd from 194.169.175.102 port 61192 ssh2
Jan 17 21:43:43 host sshd[587]: Received disconnect from 194.169.175.102 port 61192:11: Client disconnecting normally [preauth]
Jan 17 21:43:43 host sshd[587]: Disconnected from 194.169.175.102 port 61192 [preauth]
Jan 17 21:46:08 host sshd[931]: User root from 31.165.41.196 not allowed because not listed in AllowUsers
Jan 17 21:46:08 host sshd[931]: input_userauth_request: invalid user root [preauth]
Jan 17 21:46:08 host unix_chkpwd[935]: password check failed for user (root)
Jan 17 21:46:08 host sshd[931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.165.41.196 user=root
Jan 17 21:46:08 host sshd[931]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 21:46:10 host sshd[931]: Failed password for invalid user root from 31.165.41.196 port 52061 ssh2
Jan 17 21:46:10 host unix_chkpwd[940]: password check failed for user (root)
Jan 17 21:46:10 host sshd[931]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 21:46:12 host sshd[931]: Failed password for invalid user root from 31.165.41.196 port 52061 ssh2
Jan 17 21:47:48 host sshd[1128]: Invalid user admin from 119.196.240.38 port 60884
Jan 17 21:47:48 host sshd[1128]: input_userauth_request: invalid user admin [preauth]
Jan 17 21:47:48 host sshd[1128]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 21:47:48 host sshd[1128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.196.240.38
Jan 17 21:47:49 host sshd[1128]: Failed password for invalid user admin from 119.196.240.38 port 60884 ssh2
Jan 17 21:47:50 host sshd[1128]: Failed password for invalid user admin from 119.196.240.38 port 60884 ssh2
Jan 17 21:47:51 host sshd[1128]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 21:47:53 host sshd[1128]: Failed password for invalid user admin from 119.196.240.38 port 60884 ssh2
Jan 17 21:47:53 host sshd[1128]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 21:47:55 host sshd[1128]: Failed password for invalid user admin from 119.196.240.38 port 60884 ssh2
Jan 17 21:47:56 host sshd[1128]: Connection reset by 119.196.240.38 port 60884 [preauth]
Jan 17 21:47:56 host sshd[1128]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.196.240.38
Jan 17 21:50:50 host sshd[1648]: Invalid user admin from 125.229.3.16 port 44857
Jan 17 21:50:50 host sshd[1648]: input_userauth_request: invalid user admin [preauth]
Jan 17 21:50:50 host sshd[1648]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 21:50:50 host sshd[1648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.3.16
Jan 17 21:50:52 host sshd[1648]: Failed password for invalid user admin from 125.229.3.16 port 44857 ssh2
Jan 17 21:50:53 host sshd[1648]: Connection reset by 125.229.3.16 port 44857 [preauth]
Jan 17 21:59:24 host sshd[2853]: User root from 122.117.22.234 not allowed because not listed in AllowUsers
Jan 17 21:59:24 host sshd[2853]: input_userauth_request: invalid user root [preauth]
Jan 17 21:59:24 host unix_chkpwd[2858]: password check failed for user (root)
Jan 17 21:59:24 host sshd[2853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.22.234 user=root
Jan 17 21:59:24 host sshd[2853]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 21:59:26 host sshd[2853]: Failed password for invalid user root from 122.117.22.234 port 51610 ssh2
Jan 17 21:59:27 host unix_chkpwd[2864]: password check failed for user (root)
Jan 17 21:59:27 host sshd[2853]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 21:59:29 host sshd[2853]: Failed password for invalid user root from 122.117.22.234 port 51610 ssh2
Jan 17 21:59:30 host unix_chkpwd[2888]: password check failed for user (root)
Jan 17 21:59:30 host sshd[2853]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 21:59:32 host sshd[2853]: Failed password for invalid user root from 122.117.22.234 port 51610 ssh2
Jan 17 21:59:33 host unix_chkpwd[2894]: password check failed for user (root)
Jan 17 21:59:33 host sshd[2853]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 21:59:35 host sshd[2853]: Failed password for invalid user root from 122.117.22.234 port 51610 ssh2
Jan 17 22:01:36 host sshd[3192]: Invalid user daniel from 200.29.111.182 port 59392
Jan 17 22:01:36 host sshd[3192]: input_userauth_request: invalid user daniel [preauth]
Jan 17 22:01:36 host sshd[3192]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:01:36 host sshd[3192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182
Jan 17 22:01:39 host sshd[3192]: Failed password for invalid user daniel from 200.29.111.182 port 59392 ssh2
Jan 17 22:01:39 host sshd[3192]: Received disconnect from 200.29.111.182 port 59392:11: Bye Bye [preauth]
Jan 17 22:01:39 host sshd[3192]: Disconnected from 200.29.111.182 port 59392 [preauth]
Jan 17 22:02:47 host sshd[3313]: User root from 190.56.224.166 not allowed because not listed in AllowUsers
Jan 17 22:02:47 host sshd[3313]: input_userauth_request: invalid user root [preauth]
Jan 17 22:02:47 host unix_chkpwd[3316]: password check failed for user (root)
Jan 17 22:02:47 host sshd[3313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.56.224.166 user=root
Jan 17 22:02:47 host sshd[3313]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 22:02:48 host sshd[3313]: Failed password for invalid user root from 190.56.224.166 port 37988 ssh2
Jan 17 22:02:48 host sshd[3313]: Received disconnect from 190.56.224.166 port 37988:11: Bye Bye [preauth]
Jan 17 22:02:48 host sshd[3313]: Disconnected from 190.56.224.166 port 37988 [preauth]
Jan 17 22:03:25 host sshd[3390]: User root from 156.236.69.112 not allowed because not listed in AllowUsers
Jan 17 22:03:25 host sshd[3390]: input_userauth_request: invalid user root [preauth]
Jan 17 22:03:25 host unix_chkpwd[3393]: password check failed for user (root)
Jan 17 22:03:25 host sshd[3390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.236.69.112 user=root
Jan 17 22:03:25 host sshd[3390]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 22:03:27 host sshd[3390]: Failed password for invalid user root from 156.236.69.112 port 49920 ssh2
Jan 17 22:03:28 host sshd[3390]: Received disconnect from 156.236.69.112 port 49920:11: Bye Bye [preauth]
Jan 17 22:03:28 host sshd[3390]: Disconnected from 156.236.69.112 port 49920 [preauth]
Jan 17 22:03:38 host sshd[3427]: User root from 51.89.164.205 not allowed because not listed in AllowUsers
Jan 17 22:03:38 host sshd[3427]: input_userauth_request: invalid user root [preauth]
Jan 17 22:03:38 host unix_chkpwd[3429]: password check failed for user (root)
Jan 17 22:03:38 host sshd[3427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.89.164.205 user=root
Jan 17 22:03:38 host sshd[3427]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 22:03:40 host sshd[3427]: Failed password for invalid user root from 51.89.164.205 port 47942 ssh2
Jan 17 22:03:41 host sshd[3427]: Received disconnect from 51.89.164.205 port 47942:11: Bye Bye [preauth]
Jan 17 22:03:41 host sshd[3427]: Disconnected from 51.89.164.205 port 47942 [preauth]
Jan 17 22:05:14 host sshd[3729]: User root from 195.226.194.142 not allowed because not listed in AllowUsers
Jan 17 22:05:14 host sshd[3729]: input_userauth_request: invalid user root [preauth]
Jan 17 22:05:14 host unix_chkpwd[3732]: password check failed for user (root)
Jan 17 22:05:14 host sshd[3729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142 user=root
Jan 17 22:05:14 host sshd[3729]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 22:05:16 host sshd[3729]: Failed password for invalid user root from 195.226.194.142 port 32678 ssh2
Jan 17 22:05:16 host sshd[3729]: Received disconnect from 195.226.194.142 port 32678:11: Bye Bye [preauth]
Jan 17 22:05:16 host sshd[3729]: Disconnected from 195.226.194.142 port 32678 [preauth]
Jan 17 22:07:48 host sshd[4070]: Invalid user afa from 51.89.164.205 port 39082
Jan 17 22:07:48 host sshd[4070]: input_userauth_request: invalid user afa [preauth]
Jan 17 22:07:48 host sshd[4070]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:07:48 host sshd[4070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.89.164.205
Jan 17 22:07:50 host sshd[4070]: Failed password for invalid user afa from 51.89.164.205 port 39082 ssh2
Jan 17 22:07:50 host sshd[4070]: Received disconnect from 51.89.164.205 port 39082:11: Bye Bye [preauth]
Jan 17 22:07:50 host sshd[4070]: Disconnected from 51.89.164.205 port 39082 [preauth]
Jan 17 22:08:02 host sshd[4122]: Invalid user fq from 194.110.203.109 port 57146
Jan 17 22:08:02 host sshd[4122]: input_userauth_request: invalid user fq [preauth]
Jan 17 22:08:02 host sshd[4122]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:08:02 host sshd[4122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 22:08:04 host sshd[4122]: Failed password for invalid user fq from 194.110.203.109 port 57146 ssh2
Jan 17 22:08:08 host sshd[4122]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:08:10 host sshd[4122]: Failed password for invalid user fq from 194.110.203.109 port 57146 ssh2
Jan 17 22:08:14 host sshd[4122]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:08:16 host sshd[4122]: Failed password for invalid user fq from 194.110.203.109 port 57146 ssh2
Jan 17 22:08:19 host sshd[4122]: Connection closed by 194.110.203.109 port 57146 [preauth]
Jan 17 22:08:19 host sshd[4122]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 22:08:23 host sshd[4153]: Invalid user user1 from 190.56.224.166 port 34434
Jan 17 22:08:23 host sshd[4153]: input_userauth_request: invalid user user1 [preauth]
Jan 17 22:08:23 host sshd[4153]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:08:23 host sshd[4153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.56.224.166
Jan 17 22:08:25 host sshd[4153]: Failed password for invalid user user1 from 190.56.224.166 port 34434 ssh2
Jan 17 22:08:25 host sshd[4153]: Received disconnect from 190.56.224.166 port 34434:11: Bye Bye [preauth]
Jan 17 22:08:25 host sshd[4153]: Disconnected from 190.56.224.166 port 34434 [preauth]
Jan 17 22:08:30 host sshd[4193]: User root from 200.29.111.182 not allowed because not listed in AllowUsers
Jan 17 22:08:30 host sshd[4193]: input_userauth_request: invalid user root [preauth]
Jan 17 22:08:30 host unix_chkpwd[4217]: password check failed for user (root)
Jan 17 22:08:30 host sshd[4193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.29.111.182 user=root
Jan 17 22:08:30 host sshd[4193]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 22:08:32 host sshd[4193]: Failed password for invalid user root from 200.29.111.182 port 51404 ssh2
Jan 17 22:08:32 host sshd[4193]: Received disconnect from 200.29.111.182 port 51404:11: Bye Bye [preauth]
Jan 17 22:08:32 host sshd[4193]: Disconnected from 200.29.111.182 port 51404 [preauth]
Jan 17 22:08:39 host sshd[4256]: User root from 156.236.69.112 not allowed because not listed in AllowUsers
Jan 17 22:08:39 host sshd[4256]: input_userauth_request: invalid user root [preauth]
Jan 17 22:08:39 host unix_chkpwd[4259]: password check failed for user (root)
Jan 17 22:08:39 host sshd[4256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.236.69.112 user=root
Jan 17 22:08:39 host sshd[4256]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 22:08:41 host sshd[4256]: Failed password for invalid user root from 156.236.69.112 port 42104 ssh2
Jan 17 22:09:35 host sshd[4390]: Invalid user admin from 218.173.99.94 port 39805
Jan 17 22:09:35 host sshd[4390]: input_userauth_request: invalid user admin [preauth]
Jan 17 22:09:35 host sshd[4390]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:09:35 host sshd[4390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.173.99.94
Jan 17 22:09:37 host sshd[4390]: Failed password for invalid user admin from 218.173.99.94 port 39805 ssh2
Jan 17 22:09:37 host sshd[4390]: Failed password for invalid user admin from 218.173.99.94 port 39805 ssh2
Jan 17 22:09:38 host sshd[4390]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:09:41 host sshd[4390]: Failed password for invalid user admin from 218.173.99.94 port 39805 ssh2
Jan 17 22:09:43 host sshd[4390]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:09:45 host sshd[4390]: Failed password for invalid user admin from 218.173.99.94 port 39805 ssh2
Jan 17 22:09:46 host sshd[4390]: Connection reset by 218.173.99.94 port 39805 [preauth]
Jan 17 22:09:46 host sshd[4390]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.173.99.94
Jan 17 22:10:43 host sshd[4644]: Invalid user admin from 121.153.39.114 port 45628
Jan 17 22:10:43 host sshd[4644]: input_userauth_request: invalid user admin [preauth]
Jan 17 22:10:43 host sshd[4644]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:10:43 host sshd[4644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.153.39.114
Jan 17 22:10:45 host sshd[4644]: Failed password for invalid user admin from 121.153.39.114 port 45628 ssh2
Jan 17 22:10:45 host sshd[4644]: Connection closed by 121.153.39.114 port 45628 [preauth]
Jan 17 22:10:46 host sshd[4652]: Invalid user admin from 121.153.39.114 port 45626
Jan 17 22:10:46 host sshd[4652]: input_userauth_request: invalid user admin [preauth]
Jan 17 22:10:46 host sshd[4652]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:10:46 host sshd[4652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.153.39.114
Jan 17 22:10:48 host sshd[4652]: Failed password for invalid user admin from 121.153.39.114 port 45626 ssh2
Jan 17 22:10:48 host sshd[4652]: Failed password for invalid user admin from 121.153.39.114 port 45626 ssh2
Jan 17 22:10:49 host sshd[4652]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:10:52 host sshd[4652]: Failed password for invalid user admin from 121.153.39.114 port 45626 ssh2
Jan 17 22:11:03 host sshd[4733]: User mysql from 95.165.26.27 not allowed because not listed in AllowUsers
Jan 17 22:11:03 host sshd[4733]: input_userauth_request: invalid user mysql [preauth]
Jan 17 22:11:03 host unix_chkpwd[4736]: password check failed for user (mysql)
Jan 17 22:11:03 host sshd[4733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.165.26.27 user=mysql
Jan 17 22:11:03 host sshd[4733]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 17 22:11:05 host sshd[4733]: Failed password for invalid user mysql from 95.165.26.27 port 60462 ssh2
Jan 17 22:11:05 host sshd[4733]: Received disconnect from 95.165.26.27 port 60462:11: Bye Bye [preauth]
Jan 17 22:11:05 host sshd[4733]: Disconnected from 95.165.26.27 port 60462 [preauth]
Jan 17 22:11:07 host sshd[4740]: User root from 82.65.23.62 not allowed because not listed in AllowUsers
Jan 17 22:11:07 host sshd[4740]: input_userauth_request: invalid user root [preauth]
Jan 17 22:11:07 host unix_chkpwd[4744]: password check failed for user (root)
Jan 17 22:11:07 host sshd[4740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.65.23.62 user=root
Jan 17 22:11:07 host sshd[4740]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 22:11:09 host sshd[4740]: Failed password for invalid user root from 82.65.23.62 port 41044 ssh2
Jan 17 22:11:09 host sshd[4740]: Received disconnect from 82.65.23.62 port 41044:11: Bye Bye [preauth]
Jan 17 22:11:09 host sshd[4740]: Disconnected from 82.65.23.62 port 41044 [preauth]
Jan 17 22:11:16 host sshd[4755]: Invalid user db2inst1 from 91.82.126.142 port 56036
Jan 17 22:11:16 host sshd[4755]: input_userauth_request: invalid user db2inst1 [preauth]
Jan 17 22:11:16 host sshd[4755]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:11:16 host sshd[4755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.82.126.142
Jan 17 22:11:18 host sshd[4755]: Failed password for invalid user db2inst1 from 91.82.126.142 port 56036 ssh2
Jan 17 22:11:18 host sshd[4755]: Received disconnect from 91.82.126.142 port 56036:11: Bye Bye [preauth]
Jan 17 22:11:18 host sshd[4755]: Disconnected from 91.82.126.142 port 56036 [preauth]
Jan 17 22:13:29 host sshd[5055]: Invalid user test from 45.161.176.1 port 41454
Jan 17 22:13:29 host sshd[5055]: input_userauth_request: invalid user test [preauth]
Jan 17 22:13:29 host sshd[5055]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:13:29 host sshd[5055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.161.176.1
Jan 17 22:13:31 host sshd[5055]: Failed password for invalid user test from 45.161.176.1 port 41454 ssh2
Jan 17 22:13:31 host sshd[5055]: Received disconnect from 45.161.176.1 port 41454:11: Bye Bye [preauth]
Jan 17 22:13:31 host sshd[5055]: Disconnected from 45.161.176.1 port 41454 [preauth]
Jan 17 22:15:02 host sshd[5292]: Invalid user rancher from 172.96.222.127 port 45816
Jan 17 22:15:02 host sshd[5292]: input_userauth_request: invalid user rancher [preauth]
Jan 17 22:15:02 host sshd[5292]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:15:02 host sshd[5292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.96.222.127
Jan 17 22:15:05 host sshd[5292]: Failed password for invalid user rancher from 172.96.222.127 port 45816 ssh2
Jan 17 22:15:05 host sshd[5292]: Received disconnect from 172.96.222.127 port 45816:11: Bye Bye [preauth]
Jan 17 22:15:05 host sshd[5292]: Disconnected from 172.96.222.127 port 45816 [preauth]
Jan 17 22:16:17 host sshd[5522]: User root from 89.234.212.55 not allowed because not listed in AllowUsers
Jan 17 22:16:17 host sshd[5522]: input_userauth_request: invalid user root [preauth]
Jan 17 22:16:17 host unix_chkpwd[5525]: password check failed for user (root)
Jan 17 22:16:17 host sshd[5522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.234.212.55 user=root
Jan 17 22:16:17 host sshd[5522]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 22:16:19 host sshd[5522]: Failed password for invalid user root from 89.234.212.55 port 41009 ssh2
Jan 17 22:16:20 host unix_chkpwd[5528]: password check failed for user (root)
Jan 17 22:16:20 host sshd[5522]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 22:16:22 host sshd[5522]: Failed password for invalid user root from 89.234.212.55 port 41009 ssh2
Jan 17 22:16:23 host sshd[5522]: Connection reset by 89.234.212.55 port 41009 [preauth]
Jan 17 22:16:23 host sshd[5522]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.234.212.55 user=root
Jan 17 22:16:43 host sshd[5574]: Invalid user testuser from 91.82.126.142 port 49419
Jan 17 22:16:43 host sshd[5574]: input_userauth_request: invalid user testuser [preauth]
Jan 17 22:16:43 host sshd[5574]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:16:43 host sshd[5574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.82.126.142
Jan 17 22:16:45 host sshd[5574]: Failed password for invalid user testuser from 91.82.126.142 port 49419 ssh2
Jan 17 22:16:45 host sshd[5574]: Received disconnect from 91.82.126.142 port 49419:11: Bye Bye [preauth]
Jan 17 22:16:45 host sshd[5574]: Disconnected from 91.82.126.142 port 49419 [preauth]
Jan 17 22:17:35 host sshd[5663]: User root from 82.65.23.62 not allowed because not listed in AllowUsers
Jan 17 22:17:35 host sshd[5663]: input_userauth_request: invalid user root [preauth]
Jan 17 22:17:35 host unix_chkpwd[5666]: password check failed for user (root)
Jan 17 22:17:35 host sshd[5663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.65.23.62 user=root
Jan 17 22:17:35 host sshd[5663]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 22:17:36 host sshd[5663]: Failed password for invalid user root from 82.65.23.62 port 42402 ssh2
Jan 17 22:17:43 host sshd[5701]: Invalid user administrator from 45.161.176.1 port 60628
Jan 17 22:17:43 host sshd[5701]: input_userauth_request: invalid user administrator [preauth]
Jan 17 22:17:43 host sshd[5701]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:17:43 host sshd[5701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.161.176.1
Jan 17 22:17:44 host sshd[5701]: Failed password for invalid user administrator from 45.161.176.1 port 60628 ssh2
Jan 17 22:17:45 host sshd[5701]: Received disconnect from 45.161.176.1 port 60628:11: Bye Bye [preauth]
Jan 17 22:17:45 host sshd[5701]: Disconnected from 45.161.176.1 port 60628 [preauth]
Jan 17 22:17:56 host sshd[5723]: User root from 91.82.126.142 not allowed because not listed in AllowUsers
Jan 17 22:17:56 host sshd[5723]: input_userauth_request: invalid user root [preauth]
Jan 17 22:17:56 host unix_chkpwd[5732]: password check failed for user (root)
Jan 17 22:17:56 host sshd[5723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.82.126.142 user=root
Jan 17 22:17:56 host sshd[5723]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 22:17:58 host sshd[5723]: Failed password for invalid user root from 91.82.126.142 port 64199 ssh2
Jan 17 22:17:58 host sshd[5723]: Received disconnect from 91.82.126.142 port 64199:11: Bye Bye [preauth]
Jan 17 22:17:58 host sshd[5723]: Disconnected from 91.82.126.142 port 64199 [preauth]
Jan 17 22:19:06 host sshd[5886]: Invalid user alex from 45.161.176.1 port 59854
Jan 17 22:19:06 host sshd[5886]: input_userauth_request: invalid user alex [preauth]
Jan 17 22:19:06 host sshd[5886]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:19:06 host sshd[5886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.161.176.1
Jan 17 22:19:08 host sshd[5886]: Failed password for invalid user alex from 45.161.176.1 port 59854 ssh2
Jan 17 22:19:09 host sshd[5886]: Received disconnect from 45.161.176.1 port 59854:11: Bye Bye [preauth]
Jan 17 22:19:09 host sshd[5886]: Disconnected from 45.161.176.1 port 59854 [preauth]
Jan 17 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=travelboniface user-2=keralaholi user-3=wwwresourcehunte user-4=wwwrmswll user-5=ugotscom user-6=wwwpmcresource user-7=a2zgroup user-8=dartsimp user-9=laundryboniface user-10=cochintaxi user-11=wwwkaretakers user-12=palco123 user-13=gifterman user-14=phmetals user-15=kottayamcalldriv user-16=mrsclean user-17=wwwnexidigital user-18=bonifacegroup user-19=wwwevmhonda user-20=wwwletsstalkfood user-21=straightcurve user-22=vfmassets user-23=shalinijames user-24=wwwtestugo user-25=pmcresources user-26=disposeat user-27=remysagr user-28=wwwkmaorg user-29=wwwkapin user-30=woodpeck feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 22:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-wAspswAZ1F6siLyJ.~
Jan 17 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-wAspswAZ1F6siLyJ.~'
Jan 17 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-wAspswAZ1F6siLyJ.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 22:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 22:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 22:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 22:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 22:21:16 host sshd[6437]: Invalid user controlm from 172.96.222.127 port 43242
Jan 17 22:21:16 host sshd[6437]: input_userauth_request: invalid user controlm [preauth]
Jan 17 22:21:16 host sshd[6437]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:21:16 host sshd[6437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.96.222.127
Jan 17 22:21:18 host sshd[6437]: Failed password for invalid user controlm from 172.96.222.127 port 43242 ssh2
Jan 17 22:21:18 host sshd[6437]: Received disconnect from 172.96.222.127 port 43242:11: Bye Bye [preauth]
Jan 17 22:21:18 host sshd[6437]: Disconnected from 172.96.222.127 port 43242 [preauth]
Jan 17 22:21:36 host sshd[6540]: Invalid user sysadmin from 95.165.26.27 port 34134
Jan 17 22:21:36 host sshd[6540]: input_userauth_request: invalid user sysadmin [preauth]
Jan 17 22:21:36 host sshd[6540]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:21:36 host sshd[6540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.165.26.27
Jan 17 22:21:38 host sshd[6540]: Failed password for invalid user sysadmin from 95.165.26.27 port 34134 ssh2
Jan 17 22:21:38 host sshd[6540]: Received disconnect from 95.165.26.27 port 34134:11: Bye Bye [preauth]
Jan 17 22:21:38 host sshd[6540]: Disconnected from 95.165.26.27 port 34134 [preauth]
Jan 17 22:23:50 host sshd[6803]: Invalid user bitnami from 172.96.222.127 port 37364
Jan 17 22:23:50 host sshd[6803]: input_userauth_request: invalid user bitnami [preauth]
Jan 17 22:23:50 host sshd[6803]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:23:50 host sshd[6803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.96.222.127
Jan 17 22:23:52 host sshd[6803]: Failed password for invalid user bitnami from 172.96.222.127 port 37364 ssh2
Jan 17 22:28:14 host sshd[7408]: Invalid user ec2-user from 121.130.238.187 port 62503
Jan 17 22:28:14 host sshd[7408]: input_userauth_request: invalid user ec2-user [preauth]
Jan 17 22:28:14 host sshd[7408]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:28:14 host sshd[7408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.130.238.187
Jan 17 22:28:16 host sshd[7408]: Failed password for invalid user ec2-user from 121.130.238.187 port 62503 ssh2
Jan 17 22:28:16 host sshd[7408]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:28:18 host sshd[7408]: Failed password for invalid user ec2-user from 121.130.238.187 port 62503 ssh2
Jan 17 22:28:20 host sshd[7408]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:28:22 host sshd[7408]: Failed password for invalid user ec2-user from 121.130.238.187 port 62503 ssh2
Jan 17 22:28:22 host sshd[7408]: Failed password for invalid user ec2-user from 121.130.238.187 port 62503 ssh2
Jan 17 22:28:23 host sshd[7408]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:28:25 host sshd[7408]: Failed password for invalid user ec2-user from 121.130.238.187 port 62503 ssh2
Jan 17 22:28:25 host sshd[7408]: Connection reset by 121.130.238.187 port 62503 [preauth]
Jan 17 22:28:25 host sshd[7408]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.130.238.187
Jan 17 22:28:25 host sshd[7408]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 17 22:28:51 host sshd[7505]: User root from 114.84.194.28 not allowed because not listed in AllowUsers
Jan 17 22:28:51 host sshd[7505]: input_userauth_request: invalid user root [preauth]
Jan 17 22:28:51 host unix_chkpwd[7509]: password check failed for user (root)
Jan 17 22:28:51 host sshd[7505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.84.194.28 user=root
Jan 17 22:28:51 host sshd[7505]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 22:28:53 host sshd[7505]: Failed password for invalid user root from 114.84.194.28 port 33260 ssh2
Jan 17 22:28:53 host sshd[7505]: Received disconnect from 114.84.194.28 port 33260:11: Bye Bye [preauth]
Jan 17 22:28:53 host sshd[7505]: Disconnected from 114.84.194.28 port 33260 [preauth]
Jan 17 22:28:55 host sshd[7511]: User root from 114.84.194.28 not allowed because not listed in AllowUsers
Jan 17 22:28:55 host sshd[7511]: input_userauth_request: invalid user root [preauth]
Jan 17 22:28:55 host unix_chkpwd[7515]: password check failed for user (root)
Jan 17 22:28:55 host sshd[7511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.84.194.28 user=root
Jan 17 22:28:55 host sshd[7511]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 22:28:57 host sshd[7511]: Failed password for invalid user root from 114.84.194.28 port 33394 ssh2
Jan 17 22:29:52 host sshd[7634]: Invalid user dlxuser from 119.201.86.171 port 61900
Jan 17 22:29:52 host sshd[7634]: input_userauth_request: invalid user dlxuser [preauth]
Jan 17 22:29:52 host sshd[7634]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:29:52 host sshd[7634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.201.86.171
Jan 17 22:29:54 host sshd[7634]: Failed password for invalid user dlxuser from 119.201.86.171 port 61900 ssh2
Jan 17 22:29:54 host sshd[7634]: Connection reset by 119.201.86.171 port 61900 [preauth]
Jan 17 22:33:44 host sshd[8217]: Invalid user zyfwp from 220.122.210.2 port 50846
Jan 17 22:33:44 host sshd[8217]: input_userauth_request: invalid user zyfwp [preauth]
Jan 17 22:33:44 host sshd[8217]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:33:44 host sshd[8217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.122.210.2
Jan 17 22:33:46 host sshd[8217]: Failed password for invalid user zyfwp from 220.122.210.2 port 50846 ssh2
Jan 17 22:33:47 host sshd[8217]: Connection reset by 220.122.210.2 port 50846 [preauth]
Jan 17 22:35:08 host sshd[8394]: Invalid user dmdba from 114.33.107.41 port 48458
Jan 17 22:35:08 host sshd[8394]: input_userauth_request: invalid user dmdba [preauth]
Jan 17 22:35:08 host sshd[8394]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:35:08 host sshd[8394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.107.41
Jan 17 22:35:09 host sshd[8394]: Failed password for invalid user dmdba from 114.33.107.41 port 48458 ssh2
Jan 17 22:35:09 host sshd[8394]: Failed password for invalid user dmdba from 114.33.107.41 port 48458 ssh2
Jan 17 22:35:10 host sshd[8394]: Connection closed by 114.33.107.41 port 48458 [preauth]
Jan 17 22:37:50 host sshd[8841]: Connection reset by 36.237.104.1 port 44110 [preauth]
Jan 17 22:57:00 host sshd[11426]: Invalid user admin from 64.179.203.199 port 52547
Jan 17 22:57:00 host sshd[11426]: input_userauth_request: invalid user admin [preauth]
Jan 17 22:57:00 host sshd[11426]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:57:00 host sshd[11426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.179.203.199
Jan 17 22:57:02 host sshd[11426]: Failed password for invalid user admin from 64.179.203.199 port 52547 ssh2
Jan 17 22:57:03 host sshd[11426]: Failed password for invalid user admin from 64.179.203.199 port 52547 ssh2
Jan 17 22:57:04 host sshd[11426]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:57:06 host sshd[11426]: Failed password for invalid user admin from 64.179.203.199 port 52547 ssh2
Jan 17 22:57:07 host sshd[11426]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:57:08 host sshd[11426]: Failed password for invalid user admin from 64.179.203.199 port 52547 ssh2
Jan 17 22:57:09 host sshd[11419]: Invalid user administrator from 189.7.17.61 port 51760
Jan 17 22:57:09 host sshd[11419]: input_userauth_request: invalid user administrator [preauth]
Jan 17 22:57:09 host sshd[11419]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:57:09 host sshd[11419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.7.17.61
Jan 17 22:57:10 host sshd[11426]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 22:57:11 host sshd[11426]: Failed password for invalid user admin from 64.179.203.199 port 52547 ssh2
Jan 17 22:57:12 host sshd[11419]: Failed password for invalid user administrator from 189.7.17.61 port 51760 ssh2
Jan 17 22:57:12 host sshd[11426]: Connection reset by 64.179.203.199 port 52547 [preauth]
Jan 17 22:57:12 host sshd[11426]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.179.203.199
Jan 17 22:57:12 host sshd[11426]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 17 22:57:13 host sshd[11419]: Received disconnect from 189.7.17.61 port 51760:11: Bye Bye [preauth]
Jan 17 22:57:13 host sshd[11419]: Disconnected from 189.7.17.61 port 51760 [preauth]
Jan 17 23:12:20 host sshd[13555]: User root from 189.7.17.61 not allowed because not listed in AllowUsers
Jan 17 23:12:20 host sshd[13555]: input_userauth_request: invalid user root [preauth]
Jan 17 23:12:20 host unix_chkpwd[13560]: password check failed for user (root)
Jan 17 23:12:20 host sshd[13555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.7.17.61 user=root
Jan 17 23:12:20 host sshd[13555]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 23:12:22 host sshd[13555]: Failed password for invalid user root from 189.7.17.61 port 34219 ssh2
Jan 17 23:12:23 host sshd[13555]: Received disconnect from 189.7.17.61 port 34219:11: Bye Bye [preauth]
Jan 17 23:12:23 host sshd[13555]: Disconnected from 189.7.17.61 port 34219 [preauth]
Jan 17 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=cochintaxi user-2=wwwkaretakers user-3=laundryboniface user-4=dartsimp user-5=a2zgroup user-6=wwwpmcresource user-7=ugotscom user-8=wwwrmswll user-9=wwwresourcehunte user-10=keralaholi user-11=travelboniface user-12=wwwkapin user-13=woodpeck user-14=wwwkmaorg user-15=disposeat user-16=remysagr user-17=pmcresources user-18=wwwtestugo user-19=shalinijames user-20=vfmassets user-21=straightcurve user-22=wwwletsstalkfood user-23=wwwevmhonda user-24=bonifacegroup user-25=wwwnexidigital user-26=mrsclean user-27=phmetals user-28=kottayamcalldriv user-29=gifterman user-30=palco123 feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 17 23:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-i1KMMs52HLGbYVAC.~
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-i1KMMs52HLGbYVAC.~'
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-i1KMMs52HLGbYVAC.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 17 23:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 17 23:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 17 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 17 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 17 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 17 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 17 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 17 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 17 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 17 23:22:42 host sshd[15286]: User root from 178.62.40.68 not allowed because not listed in AllowUsers
Jan 17 23:22:42 host sshd[15286]: input_userauth_request: invalid user root [preauth]
Jan 17 23:22:42 host unix_chkpwd[15290]: password check failed for user (root)
Jan 17 23:22:42 host sshd[15286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.40.68 user=root
Jan 17 23:22:42 host sshd[15286]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 23:22:45 host sshd[15286]: Failed password for invalid user root from 178.62.40.68 port 54940 ssh2
Jan 17 23:22:45 host sshd[15286]: Connection closed by 178.62.40.68 port 54940 [preauth]
Jan 17 23:29:51 host sshd[16176]: User root from 178.62.40.68 not allowed because not listed in AllowUsers
Jan 17 23:29:51 host sshd[16176]: input_userauth_request: invalid user root [preauth]
Jan 17 23:29:51 host unix_chkpwd[16179]: password check failed for user (root)
Jan 17 23:29:51 host sshd[16176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.40.68 user=root
Jan 17 23:29:51 host sshd[16176]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 23:29:54 host sshd[16176]: Failed password for invalid user root from 178.62.40.68 port 33364 ssh2
Jan 17 23:44:14 host sshd[18407]: Invalid user super from 59.127.37.64 port 45525
Jan 17 23:44:14 host sshd[18407]: input_userauth_request: invalid user super [preauth]
Jan 17 23:44:14 host sshd[18407]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 23:44:14 host sshd[18407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.37.64
Jan 17 23:44:16 host sshd[18407]: Failed password for invalid user super from 59.127.37.64 port 45525 ssh2
Jan 17 23:44:17 host sshd[18407]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 23:44:19 host sshd[18407]: Failed password for invalid user super from 59.127.37.64 port 45525 ssh2
Jan 17 23:44:19 host sshd[18407]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 23:44:21 host sshd[18407]: Failed password for invalid user super from 59.127.37.64 port 45525 ssh2
Jan 17 23:44:22 host sshd[18407]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 23:44:24 host sshd[18407]: Failed password for invalid user super from 59.127.37.64 port 45525 ssh2
Jan 17 23:44:24 host sshd[18407]: Failed password for invalid user super from 59.127.37.64 port 45525 ssh2
Jan 17 23:44:25 host sshd[18407]: Connection closed by 59.127.37.64 port 45525 [preauth]
Jan 17 23:44:25 host sshd[18407]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.37.64
Jan 17 23:44:25 host sshd[18407]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 17 23:47:40 host sshd[18947]: Invalid user admin from 49.171.51.166 port 58295
Jan 17 23:47:40 host sshd[18947]: input_userauth_request: invalid user admin [preauth]
Jan 17 23:47:40 host sshd[18947]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 23:47:40 host sshd[18947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.171.51.166
Jan 17 23:47:43 host sshd[18947]: Failed password for invalid user admin from 49.171.51.166 port 58295 ssh2
Jan 17 23:47:44 host sshd[18947]: Failed password for invalid user admin from 49.171.51.166 port 58295 ssh2
Jan 17 23:47:44 host sshd[18947]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 23:47:46 host sshd[18947]: Failed password for invalid user admin from 49.171.51.166 port 58295 ssh2
Jan 17 23:47:47 host sshd[18947]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 23:47:47 host sshd[18955]: Connection reset by 49.174.77.151 port 63961 [preauth]
Jan 17 23:47:49 host sshd[18947]: Failed password for invalid user admin from 49.171.51.166 port 58295 ssh2
Jan 17 23:47:49 host sshd[18947]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 23:47:51 host sshd[18947]: Failed password for invalid user admin from 49.171.51.166 port 58295 ssh2
Jan 17 23:47:52 host sshd[18947]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 23:47:54 host sshd[18947]: Failed password for invalid user admin from 49.171.51.166 port 58295 ssh2
Jan 17 23:47:54 host sshd[18947]: error: maximum authentication attempts exceeded for invalid user admin from 49.171.51.166 port 58295 ssh2 [preauth]
Jan 17 23:47:54 host sshd[18947]: Disconnecting: Too many authentication failures [preauth]
Jan 17 23:47:54 host sshd[18947]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.171.51.166
Jan 17 23:47:54 host sshd[18947]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 17 23:48:12 host sshd[19021]: User root from 183.62.183.14 not allowed because not listed in AllowUsers
Jan 17 23:48:12 host sshd[19021]: input_userauth_request: invalid user root [preauth]
Jan 17 23:48:12 host unix_chkpwd[19026]: password check failed for user (root)
Jan 17 23:48:12 host sshd[19021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.62.183.14 user=root
Jan 17 23:48:12 host sshd[19021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 23:48:14 host sshd[19021]: Failed password for invalid user root from 183.62.183.14 port 54061 ssh2
Jan 17 23:48:15 host unix_chkpwd[19028]: password check failed for user (root)
Jan 17 23:48:15 host sshd[19021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 23:48:17 host sshd[19021]: Failed password for invalid user root from 183.62.183.14 port 54061 ssh2
Jan 17 23:48:17 host unix_chkpwd[19031]: password check failed for user (root)
Jan 17 23:48:17 host sshd[19021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 23:48:19 host sshd[19021]: Failed password for invalid user root from 183.62.183.14 port 54061 ssh2
Jan 17 23:48:19 host unix_chkpwd[19036]: password check failed for user (root)
Jan 17 23:48:19 host sshd[19021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 23:48:21 host sshd[19021]: Failed password for invalid user root from 183.62.183.14 port 54061 ssh2
Jan 17 23:48:21 host unix_chkpwd[19039]: password check failed for user (root)
Jan 17 23:48:21 host sshd[19021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 23:48:23 host sshd[19021]: Failed password for invalid user root from 183.62.183.14 port 54061 ssh2
Jan 17 23:48:24 host unix_chkpwd[19049]: password check failed for user (root)
Jan 17 23:48:24 host sshd[19021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 17 23:48:26 host sshd[19021]: Failed password for invalid user root from 183.62.183.14 port 54061 ssh2
Jan 17 23:48:26 host sshd[19021]: error: maximum authentication attempts exceeded for invalid user root from 183.62.183.14 port 54061 ssh2 [preauth]
Jan 17 23:48:26 host sshd[19021]: Disconnecting: Too many authentication failures [preauth]
Jan 17 23:48:26 host sshd[19021]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.62.183.14 user=root
Jan 17 23:48:26 host sshd[19021]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 17 23:51:03 host sshd[19393]: Invalid user fr from 194.110.203.109 port 38642
Jan 17 23:51:03 host sshd[19393]: input_userauth_request: invalid user fr [preauth]
Jan 17 23:51:03 host sshd[19393]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 23:51:03 host sshd[19393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 23:51:05 host sshd[19393]: Failed password for invalid user fr from 194.110.203.109 port 38642 ssh2
Jan 17 23:51:08 host sshd[19393]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 23:51:10 host sshd[19393]: Failed password for invalid user fr from 194.110.203.109 port 38642 ssh2
Jan 17 23:51:14 host sshd[19393]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 23:51:16 host sshd[19393]: Failed password for invalid user fr from 194.110.203.109 port 38642 ssh2
Jan 17 23:51:19 host sshd[19393]: Connection closed by 194.110.203.109 port 38642 [preauth]
Jan 17 23:51:19 host sshd[19393]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 17 23:54:49 host sshd[19928]: Invalid user ubnt from 5.181.80.142 port 59932
Jan 17 23:54:49 host sshd[19928]: input_userauth_request: invalid user ubnt [preauth]
Jan 17 23:54:49 host sshd[19928]: pam_unix(sshd:auth): check pass; user unknown
Jan 17 23:54:49 host sshd[19928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.181.80.142
Jan 17 23:54:51 host sshd[19928]: Failed password for invalid user ubnt from 5.181.80.142 port 59932 ssh2
Jan 17 23:54:51 host sshd[19928]: Received disconnect from 5.181.80.142 port 59932:11: Bye Bye [preauth]
Jan 17 23:54:51 host sshd[19928]: Disconnected from 5.181.80.142 port 59932 [preauth]
Jan 17 23:55:02 host sshd[19981]: User mysql from 148.66.132.190 not allowed because not listed in AllowUsers
Jan 17 23:55:02 host sshd[19981]: input_userauth_request: invalid user mysql [preauth]
Jan 17 23:55:02 host unix_chkpwd[19983]: password check failed for user (mysql)
Jan 17 23:55:02 host sshd[19981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.66.132.190 user=mysql
Jan 17 23:55:02 host sshd[19981]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 17 23:55:04 host sshd[19981]: Failed password for invalid user mysql from 148.66.132.190 port 53058 ssh2
Jan 17 23:55:04 host sshd[19981]: Received disconnect from 148.66.132.190 port 53058:11: Bye Bye [preauth]
Jan 17 23:55:04 host sshd[19981]: Disconnected from 148.66.132.190 port 53058 [preauth]
Jan 18 00:00:33 host sshd[20912]: User root from 59.124.202.193 not allowed because not listed in AllowUsers
Jan 18 00:00:33 host sshd[20912]: input_userauth_request: invalid user root [preauth]
Jan 18 00:00:33 host unix_chkpwd[20916]: password check failed for user (root)
Jan 18 00:00:33 host sshd[20912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.124.202.193 user=root
Jan 18 00:00:33 host sshd[20912]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 00:00:35 host sshd[20912]: Failed password for invalid user root from 59.124.202.193 port 60031 ssh2
Jan 18 00:00:37 host unix_chkpwd[20920]: password check failed for user (root)
Jan 18 00:00:37 host sshd[20912]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 00:00:39 host sshd[20912]: Failed password for invalid user root from 59.124.202.193 port 60031 ssh2
Jan 18 00:00:40 host unix_chkpwd[20925]: password check failed for user (root)
Jan 18 00:00:40 host sshd[20912]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 00:00:41 host sshd[20912]: Failed password for invalid user root from 59.124.202.193 port 60031 ssh2
Jan 18 00:00:42 host unix_chkpwd[20933]: password check failed for user (root)
Jan 18 00:00:42 host sshd[20912]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 00:00:44 host sshd[20912]: Failed password for invalid user root from 59.124.202.193 port 60031 ssh2
Jan 18 00:02:49 host sshd[21321]: User root from 148.66.132.190 not allowed because not listed in AllowUsers
Jan 18 00:02:49 host sshd[21321]: input_userauth_request: invalid user root [preauth]
Jan 18 00:02:49 host unix_chkpwd[21323]: password check failed for user (root)
Jan 18 00:02:49 host sshd[21321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.66.132.190 user=root
Jan 18 00:02:49 host sshd[21321]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 00:02:51 host sshd[21321]: Failed password for invalid user root from 148.66.132.190 port 53278 ssh2
Jan 18 00:02:51 host sshd[21321]: Received disconnect from 148.66.132.190 port 53278:11: Bye Bye [preauth]
Jan 18 00:02:51 host sshd[21321]: Disconnected from 148.66.132.190 port 53278 [preauth]
Jan 18 00:04:18 host sshd[21496]: User root from 148.66.132.190 not allowed because not listed in AllowUsers
Jan 18 00:04:18 host sshd[21496]: input_userauth_request: invalid user root [preauth]
Jan 18 00:04:18 host unix_chkpwd[21498]: password check failed for user (root)
Jan 18 00:04:18 host sshd[21496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.66.132.190 user=root
Jan 18 00:04:18 host sshd[21496]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 00:04:21 host sshd[21496]: Failed password for invalid user root from 148.66.132.190 port 47738 ssh2
Jan 18 00:04:21 host sshd[21496]: Received disconnect from 148.66.132.190 port 47738:11: Bye Bye [preauth]
Jan 18 00:04:21 host sshd[21496]: Disconnected from 148.66.132.190 port 47738 [preauth]
Jan 18 00:06:07 host sshd[21781]: Invalid user support from 122.116.76.100 port 44785
Jan 18 00:06:07 host sshd[21781]: input_userauth_request: invalid user support [preauth]
Jan 18 00:06:07 host sshd[21781]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:06:07 host sshd[21781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.76.100
Jan 18 00:06:09 host sshd[21781]: Failed password for invalid user support from 122.116.76.100 port 44785 ssh2
Jan 18 00:06:10 host sshd[21781]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:06:11 host sshd[21781]: Failed password for invalid user support from 122.116.76.100 port 44785 ssh2
Jan 18 00:06:12 host sshd[21781]: Connection reset by 122.116.76.100 port 44785 [preauth]
Jan 18 00:06:12 host sshd[21781]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.76.100
Jan 18 00:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 00:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 00:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=a2zgroup user-2=dartsimp user-3=laundryboniface user-4=wwwkaretakers user-5=cochintaxi user-6=travelboniface user-7=ugotscom user-8=wwwresourcehunte user-9=keralaholi user-10=wwwrmswll user-11=wwwpmcresource user-12=shalinijames user-13=wwwtestugo user-14=vfmassets user-15=pmcresources user-16=remysagr user-17=disposeat user-18=wwwkmaorg user-19=wwwkapin user-20=woodpeck user-21=kottayamcalldriv user-22=phmetals user-23=palco123 user-24=gifterman user-25=wwwnexidigital user-26=mrsclean user-27=wwwevmhonda user-28=bonifacegroup user-29=straightcurve user-30=wwwletsstalkfood feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 00:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-K4v8iv5Hmuh0izNm.~
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-K4v8iv5Hmuh0izNm.~'
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-K4v8iv5Hmuh0izNm.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 00:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 00:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 00:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 00:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 00:24:21 host sshd[26091]: Connection closed by 45.79.181.251 port 32596 [preauth]
Jan 18 00:24:24 host sshd[26098]: Connection closed by 45.79.181.251 port 32600 [preauth]
Jan 18 00:24:25 host sshd[26108]: Did not receive identification string from 45.79.181.251 port 32602
Jan 18 00:33:49 host sshd[27687]: Invalid user admin from 220.84.234.193 port 59725
Jan 18 00:33:49 host sshd[27687]: input_userauth_request: invalid user admin [preauth]
Jan 18 00:33:49 host sshd[27687]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:33:49 host sshd[27687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.84.234.193
Jan 18 00:33:51 host sshd[27687]: Failed password for invalid user admin from 220.84.234.193 port 59725 ssh2
Jan 18 00:33:52 host sshd[27687]: Connection closed by 220.84.234.193 port 59725 [preauth]
Jan 18 00:39:48 host sshd[28634]: Bad protocol version identification '\003' from 92.255.85.183 port 61612
Jan 18 00:56:40 host sshd[31109]: Invalid user zyfwp from 112.168.206.177 port 41274
Jan 18 00:56:40 host sshd[31109]: input_userauth_request: invalid user zyfwp [preauth]
Jan 18 00:56:40 host sshd[31109]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:56:40 host sshd[31109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.168.206.177
Jan 18 00:56:40 host sshd[31112]: Invalid user admin from 121.184.138.195 port 57741
Jan 18 00:56:40 host sshd[31112]: input_userauth_request: invalid user admin [preauth]
Jan 18 00:56:40 host sshd[31112]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:56:40 host sshd[31112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.138.195
Jan 18 00:56:41 host sshd[31109]: Failed password for invalid user zyfwp from 112.168.206.177 port 41274 ssh2
Jan 18 00:56:41 host sshd[31112]: Failed password for invalid user admin from 121.184.138.195 port 57741 ssh2
Jan 18 00:56:41 host sshd[31112]: Failed password for invalid user admin from 121.184.138.195 port 57741 ssh2
Jan 18 00:56:41 host sshd[31112]: Connection reset by 121.184.138.195 port 57741 [preauth]
Jan 18 00:56:42 host sshd[31109]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:56:44 host sshd[31109]: Failed password for invalid user zyfwp from 112.168.206.177 port 41274 ssh2
Jan 18 00:56:45 host sshd[31109]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:56:47 host sshd[31109]: Failed password for invalid user zyfwp from 112.168.206.177 port 41274 ssh2
Jan 18 00:56:48 host sshd[31109]: Connection closed by 112.168.206.177 port 41274 [preauth]
Jan 18 00:56:48 host sshd[31109]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.168.206.177
Jan 18 00:58:06 host sshd[31397]: User root from 59.127.142.248 not allowed because not listed in AllowUsers
Jan 18 00:58:06 host sshd[31397]: input_userauth_request: invalid user root [preauth]
Jan 18 00:58:06 host unix_chkpwd[31401]: password check failed for user (root)
Jan 18 00:58:06 host sshd[31397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.142.248 user=root
Jan 18 00:58:06 host sshd[31397]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 00:58:08 host sshd[31397]: Failed password for invalid user root from 59.127.142.248 port 60520 ssh2
Jan 18 00:58:09 host unix_chkpwd[31404]: password check failed for user (root)
Jan 18 00:58:09 host sshd[31397]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 00:58:11 host sshd[31397]: Failed password for invalid user root from 59.127.142.248 port 60520 ssh2
Jan 18 00:58:12 host unix_chkpwd[31415]: password check failed for user (root)
Jan 18 00:58:12 host sshd[31397]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 00:58:14 host sshd[31397]: Failed password for invalid user root from 59.127.142.248 port 60520 ssh2
Jan 18 00:58:14 host unix_chkpwd[31418]: password check failed for user (root)
Jan 18 00:58:14 host sshd[31397]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 00:58:17 host sshd[31397]: Failed password for invalid user root from 59.127.142.248 port 60520 ssh2
Jan 18 00:59:06 host sshd[31533]: Invalid user admin from 125.228.161.61 port 41285
Jan 18 00:59:06 host sshd[31533]: input_userauth_request: invalid user admin [preauth]
Jan 18 00:59:06 host sshd[31533]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:59:06 host sshd[31533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.161.61
Jan 18 00:59:08 host sshd[31533]: Failed password for invalid user admin from 125.228.161.61 port 41285 ssh2
Jan 18 00:59:08 host sshd[31533]: Failed password for invalid user admin from 125.228.161.61 port 41285 ssh2
Jan 18 00:59:09 host sshd[31533]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:59:11 host sshd[31533]: Failed password for invalid user admin from 125.228.161.61 port 41285 ssh2
Jan 18 00:59:12 host sshd[31533]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:59:14 host sshd[31533]: Failed password for invalid user admin from 125.228.161.61 port 41285 ssh2
Jan 18 00:59:14 host sshd[31533]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:59:17 host sshd[31533]: Failed password for invalid user admin from 125.228.161.61 port 41285 ssh2
Jan 18 00:59:48 host sshd[31643]: Invalid user super from 122.117.33.133 port 58634
Jan 18 00:59:48 host sshd[31643]: input_userauth_request: invalid user super [preauth]
Jan 18 00:59:48 host sshd[31643]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:59:48 host sshd[31643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.33.133
Jan 18 00:59:50 host sshd[31643]: Failed password for invalid user super from 122.117.33.133 port 58634 ssh2
Jan 18 00:59:50 host sshd[31643]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:59:53 host sshd[31643]: Failed password for invalid user super from 122.117.33.133 port 58634 ssh2
Jan 18 00:59:53 host sshd[31643]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:59:55 host sshd[31643]: Failed password for invalid user super from 122.117.33.133 port 58634 ssh2
Jan 18 00:59:56 host sshd[31643]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 00:59:58 host sshd[31643]: Failed password for invalid user super from 122.117.33.133 port 58634 ssh2
Jan 18 00:59:58 host sshd[31643]: Failed password for invalid user super from 122.117.33.133 port 58634 ssh2
Jan 18 00:59:58 host sshd[31643]: Connection closed by 122.117.33.133 port 58634 [preauth]
Jan 18 00:59:58 host sshd[31643]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.33.133
Jan 18 00:59:58 host sshd[31643]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 18 01:03:47 host sshd[32232]: Did not receive identification string from 107.170.241.29 port 45530
Jan 18 01:10:57 host sshd[735]: Connection reset by 14.45.72.99 port 56462 [preauth]
Jan 18 01:11:10 host sshd[765]: Connection reset by 1.34.62.30 port 56674 [preauth]
Jan 18 01:15:51 host sshd[1433]: User root from 71.45.192.87 not allowed because not listed in AllowUsers
Jan 18 01:15:51 host sshd[1433]: input_userauth_request: invalid user root [preauth]
Jan 18 01:15:51 host unix_chkpwd[1440]: password check failed for user (root)
Jan 18 01:15:51 host sshd[1433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=71.45.192.87 user=root
Jan 18 01:15:51 host sshd[1433]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 01:15:54 host sshd[1433]: Failed password for invalid user root from 71.45.192.87 port 42985 ssh2
Jan 18 01:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 01:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 01:21:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=vfmassets user-2=wwwtestugo user-3=shalinijames user-4=pmcresources user-5=disposeat user-6=remysagr user-7=wwwkmaorg user-8=wwwkapin user-9=woodpeck user-10=gifterman user-11=palco123 user-12=kottayamcalldriv user-13=phmetals user-14=mrsclean user-15=wwwnexidigital user-16=bonifacegroup user-17=wwwevmhonda user-18=straightcurve user-19=wwwletsstalkfood user-20=dartsimp user-21=a2zgroup user-22=laundryboniface user-23=cochintaxi user-24=wwwkaretakers user-25=travelboniface user-26=wwwrmswll user-27=wwwresourcehunte user-28=keralaholi user-29=ugotscom user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 01:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-CrSy6jJFgfmAWuKT.~
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-CrSy6jJFgfmAWuKT.~'
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-CrSy6jJFgfmAWuKT.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 01:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 01:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 01:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 01:27:53 host sshd[3744]: Connection reset by 60.52.16.193 port 45975 [preauth]
Jan 18 01:38:19 host sshd[5198]: User root from 110.35.173.2 not allowed because not listed in AllowUsers
Jan 18 01:38:19 host sshd[5198]: input_userauth_request: invalid user root [preauth]
Jan 18 01:38:19 host unix_chkpwd[5201]: password check failed for user (root)
Jan 18 01:38:19 host sshd[5198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.35.173.2 user=root
Jan 18 01:38:19 host sshd[5198]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 01:38:21 host sshd[5198]: Failed password for invalid user root from 110.35.173.2 port 4767 ssh2
Jan 18 01:38:21 host sshd[5198]: Received disconnect from 110.35.173.2 port 4767:11: Bye Bye [preauth]
Jan 18 01:38:21 host sshd[5198]: Disconnected from 110.35.173.2 port 4767 [preauth]
Jan 18 01:40:48 host sshd[5583]: Invalid user fs from 194.110.203.109 port 59672
Jan 18 01:40:48 host sshd[5583]: input_userauth_request: invalid user fs [preauth]
Jan 18 01:40:48 host sshd[5583]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:40:48 host sshd[5583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 01:40:49 host sshd[5583]: Failed password for invalid user fs from 194.110.203.109 port 59672 ssh2
Jan 18 01:40:53 host sshd[5583]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:40:54 host sshd[5583]: Failed password for invalid user fs from 194.110.203.109 port 59672 ssh2
Jan 18 01:40:58 host sshd[5583]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:41:00 host sshd[5583]: Failed password for invalid user fs from 194.110.203.109 port 59672 ssh2
Jan 18 01:41:03 host sshd[5583]: Connection closed by 194.110.203.109 port 59672 [preauth]
Jan 18 01:41:03 host sshd[5583]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 01:43:17 host sshd[5861]: Invalid user sonar from 211.252.87.118 port 59998
Jan 18 01:43:17 host sshd[5861]: input_userauth_request: invalid user sonar [preauth]
Jan 18 01:43:17 host sshd[5861]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:43:17 host sshd[5861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.252.87.118
Jan 18 01:43:19 host sshd[5861]: Failed password for invalid user sonar from 211.252.87.118 port 59998 ssh2
Jan 18 01:43:19 host sshd[5861]: Received disconnect from 211.252.87.118 port 59998:11: Bye Bye [preauth]
Jan 18 01:43:19 host sshd[5861]: Disconnected from 211.252.87.118 port 59998 [preauth]
Jan 18 01:45:01 host sshd[6182]: Did not receive identification string from 101.43.93.18 port 46640
Jan 18 01:45:04 host sshd[6193]: User root from 101.43.93.18 not allowed because not listed in AllowUsers
Jan 18 01:45:04 host sshd[6193]: input_userauth_request: invalid user root [preauth]
Jan 18 01:45:04 host sshd[6197]: Invalid user pi from 101.43.93.18 port 47038
Jan 18 01:45:04 host sshd[6197]: input_userauth_request: invalid user pi [preauth]
Jan 18 01:45:04 host sshd[6206]: User root from 101.43.93.18 not allowed because not listed in AllowUsers
Jan 18 01:45:04 host sshd[6206]: input_userauth_request: invalid user root [preauth]
Jan 18 01:45:04 host sshd[6204]: Invalid user oracle from 101.43.93.18 port 47040
Jan 18 01:45:04 host sshd[6204]: input_userauth_request: invalid user oracle [preauth]
Jan 18 01:45:04 host sshd[6211]: User root from 101.43.93.18 not allowed because not listed in AllowUsers
Jan 18 01:45:04 host sshd[6211]: input_userauth_request: invalid user root [preauth]
Jan 18 01:45:04 host unix_chkpwd[6222]: password check failed for user (root)
Jan 18 01:45:04 host sshd[6193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.43.93.18 user=root
Jan 18 01:45:04 host sshd[6193]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 01:45:04 host sshd[6197]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:45:04 host sshd[6197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.43.93.18
Jan 18 01:45:04 host sshd[6204]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:45:04 host sshd[6204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.43.93.18
Jan 18 01:45:04 host unix_chkpwd[6224]: password check failed for user (root)
Jan 18 01:45:04 host sshd[6206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.43.93.18 user=root
Jan 18 01:45:04 host sshd[6206]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 01:45:04 host unix_chkpwd[6225]: password check failed for user (root)
Jan 18 01:45:04 host sshd[6211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.43.93.18 user=root
Jan 18 01:45:04 host sshd[6211]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 01:45:06 host sshd[6193]: Failed password for invalid user root from 101.43.93.18 port 47018 ssh2
Jan 18 01:45:06 host sshd[6193]: Connection closed by 101.43.93.18 port 47018 [preauth]
Jan 18 01:45:06 host sshd[6197]: Failed password for invalid user pi from 101.43.93.18 port 47038 ssh2
Jan 18 01:45:06 host sshd[6197]: Connection closed by 101.43.93.18 port 47038 [preauth]
Jan 18 01:45:07 host sshd[6204]: Failed password for invalid user oracle from 101.43.93.18 port 47040 ssh2
Jan 18 01:45:07 host sshd[6204]: Connection closed by 101.43.93.18 port 47040 [preauth]
Jan 18 01:45:07 host sshd[6206]: Failed password for invalid user root from 101.43.93.18 port 47020 ssh2
Jan 18 01:45:07 host sshd[6206]: Connection closed by 101.43.93.18 port 47020 [preauth]
Jan 18 01:45:07 host sshd[6211]: Failed password for invalid user root from 101.43.93.18 port 47010 ssh2
Jan 18 01:45:07 host sshd[6211]: Connection closed by 101.43.93.18 port 47010 [preauth]
Jan 18 01:46:14 host sshd[6499]: Bad protocol version identification '\026\003\001\001\t\001' from 23.248.175.154 port 43656
Jan 18 01:46:16 host sshd[6502]: Bad protocol version identification 'GET / HTTP/1.1' from 23.248.175.154 port 45046
Jan 18 01:46:17 host sshd[6507]: Bad protocol version identification '' from 23.248.175.154 port 45514
Jan 18 01:47:47 host sshd[6696]: Invalid user ali from 165.227.133.23 port 43380
Jan 18 01:47:47 host sshd[6696]: input_userauth_request: invalid user ali [preauth]
Jan 18 01:47:47 host sshd[6696]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:47:47 host sshd[6696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.133.23
Jan 18 01:47:49 host sshd[6696]: Failed password for invalid user ali from 165.227.133.23 port 43380 ssh2
Jan 18 01:47:49 host sshd[6696]: Received disconnect from 165.227.133.23 port 43380:11: Bye Bye [preauth]
Jan 18 01:47:49 host sshd[6696]: Disconnected from 165.227.133.23 port 43380 [preauth]
Jan 18 01:48:58 host sshd[6821]: User root from 43.159.50.66 not allowed because not listed in AllowUsers
Jan 18 01:48:58 host sshd[6821]: input_userauth_request: invalid user root [preauth]
Jan 18 01:48:58 host unix_chkpwd[6824]: password check failed for user (root)
Jan 18 01:48:58 host sshd[6821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.50.66 user=root
Jan 18 01:48:58 host sshd[6821]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 01:49:00 host sshd[6821]: Failed password for invalid user root from 43.159.50.66 port 40890 ssh2
Jan 18 01:49:00 host sshd[6821]: Received disconnect from 43.159.50.66 port 40890:11: Bye Bye [preauth]
Jan 18 01:49:00 host sshd[6821]: Disconnected from 43.159.50.66 port 40890 [preauth]
Jan 18 01:49:37 host sshd[6897]: Invalid user kevin from 211.252.87.118 port 60262
Jan 18 01:49:37 host sshd[6897]: input_userauth_request: invalid user kevin [preauth]
Jan 18 01:49:37 host sshd[6897]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:49:37 host sshd[6897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.252.87.118
Jan 18 01:49:39 host sshd[6897]: Failed password for invalid user kevin from 211.252.87.118 port 60262 ssh2
Jan 18 01:49:39 host sshd[6897]: Received disconnect from 211.252.87.118 port 60262:11: Bye Bye [preauth]
Jan 18 01:49:39 host sshd[6897]: Disconnected from 211.252.87.118 port 60262 [preauth]
Jan 18 01:50:55 host sshd[7169]: Invalid user admin123 from 165.227.133.23 port 51336
Jan 18 01:50:55 host sshd[7169]: input_userauth_request: invalid user admin123 [preauth]
Jan 18 01:50:55 host sshd[7169]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:50:55 host sshd[7169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.133.23
Jan 18 01:50:55 host sshd[7172]: User root from 211.252.87.118 not allowed because not listed in AllowUsers
Jan 18 01:50:55 host sshd[7172]: input_userauth_request: invalid user root [preauth]
Jan 18 01:50:55 host unix_chkpwd[7175]: password check failed for user (root)
Jan 18 01:50:55 host sshd[7172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.252.87.118 user=root
Jan 18 01:50:55 host sshd[7172]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 01:50:57 host sshd[7169]: Failed password for invalid user admin123 from 165.227.133.23 port 51336 ssh2
Jan 18 01:50:57 host sshd[7169]: Received disconnect from 165.227.133.23 port 51336:11: Bye Bye [preauth]
Jan 18 01:50:57 host sshd[7169]: Disconnected from 165.227.133.23 port 51336 [preauth]
Jan 18 01:50:57 host sshd[7172]: Failed password for invalid user root from 211.252.87.118 port 60372 ssh2
Jan 18 01:51:56 host sshd[7307]: Invalid user mc from 165.227.133.23 port 45412
Jan 18 01:51:56 host sshd[7307]: input_userauth_request: invalid user mc [preauth]
Jan 18 01:51:56 host sshd[7307]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:51:56 host sshd[7307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.133.23
Jan 18 01:51:58 host sshd[7307]: Failed password for invalid user mc from 165.227.133.23 port 45412 ssh2
Jan 18 01:53:04 host sshd[7457]: Invalid user tester from 144.34.212.207 port 34816
Jan 18 01:53:04 host sshd[7457]: input_userauth_request: invalid user tester [preauth]
Jan 18 01:53:04 host sshd[7457]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:53:04 host sshd[7457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.34.212.207
Jan 18 01:53:06 host sshd[7457]: Failed password for invalid user tester from 144.34.212.207 port 34816 ssh2
Jan 18 01:53:06 host sshd[7457]: Received disconnect from 144.34.212.207 port 34816:11: Bye Bye [preauth]
Jan 18 01:53:06 host sshd[7457]: Disconnected from 144.34.212.207 port 34816 [preauth]
Jan 18 01:53:50 host sshd[7537]: User root from 43.159.50.66 not allowed because not listed in AllowUsers
Jan 18 01:53:50 host sshd[7537]: input_userauth_request: invalid user root [preauth]
Jan 18 01:53:50 host unix_chkpwd[7539]: password check failed for user (root)
Jan 18 01:53:50 host sshd[7537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.50.66 user=root
Jan 18 01:53:50 host sshd[7537]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 01:53:52 host sshd[7537]: Failed password for invalid user root from 43.159.50.66 port 58044 ssh2
Jan 18 01:53:52 host sshd[7537]: Received disconnect from 43.159.50.66 port 58044:11: Bye Bye [preauth]
Jan 18 01:53:52 host sshd[7537]: Disconnected from 43.159.50.66 port 58044 [preauth]
Jan 18 01:56:45 host sshd[7979]: Invalid user deployer from 144.34.212.207 port 49038
Jan 18 01:56:45 host sshd[7979]: input_userauth_request: invalid user deployer [preauth]
Jan 18 01:56:45 host sshd[7979]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:56:45 host sshd[7979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.34.212.207
Jan 18 01:56:48 host sshd[7979]: Failed password for invalid user deployer from 144.34.212.207 port 49038 ssh2
Jan 18 01:56:48 host sshd[7979]: Received disconnect from 144.34.212.207 port 49038:11: Bye Bye [preauth]
Jan 18 01:56:48 host sshd[7979]: Disconnected from 144.34.212.207 port 49038 [preauth]
Jan 18 01:56:55 host sshd[7994]: Invalid user gitlab-runner from 171.236.224.201 port 48014
Jan 18 01:56:55 host sshd[7994]: input_userauth_request: invalid user gitlab-runner [preauth]
Jan 18 01:56:55 host sshd[7994]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:56:55 host sshd[7994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.236.224.201
Jan 18 01:56:55 host sshd[7992]: Invalid user sFTPUser from 171.236.224.201 port 48024
Jan 18 01:56:55 host sshd[7992]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 18 01:56:55 host sshd[7992]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:56:55 host sshd[7992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.236.224.201
Jan 18 01:56:57 host sshd[7994]: Failed password for invalid user gitlab-runner from 171.236.224.201 port 48014 ssh2
Jan 18 01:56:58 host sshd[7992]: Failed password for invalid user sFTPUser from 171.236.224.201 port 48024 ssh2
Jan 18 01:56:59 host sshd[7994]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:57:02 host sshd[7994]: Failed password for invalid user gitlab-runner from 171.236.224.201 port 48014 ssh2
Jan 18 01:58:08 host sshd[8164]: Invalid user ts3 from 144.34.212.207 port 47456
Jan 18 01:58:08 host sshd[8164]: input_userauth_request: invalid user ts3 [preauth]
Jan 18 01:58:08 host sshd[8164]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 01:58:08 host sshd[8164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.34.212.207
Jan 18 01:58:10 host sshd[8164]: Failed password for invalid user ts3 from 144.34.212.207 port 47456 ssh2
Jan 18 01:58:10 host sshd[8164]: Received disconnect from 144.34.212.207 port 47456:11: Bye Bye [preauth]
Jan 18 01:58:10 host sshd[8164]: Disconnected from 144.34.212.207 port 47456 [preauth]
Jan 18 02:06:51 host sshd[9440]: User root from 61.75.83.20 not allowed because not listed in AllowUsers
Jan 18 02:06:51 host sshd[9440]: input_userauth_request: invalid user root [preauth]
Jan 18 02:06:51 host unix_chkpwd[9444]: password check failed for user (root)
Jan 18 02:06:51 host sshd[9440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.75.83.20 user=root
Jan 18 02:06:51 host sshd[9440]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:06:53 host sshd[9440]: Failed password for invalid user root from 61.75.83.20 port 36272 ssh2
Jan 18 02:10:58 host sshd[9895]: Invalid user admin from 220.132.148.108 port 54690
Jan 18 02:10:58 host sshd[9895]: input_userauth_request: invalid user admin [preauth]
Jan 18 02:10:58 host sshd[9895]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:10:58 host sshd[9895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.148.108
Jan 18 02:10:59 host sshd[9895]: Failed password for invalid user admin from 220.132.148.108 port 54690 ssh2
Jan 18 02:11:00 host sshd[9895]: Failed password for invalid user admin from 220.132.148.108 port 54690 ssh2
Jan 18 02:11:02 host sshd[9895]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:11:03 host sshd[9895]: Failed password for invalid user admin from 220.132.148.108 port 54690 ssh2
Jan 18 02:11:04 host sshd[9895]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:11:06 host sshd[9895]: Failed password for invalid user admin from 220.132.148.108 port 54690 ssh2
Jan 18 02:11:07 host sshd[9895]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:11:10 host sshd[9895]: Failed password for invalid user admin from 220.132.148.108 port 54690 ssh2
Jan 18 02:17:03 host sshd[10846]: Invalid user dlxuser from 211.193.0.220 port 60667
Jan 18 02:17:03 host sshd[10846]: input_userauth_request: invalid user dlxuser [preauth]
Jan 18 02:17:03 host sshd[10846]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:17:03 host sshd[10846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.193.0.220
Jan 18 02:17:05 host sshd[10846]: Failed password for invalid user dlxuser from 211.193.0.220 port 60667 ssh2
Jan 18 02:17:06 host sshd[10846]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:17:08 host sshd[10846]: Failed password for invalid user dlxuser from 211.193.0.220 port 60667 ssh2
Jan 18 02:17:09 host sshd[10846]: Failed password for invalid user dlxuser from 211.193.0.220 port 60667 ssh2
Jan 18 02:17:09 host sshd[10846]: Connection closed by 211.193.0.220 port 60667 [preauth]
Jan 18 02:17:09 host sshd[10846]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.193.0.220
Jan 18 02:19:20 host sshd[11093]: User root from 210.92.177.92 not allowed because not listed in AllowUsers
Jan 18 02:19:20 host sshd[11093]: input_userauth_request: invalid user root [preauth]
Jan 18 02:19:20 host unix_chkpwd[11099]: password check failed for user (root)
Jan 18 02:19:20 host sshd[11093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.92.177.92 user=root
Jan 18 02:19:20 host sshd[11093]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:19:22 host sshd[11093]: Failed password for invalid user root from 210.92.177.92 port 61771 ssh2
Jan 18 02:19:23 host unix_chkpwd[11106]: password check failed for user (root)
Jan 18 02:19:23 host sshd[11093]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:19:24 host sshd[11093]: Failed password for invalid user root from 210.92.177.92 port 61771 ssh2
Jan 18 02:19:25 host unix_chkpwd[11109]: password check failed for user (root)
Jan 18 02:19:25 host sshd[11093]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:19:26 host sshd[11093]: Failed password for invalid user root from 210.92.177.92 port 61771 ssh2
Jan 18 02:19:28 host unix_chkpwd[11134]: password check failed for user (root)
Jan 18 02:19:28 host sshd[11093]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:19:30 host sshd[11093]: Failed password for invalid user root from 210.92.177.92 port 61771 ssh2
Jan 18 02:21:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=a2zgroup user-2=dartsimp user-3=laundryboniface user-4=cochintaxi user-5=wwwkaretakers user-6=travelboniface user-7=ugotscom user-8=wwwresourcehunte user-9=keralaholi user-10=wwwrmswll user-11=wwwpmcresource user-12=shalinijames user-13=wwwtestugo user-14=vfmassets user-15=pmcresources user-16=remysagr user-17=disposeat user-18=wwwkmaorg user-19=wwwkapin user-20=woodpeck user-21=kottayamcalldriv user-22=phmetals user-23=palco123 user-24=gifterman user-25=mrsclean user-26=wwwnexidigital user-27=wwwevmhonda user-28=bonifacegroup user-29=wwwletsstalkfood user-30=straightcurve feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 02:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-MeeZZo1zzTqXbPqX.~
Jan 18 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-MeeZZo1zzTqXbPqX.~'
Jan 18 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-MeeZZo1zzTqXbPqX.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 02:21:15 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 02:21:15 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 02:21:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 02:21:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 02:21:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 02:21:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 02:21:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:21:17 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 02:21:17 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:21:17 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:24:32 host sshd[12090]: User tomcat from 101.78.234.109 not allowed because not listed in AllowUsers
Jan 18 02:24:32 host sshd[12090]: input_userauth_request: invalid user tomcat [preauth]
Jan 18 02:24:32 host unix_chkpwd[12093]: password check failed for user (tomcat)
Jan 18 02:24:32 host sshd[12090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.78.234.109 user=tomcat
Jan 18 02:24:32 host sshd[12090]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "tomcat"
Jan 18 02:24:35 host sshd[12090]: Failed password for invalid user tomcat from 101.78.234.109 port 49160 ssh2
Jan 18 02:24:35 host sshd[12090]: Received disconnect from 101.78.234.109 port 49160:11: Bye Bye [preauth]
Jan 18 02:24:35 host sshd[12090]: Disconnected from 101.78.234.109 port 49160 [preauth]
Jan 18 02:26:02 host sshd[12252]: Invalid user allen from 107.189.30.59 port 56472
Jan 18 02:26:02 host sshd[12252]: input_userauth_request: invalid user allen [preauth]
Jan 18 02:26:02 host sshd[12252]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:26:02 host sshd[12252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 18 02:26:04 host sshd[12252]: Failed password for invalid user allen from 107.189.30.59 port 56472 ssh2
Jan 18 02:26:05 host sshd[12252]: Connection closed by 107.189.30.59 port 56472 [preauth]
Jan 18 02:26:53 host sshd[12356]: User root from 209.141.55.27 not allowed because not listed in AllowUsers
Jan 18 02:26:53 host sshd[12356]: input_userauth_request: invalid user root [preauth]
Jan 18 02:26:53 host unix_chkpwd[12360]: password check failed for user (root)
Jan 18 02:26:53 host sshd[12356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.55.27 user=root
Jan 18 02:26:53 host sshd[12356]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:26:55 host sshd[12356]: Failed password for invalid user root from 209.141.55.27 port 45768 ssh2
Jan 18 02:26:55 host sshd[12356]: Received disconnect from 209.141.55.27 port 45768:11: Normal Shutdown, Thank you for playing [preauth]
Jan 18 02:26:55 host sshd[12356]: Disconnected from 209.141.55.27 port 45768 [preauth]
Jan 18 02:28:04 host sshd[12597]: Invalid user admin from 36.89.217.30 port 56844
Jan 18 02:28:04 host sshd[12597]: input_userauth_request: invalid user admin [preauth]
Jan 18 02:28:04 host sshd[12597]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:28:04 host sshd[12597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.217.30
Jan 18 02:28:06 host sshd[12597]: Failed password for invalid user admin from 36.89.217.30 port 56844 ssh2
Jan 18 02:28:06 host sshd[12597]: Received disconnect from 36.89.217.30 port 56844:11: Bye Bye [preauth]
Jan 18 02:28:06 host sshd[12597]: Disconnected from 36.89.217.30 port 56844 [preauth]
Jan 18 02:28:46 host sshd[12685]: Invalid user ark from 134.209.69.41 port 34816
Jan 18 02:28:46 host sshd[12685]: input_userauth_request: invalid user ark [preauth]
Jan 18 02:28:46 host sshd[12685]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:28:46 host sshd[12685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.69.41
Jan 18 02:28:48 host sshd[12685]: Failed password for invalid user ark from 134.209.69.41 port 34816 ssh2
Jan 18 02:28:48 host sshd[12685]: Received disconnect from 134.209.69.41 port 34816:11: Bye Bye [preauth]
Jan 18 02:28:48 host sshd[12685]: Disconnected from 134.209.69.41 port 34816 [preauth]
Jan 18 02:28:54 host sshd[12694]: Invalid user admin from 121.121.214.7 port 58963
Jan 18 02:28:54 host sshd[12694]: input_userauth_request: invalid user admin [preauth]
Jan 18 02:28:54 host sshd[12694]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:28:54 host sshd[12694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.121.214.7
Jan 18 02:28:56 host sshd[12694]: Failed password for invalid user admin from 121.121.214.7 port 58963 ssh2
Jan 18 02:28:56 host sshd[12694]: Connection reset by 121.121.214.7 port 58963 [preauth]
Jan 18 02:29:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 02:29:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:29:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 02:29:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:29:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 02:29:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:29:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 02:29:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:29:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 02:29:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:29:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=ugotscom user-4=wwwresourcehunte user-5=keralaholi user-6=wwwrmswll user-7=wwwkaretakers user-8=cochintaxi user-9=a2zgroup user-10=dartsimp user-11=laundryboniface user-12=wwwevmhonda user-13=bonifacegroup user-14=wwwletsstalkfood user-15=straightcurve user-16=phmetals user-17=kottayamcalldriv user-18=palco123 user-19=gifterman user-20=wwwnexidigital user-21=mrsclean user-22=remysagr user-23=disposeat user-24=wwwkmaorg user-25=wwwkapin user-26=woodpeck user-27=shalinijames user-28=wwwtestugo user-29=vfmassets user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 02:29:01 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 02:29:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:29:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwevmhonda --output=json
Jan 18 02:29:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:29:04 host sshd[12758]: Invalid user ansible from 198.46.152.229 port 52320
Jan 18 02:29:04 host sshd[12758]: input_userauth_request: invalid user ansible [preauth]
Jan 18 02:29:04 host sshd[12758]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:29:04 host sshd[12758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.46.152.229
Jan 18 02:29:07 host sshd[12758]: Failed password for invalid user ansible from 198.46.152.229 port 52320 ssh2
Jan 18 02:29:07 host sshd[12758]: Received disconnect from 198.46.152.229 port 52320:11: Bye Bye [preauth]
Jan 18 02:29:07 host sshd[12758]: Disconnected from 198.46.152.229 port 52320 [preauth]
Jan 18 02:29:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/sh -c cd /home/wwwevmhonda/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 18 02:29:12 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 18 02:29:12 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 18 02:29:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwevmhonda LangPHP php_get_vhost_versions --output=json
Jan 18 02:29:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:29:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 package_manager_get_package_info package-0=ea-php72 --output=json
Jan 18 02:29:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:29:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwletsstalkfood --output=json
Jan 18 02:29:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:29:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/sh -c cd /home/wwwletsstalkfood/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 18 02:29:32 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 18 02:29:32 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 18 02:29:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood LangPHP php_get_vhost_versions --output=json
Jan 18 02:29:32 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:32 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:29:33 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood DomainInfo single_domain_data domain=letsstalkfood.com return_https_redirect_status=1 --output=json
Jan 18 02:29:33 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:33 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:29:33 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 fetch_vhost_ssl_components --output=json
Jan 18 02:29:33 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:33 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:29:33 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 fetch_ssl_vhosts --output=json
Jan 18 02:29:33 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:33 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:29:33 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood Mime list_redirects --output=json
Jan 18 02:29:34 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:29:34 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood DirectoryPrivacy is_directory_protected dir=/home/wwwletsstalkfood/public_html --output=json
Jan 18 02:30:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:09 host sshd[13140]: Invalid user nexus from 101.78.234.109 port 44790
Jan 18 02:30:09 host sshd[13140]: input_userauth_request: invalid user nexus [preauth]
Jan 18 02:30:09 host sshd[13140]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:30:09 host sshd[13140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.78.234.109
Jan 18 02:30:12 host sshd[13140]: Failed password for invalid user nexus from 101.78.234.109 port 44790 ssh2
Jan 18 02:30:12 host sshd[13140]: Received disconnect from 101.78.234.109 port 44790:11: Bye Bye [preauth]
Jan 18 02:30:12 host sshd[13140]: Disconnected from 101.78.234.109 port 44790 [preauth]
Jan 18 02:30:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=mrsclean --output=json
Jan 18 02:30:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean DomainInfo single_domain_data domain=mrsclean.co.in return_https_redirect_status=1 --output=json
Jan 18 02:30:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean Mime list_redirects --output=json
Jan 18 02:30:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/sh -c cd /home/mrsclean/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 18 02:30:14 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 18 02:30:14 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 18 02:30:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean LangPHP php_get_vhost_versions --output=json
Jan 18 02:30:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 02:30:14 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 02:30:14 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 02:30:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/sh -c cd /home/mrsclean/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 18 02:30:15 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 18 02:30:15 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 18 02:30:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=shalinijames --output=json
Jan 18 02:30:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:22 host sshd[13387]: Invalid user docker from 198.46.152.229 port 47476
Jan 18 02:30:22 host sshd[13387]: input_userauth_request: invalid user docker [preauth]
Jan 18 02:30:22 host sshd[13387]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:30:22 host sshd[13387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.46.152.229
Jan 18 02:30:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/sh -c cd /home/shalinijames/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 18 02:30:23 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 18 02:30:23 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 18 02:30:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames LangPHP php_get_vhost_versions --output=json
Jan 18 02:30:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:24 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:24 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames DomainInfo single_domain_data domain=shalinijames.com return_https_redirect_status=1 --output=json
Jan 18 02:30:24 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:24 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:24 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames Mime list_redirects --output=json
Jan 18 02:30:24 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:24 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:25 host sshd[13387]: Failed password for invalid user docker from 198.46.152.229 port 47476 ssh2
Jan 18 02:30:25 host sshd[13387]: Received disconnect from 198.46.152.229 port 47476:11: Bye Bye [preauth]
Jan 18 02:30:25 host sshd[13387]: Disconnected from 198.46.152.229 port 47476 [preauth]
Jan 18 02:30:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames DirectoryPrivacy is_directory_protected dir=/home/shalinijames/public_html --output=json
Jan 18 02:30:32 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:32 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:37 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwtestugo --output=json
Jan 18 02:30:37 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:37 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:44 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 18 02:30:44 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 18 02:30:44 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 18 02:30:44 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo LangPHP php_get_vhost_versions --output=json
Jan 18 02:30:44 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:44 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DomainInfo single_domain_data domain=testugo.in return_https_redirect_status=1 --output=json
Jan 18 02:30:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo Mime list_redirects --output=json
Jan 18 02:30:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:30:46 host sshd[13734]: Invalid user rancher from 134.209.69.41 port 34756
Jan 18 02:30:46 host sshd[13734]: input_userauth_request: invalid user rancher [preauth]
Jan 18 02:30:46 host sshd[13734]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:30:46 host sshd[13734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.69.41
Jan 18 02:30:49 host sshd[13734]: Failed password for invalid user rancher from 134.209.69.41 port 34756 ssh2
Jan 18 02:30:49 host sshd[13734]: Received disconnect from 134.209.69.41 port 34756:11: Bye Bye [preauth]
Jan 18 02:30:49 host sshd[13734]: Disconnected from 134.209.69.41 port 34756 [preauth]
Jan 18 02:30:50 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/tt1 --output=json
Jan 18 02:30:50 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:30:51 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:31:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 18 02:31:00 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 18 02:31:00 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 18 02:31:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/tt --output=json
Jan 18 02:31:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:31:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:31:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 18 02:31:16 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 18 02:31:16 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 18 02:31:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/HYPE --output=json
Jan 18 02:31:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:31:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:31:27 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=ugotscom --output=json
Jan 18 02:31:27 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:31:28 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:31:28 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DomainInfo single_domain_data domain=ugotechnologies.com return_https_redirect_status=1 --output=json
Jan 18 02:31:28 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:31:28 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:31:28 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom Mime list_redirects --output=json
Jan 18 02:31:28 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:31:28 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:31:28 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 18 02:31:28 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 02:31:28 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 02:31:28 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom LangPHP php_get_vhost_versions --output=json
Jan 18 02:31:28 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:31:28 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:31:31 host sshd[14475]: User root from 198.46.152.229 not allowed because not listed in AllowUsers
Jan 18 02:31:31 host sshd[14475]: input_userauth_request: invalid user root [preauth]
Jan 18 02:31:31 host unix_chkpwd[14481]: password check failed for user (root)
Jan 18 02:31:31 host sshd[14475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.46.152.229 user=root
Jan 18 02:31:31 host sshd[14475]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:31:33 host sshd[14475]: Failed password for invalid user root from 198.46.152.229 port 50914 ssh2
Jan 18 02:31:34 host sshd[14475]: Received disconnect from 198.46.152.229 port 50914:11: Bye Bye [preauth]
Jan 18 02:31:34 host sshd[14475]: Disconnected from 198.46.152.229 port 50914 [preauth]
Jan 18 02:31:35 host sshd[14484]: User root from 112.186.24.196 not allowed because not listed in AllowUsers
Jan 18 02:31:35 host sshd[14484]: input_userauth_request: invalid user root [preauth]
Jan 18 02:31:35 host unix_chkpwd[14522]: password check failed for user (root)
Jan 18 02:31:35 host sshd[14484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.186.24.196 user=root
Jan 18 02:31:35 host sshd[14484]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:31:36 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 18 02:31:36 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 02:31:36 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 02:31:36 host sshd[14484]: Failed password for invalid user root from 112.186.24.196 port 33573 ssh2
Jan 18 02:31:37 host unix_chkpwd[14562]: password check failed for user (root)
Jan 18 02:31:37 host sshd[14484]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:31:39 host sshd[14484]: Failed password for invalid user root from 112.186.24.196 port 33573 ssh2
Jan 18 02:31:39 host sshd[14484]: Connection reset by 112.186.24.196 port 33573 [preauth]
Jan 18 02:31:39 host sshd[14484]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.186.24.196 user=root
Jan 18 02:31:44 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DirectoryPrivacy is_directory_protected dir=/home/ugotscom/public_html/old/UGOCRM/ugo_blg --output=json
Jan 18 02:31:44 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:31:44 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:31:45 host sshd[14649]: Invalid user remnux from 134.209.69.41 port 57276
Jan 18 02:31:45 host sshd[14649]: input_userauth_request: invalid user remnux [preauth]
Jan 18 02:31:45 host sshd[14649]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:31:45 host sshd[14649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.69.41
Jan 18 02:31:47 host sshd[14649]: Failed password for invalid user remnux from 134.209.69.41 port 57276 ssh2
Jan 18 02:31:47 host sshd[14649]: Received disconnect from 134.209.69.41 port 57276:11: Bye Bye [preauth]
Jan 18 02:31:47 host sshd[14649]: Disconnected from 134.209.69.41 port 57276 [preauth]
Jan 18 02:31:52 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 18 02:31:52 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 02:31:52 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 02:31:56 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DirectoryPrivacy is_directory_protected dir=/home/ugotscom/public_html/old/site --output=json
Jan 18 02:31:56 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:31:56 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=woodpeck --output=json
Jan 18 02:32:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck DomainInfo single_domain_data domain=woodpeckerindia.com return_https_redirect_status=1 --output=json
Jan 18 02:32:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck Mime list_redirects --output=json
Jan 18 02:32:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/sh -c cd /home/woodpeck/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 18 02:32:00 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 18 02:32:00 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 18 02:32:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck LangPHP php_get_vhost_versions --output=json
Jan 18 02:32:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=palco123 --output=json
Jan 18 02:32:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/sh -c cd /home/palco123/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 18 02:32:14 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 18 02:32:14 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 18 02:32:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 LangPHP php_get_vhost_versions --output=json
Jan 18 02:32:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 DomainInfo single_domain_data domain=panlys.com return_https_redirect_status=1 --output=json
Jan 18 02:32:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 Mime list_redirects --output=json
Jan 18 02:32:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:28 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 DirectoryPrivacy is_directory_protected dir=/home/palco123/public_html --output=json
Jan 18 02:32:28 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:28 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:33 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwresourcehunte --output=json
Jan 18 02:32:33 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:33 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:40 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/sh -c cd /home/wwwresourcehunte/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 18 02:32:40 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 18 02:32:40 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 18 02:32:40 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte LangPHP php_get_vhost_versions --output=json
Jan 18 02:32:40 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:40 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:40 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte DomainInfo single_domain_data domain=resourcehunters.com return_https_redirect_status=1 --output=json
Jan 18 02:32:40 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:40 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:41 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte Mime list_redirects --output=json
Jan 18 02:32:41 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:41 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:48 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte DirectoryPrivacy is_directory_protected dir=/home/wwwresourcehunte/public_html --output=json
Jan 18 02:32:48 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:48 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:51 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwpmcresource WpToolkitNotification send_admin_auto_updates_notification 'available_updates_text=<br/><br/>Updates are available for the following items:<br/><br/>' 'available_updates_list=1. Plugin "All-in-One WP Migration" on Panlys (https://www.panlys.com). Installed version: 6.77. Available version: 7.70.<br/><br/>2. Plugin "Elementor" on Panlys (https://www.panlys.com). Installed version: 3.2.4. Available version: 3.10.1.<br/><br/>' installed_updates_text= installed_updates_list= 'failure_updates_text=Updates were not installed for the following items:<br/><br/>' 'failure_updates_list=1. Website "EVM Honda Cochin" (http://www.evmhonda.com): Failed to reset cache for the instance #1: Fatal error: Uncaught Error: Call to undefined function cardealer_is_wpml_active() in
Jan 18 02:32:51 host sudo: wp-toolkit : (command continued) /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-options.php:1041#012Stack trace:#012#0 /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-init.php(22): require_once()#012#1 /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/cardealer-helper-library.php(183): require_once('"'"'/home/wwwevmhon...'"'"')#012#2 /home/wwwevmhonda/public_html/wp-includes/class-wp-hook.php(287): cdhl_include_admin_files('"'"''"'"')#012#3 /home/wwwevmhonda/public_html/wp-includes/class-wp-hook.php(311): WP_Hook->apply_filters(NULL, Array)#012#4 /home/wwwevmhonda/public_html/wp-includes/plugin.php(478): WP_Hook->do_action(Array)#012#5 /home/wwwevmhonda/public_html/wp-settings.php(546): do_action('"'"'init'"'"')#012#6 /usr/local/cpanel/3rdparty/wp-toolkit/plib/vendor/wp-cli/vendor/wp-cli/wp-cli/php/WP_CLI/Runner.php(1356):
Jan 18 02:32:51 host sudo: wp-toolkit : (command continued) require('"'"'/home/wwwevmhon...'"'"')#012#7 /usr/local/cpanel/3rdparty/wp-toolkit/plib/ve in /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-options.php on line 1041#012Error: There has been a critical error on your website.Learn more about debugging in WordPress. There has been a critical error on your website.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>2. Website "/home/mrsclean/public_html/backup" (http://mrsclean.co.in/backup): Failed to reset cache for the instance #5: Error: Error establishing a database connection. This either means that the username and password information in your `wp-config.php` file is incorrect or we can’t contact the database server at `localhost`. This could mean your host’s database server is down.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>3. Website "/home/mrsclean/public_html/blog"
Jan 18 02:32:51 host sudo: wp-toolkit : (command continued) (http://mrsclean.co.in/blog): Failed to reset cache for the instance #6: Error: Error establishing a database connection. This either means that the username and password information in your `wp-config.php` file is incorrect or we can’t contact the database server at `localhost`. This could mean your host’s database server is down.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>4. Website "/home/ugotscom/public_html/boniface/blog" (http://ugotechnologies.com/boniface/blog): Failed to reset cache for the instance #13: Error: Error establishing a database connection.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>5. Website "/home/woodpeck/public_html/wp" (http://woodpeckerindia.com/wp): Failed to reset cache for the instance #16: [error]FailedToExecuteWpCliCommand: chdir /home/woodpeck/public_html/wp: no such file or directory[/error]#012<br/><br/>' --output=json
Jan 18 02:32:51 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:51 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c httpd -v
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/palco123/panlys.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/palco123/panlys.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/palco123/panlys.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/palco123/panlys.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:32:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:32:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:33:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 18 02:33:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 02:33:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 02:33:09 host sshd[16094]: User root from 36.89.217.30 not allowed because not listed in AllowUsers
Jan 18 02:33:09 host sshd[16094]: input_userauth_request: invalid user root [preauth]
Jan 18 02:33:09 host unix_chkpwd[16097]: password check failed for user (root)
Jan 18 02:33:09 host sshd[16094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.217.30 user=root
Jan 18 02:33:09 host sshd[16094]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:33:11 host sshd[16094]: Failed password for invalid user root from 36.89.217.30 port 40684 ssh2
Jan 18 02:33:11 host sshd[16094]: Received disconnect from 36.89.217.30 port 40684:11: Bye Bye [preauth]
Jan 18 02:33:11 host sshd[16094]: Disconnected from 36.89.217.30 port 40684 [preauth]
Jan 18 02:37:34 host sshd[16673]: Invalid user zyfwp from 1.176.240.170 port 37396
Jan 18 02:37:34 host sshd[16673]: input_userauth_request: invalid user zyfwp [preauth]
Jan 18 02:37:34 host sshd[16673]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:37:34 host sshd[16673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.176.240.170
Jan 18 02:37:36 host sshd[16673]: Failed password for invalid user zyfwp from 1.176.240.170 port 37396 ssh2
Jan 18 02:37:36 host sshd[16673]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:37:38 host sshd[16673]: Failed password for invalid user zyfwp from 1.176.240.170 port 37396 ssh2
Jan 18 02:37:39 host sshd[16673]: Connection reset by 1.176.240.170 port 37396 [preauth]
Jan 18 02:37:39 host sshd[16673]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.176.240.170
Jan 18 02:38:09 host sshd[16721]: User root from 1.34.192.10 not allowed because not listed in AllowUsers
Jan 18 02:38:09 host sshd[16721]: input_userauth_request: invalid user root [preauth]
Jan 18 02:38:09 host unix_chkpwd[16725]: password check failed for user (root)
Jan 18 02:38:09 host sshd[16721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.192.10 user=root
Jan 18 02:38:09 host sshd[16721]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:38:11 host sshd[16721]: Failed password for invalid user root from 1.34.192.10 port 58937 ssh2
Jan 18 02:38:11 host unix_chkpwd[16728]: password check failed for user (root)
Jan 18 02:38:11 host sshd[16721]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:38:14 host sshd[16721]: Failed password for invalid user root from 1.34.192.10 port 58937 ssh2
Jan 18 02:38:14 host unix_chkpwd[16732]: password check failed for user (root)
Jan 18 02:38:14 host sshd[16721]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:38:16 host sshd[16721]: Failed password for invalid user root from 1.34.192.10 port 58937 ssh2
Jan 18 02:38:16 host unix_chkpwd[16740]: password check failed for user (root)
Jan 18 02:38:16 host sshd[16721]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:38:18 host sshd[16721]: Failed password for invalid user root from 1.34.192.10 port 58937 ssh2
Jan 18 02:38:19 host unix_chkpwd[16748]: password check failed for user (root)
Jan 18 02:38:19 host sshd[16721]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 02:38:21 host sshd[16721]: Failed password for invalid user root from 1.34.192.10 port 58937 ssh2
Jan 18 02:50:23 host sshd[18535]: Connection closed by 107.170.242.14 port 52308 [preauth]
Jan 18 02:50:38 host sshd[18587]: Invalid user vadmin from 112.170.111.17 port 60215
Jan 18 02:50:38 host sshd[18587]: input_userauth_request: invalid user vadmin [preauth]
Jan 18 02:50:38 host sshd[18587]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:50:38 host sshd[18587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.170.111.17
Jan 18 02:50:40 host sshd[18587]: Failed password for invalid user vadmin from 112.170.111.17 port 60215 ssh2
Jan 18 02:50:40 host sshd[18587]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:50:43 host sshd[18587]: Failed password for invalid user vadmin from 112.170.111.17 port 60215 ssh2
Jan 18 02:50:43 host sshd[18587]: Failed password for invalid user vadmin from 112.170.111.17 port 60215 ssh2
Jan 18 02:53:09 host sshd[18886]: Invalid user citel from 205.185.113.129 port 38808
Jan 18 02:53:09 host sshd[18886]: input_userauth_request: invalid user citel [preauth]
Jan 18 02:53:09 host sshd[18886]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 02:53:09 host sshd[18886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 18 02:53:11 host sshd[18886]: Failed password for invalid user citel from 205.185.113.129 port 38808 ssh2
Jan 18 02:53:12 host sshd[18886]: Connection closed by 205.185.113.129 port 38808 [preauth]
Jan 18 03:14:46 host sshd[22329]: Invalid user admin from 49.213.236.78 port 42926
Jan 18 03:14:46 host sshd[22329]: input_userauth_request: invalid user admin [preauth]
Jan 18 03:14:46 host sshd[22329]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 03:14:46 host sshd[22329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.236.78
Jan 18 03:14:47 host sshd[22329]: Failed password for invalid user admin from 49.213.236.78 port 42926 ssh2
Jan 18 03:20:54 host sshd[23248]: Did not receive identification string from 149.129.220.222 port 61000
Jan 18 03:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=a2zgroup user-2=dartsimp user-3=laundryboniface user-4=wwwkaretakers user-5=cochintaxi user-6=travelboniface user-7=ugotscom user-8=wwwresourcehunte user-9=keralaholi user-10=wwwrmswll user-11=wwwpmcresource user-12=shalinijames user-13=wwwtestugo user-14=vfmassets user-15=pmcresources user-16=remysagr user-17=disposeat user-18=wwwkmaorg user-19=wwwkapin user-20=woodpeck user-21=phmetals user-22=kottayamcalldriv user-23=palco123 user-24=gifterman user-25=wwwnexidigital user-26=mrsclean user-27=wwwevmhonda user-28=bonifacegroup user-29=straightcurve user-30=wwwletsstalkfood feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 03:21:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-xmw06xIiy79lLSE4.~
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-xmw06xIiy79lLSE4.~'
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-xmw06xIiy79lLSE4.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 03:21:04 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 03:21:04 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 03:30:36 host sshd[24951]: Invalid user ft from 194.110.203.109 port 38820
Jan 18 03:30:36 host sshd[24951]: input_userauth_request: invalid user ft [preauth]
Jan 18 03:30:36 host sshd[24951]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 03:30:36 host sshd[24951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 03:30:38 host sshd[24951]: Failed password for invalid user ft from 194.110.203.109 port 38820 ssh2
Jan 18 03:30:41 host sshd[24951]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 03:30:43 host sshd[24951]: Failed password for invalid user ft from 194.110.203.109 port 38820 ssh2
Jan 18 03:30:46 host sshd[24951]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 03:30:48 host sshd[24951]: Failed password for invalid user ft from 194.110.203.109 port 38820 ssh2
Jan 18 03:30:52 host sshd[24951]: Connection closed by 194.110.203.109 port 38820 [preauth]
Jan 18 03:30:52 host sshd[24951]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 03:34:17 host sshd[25502]: Bad protocol version identification '\003' from 92.255.85.183 port 63882
Jan 18 03:42:49 host sshd[26667]: User root from 114.44.70.120 not allowed because not listed in AllowUsers
Jan 18 03:42:49 host sshd[26667]: input_userauth_request: invalid user root [preauth]
Jan 18 03:42:49 host unix_chkpwd[26677]: password check failed for user (root)
Jan 18 03:42:49 host sshd[26667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.44.70.120 user=root
Jan 18 03:42:49 host sshd[26667]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 03:42:51 host sshd[26672]: Invalid user admin from 114.44.70.120 port 59914
Jan 18 03:42:51 host sshd[26672]: input_userauth_request: invalid user admin [preauth]
Jan 18 03:42:51 host sshd[26672]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 03:42:51 host sshd[26672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.44.70.120
Jan 18 03:42:51 host sshd[26667]: Failed password for invalid user root from 114.44.70.120 port 59928 ssh2
Jan 18 03:42:52 host unix_chkpwd[26680]: password check failed for user (root)
Jan 18 03:42:52 host sshd[26667]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 03:42:52 host sshd[26672]: Failed password for invalid user admin from 114.44.70.120 port 59914 ssh2
Jan 18 03:42:53 host sshd[26672]: Failed password for invalid user admin from 114.44.70.120 port 59914 ssh2
Jan 18 03:42:54 host sshd[26672]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 03:42:55 host sshd[26667]: Failed password for invalid user root from 114.44.70.120 port 59928 ssh2
Jan 18 03:42:55 host sshd[26667]: Connection reset by 114.44.70.120 port 59928 [preauth]
Jan 18 03:42:55 host sshd[26667]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.44.70.120 user=root
Jan 18 03:42:56 host sshd[26672]: Failed password for invalid user admin from 114.44.70.120 port 59914 ssh2
Jan 18 03:42:56 host sshd[26672]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 03:42:58 host sshd[26672]: Failed password for invalid user admin from 114.44.70.120 port 59914 ssh2
Jan 18 04:01:10 host sshd[29204]: Invalid user dmdba from 59.25.189.150 port 34006
Jan 18 04:01:10 host sshd[29204]: input_userauth_request: invalid user dmdba [preauth]
Jan 18 04:01:10 host sshd[29204]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:01:10 host sshd[29204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.25.189.150
Jan 18 04:01:11 host sshd[29204]: Failed password for invalid user dmdba from 59.25.189.150 port 34006 ssh2
Jan 18 04:01:15 host sshd[29204]: Failed password for invalid user dmdba from 59.25.189.150 port 34006 ssh2
Jan 18 04:01:16 host sshd[29204]: Connection closed by 59.25.189.150 port 34006 [preauth]
Jan 18 04:02:15 host sshd[29492]: User root from 138.68.91.192 not allowed because not listed in AllowUsers
Jan 18 04:02:15 host sshd[29492]: input_userauth_request: invalid user root [preauth]
Jan 18 04:02:15 host unix_chkpwd[29495]: password check failed for user (root)
Jan 18 04:02:15 host sshd[29492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.91.192 user=root
Jan 18 04:02:15 host sshd[29492]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:02:17 host sshd[29492]: Failed password for invalid user root from 138.68.91.192 port 51406 ssh2
Jan 18 04:02:17 host sshd[29492]: Received disconnect from 138.68.91.192 port 51406:11: Bye Bye [preauth]
Jan 18 04:02:17 host sshd[29492]: Disconnected from 138.68.91.192 port 51406 [preauth]
Jan 18 04:02:19 host sshd[29503]: User root from 4.7.94.244 not allowed because not listed in AllowUsers
Jan 18 04:02:19 host sshd[29503]: input_userauth_request: invalid user root [preauth]
Jan 18 04:02:19 host unix_chkpwd[29506]: password check failed for user (root)
Jan 18 04:02:19 host sshd[29503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.7.94.244 user=root
Jan 18 04:02:19 host sshd[29503]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:02:20 host sshd[29503]: Failed password for invalid user root from 4.7.94.244 port 54980 ssh2
Jan 18 04:02:20 host sshd[29503]: Received disconnect from 4.7.94.244 port 54980:11: Bye Bye [preauth]
Jan 18 04:02:20 host sshd[29503]: Disconnected from 4.7.94.244 port 54980 [preauth]
Jan 18 04:03:33 host sshd[29658]: User root from 36.94.152.63 not allowed because not listed in AllowUsers
Jan 18 04:03:33 host sshd[29658]: input_userauth_request: invalid user root [preauth]
Jan 18 04:03:33 host unix_chkpwd[29660]: password check failed for user (root)
Jan 18 04:03:33 host sshd[29658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.94.152.63 user=root
Jan 18 04:03:33 host sshd[29658]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:03:35 host sshd[29658]: Failed password for invalid user root from 36.94.152.63 port 38178 ssh2
Jan 18 04:03:35 host sshd[29658]: Received disconnect from 36.94.152.63 port 38178:11: Bye Bye [preauth]
Jan 18 04:03:35 host sshd[29658]: Disconnected from 36.94.152.63 port 38178 [preauth]
Jan 18 04:03:37 host sshd[29668]: User root from 202.125.94.212 not allowed because not listed in AllowUsers
Jan 18 04:03:37 host sshd[29668]: input_userauth_request: invalid user root [preauth]
Jan 18 04:03:37 host unix_chkpwd[29674]: password check failed for user (root)
Jan 18 04:03:37 host sshd[29668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.212 user=root
Jan 18 04:03:37 host sshd[29668]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:03:39 host sshd[29668]: Failed password for invalid user root from 202.125.94.212 port 49423 ssh2
Jan 18 04:03:39 host sshd[29668]: Received disconnect from 202.125.94.212 port 49423:11: Bye Bye [preauth]
Jan 18 04:03:39 host sshd[29668]: Disconnected from 202.125.94.212 port 49423 [preauth]
Jan 18 04:04:41 host sshd[29792]: User root from 52.142.11.171 not allowed because not listed in AllowUsers
Jan 18 04:04:41 host sshd[29792]: input_userauth_request: invalid user root [preauth]
Jan 18 04:04:41 host unix_chkpwd[29795]: password check failed for user (root)
Jan 18 04:04:41 host sshd[29792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.142.11.171 user=root
Jan 18 04:04:41 host sshd[29792]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:04:43 host sshd[29792]: Failed password for invalid user root from 52.142.11.171 port 1024 ssh2
Jan 18 04:04:43 host sshd[29792]: Received disconnect from 52.142.11.171 port 1024:11: Bye Bye [preauth]
Jan 18 04:04:43 host sshd[29792]: Disconnected from 52.142.11.171 port 1024 [preauth]
Jan 18 04:04:53 host sshd[29808]: User root from 64.225.22.216 not allowed because not listed in AllowUsers
Jan 18 04:04:53 host sshd[29808]: input_userauth_request: invalid user root [preauth]
Jan 18 04:04:53 host unix_chkpwd[29814]: password check failed for user (root)
Jan 18 04:04:53 host sshd[29808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.22.216 user=root
Jan 18 04:04:53 host sshd[29808]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:04:55 host sshd[29808]: Failed password for invalid user root from 64.225.22.216 port 60106 ssh2
Jan 18 04:04:56 host sshd[29808]: Received disconnect from 64.225.22.216 port 60106:11: Bye Bye [preauth]
Jan 18 04:04:56 host sshd[29808]: Disconnected from 64.225.22.216 port 60106 [preauth]
Jan 18 04:07:18 host sshd[30251]: Invalid user student from 43.154.108.75 port 51366
Jan 18 04:07:18 host sshd[30251]: input_userauth_request: invalid user student [preauth]
Jan 18 04:07:18 host sshd[30251]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:07:18 host sshd[30251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.108.75
Jan 18 04:07:20 host sshd[30251]: Failed password for invalid user student from 43.154.108.75 port 51366 ssh2
Jan 18 04:07:20 host sshd[30251]: Received disconnect from 43.154.108.75 port 51366:11: Bye Bye [preauth]
Jan 18 04:07:20 host sshd[30251]: Disconnected from 43.154.108.75 port 51366 [preauth]
Jan 18 04:08:10 host sshd[30379]: Invalid user testuser from 4.7.94.244 port 43844
Jan 18 04:08:10 host sshd[30379]: input_userauth_request: invalid user testuser [preauth]
Jan 18 04:08:10 host sshd[30379]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:08:10 host sshd[30379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.7.94.244
Jan 18 04:08:12 host sshd[30379]: Failed password for invalid user testuser from 4.7.94.244 port 43844 ssh2
Jan 18 04:08:13 host sshd[30379]: Received disconnect from 4.7.94.244 port 43844:11: Bye Bye [preauth]
Jan 18 04:08:13 host sshd[30379]: Disconnected from 4.7.94.244 port 43844 [preauth]
Jan 18 04:08:26 host sshd[30431]: Invalid user esuser from 36.94.152.63 port 44696
Jan 18 04:08:26 host sshd[30431]: input_userauth_request: invalid user esuser [preauth]
Jan 18 04:08:26 host sshd[30431]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:08:26 host sshd[30431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.94.152.63
Jan 18 04:08:28 host sshd[30431]: Failed password for invalid user esuser from 36.94.152.63 port 44696 ssh2
Jan 18 04:08:29 host sshd[30431]: Received disconnect from 36.94.152.63 port 44696:11: Bye Bye [preauth]
Jan 18 04:08:29 host sshd[30431]: Disconnected from 36.94.152.63 port 44696 [preauth]
Jan 18 04:08:34 host sshd[30492]: Invalid user testuser from 138.68.91.192 port 48450
Jan 18 04:08:34 host sshd[30492]: input_userauth_request: invalid user testuser [preauth]
Jan 18 04:08:34 host sshd[30492]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:08:34 host sshd[30492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.91.192
Jan 18 04:08:35 host sshd[30494]: Invalid user zookeeper from 202.125.94.212 port 46774
Jan 18 04:08:35 host sshd[30494]: input_userauth_request: invalid user zookeeper [preauth]
Jan 18 04:08:35 host sshd[30494]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:08:35 host sshd[30494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.212
Jan 18 04:08:36 host sshd[30492]: Failed password for invalid user testuser from 138.68.91.192 port 48450 ssh2
Jan 18 04:08:36 host sshd[30492]: Received disconnect from 138.68.91.192 port 48450:11: Bye Bye [preauth]
Jan 18 04:08:36 host sshd[30492]: Disconnected from 138.68.91.192 port 48450 [preauth]
Jan 18 04:08:37 host sshd[30494]: Failed password for invalid user zookeeper from 202.125.94.212 port 46774 ssh2
Jan 18 04:08:37 host sshd[30494]: Received disconnect from 202.125.94.212 port 46774:11: Bye Bye [preauth]
Jan 18 04:08:37 host sshd[30494]: Disconnected from 202.125.94.212 port 46774 [preauth]
Jan 18 04:08:43 host sshd[30567]: Invalid user peertube from 64.225.22.216 port 49256
Jan 18 04:08:43 host sshd[30567]: input_userauth_request: invalid user peertube [preauth]
Jan 18 04:08:43 host sshd[30567]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:08:43 host sshd[30567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.22.216
Jan 18 04:08:45 host sshd[30567]: Failed password for invalid user peertube from 64.225.22.216 port 49256 ssh2
Jan 18 04:08:45 host sshd[30567]: Received disconnect from 64.225.22.216 port 49256:11: Bye Bye [preauth]
Jan 18 04:08:45 host sshd[30567]: Disconnected from 64.225.22.216 port 49256 [preauth]
Jan 18 04:10:08 host sshd[30759]: Invalid user daniel from 52.142.11.171 port 1024
Jan 18 04:10:08 host sshd[30759]: input_userauth_request: invalid user daniel [preauth]
Jan 18 04:10:08 host sshd[30759]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:10:08 host sshd[30759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.142.11.171
Jan 18 04:10:10 host sshd[30759]: Failed password for invalid user daniel from 52.142.11.171 port 1024 ssh2
Jan 18 04:10:10 host sshd[30759]: Received disconnect from 52.142.11.171 port 1024:11: Bye Bye [preauth]
Jan 18 04:10:10 host sshd[30759]: Disconnected from 52.142.11.171 port 1024 [preauth]
Jan 18 04:10:20 host sshd[30826]: Invalid user tigergraph from 43.154.108.75 port 59844
Jan 18 04:10:20 host sshd[30826]: input_userauth_request: invalid user tigergraph [preauth]
Jan 18 04:10:20 host sshd[30826]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:10:20 host sshd[30826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.108.75
Jan 18 04:10:22 host sshd[30826]: Failed password for invalid user tigergraph from 43.154.108.75 port 59844 ssh2
Jan 18 04:10:22 host sshd[30826]: Received disconnect from 43.154.108.75 port 59844:11: Bye Bye [preauth]
Jan 18 04:10:22 host sshd[30826]: Disconnected from 43.154.108.75 port 59844 [preauth]
Jan 18 04:11:48 host sshd[31116]: Invalid user peertube from 43.154.108.75 port 58584
Jan 18 04:11:48 host sshd[31116]: input_userauth_request: invalid user peertube [preauth]
Jan 18 04:11:48 host sshd[31116]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:11:48 host sshd[31116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.108.75
Jan 18 04:11:50 host sshd[31116]: Failed password for invalid user peertube from 43.154.108.75 port 58584 ssh2
Jan 18 04:11:50 host sshd[31116]: Received disconnect from 43.154.108.75 port 58584:11: Bye Bye [preauth]
Jan 18 04:11:50 host sshd[31116]: Disconnected from 43.154.108.75 port 58584 [preauth]
Jan 18 04:12:49 host sshd[31269]: Connection closed by 220.246.166.71 port 59332 [preauth]
Jan 18 04:15:37 host sshd[31632]: User root from 58.152.194.110 not allowed because not listed in AllowUsers
Jan 18 04:15:37 host sshd[31632]: input_userauth_request: invalid user root [preauth]
Jan 18 04:15:37 host unix_chkpwd[31634]: password check failed for user (root)
Jan 18 04:15:37 host sshd[31632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.152.194.110 user=root
Jan 18 04:15:37 host sshd[31632]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:15:39 host sshd[31632]: Failed password for invalid user root from 58.152.194.110 port 44475 ssh2
Jan 18 04:15:39 host sshd[31632]: Received disconnect from 58.152.194.110 port 44475:11: Bye Bye [preauth]
Jan 18 04:15:39 host sshd[31632]: Disconnected from 58.152.194.110 port 44475 [preauth]
Jan 18 04:15:58 host sshd[31673]: User root from 134.17.89.151 not allowed because not listed in AllowUsers
Jan 18 04:15:58 host sshd[31673]: input_userauth_request: invalid user root [preauth]
Jan 18 04:15:58 host unix_chkpwd[31677]: password check failed for user (root)
Jan 18 04:15:58 host sshd[31673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.89.151 user=root
Jan 18 04:15:58 host sshd[31673]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:16:00 host sshd[31673]: Failed password for invalid user root from 134.17.89.151 port 46638 ssh2
Jan 18 04:16:00 host sshd[31673]: Received disconnect from 134.17.89.151 port 46638:11: Bye Bye [preauth]
Jan 18 04:16:00 host sshd[31673]: Disconnected from 134.17.89.151 port 46638 [preauth]
Jan 18 04:20:22 host sshd[32312]: User root from 134.17.89.151 not allowed because not listed in AllowUsers
Jan 18 04:20:22 host sshd[32312]: input_userauth_request: invalid user root [preauth]
Jan 18 04:20:22 host unix_chkpwd[32315]: password check failed for user (root)
Jan 18 04:20:22 host sshd[32312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.89.151 user=root
Jan 18 04:20:22 host sshd[32312]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:20:24 host sshd[32312]: Failed password for invalid user root from 134.17.89.151 port 38106 ssh2
Jan 18 04:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkmaorg user-2=disposeat user-3=remysagr user-4=woodpeck user-5=wwwkapin user-6=wwwtestugo user-7=shalinijames user-8=vfmassets user-9=pmcresources user-10=wwwevmhonda user-11=bonifacegroup user-12=straightcurve user-13=wwwletsstalkfood user-14=phmetals user-15=kottayamcalldriv user-16=gifterman user-17=palco123 user-18=wwwnexidigital user-19=mrsclean user-20=cochintaxi user-21=wwwkaretakers user-22=dartsimp user-23=a2zgroup user-24=laundryboniface user-25=wwwpmcresource user-26=travelboniface user-27=ugotscom user-28=wwwrmswll user-29=keralaholi user-30=wwwresourcehunte feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 04:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8yHs5HsriByjUvez.~
Jan 18 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8yHs5HsriByjUvez.~'
Jan 18 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8yHs5HsriByjUvez.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 04:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 04:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 04:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 04:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 04:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 04:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 04:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 04:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 04:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 04:22:35 host sshd[381]: User root from 58.152.194.110 not allowed because not listed in AllowUsers
Jan 18 04:22:35 host sshd[381]: input_userauth_request: invalid user root [preauth]
Jan 18 04:22:35 host unix_chkpwd[383]: password check failed for user (root)
Jan 18 04:22:35 host sshd[381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.152.194.110 user=root
Jan 18 04:22:35 host sshd[381]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:22:37 host sshd[381]: Failed password for invalid user root from 58.152.194.110 port 43540 ssh2
Jan 18 04:22:37 host sshd[381]: Received disconnect from 58.152.194.110 port 43540:11: Bye Bye [preauth]
Jan 18 04:22:37 host sshd[381]: Disconnected from 58.152.194.110 port 43540 [preauth]
Jan 18 04:23:13 host sshd[574]: Did not receive identification string from 42.193.96.35 port 55656
Jan 18 04:35:20 host sshd[2804]: User root from 137.184.90.33 not allowed because not listed in AllowUsers
Jan 18 04:35:20 host sshd[2818]: User root from 137.184.90.33 not allowed because not listed in AllowUsers
Jan 18 04:35:20 host sshd[2815]: Invalid user ftpuser from 137.184.90.33 port 50942
Jan 18 04:35:20 host sshd[2791]: Invalid user ftpuser from 137.184.90.33 port 50848
Jan 18 04:35:20 host sshd[2814]: Invalid user testuser from 137.184.90.33 port 50930
Jan 18 04:35:20 host sshd[2818]: input_userauth_request: invalid user root [preauth]
Jan 18 04:35:20 host sshd[2791]: input_userauth_request: invalid user ftpuser [preauth]
Jan 18 04:35:20 host sshd[2814]: input_userauth_request: invalid user testuser [preauth]
Jan 18 04:35:20 host sshd[2804]: input_userauth_request: invalid user root [preauth]
Jan 18 04:35:20 host sshd[2815]: input_userauth_request: invalid user ftpuser [preauth]
Jan 18 04:35:20 host sshd[2800]: User centos from 137.184.90.33 not allowed because not listed in AllowUsers
Jan 18 04:35:20 host sshd[2793]: User root from 137.184.90.33 not allowed because not listed in AllowUsers
Jan 18 04:35:20 host sshd[2816]: Invalid user oracle from 137.184.90.33 port 50724
Jan 18 04:35:20 host sshd[2801]: Invalid user ec2-user from 137.184.90.33 port 50604
Jan 18 04:35:20 host sshd[2798]: Invalid user web from 137.184.90.33 port 50608
Jan 18 04:35:20 host sshd[2817]: Invalid user steam from 137.184.90.33 port 50834
Jan 18 04:35:20 host sshd[2798]: input_userauth_request: invalid user web [preauth]
Jan 18 04:35:20 host sshd[2793]: input_userauth_request: invalid user root [preauth]
Jan 18 04:35:20 host sshd[2803]: User root from 137.184.90.33 not allowed because not listed in AllowUsers
Jan 18 04:35:20 host sshd[2806]: Invalid user git from 137.184.90.33 port 50700
Jan 18 04:35:20 host sshd[2817]: input_userauth_request: invalid user steam [preauth]
Jan 18 04:35:20 host sshd[2806]: input_userauth_request: invalid user git [preauth]
Jan 18 04:35:20 host sshd[2803]: input_userauth_request: invalid user root [preauth]
Jan 18 04:35:20 host sshd[2811]: Invalid user web from 137.184.90.33 port 50770
Jan 18 04:35:20 host sshd[2811]: input_userauth_request: invalid user web [preauth]
Jan 18 04:35:20 host sshd[2800]: input_userauth_request: invalid user centos [preauth]
Jan 18 04:35:20 host sshd[2825]: User root from 137.184.90.33 not allowed because not listed in AllowUsers
Jan 18 04:35:20 host sshd[2825]: input_userauth_request: invalid user root [preauth]
Jan 18 04:35:20 host sshd[2799]: User root from 137.184.90.33 not allowed because not listed in AllowUsers
Jan 18 04:35:20 host sshd[2805]: User root from 137.184.90.33 not allowed because not listed in AllowUsers
Jan 18 04:35:20 host sshd[2799]: input_userauth_request: invalid user root [preauth]
Jan 18 04:35:20 host sshd[2812]: Invalid user postgres from 137.184.90.33 port 50846
Jan 18 04:35:20 host sshd[2813]: Invalid user vagrant from 137.184.90.33 port 50590
Jan 18 04:35:20 host sshd[2812]: input_userauth_request: invalid user postgres [preauth]
Jan 18 04:35:20 host sshd[2820]: Invalid user guest from 137.184.90.33 port 50772
Jan 18 04:35:20 host sshd[2823]: Invalid user admin from 137.184.90.33 port 50678
Jan 18 04:35:20 host sshd[2821]: Invalid user ansadmin from 137.184.90.33 port 50800
Jan 18 04:35:20 host sshd[2823]: input_userauth_request: invalid user admin [preauth]
Jan 18 04:35:20 host sshd[2805]: input_userauth_request: invalid user root [preauth]
Jan 18 04:35:20 host sshd[2822]: Invalid user user from 137.184.90.33 port 50758
Jan 18 04:35:20 host sshd[2813]: input_userauth_request: invalid user vagrant [preauth]
Jan 18 04:35:20 host sshd[2819]: Invalid user admin from 137.184.90.33 port 50784
Jan 18 04:35:20 host sshd[2816]: input_userauth_request: invalid user oracle [preauth]
Jan 18 04:35:20 host sshd[2822]: input_userauth_request: invalid user user [preauth]
Jan 18 04:35:20 host sshd[2824]: Invalid user postgres from 137.184.90.33 port 50794
Jan 18 04:35:20 host sshd[2824]: input_userauth_request: invalid user postgres [preauth]
Jan 18 04:35:20 host sshd[2820]: input_userauth_request: invalid user guest [preauth]
Jan 18 04:35:20 host sshd[2821]: input_userauth_request: invalid user ansadmin [preauth]
Jan 18 04:35:20 host sshd[2819]: input_userauth_request: invalid user admin [preauth]
Jan 18 04:35:20 host sshd[2801]: input_userauth_request: invalid user ec2-user [preauth]
Jan 18 04:35:20 host sshd[2791]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2815]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2814]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2798]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2806]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2817]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2811]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2816]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2812]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2819]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2822]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2820]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2813]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2824]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2801]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2823]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2821]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:35:20 host sshd[2823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host sshd[2821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33
Jan 18 04:35:20 host unix_chkpwd[2853]: password check failed for user (root)
Jan 18 04:35:20 host sshd[2804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33 user=root
Jan 18 04:35:20 host sshd[2804]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:35:20 host unix_chkpwd[2857]: password check failed for user (centos)
Jan 18 04:35:20 host sshd[2800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33 user=centos
Jan 18 04:35:20 host unix_chkpwd[2854]: password check failed for user (root)
Jan 18 04:35:20 host sshd[2818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33 user=root
Jan 18 04:35:20 host sshd[2818]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:35:20 host unix_chkpwd[2855]: password check failed for user (root)
Jan 18 04:35:20 host sshd[2793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33 user=root
Jan 18 04:35:20 host sshd[2793]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:35:20 host unix_chkpwd[2859]: password check failed for user (root)
Jan 18 04:35:20 host sshd[2825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33 user=root
Jan 18 04:35:20 host sshd[2825]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:35:20 host unix_chkpwd[2860]: password check failed for user (root)
Jan 18 04:35:20 host sshd[2805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33 user=root
Jan 18 04:35:20 host sshd[2805]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:35:20 host unix_chkpwd[2856]: password check failed for user (root)
Jan 18 04:35:20 host sshd[2803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33 user=root
Jan 18 04:35:20 host sshd[2803]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:35:20 host unix_chkpwd[2858]: password check failed for user (root)
Jan 18 04:35:20 host sshd[2799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.90.33 user=root
Jan 18 04:35:20 host sshd[2799]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:35:22 host sshd[2791]: Failed password for invalid user ftpuser from 137.184.90.33 port 50848 ssh2
Jan 18 04:35:22 host sshd[2815]: Failed password for invalid user ftpuser from 137.184.90.33 port 50942 ssh2
Jan 18 04:35:22 host sshd[2814]: Failed password for invalid user testuser from 137.184.90.33 port 50930 ssh2
Jan 18 04:35:22 host sshd[2798]: Failed password for invalid user web from 137.184.90.33 port 50608 ssh2
Jan 18 04:35:22 host sshd[2806]: Failed password for invalid user git from 137.184.90.33 port 50700 ssh2
Jan 18 04:35:22 host sshd[2817]: Failed password for invalid user steam from 137.184.90.33 port 50834 ssh2
Jan 18 04:35:22 host sshd[2811]: Failed password for invalid user web from 137.184.90.33 port 50770 ssh2
Jan 18 04:35:22 host sshd[2816]: Failed password for invalid user oracle from 137.184.90.33 port 50724 ssh2
Jan 18 04:35:22 host sshd[2812]: Failed password for invalid user postgres from 137.184.90.33 port 50846 ssh2
Jan 18 04:35:22 host sshd[2819]: Failed password for invalid user admin from 137.184.90.33 port 50784 ssh2
Jan 18 04:35:22 host sshd[2822]: Failed password for invalid user user from 137.184.90.33 port 50758 ssh2
Jan 18 04:35:22 host sshd[2820]: Failed password for invalid user guest from 137.184.90.33 port 50772 ssh2
Jan 18 04:35:22 host sshd[2813]: Failed password for invalid user vagrant from 137.184.90.33 port 50590 ssh2
Jan 18 04:35:22 host sshd[2824]: Failed password for invalid user postgres from 137.184.90.33 port 50794 ssh2
Jan 18 04:35:22 host sshd[2823]: Failed password for invalid user admin from 137.184.90.33 port 50678 ssh2
Jan 18 04:35:22 host sshd[2801]: Failed password for invalid user ec2-user from 137.184.90.33 port 50604 ssh2
Jan 18 04:35:22 host sshd[2821]: Failed password for invalid user ansadmin from 137.184.90.33 port 50800 ssh2
Jan 18 04:35:22 host sshd[2804]: Failed password for invalid user root from 137.184.90.33 port 50778 ssh2
Jan 18 04:35:22 host sshd[2800]: Failed password for invalid user centos from 137.184.90.33 port 50716 ssh2
Jan 18 04:35:22 host sshd[2818]: Failed password for invalid user root from 137.184.90.33 port 50876 ssh2
Jan 18 04:35:22 host sshd[2793]: Failed password for invalid user root from 137.184.90.33 port 50822 ssh2
Jan 18 04:35:22 host sshd[2825]: Failed password for invalid user root from 137.184.90.33 port 50662 ssh2
Jan 18 04:35:22 host sshd[2805]: Failed password for invalid user root from 137.184.90.33 port 50668 ssh2
Jan 18 04:35:22 host sshd[2803]: Failed password for invalid user root from 137.184.90.33 port 50618 ssh2
Jan 18 04:35:22 host sshd[2799]: Failed password for invalid user root from 137.184.90.33 port 50592 ssh2
Jan 18 04:35:22 host sshd[2791]: Connection closed by 137.184.90.33 port 50848 [preauth]
Jan 18 04:35:22 host sshd[2814]: Connection closed by 137.184.90.33 port 50930 [preauth]
Jan 18 04:35:22 host sshd[2815]: Connection closed by 137.184.90.33 port 50942 [preauth]
Jan 18 04:35:23 host sshd[2798]: Connection closed by 137.184.90.33 port 50608 [preauth]
Jan 18 04:35:23 host sshd[2817]: Connection closed by 137.184.90.33 port 50834 [preauth]
Jan 18 04:35:23 host sshd[2806]: Connection closed by 137.184.90.33 port 50700 [preauth]
Jan 18 04:35:23 host sshd[2811]: Connection closed by 137.184.90.33 port 50770 [preauth]
Jan 18 04:35:23 host sshd[2816]: Connection closed by 137.184.90.33 port 50724 [preauth]
Jan 18 04:35:23 host sshd[2812]: Connection closed by 137.184.90.33 port 50846 [preauth]
Jan 18 04:35:23 host sshd[2819]: Connection closed by 137.184.90.33 port 50784 [preauth]
Jan 18 04:35:23 host sshd[2822]: Connection closed by 137.184.90.33 port 50758 [preauth]
Jan 18 04:35:23 host sshd[2820]: Connection closed by 137.184.90.33 port 50772 [preauth]
Jan 18 04:35:23 host sshd[2813]: Connection closed by 137.184.90.33 port 50590 [preauth]
Jan 18 04:35:23 host sshd[2801]: Connection closed by 137.184.90.33 port 50604 [preauth]
Jan 18 04:35:23 host sshd[2821]: Connection closed by 137.184.90.33 port 50800 [preauth]
Jan 18 04:35:23 host sshd[2823]: Connection closed by 137.184.90.33 port 50678 [preauth]
Jan 18 04:35:23 host sshd[2824]: Connection closed by 137.184.90.33 port 50794 [preauth]
Jan 18 04:35:23 host sshd[2804]: Connection closed by 137.184.90.33 port 50778 [preauth]
Jan 18 04:35:23 host sshd[2800]: Connection closed by 137.184.90.33 port 50716 [preauth]
Jan 18 04:35:23 host sshd[2818]: Connection closed by 137.184.90.33 port 50876 [preauth]
Jan 18 04:35:23 host sshd[2793]: Connection closed by 137.184.90.33 port 50822 [preauth]
Jan 18 04:35:23 host sshd[2805]: Connection closed by 137.184.90.33 port 50668 [preauth]
Jan 18 04:35:23 host sshd[2825]: Connection closed by 137.184.90.33 port 50662 [preauth]
Jan 18 04:35:23 host sshd[2803]: Connection closed by 137.184.90.33 port 50618 [preauth]
Jan 18 04:35:23 host sshd[2799]: Connection closed by 137.184.90.33 port 50592 [preauth]
Jan 18 04:38:53 host sshd[3389]: Invalid user postgres from 195.226.194.242 port 40196
Jan 18 04:38:53 host sshd[3389]: input_userauth_request: invalid user postgres [preauth]
Jan 18 04:38:53 host sshd[3389]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:38:53 host sshd[3389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 18 04:38:56 host sshd[3389]: Failed password for invalid user postgres from 195.226.194.242 port 40196 ssh2
Jan 18 04:38:56 host sshd[3389]: Received disconnect from 195.226.194.242 port 40196:11: Bye Bye [preauth]
Jan 18 04:38:56 host sshd[3389]: Disconnected from 195.226.194.242 port 40196 [preauth]
Jan 18 04:40:27 host sshd[3737]: User root from 59.127.21.21 not allowed because not listed in AllowUsers
Jan 18 04:40:27 host sshd[3737]: input_userauth_request: invalid user root [preauth]
Jan 18 04:40:27 host unix_chkpwd[3740]: password check failed for user (root)
Jan 18 04:40:27 host sshd[3737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.21.21 user=root
Jan 18 04:40:27 host sshd[3737]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:40:30 host sshd[3737]: Failed password for invalid user root from 59.127.21.21 port 46853 ssh2
Jan 18 04:40:30 host sshd[3737]: Connection reset by 59.127.21.21 port 46853 [preauth]
Jan 18 04:41:25 host sshd[3853]: Bad protocol version identification 'MGLNDD_167.71.234.10_22' from 192.241.198.50 port 52684
Jan 18 04:46:26 host sshd[4657]: User root from 110.78.146.31 not allowed because not listed in AllowUsers
Jan 18 04:46:26 host sshd[4657]: input_userauth_request: invalid user root [preauth]
Jan 18 04:46:26 host unix_chkpwd[4662]: password check failed for user (root)
Jan 18 04:46:26 host sshd[4657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.78.146.31 user=root
Jan 18 04:46:26 host sshd[4657]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:46:28 host sshd[4657]: Failed password for invalid user root from 110.78.146.31 port 52678 ssh2
Jan 18 04:46:28 host unix_chkpwd[4686]: password check failed for user (root)
Jan 18 04:46:28 host sshd[4657]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:46:30 host sshd[4657]: Failed password for invalid user root from 110.78.146.31 port 52678 ssh2
Jan 18 04:46:30 host unix_chkpwd[4694]: password check failed for user (root)
Jan 18 04:46:30 host sshd[4657]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:46:33 host sshd[4657]: Failed password for invalid user root from 110.78.146.31 port 52678 ssh2
Jan 18 04:46:33 host unix_chkpwd[4698]: password check failed for user (root)
Jan 18 04:46:33 host sshd[4657]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:46:35 host sshd[4657]: Failed password for invalid user root from 110.78.146.31 port 52678 ssh2
Jan 18 04:47:48 host sshd[4878]: Did not receive identification string from 197.227.21.70 port 50998
Jan 18 04:47:49 host sshd[4879]: Invalid user steam from 197.227.21.70 port 51124
Jan 18 04:47:49 host sshd[4879]: input_userauth_request: invalid user steam [preauth]
Jan 18 04:47:49 host sshd[4881]: Invalid user ubuntu from 197.227.21.70 port 51114
Jan 18 04:47:49 host sshd[4881]: input_userauth_request: invalid user ubuntu [preauth]
Jan 18 04:47:49 host sshd[4880]: Invalid user user from 197.227.21.70 port 51062
Jan 18 04:47:49 host sshd[4880]: input_userauth_request: invalid user user [preauth]
Jan 18 04:47:49 host sshd[4882]: Invalid user admin from 197.227.21.70 port 51110
Jan 18 04:47:49 host sshd[4882]: input_userauth_request: invalid user admin [preauth]
Jan 18 04:47:49 host sshd[4887]: Invalid user test from 197.227.21.70 port 51128
Jan 18 04:47:49 host sshd[4887]: input_userauth_request: invalid user test [preauth]
Jan 18 04:47:49 host sshd[4888]: Invalid user test from 197.227.21.70 port 51106
Jan 18 04:47:49 host sshd[4888]: input_userauth_request: invalid user test [preauth]
Jan 18 04:47:49 host sshd[4891]: Invalid user admin from 197.227.21.70 port 51050
Jan 18 04:47:49 host sshd[4891]: input_userauth_request: invalid user admin [preauth]
Jan 18 04:47:49 host sshd[4889]: Invalid user user from 197.227.21.70 port 51118
Jan 18 04:47:49 host sshd[4889]: input_userauth_request: invalid user user [preauth]
Jan 18 04:47:49 host sshd[4890]: User root from 197.227.21.70 not allowed because not listed in AllowUsers
Jan 18 04:47:49 host sshd[4892]: Invalid user admin from 197.227.21.70 port 51104
Jan 18 04:47:49 host sshd[4890]: input_userauth_request: invalid user root [preauth]
Jan 18 04:47:49 host sshd[4892]: input_userauth_request: invalid user admin [preauth]
Jan 18 04:47:49 host sshd[4893]: Invalid user ansadmin from 197.227.21.70 port 51108
Jan 18 04:47:49 host sshd[4893]: input_userauth_request: invalid user ansadmin [preauth]
Jan 18 04:47:49 host sshd[4894]: Invalid user ubuntu from 197.227.21.70 port 51132
Jan 18 04:47:49 host sshd[4894]: input_userauth_request: invalid user ubuntu [preauth]
Jan 18 04:47:49 host sshd[4895]: Invalid user pi from 197.227.21.70 port 51086
Jan 18 04:47:49 host sshd[4895]: input_userauth_request: invalid user pi [preauth]
Jan 18 04:47:49 host sshd[4897]: Invalid user postgres from 197.227.21.70 port 51098
Jan 18 04:47:49 host sshd[4897]: input_userauth_request: invalid user postgres [preauth]
Jan 18 04:47:49 host sshd[4898]: Invalid user admin from 197.227.21.70 port 51072
Jan 18 04:47:49 host sshd[4898]: input_userauth_request: invalid user admin [preauth]
Jan 18 04:47:49 host sshd[4900]: Invalid user postgres from 197.227.21.70 port 51122
Jan 18 04:47:49 host sshd[4900]: input_userauth_request: invalid user postgres [preauth]
Jan 18 04:47:49 host sshd[4879]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:49 host sshd[4881]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:49 host sshd[4880]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:49 host sshd[4882]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:49 host sshd[4887]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:49 host sshd[4888]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:49 host sshd[4891]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:49 host sshd[4889]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:49 host sshd[4892]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:49 host sshd[4893]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:49 host sshd[4894]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:49 host sshd[4895]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:49 host sshd[4897]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:49 host unix_chkpwd[4916]: password check failed for user (root)
Jan 18 04:47:49 host sshd[4890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70 user=root
Jan 18 04:47:49 host sshd[4890]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:47:49 host sshd[4898]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:49 host sshd[4900]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:49 host sshd[4900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:50 host sshd[4914]: Invalid user ftpuser from 197.227.21.70 port 51060
Jan 18 04:47:50 host sshd[4914]: input_userauth_request: invalid user ftpuser [preauth]
Jan 18 04:47:51 host sshd[4914]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:51 host sshd[4914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:51 host sshd[4879]: Failed password for invalid user steam from 197.227.21.70 port 51124 ssh2
Jan 18 04:47:51 host sshd[4881]: Failed password for invalid user ubuntu from 197.227.21.70 port 51114 ssh2
Jan 18 04:47:51 host sshd[4880]: Failed password for invalid user user from 197.227.21.70 port 51062 ssh2
Jan 18 04:47:51 host sshd[4882]: Failed password for invalid user admin from 197.227.21.70 port 51110 ssh2
Jan 18 04:47:51 host sshd[4887]: Failed password for invalid user test from 197.227.21.70 port 51128 ssh2
Jan 18 04:47:51 host sshd[4888]: Failed password for invalid user test from 197.227.21.70 port 51106 ssh2
Jan 18 04:47:51 host sshd[4891]: Failed password for invalid user admin from 197.227.21.70 port 51050 ssh2
Jan 18 04:47:51 host sshd[4889]: Failed password for invalid user user from 197.227.21.70 port 51118 ssh2
Jan 18 04:47:51 host sshd[4892]: Failed password for invalid user admin from 197.227.21.70 port 51104 ssh2
Jan 18 04:47:51 host sshd[4893]: Failed password for invalid user ansadmin from 197.227.21.70 port 51108 ssh2
Jan 18 04:47:51 host sshd[4894]: Failed password for invalid user ubuntu from 197.227.21.70 port 51132 ssh2
Jan 18 04:47:51 host sshd[4895]: Failed password for invalid user pi from 197.227.21.70 port 51086 ssh2
Jan 18 04:47:51 host sshd[4897]: Failed password for invalid user postgres from 197.227.21.70 port 51098 ssh2
Jan 18 04:47:51 host sshd[4890]: Failed password for invalid user root from 197.227.21.70 port 51064 ssh2
Jan 18 04:47:51 host sshd[4898]: Failed password for invalid user admin from 197.227.21.70 port 51072 ssh2
Jan 18 04:47:51 host sshd[4900]: Failed password for invalid user postgres from 197.227.21.70 port 51122 ssh2
Jan 18 04:47:51 host sshd[4879]: Connection closed by 197.227.21.70 port 51124 [preauth]
Jan 18 04:47:51 host sshd[4881]: Connection closed by 197.227.21.70 port 51114 [preauth]
Jan 18 04:47:51 host sshd[4880]: Connection closed by 197.227.21.70 port 51062 [preauth]
Jan 18 04:47:51 host sshd[4882]: Connection closed by 197.227.21.70 port 51110 [preauth]
Jan 18 04:47:51 host sshd[4887]: Connection closed by 197.227.21.70 port 51128 [preauth]
Jan 18 04:47:51 host sshd[4888]: Connection closed by 197.227.21.70 port 51106 [preauth]
Jan 18 04:47:51 host sshd[4891]: Connection closed by 197.227.21.70 port 51050 [preauth]
Jan 18 04:47:51 host sshd[4889]: Connection closed by 197.227.21.70 port 51118 [preauth]
Jan 18 04:47:51 host sshd[4892]: Connection closed by 197.227.21.70 port 51104 [preauth]
Jan 18 04:47:51 host sshd[4893]: Connection closed by 197.227.21.70 port 51108 [preauth]
Jan 18 04:47:51 host sshd[4894]: Connection closed by 197.227.21.70 port 51132 [preauth]
Jan 18 04:47:51 host sshd[4895]: Connection closed by 197.227.21.70 port 51086 [preauth]
Jan 18 04:47:51 host sshd[4897]: Connection closed by 197.227.21.70 port 51098 [preauth]
Jan 18 04:47:51 host sshd[4890]: Connection closed by 197.227.21.70 port 51064 [preauth]
Jan 18 04:47:51 host sshd[4898]: Connection closed by 197.227.21.70 port 51072 [preauth]
Jan 18 04:47:51 host sshd[4900]: Connection closed by 197.227.21.70 port 51122 [preauth]
Jan 18 04:47:52 host sshd[4918]: Invalid user ubuntu from 197.227.21.70 port 51058
Jan 18 04:47:52 host sshd[4918]: input_userauth_request: invalid user ubuntu [preauth]
Jan 18 04:47:52 host sshd[4919]: Invalid user web from 197.227.21.70 port 51096
Jan 18 04:47:52 host sshd[4919]: input_userauth_request: invalid user web [preauth]
Jan 18 04:47:52 host sshd[4920]: User root from 197.227.21.70 not allowed because not listed in AllowUsers
Jan 18 04:47:52 host sshd[4920]: input_userauth_request: invalid user root [preauth]
Jan 18 04:47:52 host sshd[4922]: Invalid user ansadmin from 197.227.21.70 port 51074
Jan 18 04:47:52 host sshd[4922]: input_userauth_request: invalid user ansadmin [preauth]
Jan 18 04:47:52 host sshd[4921]: Invalid user postgres from 197.227.21.70 port 51116
Jan 18 04:47:52 host sshd[4921]: input_userauth_request: invalid user postgres [preauth]
Jan 18 04:47:52 host sshd[4914]: Failed password for invalid user ftpuser from 197.227.21.70 port 51060 ssh2
Jan 18 04:47:52 host sshd[4923]: Invalid user ansadmin from 197.227.21.70 port 51078
Jan 18 04:47:52 host sshd[4923]: input_userauth_request: invalid user ansadmin [preauth]
Jan 18 04:47:53 host sshd[4918]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:53 host sshd[4918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:53 host sshd[4919]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:53 host sshd[4919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:53 host sshd[4922]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:53 host sshd[4921]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:53 host sshd[4922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:53 host sshd[4921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:53 host unix_chkpwd[4931]: password check failed for user (root)
Jan 18 04:47:53 host sshd[4920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70 user=root
Jan 18 04:47:53 host sshd[4920]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 04:47:53 host sshd[4914]: Connection closed by 197.227.21.70 port 51060 [preauth]
Jan 18 04:47:53 host sshd[4923]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:47:53 host sshd[4923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.21.70
Jan 18 04:47:54 host sshd[4918]: Failed password for invalid user ubuntu from 197.227.21.70 port 51058 ssh2
Jan 18 04:47:54 host sshd[4919]: Failed password for invalid user web from 197.227.21.70 port 51096 ssh2
Jan 18 04:47:54 host sshd[4921]: Failed password for invalid user postgres from 197.227.21.70 port 51116 ssh2
Jan 18 04:47:54 host sshd[4922]: Failed password for invalid user ansadmin from 197.227.21.70 port 51074 ssh2
Jan 18 04:47:54 host sshd[4920]: Failed password for invalid user root from 197.227.21.70 port 51130 ssh2
Jan 18 04:47:54 host sshd[4923]: Failed password for invalid user ansadmin from 197.227.21.70 port 51078 ssh2
Jan 18 04:50:12 host sshd[5392]: Invalid user telnet from 211.114.93.195 port 58537
Jan 18 04:50:12 host sshd[5392]: input_userauth_request: invalid user telnet [preauth]
Jan 18 04:50:12 host sshd[5392]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:50:12 host sshd[5392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.114.93.195
Jan 18 04:50:15 host sshd[5392]: Failed password for invalid user telnet from 211.114.93.195 port 58537 ssh2
Jan 18 04:50:17 host sshd[5392]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:50:19 host sshd[5392]: Failed password for invalid user telnet from 211.114.93.195 port 58537 ssh2
Jan 18 04:50:21 host sshd[5392]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:50:22 host sshd[5392]: Failed password for invalid user telnet from 211.114.93.195 port 58537 ssh2
Jan 18 04:50:23 host sshd[5392]: Failed password for invalid user telnet from 211.114.93.195 port 58537 ssh2
Jan 18 04:50:23 host sshd[5392]: Connection reset by 211.114.93.195 port 58537 [preauth]
Jan 18 04:50:23 host sshd[5392]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.114.93.195
Jan 18 04:52:44 host sshd[5884]: Invalid user telnet from 182.70.119.208 port 50988
Jan 18 04:52:44 host sshd[5884]: input_userauth_request: invalid user telnet [preauth]
Jan 18 04:52:44 host sshd[5884]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:52:44 host sshd[5884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.70.119.208
Jan 18 04:52:45 host sshd[5884]: Failed password for invalid user telnet from 182.70.119.208 port 50988 ssh2
Jan 18 04:52:45 host sshd[5884]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 04:52:47 host sshd[5884]: Failed password for invalid user telnet from 182.70.119.208 port 50988 ssh2
Jan 18 04:52:47 host sshd[5884]: Connection reset by 182.70.119.208 port 50988 [preauth]
Jan 18 04:52:47 host sshd[5884]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.70.119.208
Jan 18 05:01:35 host sshd[7306]: Invalid user pi from 91.182.225.37 port 60096
Jan 18 05:01:35 host sshd[7306]: input_userauth_request: invalid user pi [preauth]
Jan 18 05:01:35 host sshd[7306]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:01:35 host sshd[7306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.182.225.37
Jan 18 05:01:35 host sshd[7308]: Invalid user pi from 91.182.225.37 port 60104
Jan 18 05:01:35 host sshd[7308]: input_userauth_request: invalid user pi [preauth]
Jan 18 05:01:35 host sshd[7308]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:01:35 host sshd[7308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.182.225.37
Jan 18 05:01:37 host sshd[7306]: Failed password for invalid user pi from 91.182.225.37 port 60096 ssh2
Jan 18 05:01:37 host sshd[7306]: Connection closed by 91.182.225.37 port 60096 [preauth]
Jan 18 05:01:37 host sshd[7308]: Failed password for invalid user pi from 91.182.225.37 port 60104 ssh2
Jan 18 05:01:37 host sshd[7308]: Connection closed by 91.182.225.37 port 60104 [preauth]
Jan 18 05:05:12 host sshd[7823]: Invalid user gitlab-runner from 114.32.176.215 port 40669
Jan 18 05:05:12 host sshd[7823]: input_userauth_request: invalid user gitlab-runner [preauth]
Jan 18 05:05:12 host sshd[7823]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:05:12 host sshd[7823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.176.215
Jan 18 05:05:14 host sshd[7823]: Failed password for invalid user gitlab-runner from 114.32.176.215 port 40669 ssh2
Jan 18 05:05:15 host sshd[7823]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:05:17 host sshd[7823]: Failed password for invalid user gitlab-runner from 114.32.176.215 port 40669 ssh2
Jan 18 05:05:18 host sshd[7823]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:05:19 host sshd[7823]: Failed password for invalid user gitlab-runner from 114.32.176.215 port 40669 ssh2
Jan 18 05:05:20 host sshd[7823]: Failed password for invalid user gitlab-runner from 114.32.176.215 port 40669 ssh2
Jan 18 05:05:21 host sshd[7823]: Connection closed by 114.32.176.215 port 40669 [preauth]
Jan 18 05:05:21 host sshd[7823]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.176.215
Jan 18 05:08:40 host sshd[8457]: Invalid user installer from 1.55.215.71 port 46566
Jan 18 05:08:40 host sshd[8457]: input_userauth_request: invalid user installer [preauth]
Jan 18 05:08:40 host sshd[8457]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:08:40 host sshd[8457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.55.215.71
Jan 18 05:08:42 host sshd[8457]: Failed password for invalid user installer from 1.55.215.71 port 46566 ssh2
Jan 18 05:08:42 host sshd[8457]: Received disconnect from 1.55.215.71 port 46566:11: Bye Bye [preauth]
Jan 18 05:08:42 host sshd[8457]: Disconnected from 1.55.215.71 port 46566 [preauth]
Jan 18 05:09:09 host sshd[8571]: Invalid user openvpn from 195.226.194.242 port 63462
Jan 18 05:09:09 host sshd[8571]: input_userauth_request: invalid user openvpn [preauth]
Jan 18 05:09:09 host sshd[8571]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:09:09 host sshd[8571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 18 05:09:12 host sshd[8571]: Failed password for invalid user openvpn from 195.226.194.242 port 63462 ssh2
Jan 18 05:09:12 host sshd[8571]: Received disconnect from 195.226.194.242 port 63462:11: Bye Bye [preauth]
Jan 18 05:09:12 host sshd[8571]: Disconnected from 195.226.194.242 port 63462 [preauth]
Jan 18 05:12:30 host sshd[9144]: Did not receive identification string from 101.89.219.59 port 53492
Jan 18 05:12:31 host sshd[9147]: User centos from 101.89.219.59 not allowed because not listed in AllowUsers
Jan 18 05:12:31 host sshd[9147]: input_userauth_request: invalid user centos [preauth]
Jan 18 05:12:31 host sshd[9148]: Invalid user steam from 101.89.219.59 port 53696
Jan 18 05:12:31 host sshd[9148]: input_userauth_request: invalid user steam [preauth]
Jan 18 05:12:31 host sshd[9150]: Invalid user user from 101.89.219.59 port 53700
Jan 18 05:12:31 host sshd[9150]: input_userauth_request: invalid user user [preauth]
Jan 18 05:12:31 host sshd[9152]: User root from 101.89.219.59 not allowed because not listed in AllowUsers
Jan 18 05:12:31 host sshd[9152]: input_userauth_request: invalid user root [preauth]
Jan 18 05:12:31 host sshd[9154]: Invalid user guest from 101.89.219.59 port 53698
Jan 18 05:12:31 host sshd[9154]: input_userauth_request: invalid user guest [preauth]
Jan 18 05:12:32 host unix_chkpwd[9159]: password check failed for user (centos)
Jan 18 05:12:32 host sshd[9147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.89.219.59 user=centos
Jan 18 05:12:32 host sshd[9148]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:12:32 host sshd[9148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.89.219.59
Jan 18 05:12:32 host sshd[9150]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:12:32 host sshd[9150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.89.219.59
Jan 18 05:12:32 host unix_chkpwd[9160]: password check failed for user (root)
Jan 18 05:12:32 host sshd[9152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.89.219.59 user=root
Jan 18 05:12:32 host sshd[9152]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 05:12:32 host sshd[9154]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:12:32 host sshd[9154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.89.219.59
Jan 18 05:12:33 host sshd[9147]: Failed password for invalid user centos from 101.89.219.59 port 53702 ssh2
Jan 18 05:12:33 host sshd[9148]: Failed password for invalid user steam from 101.89.219.59 port 53696 ssh2
Jan 18 05:12:33 host sshd[9150]: Failed password for invalid user user from 101.89.219.59 port 53700 ssh2
Jan 18 05:12:34 host sshd[9152]: Failed password for invalid user root from 101.89.219.59 port 53694 ssh2
Jan 18 05:12:34 host sshd[9154]: Failed password for invalid user guest from 101.89.219.59 port 53698 ssh2
Jan 18 05:12:34 host sshd[9147]: Connection closed by 101.89.219.59 port 53702 [preauth]
Jan 18 05:12:34 host sshd[9148]: Connection closed by 101.89.219.59 port 53696 [preauth]
Jan 18 05:12:34 host sshd[9150]: Connection closed by 101.89.219.59 port 53700 [preauth]
Jan 18 05:12:34 host sshd[9152]: Connection closed by 101.89.219.59 port 53694 [preauth]
Jan 18 05:12:34 host sshd[9154]: Connection closed by 101.89.219.59 port 53698 [preauth]
Jan 18 05:14:52 host sshd[9533]: Invalid user terraria from 1.55.215.71 port 46382
Jan 18 05:14:52 host sshd[9533]: input_userauth_request: invalid user terraria [preauth]
Jan 18 05:14:52 host sshd[9533]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:14:52 host sshd[9533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.55.215.71
Jan 18 05:14:54 host sshd[9533]: Failed password for invalid user terraria from 1.55.215.71 port 46382 ssh2
Jan 18 05:14:54 host sshd[9533]: Received disconnect from 1.55.215.71 port 46382:11: Bye Bye [preauth]
Jan 18 05:14:54 host sshd[9533]: Disconnected from 1.55.215.71 port 46382 [preauth]
Jan 18 05:16:21 host sshd[9704]: Invalid user mark from 1.55.215.71 port 45376
Jan 18 05:16:21 host sshd[9704]: input_userauth_request: invalid user mark [preauth]
Jan 18 05:16:21 host sshd[9704]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:16:21 host sshd[9704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.55.215.71
Jan 18 05:16:23 host sshd[9704]: Failed password for invalid user mark from 1.55.215.71 port 45376 ssh2
Jan 18 05:16:23 host sshd[9704]: Received disconnect from 1.55.215.71 port 45376:11: Bye Bye [preauth]
Jan 18 05:16:23 host sshd[9704]: Disconnected from 1.55.215.71 port 45376 [preauth]
Jan 18 05:18:36 host sshd[9975]: User root from 114.33.169.67 not allowed because not listed in AllowUsers
Jan 18 05:18:36 host sshd[9975]: input_userauth_request: invalid user root [preauth]
Jan 18 05:18:36 host unix_chkpwd[9978]: password check failed for user (root)
Jan 18 05:18:36 host sshd[9975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.169.67 user=root
Jan 18 05:18:36 host sshd[9975]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 05:18:37 host sshd[9975]: Failed password for invalid user root from 114.33.169.67 port 46207 ssh2
Jan 18 05:18:38 host sshd[9975]: Connection reset by 114.33.169.67 port 46207 [preauth]
Jan 18 05:19:56 host sshd[10249]: Invalid user ftptest from 194.110.203.109 port 33676
Jan 18 05:19:56 host sshd[10249]: input_userauth_request: invalid user ftptest [preauth]
Jan 18 05:19:56 host sshd[10249]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:19:56 host sshd[10249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 05:19:58 host sshd[10249]: Failed password for invalid user ftptest from 194.110.203.109 port 33676 ssh2
Jan 18 05:20:01 host sshd[10249]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:20:03 host sshd[10249]: Failed password for invalid user ftptest from 194.110.203.109 port 33676 ssh2
Jan 18 05:20:06 host sshd[10249]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:20:08 host sshd[10249]: Failed password for invalid user ftptest from 194.110.203.109 port 33676 ssh2
Jan 18 05:20:11 host sshd[10249]: Connection closed by 194.110.203.109 port 33676 [preauth]
Jan 18 05:20:11 host sshd[10249]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 05:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 05:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 05:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=wwwrmswll user-4=wwwresourcehunte user-5=keralaholi user-6=ugotscom user-7=cochintaxi user-8=wwwkaretakers user-9=dartsimp user-10=a2zgroup user-11=laundryboniface user-12=bonifacegroup user-13=wwwevmhonda user-14=straightcurve user-15=wwwletsstalkfood user-16=gifterman user-17=palco123 user-18=phmetals user-19=kottayamcalldriv user-20=mrsclean user-21=wwwnexidigital user-22=disposeat user-23=wwwkmaorg user-24=remysagr user-25=wwwkapin user-26=woodpeck user-27=vfmassets user-28=wwwtestugo user-29=shalinijames user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 05:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 05:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=evmhonda.com --output=json
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/test -e /home/wwwevmhonda/wordpress-backups
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 18 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=letsstalkfood.com --output=json
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/test -e /home/wwwletsstalkfood/wordpress-backups
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 18 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=mrsclean.co.in --output=json
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/test -e /home/mrsclean/wordpress-backups
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 18 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/test -e /home/mrsclean/wordpress-backups
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 18 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=shalinijames.com --output=json
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/test -e /home/shalinijames/wordpress-backups
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 18 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=testugo.in --output=json
Jan 18 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 18 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 18 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 18 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=ugotechnologies.com --output=json
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=woodpeckerindia.com --output=json
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/test -e /home/woodpeck/wordpress-backups
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 18 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=panlys.com --output=json
Jan 18 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/test -e /home/palco123/wordpress-backups
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=resourcehunters.com --output=json
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/test -e /home/wwwresourcehunte/wordpress-backups
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /var/cpanel/licenseid_credentials.json
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwpmcresource ; COMMAND=/bin/cat /home/wwwpmcresource/.wp-toolkit-identifier
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwpmcresource by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwpmcresource
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=travelboniface ; COMMAND=/bin/cat /home/travelboniface/.wp-toolkit-identifier
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user travelboniface by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user travelboniface
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwrmswll ; COMMAND=/bin/cat /home/wwwrmswll/.wp-toolkit-identifier
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwrmswll by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwrmswll
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/cat /home/wwwresourcehunte/.wp-toolkit-identifier
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/cat /home/keralaholi/.wp-toolkit-identifier
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -f /home/keralaholi/.wp-toolkit-identifier
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -e /home/keralaholi/-wpt-tmp-pglGLsSL9aA4vmiD.wp-toolkit-identifier
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/sh -c cat > /home/keralaholi/-wpt-tmp-pglGLsSL9aA4vmiD.wp-toolkit-identifier
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=cochintaxi ; COMMAND=/bin/cat /home/cochintaxi/.wp-toolkit-identifier
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user cochintaxi by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user cochintaxi
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkaretakers ; COMMAND=/bin/cat /home/wwwkaretakers/.wp-toolkit-identifier
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwkaretakers by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwkaretakers
Jan 18 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=dartsimp ; COMMAND=/bin/cat /home/dartsimp/.wp-toolkit-identifier
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session opened for user dartsimp by (uid=0)
Jan 18 05:21:07 host sudo: pam_unix(sudo:session): session closed for user dartsimp
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=a2zgroup ; COMMAND=/bin/cat /home/a2zgroup/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user a2zgroup by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user a2zgroup
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=laundryboniface ; COMMAND=/bin/cat /home/laundryboniface/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user laundryboniface by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user laundryboniface
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=bonifacegroup ; COMMAND=/bin/cat /home/bonifacegroup/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user bonifacegroup by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user bonifacegroup
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/cat /home/wwwevmhonda/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=straightcurve ; COMMAND=/bin/cat /home/straightcurve/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user straightcurve by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user straightcurve
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/cat /home/wwwletsstalkfood/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=gifterman ; COMMAND=/bin/cat /home/gifterman/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user gifterman by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user gifterman
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/cat /home/palco123/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=phmetals ; COMMAND=/bin/cat /home/phmetals/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user phmetals by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user phmetals
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=kottayamcalldriv ; COMMAND=/bin/cat /home/kottayamcalldriv/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user kottayamcalldriv by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user kottayamcalldriv
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/cat /home/mrsclean/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwnexidigital ; COMMAND=/bin/cat /home/wwwnexidigital/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwnexidigital by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwnexidigital
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=disposeat ; COMMAND=/bin/cat /home/disposeat/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user disposeat by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user disposeat
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkmaorg ; COMMAND=/bin/cat /home/wwwkmaorg/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwkmaorg by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwkmaorg
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=remysagr ; COMMAND=/bin/cat /home/remysagr/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user remysagr by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user remysagr
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkapin ; COMMAND=/bin/cat /home/wwwkapin/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwkapin by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwkapin
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/cat /home/woodpeck/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=vfmassets ; COMMAND=/bin/cat /home/vfmassets/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user vfmassets by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user vfmassets
Jan 18 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/cat /home/wwwtestugo/.wp-toolkit-identifier
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 18 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 18 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/cat /home/shalinijames/.wp-toolkit-identifier
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 18 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=pmcresources ; COMMAND=/bin/cat /home/pmcresources/.wp-toolkit-identifier
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session opened for user pmcresources by (uid=0)
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session closed for user pmcresources
Jan 18 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/cat /home/keralaholi/.wp-toolkit-identifier
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 18 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -f /home/keralaholi/.wp-toolkit-identifier
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 18 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -e /home/keralaholi/-wpt-tmp-TyuQLVN1YYajacWB.wp-toolkit-identifier
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 18 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/sh -c cat > /home/keralaholi/-wpt-tmp-TyuQLVN1YYajacWB.wp-toolkit-identifier
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 18 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_shared_ip --output=json
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_public_ip ip=167.71.234.10 --output=json
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 05:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-DzUaTeiTH7xOLMRD.~
Jan 18 05:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-DzUaTeiTH7xOLMRD.~'
Jan 18 05:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-DzUaTeiTH7xOLMRD.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 05:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 05:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:21:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 05:21:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 05:21:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 05:24:35 host sshd[11495]: Invalid user postgres from 211.185.214.155 port 5280
Jan 18 05:24:35 host sshd[11495]: input_userauth_request: invalid user postgres [preauth]
Jan 18 05:24:35 host sshd[11495]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:24:35 host sshd[11495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.185.214.155
Jan 18 05:24:37 host sshd[11495]: Failed password for invalid user postgres from 211.185.214.155 port 5280 ssh2
Jan 18 05:24:38 host sshd[11495]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:24:40 host sshd[11495]: Failed password for invalid user postgres from 211.185.214.155 port 5280 ssh2
Jan 18 05:24:40 host sshd[11495]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:24:43 host sshd[11495]: Failed password for invalid user postgres from 211.185.214.155 port 5280 ssh2
Jan 18 05:27:12 host sshd[11914]: Invalid user admin from 59.14.48.160 port 62792
Jan 18 05:27:12 host sshd[11914]: input_userauth_request: invalid user admin [preauth]
Jan 18 05:27:12 host sshd[11914]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:27:12 host sshd[11914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.14.48.160
Jan 18 05:27:14 host sshd[11914]: Failed password for invalid user admin from 59.14.48.160 port 62792 ssh2
Jan 18 05:27:15 host sshd[11914]: Failed password for invalid user admin from 59.14.48.160 port 62792 ssh2
Jan 18 05:27:15 host sshd[11914]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:27:17 host sshd[11914]: Failed password for invalid user admin from 59.14.48.160 port 62792 ssh2
Jan 18 05:27:18 host sshd[11914]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:27:20 host sshd[11914]: Failed password for invalid user admin from 59.14.48.160 port 62792 ssh2
Jan 18 05:27:21 host sshd[11914]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:27:23 host sshd[11914]: Failed password for invalid user admin from 59.14.48.160 port 62792 ssh2
Jan 18 05:27:24 host sshd[11914]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:27:26 host sshd[11914]: Failed password for invalid user admin from 59.14.48.160 port 62792 ssh2
Jan 18 05:27:26 host sshd[11914]: error: maximum authentication attempts exceeded for invalid user admin from 59.14.48.160 port 62792 ssh2 [preauth]
Jan 18 05:27:26 host sshd[11914]: Disconnecting: Too many authentication failures [preauth]
Jan 18 05:27:26 host sshd[11914]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.14.48.160
Jan 18 05:27:26 host sshd[11914]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 18 05:29:36 host sshd[12247]: User root from 222.109.39.194 not allowed because not listed in AllowUsers
Jan 18 05:29:36 host sshd[12247]: input_userauth_request: invalid user root [preauth]
Jan 18 05:29:36 host unix_chkpwd[12253]: password check failed for user (root)
Jan 18 05:29:36 host sshd[12247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.109.39.194 user=root
Jan 18 05:29:36 host sshd[12247]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 05:29:38 host sshd[12247]: Failed password for invalid user root from 222.109.39.194 port 62646 ssh2
Jan 18 05:29:39 host unix_chkpwd[12258]: password check failed for user (root)
Jan 18 05:29:39 host sshd[12247]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 05:29:40 host sshd[12247]: Failed password for invalid user root from 222.109.39.194 port 62646 ssh2
Jan 18 05:29:41 host sshd[12247]: Connection reset by 222.109.39.194 port 62646 [preauth]
Jan 18 05:29:41 host sshd[12247]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.109.39.194 user=root
Jan 18 05:36:03 host sshd[13165]: Invalid user ubnt from 14.46.175.37 port 62430
Jan 18 05:36:03 host sshd[13165]: input_userauth_request: invalid user ubnt [preauth]
Jan 18 05:36:03 host sshd[13165]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:36:03 host sshd[13165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.46.175.37
Jan 18 05:36:05 host sshd[13165]: Failed password for invalid user ubnt from 14.46.175.37 port 62430 ssh2
Jan 18 05:36:06 host sshd[13165]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:36:08 host sshd[13165]: Failed password for invalid user ubnt from 14.46.175.37 port 62430 ssh2
Jan 18 05:36:08 host sshd[13165]: Failed password for invalid user ubnt from 14.46.175.37 port 62430 ssh2
Jan 18 05:36:09 host sshd[13165]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:36:11 host sshd[13165]: Failed password for invalid user ubnt from 14.46.175.37 port 62430 ssh2
Jan 18 05:36:11 host sshd[13165]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:36:13 host sshd[13165]: Failed password for invalid user ubnt from 14.46.175.37 port 62430 ssh2
Jan 18 05:52:13 host sshd[15758]: Connection reset by 113.180.187.138 port 33385 [preauth]
Jan 18 05:54:10 host sshd[15992]: User root from 114.35.40.35 not allowed because not listed in AllowUsers
Jan 18 05:54:10 host sshd[15992]: input_userauth_request: invalid user root [preauth]
Jan 18 05:54:10 host unix_chkpwd[16000]: password check failed for user (root)
Jan 18 05:54:10 host sshd[15992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.40.35 user=root
Jan 18 05:54:10 host sshd[15992]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 05:54:12 host sshd[15992]: Failed password for invalid user root from 114.35.40.35 port 54329 ssh2
Jan 18 05:54:13 host unix_chkpwd[16005]: password check failed for user (root)
Jan 18 05:54:13 host sshd[15992]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 05:54:15 host sshd[15992]: Failed password for invalid user root from 114.35.40.35 port 54329 ssh2
Jan 18 05:54:17 host unix_chkpwd[16009]: password check failed for user (root)
Jan 18 05:54:17 host sshd[15992]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 05:54:19 host sshd[15992]: Failed password for invalid user root from 114.35.40.35 port 54329 ssh2
Jan 18 05:54:20 host unix_chkpwd[16015]: password check failed for user (root)
Jan 18 05:54:20 host sshd[15992]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 05:54:23 host sshd[15992]: Failed password for invalid user root from 114.35.40.35 port 54329 ssh2
Jan 18 05:57:09 host sshd[16527]: User root from 181.191.9.163 not allowed because not listed in AllowUsers
Jan 18 05:57:09 host sshd[16527]: input_userauth_request: invalid user root [preauth]
Jan 18 05:57:09 host unix_chkpwd[16533]: password check failed for user (root)
Jan 18 05:57:09 host sshd[16527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.191.9.163 user=root
Jan 18 05:57:09 host sshd[16527]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 05:57:11 host sshd[16527]: Failed password for invalid user root from 181.191.9.163 port 49250 ssh2
Jan 18 05:57:12 host sshd[16527]: Received disconnect from 181.191.9.163 port 49250:11: Bye Bye [preauth]
Jan 18 05:57:12 host sshd[16527]: Disconnected from 181.191.9.163 port 49250 [preauth]
Jan 18 05:57:17 host sshd[16547]: User root from 150.230.87.21 not allowed because not listed in AllowUsers
Jan 18 05:57:17 host sshd[16547]: input_userauth_request: invalid user root [preauth]
Jan 18 05:57:17 host unix_chkpwd[16551]: password check failed for user (root)
Jan 18 05:57:17 host sshd[16547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.230.87.21 user=root
Jan 18 05:57:17 host sshd[16547]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 05:57:19 host sshd[16547]: Failed password for invalid user root from 150.230.87.21 port 47140 ssh2
Jan 18 05:57:20 host sshd[16547]: Received disconnect from 150.230.87.21 port 47140:11: Bye Bye [preauth]
Jan 18 05:57:20 host sshd[16547]: Disconnected from 150.230.87.21 port 47140 [preauth]
Jan 18 05:57:50 host sshd[16622]: Invalid user bot from 14.225.217.182 port 46704
Jan 18 05:57:50 host sshd[16622]: input_userauth_request: invalid user bot [preauth]
Jan 18 05:57:50 host sshd[16622]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:57:50 host sshd[16622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.217.182
Jan 18 05:57:52 host sshd[16622]: Failed password for invalid user bot from 14.225.217.182 port 46704 ssh2
Jan 18 05:57:52 host sshd[16622]: Received disconnect from 14.225.217.182 port 46704:11: Bye Bye [preauth]
Jan 18 05:57:52 host sshd[16622]: Disconnected from 14.225.217.182 port 46704 [preauth]
Jan 18 05:58:19 host sshd[16665]: Connection closed by 167.248.133.60 port 47042 [preauth]
Jan 18 05:58:38 host sshd[16739]: Invalid user admin from 61.83.61.187 port 60303
Jan 18 05:58:38 host sshd[16739]: input_userauth_request: invalid user admin [preauth]
Jan 18 05:58:38 host sshd[16739]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 05:58:38 host sshd[16739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.83.61.187
Jan 18 05:58:40 host sshd[16739]: Failed password for invalid user admin from 61.83.61.187 port 60303 ssh2
Jan 18 05:58:40 host sshd[16739]: Connection reset by 61.83.61.187 port 60303 [preauth]
Jan 18 06:01:11 host sshd[17105]: User root from 143.110.190.26 not allowed because not listed in AllowUsers
Jan 18 06:01:11 host sshd[17105]: input_userauth_request: invalid user root [preauth]
Jan 18 06:01:11 host unix_chkpwd[17107]: password check failed for user (root)
Jan 18 06:01:11 host sshd[17105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.190.26 user=root
Jan 18 06:01:11 host sshd[17105]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 06:01:13 host sshd[17105]: Failed password for invalid user root from 143.110.190.26 port 59510 ssh2
Jan 18 06:01:13 host sshd[17105]: Received disconnect from 143.110.190.26 port 59510:11: Bye Bye [preauth]
Jan 18 06:01:13 host sshd[17105]: Disconnected from 143.110.190.26 port 59510 [preauth]
Jan 18 06:01:40 host sshd[17190]: User root from 14.225.217.182 not allowed because not listed in AllowUsers
Jan 18 06:01:40 host sshd[17190]: input_userauth_request: invalid user root [preauth]
Jan 18 06:01:40 host unix_chkpwd[17192]: password check failed for user (root)
Jan 18 06:01:40 host sshd[17190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.217.182 user=root
Jan 18 06:01:40 host sshd[17190]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 06:01:42 host sshd[17190]: Failed password for invalid user root from 14.225.217.182 port 59516 ssh2
Jan 18 06:01:42 host sshd[17190]: Received disconnect from 14.225.217.182 port 59516:11: Bye Bye [preauth]
Jan 18 06:01:42 host sshd[17190]: Disconnected from 14.225.217.182 port 59516 [preauth]
Jan 18 06:02:03 host sshd[17255]: Invalid user max from 150.230.87.21 port 47328
Jan 18 06:02:03 host sshd[17255]: input_userauth_request: invalid user max [preauth]
Jan 18 06:02:03 host sshd[17255]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:02:03 host sshd[17255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.230.87.21
Jan 18 06:02:04 host sshd[17255]: Failed password for invalid user max from 150.230.87.21 port 47328 ssh2
Jan 18 06:02:05 host sshd[17255]: Received disconnect from 150.230.87.21 port 47328:11: Bye Bye [preauth]
Jan 18 06:02:05 host sshd[17255]: Disconnected from 150.230.87.21 port 47328 [preauth]
Jan 18 06:02:38 host sshd[17498]: User root from 181.191.9.163 not allowed because not listed in AllowUsers
Jan 18 06:02:38 host sshd[17498]: input_userauth_request: invalid user root [preauth]
Jan 18 06:02:38 host unix_chkpwd[17502]: password check failed for user (root)
Jan 18 06:02:38 host sshd[17498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.191.9.163 user=root
Jan 18 06:02:38 host sshd[17498]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 06:02:40 host sshd[17498]: Failed password for invalid user root from 181.191.9.163 port 42664 ssh2
Jan 18 06:02:40 host sshd[17498]: Received disconnect from 181.191.9.163 port 42664:11: Bye Bye [preauth]
Jan 18 06:02:40 host sshd[17498]: Disconnected from 181.191.9.163 port 42664 [preauth]
Jan 18 06:02:43 host sshd[17520]: Invalid user vishnu from 143.110.190.26 port 54954
Jan 18 06:02:43 host sshd[17520]: input_userauth_request: invalid user vishnu [preauth]
Jan 18 06:02:43 host sshd[17520]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:02:43 host sshd[17520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.190.26
Jan 18 06:02:45 host sshd[17520]: Failed password for invalid user vishnu from 143.110.190.26 port 54954 ssh2
Jan 18 06:02:45 host sshd[17520]: Received disconnect from 143.110.190.26 port 54954:11: Bye Bye [preauth]
Jan 18 06:02:45 host sshd[17520]: Disconnected from 143.110.190.26 port 54954 [preauth]
Jan 18 06:04:27 host sshd[17876]: Invalid user vadmin from 219.85.47.26 port 49958
Jan 18 06:04:27 host sshd[17876]: input_userauth_request: invalid user vadmin [preauth]
Jan 18 06:04:27 host sshd[17876]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:04:27 host sshd[17876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.85.47.26
Jan 18 06:04:29 host sshd[17876]: Failed password for invalid user vadmin from 219.85.47.26 port 49958 ssh2
Jan 18 06:04:30 host sshd[17876]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:04:32 host sshd[17876]: Failed password for invalid user vadmin from 219.85.47.26 port 49958 ssh2
Jan 18 06:04:33 host sshd[17876]: Failed password for invalid user vadmin from 219.85.47.26 port 49958 ssh2
Jan 18 06:04:34 host sshd[17876]: Connection closed by 219.85.47.26 port 49958 [preauth]
Jan 18 06:04:34 host sshd[17876]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.85.47.26
Jan 18 06:04:37 host sshd[17909]: User root from 222.101.75.181 not allowed because not listed in AllowUsers
Jan 18 06:04:37 host sshd[17909]: input_userauth_request: invalid user root [preauth]
Jan 18 06:04:37 host unix_chkpwd[17913]: password check failed for user (root)
Jan 18 06:04:37 host sshd[17909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.101.75.181 user=root
Jan 18 06:04:37 host sshd[17909]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 06:04:39 host sshd[17909]: Failed password for invalid user root from 222.101.75.181 port 60148 ssh2
Jan 18 06:04:41 host unix_chkpwd[17916]: password check failed for user (root)
Jan 18 06:04:41 host sshd[17909]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 06:04:42 host sshd[17909]: Failed password for invalid user root from 222.101.75.181 port 60148 ssh2
Jan 18 06:04:44 host unix_chkpwd[17921]: password check failed for user (root)
Jan 18 06:04:44 host sshd[17909]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 06:04:46 host sshd[17909]: Failed password for invalid user root from 222.101.75.181 port 60148 ssh2
Jan 18 06:04:47 host unix_chkpwd[17924]: password check failed for user (root)
Jan 18 06:04:47 host sshd[17909]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 06:04:49 host sshd[17909]: Failed password for invalid user root from 222.101.75.181 port 60148 ssh2
Jan 18 06:09:58 host sshd[18721]: User root from 195.226.194.242 not allowed because not listed in AllowUsers
Jan 18 06:09:58 host sshd[18721]: input_userauth_request: invalid user root [preauth]
Jan 18 06:09:58 host unix_chkpwd[18726]: password check failed for user (root)
Jan 18 06:09:58 host sshd[18721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242 user=root
Jan 18 06:09:58 host sshd[18721]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 06:10:00 host sshd[18721]: Failed password for invalid user root from 195.226.194.242 port 53402 ssh2
Jan 18 06:10:00 host sshd[18721]: Received disconnect from 195.226.194.242 port 53402:11: Bye Bye [preauth]
Jan 18 06:10:00 host sshd[18721]: Disconnected from 195.226.194.242 port 53402 [preauth]
Jan 18 06:15:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 06:15:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:15:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:15:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 06:15:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:15:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:15:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 06:15:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:15:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:15:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 06:15:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:15:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:15:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 06:15:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:15:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:15:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 06:15:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:15:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:15:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 06:15:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:15:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=keralaholi user-2=wwwresourcehunte user-3=wwwrmswll user-4=ugotscom user-5=travelboniface user-6=wwwpmcresource user-7=laundryboniface user-8=a2zgroup user-9=dartsimp user-10=cochintaxi user-11=wwwkaretakers user-12=wwwnexidigital user-13=mrsclean user-14=palco123 user-15=gifterman user-16=phmetals user-17=kottayamcalldriv user-18=straightcurve user-19=wwwletsstalkfood user-20=bonifacegroup user-21=wwwevmhonda user-22=pmcresources user-23=vfmassets user-24=shalinijames user-25=wwwtestugo user-26=wwwkapin user-27=woodpeck user-28=disposeat user-29=remysagr user-30=wwwkmaorg feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 06:21:08 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-xuNoapPP6Jw0i47G.~
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-xuNoapPP6Jw0i47G.~'
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-xuNoapPP6Jw0i47G.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 06:21:09 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 06:21:09 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 06:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 06:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 06:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 06:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 06:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 06:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 06:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 06:24:55 host sshd[21445]: Connection closed by 172.104.11.46 port 18846 [preauth]
Jan 18 06:24:56 host sshd[21448]: Connection closed by 172.104.11.46 port 18848 [preauth]
Jan 18 06:24:58 host sshd[21451]: Connection closed by 172.104.11.46 port 18860 [preauth]
Jan 18 06:29:13 host sshd[22059]: Invalid user vadmin from 219.240.197.127 port 61507
Jan 18 06:29:13 host sshd[22059]: input_userauth_request: invalid user vadmin [preauth]
Jan 18 06:29:13 host sshd[22059]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:29:13 host sshd[22059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.240.197.127
Jan 18 06:29:15 host sshd[22059]: Failed password for invalid user vadmin from 219.240.197.127 port 61507 ssh2
Jan 18 06:29:15 host sshd[22059]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:29:17 host sshd[22059]: Failed password for invalid user vadmin from 219.240.197.127 port 61507 ssh2
Jan 18 06:29:17 host sshd[22059]: Connection closed by 219.240.197.127 port 61507 [preauth]
Jan 18 06:29:17 host sshd[22059]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.240.197.127
Jan 18 06:36:46 host sshd[23375]: User root from 72.76.221.152 not allowed because not listed in AllowUsers
Jan 18 06:36:46 host sshd[23375]: input_userauth_request: invalid user root [preauth]
Jan 18 06:36:46 host unix_chkpwd[23379]: password check failed for user (root)
Jan 18 06:36:46 host sshd[23375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.76.221.152 user=root
Jan 18 06:36:46 host sshd[23375]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 06:36:48 host sshd[23375]: Failed password for invalid user root from 72.76.221.152 port 58098 ssh2
Jan 18 06:36:49 host sshd[23375]: Connection reset by 72.76.221.152 port 58098 [preauth]
Jan 18 06:55:15 host sshd[26435]: Did not receive identification string from 139.59.152.202 port 60988
Jan 18 06:55:17 host sshd[26438]: Invalid user pi from 139.59.152.202 port 39080
Jan 18 06:55:17 host sshd[26438]: input_userauth_request: invalid user pi [preauth]
Jan 18 06:55:17 host sshd[26442]: Invalid user admin from 139.59.152.202 port 39070
Jan 18 06:55:17 host sshd[26442]: input_userauth_request: invalid user admin [preauth]
Jan 18 06:55:17 host sshd[26439]: Invalid user ftpuser from 139.59.152.202 port 39074
Jan 18 06:55:17 host sshd[26439]: input_userauth_request: invalid user ftpuser [preauth]
Jan 18 06:55:17 host sshd[26443]: User root from 139.59.152.202 not allowed because not listed in AllowUsers
Jan 18 06:55:17 host sshd[26443]: input_userauth_request: invalid user root [preauth]
Jan 18 06:55:17 host sshd[26437]: Invalid user admin from 139.59.152.202 port 39056
Jan 18 06:55:17 host sshd[26437]: input_userauth_request: invalid user admin [preauth]
Jan 18 06:55:17 host sshd[26436]: User root from 139.59.152.202 not allowed because not listed in AllowUsers
Jan 18 06:55:17 host sshd[26436]: input_userauth_request: invalid user root [preauth]
Jan 18 06:55:17 host sshd[26441]: Invalid user halo from 139.59.152.202 port 39064
Jan 18 06:55:17 host sshd[26441]: input_userauth_request: invalid user halo [preauth]
Jan 18 06:55:17 host sshd[26448]: Invalid user web from 139.59.152.202 port 39048
Jan 18 06:55:17 host sshd[26444]: Invalid user test from 139.59.152.202 port 39104
Jan 18 06:55:17 host sshd[26440]: Invalid user web from 139.59.152.202 port 39034
Jan 18 06:55:17 host sshd[26444]: input_userauth_request: invalid user test [preauth]
Jan 18 06:55:17 host sshd[26448]: input_userauth_request: invalid user web [preauth]
Jan 18 06:55:17 host sshd[26440]: input_userauth_request: invalid user web [preauth]
Jan 18 06:55:17 host sshd[26446]: Invalid user ubuntu from 139.59.152.202 port 39062
Jan 18 06:55:17 host sshd[26445]: Invalid user esuser from 139.59.152.202 port 39066
Jan 18 06:55:17 host sshd[26447]: Invalid user ubuntu from 139.59.152.202 port 39058
Jan 18 06:55:17 host sshd[26445]: input_userauth_request: invalid user esuser [preauth]
Jan 18 06:55:17 host sshd[26446]: input_userauth_request: invalid user ubuntu [preauth]
Jan 18 06:55:17 host sshd[26447]: input_userauth_request: invalid user ubuntu [preauth]
Jan 18 06:55:17 host sshd[26449]: Invalid user steam from 139.59.152.202 port 39098
Jan 18 06:55:17 host sshd[26449]: input_userauth_request: invalid user steam [preauth]
Jan 18 06:55:17 host sshd[26450]: Invalid user postgres from 139.59.152.202 port 39106
Jan 18 06:55:17 host sshd[26452]: Invalid user ubuntu from 139.59.152.202 port 39072
Jan 18 06:55:17 host sshd[26450]: input_userauth_request: invalid user postgres [preauth]
Jan 18 06:55:17 host sshd[26452]: input_userauth_request: invalid user ubuntu [preauth]
Jan 18 06:55:17 host sshd[26451]: User root from 139.59.152.202 not allowed because not listed in AllowUsers
Jan 18 06:55:17 host sshd[26451]: input_userauth_request: invalid user root [preauth]
Jan 18 06:55:17 host sshd[26453]: Invalid user vagrant from 139.59.152.202 port 39032
Jan 18 06:55:17 host sshd[26453]: input_userauth_request: invalid user vagrant [preauth]
Jan 18 06:55:17 host sshd[26454]: Invalid user ansible from 139.59.152.202 port 39068
Jan 18 06:55:17 host sshd[26458]: Invalid user testuser from 139.59.152.202 port 39086
Jan 18 06:55:17 host sshd[26454]: input_userauth_request: invalid user ansible [preauth]
Jan 18 06:55:17 host sshd[26458]: input_userauth_request: invalid user testuser [preauth]
Jan 18 06:55:17 host sshd[26459]: Invalid user emqx from 139.59.152.202 port 39040
Jan 18 06:55:17 host sshd[26461]: User root from 139.59.152.202 not allowed because not listed in AllowUsers
Jan 18 06:55:17 host sshd[26459]: input_userauth_request: invalid user emqx [preauth]
Jan 18 06:55:17 host sshd[26461]: input_userauth_request: invalid user root [preauth]
Jan 18 06:55:17 host sshd[26460]: Invalid user postgres from 139.59.152.202 port 39030
Jan 18 06:55:17 host sshd[26460]: input_userauth_request: invalid user postgres [preauth]
Jan 18 06:55:17 host sshd[26465]: Invalid user ubnt from 139.59.152.202 port 39090
Jan 18 06:55:17 host sshd[26465]: input_userauth_request: invalid user ubnt [preauth]
Jan 18 06:55:17 host sshd[26439]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26442]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26438]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26437]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26441]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26444]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26440]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26448]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host unix_chkpwd[26488]: password check failed for user (root)
Jan 18 06:55:17 host unix_chkpwd[26489]: password check failed for user (root)
Jan 18 06:55:17 host sshd[26436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202 user=root
Jan 18 06:55:17 host sshd[26436]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 06:55:17 host sshd[26443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202 user=root
Jan 18 06:55:17 host sshd[26443]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 06:55:17 host sshd[26445]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26446]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26447]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26449]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26450]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26452]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26453]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26454]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26458]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host sshd[26459]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host unix_chkpwd[26490]: password check failed for user (root)
Jan 18 06:55:17 host sshd[26451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202 user=root
Jan 18 06:55:17 host sshd[26451]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 06:55:17 host sshd[26460]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:17 host unix_chkpwd[26491]: password check failed for user (root)
Jan 18 06:55:17 host sshd[26461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202 user=root
Jan 18 06:55:17 host sshd[26461]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 06:55:17 host sshd[26465]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 06:55:17 host sshd[26465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.152.202
Jan 18 06:55:19 host sshd[26439]: Failed password for invalid user ftpuser from 139.59.152.202 port 39074 ssh2
Jan 18 06:55:19 host sshd[26442]: Failed password for invalid user admin from 139.59.152.202 port 39070 ssh2
Jan 18 06:55:19 host sshd[26438]: Failed password for invalid user pi from 139.59.152.202 port 39080 ssh2
Jan 18 06:55:19 host sshd[26441]: Failed password for invalid user halo from 139.59.152.202 port 39064 ssh2
Jan 18 06:55:19 host sshd[26437]: Failed password for invalid user admin from 139.59.152.202 port 39056 ssh2
Jan 18 06:55:19 host sshd[26444]: Failed password for invalid user test from 139.59.152.202 port 39104 ssh2
Jan 18 06:55:19 host sshd[26440]: Failed password for invalid user web from 139.59.152.202 port 39034 ssh2
Jan 18 06:55:19 host sshd[26448]: Failed password for invalid user web from 139.59.152.202 port 39048 ssh2
Jan 18 06:55:19 host sshd[26436]: Failed password for invalid user root from 139.59.152.202 port 39092 ssh2
Jan 18 06:55:19 host sshd[26443]: Failed password for invalid user root from 139.59.152.202 port 39088 ssh2
Jan 18 06:55:19 host sshd[26446]: Failed password for invalid user ubuntu from 139.59.152.202 port 39062 ssh2
Jan 18 06:55:19 host sshd[26445]: Failed password for invalid user esuser from 139.59.152.202 port 39066 ssh2
Jan 18 06:55:19 host sshd[26447]: Failed password for invalid user ubuntu from 139.59.152.202 port 39058 ssh2
Jan 18 06:55:19 host sshd[26449]: Failed password for invalid user steam from 139.59.152.202 port 39098 ssh2
Jan 18 06:55:19 host sshd[26450]: Failed password for invalid user postgres from 139.59.152.202 port 39106 ssh2
Jan 18 06:55:19 host sshd[26452]: Failed password for invalid user ubuntu from 139.59.152.202 port 39072 ssh2
Jan 18 06:55:20 host sshd[26453]: Failed password for invalid user vagrant from 139.59.152.202 port 39032 ssh2
Jan 18 06:55:20 host sshd[26454]: Failed password for invalid user ansible from 139.59.152.202 port 39068 ssh2
Jan 18 06:55:20 host sshd[26458]: Failed password for invalid user testuser from 139.59.152.202 port 39086 ssh2
Jan 18 06:55:20 host sshd[26459]: Failed password for invalid user emqx from 139.59.152.202 port 39040 ssh2
Jan 18 06:55:20 host sshd[26451]: Failed password for invalid user root from 139.59.152.202 port 39050 ssh2
Jan 18 06:55:20 host sshd[26460]: Failed password for invalid user postgres from 139.59.152.202 port 39030 ssh2
Jan 18 06:55:20 host sshd[26461]: Failed password for invalid user root from 139.59.152.202 port 39084 ssh2
Jan 18 06:55:20 host sshd[26465]: Failed password for invalid user ubnt from 139.59.152.202 port 39090 ssh2
Jan 18 06:55:20 host sshd[26439]: Connection closed by 139.59.152.202 port 39074 [preauth]
Jan 18 06:55:20 host sshd[26438]: Connection closed by 139.59.152.202 port 39080 [preauth]
Jan 18 06:55:20 host sshd[26442]: Connection closed by 139.59.152.202 port 39070 [preauth]
Jan 18 06:55:20 host sshd[26437]: Connection closed by 139.59.152.202 port 39056 [preauth]
Jan 18 06:55:20 host sshd[26448]: Connection closed by 139.59.152.202 port 39048 [preauth]
Jan 18 06:55:20 host sshd[26440]: Connection closed by 139.59.152.202 port 39034 [preauth]
Jan 18 06:55:20 host sshd[26441]: Connection closed by 139.59.152.202 port 39064 [preauth]
Jan 18 06:55:20 host sshd[26444]: Connection closed by 139.59.152.202 port 39104 [preauth]
Jan 18 06:55:20 host sshd[26443]: Connection closed by 139.59.152.202 port 39088 [preauth]
Jan 18 06:55:20 host sshd[26436]: Connection closed by 139.59.152.202 port 39092 [preauth]
Jan 18 07:02:33 host sshd[27859]: Invalid user fu from 194.110.203.109 port 54678
Jan 18 07:02:33 host sshd[27859]: input_userauth_request: invalid user fu [preauth]
Jan 18 07:02:33 host sshd[27859]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:02:33 host sshd[27859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 07:02:35 host sshd[27859]: Failed password for invalid user fu from 194.110.203.109 port 54678 ssh2
Jan 18 07:02:38 host sshd[27859]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:02:40 host sshd[27859]: Failed password for invalid user fu from 194.110.203.109 port 54678 ssh2
Jan 18 07:02:43 host sshd[27859]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:02:45 host sshd[27859]: Failed password for invalid user fu from 194.110.203.109 port 54678 ssh2
Jan 18 07:02:49 host sshd[27859]: Connection closed by 194.110.203.109 port 54678 [preauth]
Jan 18 07:02:49 host sshd[27859]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 07:03:02 host sshd[27907]: Invalid user super from 171.243.9.242 port 35522
Jan 18 07:03:02 host sshd[27907]: input_userauth_request: invalid user super [preauth]
Jan 18 07:03:02 host sshd[27907]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:03:02 host sshd[27907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.243.9.242
Jan 18 07:03:04 host sshd[27907]: Failed password for invalid user super from 171.243.9.242 port 35522 ssh2
Jan 18 07:03:05 host sshd[27907]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:03:07 host sshd[27907]: Failed password for invalid user super from 171.243.9.242 port 35522 ssh2
Jan 18 07:03:08 host sshd[27907]: Connection reset by 171.243.9.242 port 35522 [preauth]
Jan 18 07:03:08 host sshd[27907]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.243.9.242
Jan 18 07:03:35 host sshd[28004]: User root from 114.35.27.243 not allowed because not listed in AllowUsers
Jan 18 07:03:35 host sshd[28004]: input_userauth_request: invalid user root [preauth]
Jan 18 07:03:35 host unix_chkpwd[28009]: password check failed for user (root)
Jan 18 07:03:35 host sshd[28004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.27.243 user=root
Jan 18 07:03:35 host sshd[28004]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:03:38 host sshd[28004]: Failed password for invalid user root from 114.35.27.243 port 60918 ssh2
Jan 18 07:03:39 host unix_chkpwd[28017]: password check failed for user (root)
Jan 18 07:03:39 host sshd[28004]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:03:41 host sshd[28004]: Failed password for invalid user root from 114.35.27.243 port 60918 ssh2
Jan 18 07:03:41 host unix_chkpwd[28022]: password check failed for user (root)
Jan 18 07:03:41 host sshd[28004]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:03:43 host sshd[28004]: Failed password for invalid user root from 114.35.27.243 port 60918 ssh2
Jan 18 07:03:44 host unix_chkpwd[28026]: password check failed for user (root)
Jan 18 07:03:44 host sshd[28004]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:03:45 host sshd[28004]: Failed password for invalid user root from 114.35.27.243 port 60918 ssh2
Jan 18 07:10:30 host sshd[29127]: Invalid user suporte from 195.226.194.242 port 44332
Jan 18 07:10:30 host sshd[29127]: input_userauth_request: invalid user suporte [preauth]
Jan 18 07:10:30 host sshd[29127]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:10:30 host sshd[29127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 18 07:10:31 host sshd[29127]: Failed password for invalid user suporte from 195.226.194.242 port 44332 ssh2
Jan 18 07:10:32 host sshd[29127]: Received disconnect from 195.226.194.242 port 44332:11: Bye Bye [preauth]
Jan 18 07:10:32 host sshd[29127]: Disconnected from 195.226.194.242 port 44332 [preauth]
Jan 18 07:17:09 host sshd[30181]: Invalid user marvin from 107.189.30.59 port 42932
Jan 18 07:17:09 host sshd[30181]: input_userauth_request: invalid user marvin [preauth]
Jan 18 07:17:09 host sshd[30181]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:17:09 host sshd[30181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 18 07:17:11 host sshd[30181]: Failed password for invalid user marvin from 107.189.30.59 port 42932 ssh2
Jan 18 07:17:12 host sshd[30181]: Connection closed by 107.189.30.59 port 42932 [preauth]
Jan 18 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=bonifacegroup user-2=wwwevmhonda user-3=wwwletsstalkfood user-4=straightcurve user-5=gifterman user-6=palco123 user-7=phmetals user-8=kottayamcalldriv user-9=mrsclean user-10=wwwnexidigital user-11=remysagr user-12=disposeat user-13=wwwkmaorg user-14=wwwkapin user-15=woodpeck user-16=vfmassets user-17=wwwtestugo user-18=shalinijames user-19=pmcresources user-20=wwwpmcresource user-21=travelboniface user-22=wwwrmswll user-23=wwwresourcehunte user-24=keralaholi user-25=ugotscom user-26=cochintaxi user-27=wwwkaretakers user-28=dartsimp user-29=a2zgroup user-30=laundryboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 07:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-IfUa9wzVHCSMvLiC.~
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-IfUa9wzVHCSMvLiC.~'
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-IfUa9wzVHCSMvLiC.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 07:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 07:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 07:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 07:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 07:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 07:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 07:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 07:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 07:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 07:22:00 host sshd[31187]: Bad protocol version identification 'ABCDEFGHIJKLMNOPQRSTUVWXYZ9999' from 172.104.131.24 port 38914
Jan 18 07:24:43 host sshd[31772]: Did not receive identification string from 43.142.76.35 port 40434
Jan 18 07:24:44 host sshd[31775]: Invalid user ec2-user from 43.142.76.35 port 45994
Jan 18 07:24:44 host sshd[31775]: input_userauth_request: invalid user ec2-user [preauth]
Jan 18 07:24:44 host sshd[31776]: Invalid user bot from 43.142.76.35 port 45970
Jan 18 07:24:44 host sshd[31777]: Invalid user user from 43.142.76.35 port 45954
Jan 18 07:24:44 host sshd[31777]: input_userauth_request: invalid user user [preauth]
Jan 18 07:24:44 host sshd[31776]: input_userauth_request: invalid user bot [preauth]
Jan 18 07:24:44 host sshd[31779]: Invalid user vagrant from 43.142.76.35 port 46002
Jan 18 07:24:44 host sshd[31779]: input_userauth_request: invalid user vagrant [preauth]
Jan 18 07:24:44 host sshd[31783]: Invalid user postgres from 43.142.76.35 port 46032
Jan 18 07:24:44 host sshd[31783]: input_userauth_request: invalid user postgres [preauth]
Jan 18 07:24:44 host sshd[31778]: Invalid user admin from 43.142.76.35 port 45962
Jan 18 07:24:44 host sshd[31778]: input_userauth_request: invalid user admin [preauth]
Jan 18 07:24:44 host sshd[31782]: User root from 43.142.76.35 not allowed because not listed in AllowUsers
Jan 18 07:24:44 host sshd[31782]: input_userauth_request: invalid user root [preauth]
Jan 18 07:24:44 host sshd[31780]: Invalid user oracle from 43.142.76.35 port 46012
Jan 18 07:24:44 host sshd[31780]: input_userauth_request: invalid user oracle [preauth]
Jan 18 07:24:44 host sshd[31781]: User root from 43.142.76.35 not allowed because not listed in AllowUsers
Jan 18 07:24:44 host sshd[31781]: input_userauth_request: invalid user root [preauth]
Jan 18 07:24:44 host sshd[31784]: Invalid user user from 43.142.76.35 port 45966
Jan 18 07:24:44 host sshd[31784]: input_userauth_request: invalid user user [preauth]
Jan 18 07:24:44 host sshd[31789]: Invalid user steam from 43.142.76.35 port 45998
Jan 18 07:24:44 host sshd[31789]: input_userauth_request: invalid user steam [preauth]
Jan 18 07:24:44 host sshd[31785]: Invalid user oracle from 43.142.76.35 port 45968
Jan 18 07:24:44 host sshd[31785]: input_userauth_request: invalid user oracle [preauth]
Jan 18 07:24:44 host sshd[31787]: Invalid user es from 43.142.76.35 port 45986
Jan 18 07:24:44 host sshd[31787]: input_userauth_request: invalid user es [preauth]
Jan 18 07:24:45 host sshd[31795]: Invalid user ansadmin from 43.142.76.35 port 46024
Jan 18 07:24:45 host sshd[31795]: input_userauth_request: invalid user ansadmin [preauth]
Jan 18 07:24:45 host sshd[31793]: Invalid user postgres from 43.142.76.35 port 45956
Jan 18 07:24:45 host sshd[31793]: input_userauth_request: invalid user postgres [preauth]
Jan 18 07:24:45 host sshd[31786]: Invalid user admin from 43.142.76.35 port 45976
Jan 18 07:24:45 host sshd[31786]: input_userauth_request: invalid user admin [preauth]
Jan 18 07:24:45 host sshd[31796]: User root from 43.142.76.35 not allowed because not listed in AllowUsers
Jan 18 07:24:45 host sshd[31796]: input_userauth_request: invalid user root [preauth]
Jan 18 07:24:45 host sshd[31798]: Invalid user hadoop from 43.142.76.35 port 46014
Jan 18 07:24:45 host sshd[31798]: input_userauth_request: invalid user hadoop [preauth]
Jan 18 07:24:45 host sshd[31799]: Invalid user test from 43.142.76.35 port 45964
Jan 18 07:24:45 host sshd[31799]: input_userauth_request: invalid user test [preauth]
Jan 18 07:24:45 host sshd[31800]: User root from 43.142.76.35 not allowed because not listed in AllowUsers
Jan 18 07:24:45 host sshd[31800]: input_userauth_request: invalid user root [preauth]
Jan 18 07:24:45 host sshd[31794]: Invalid user ubuntu from 43.142.76.35 port 46008
Jan 18 07:24:45 host sshd[31797]: User root from 43.142.76.35 not allowed because not listed in AllowUsers
Jan 18 07:24:45 host sshd[31797]: input_userauth_request: invalid user root [preauth]
Jan 18 07:24:45 host sshd[31794]: input_userauth_request: invalid user ubuntu [preauth]
Jan 18 07:24:45 host sshd[31803]: User root from 43.142.76.35 not allowed because not listed in AllowUsers
Jan 18 07:24:45 host sshd[31803]: input_userauth_request: invalid user root [preauth]
Jan 18 07:24:45 host sshd[31802]: Invalid user testuser from 43.142.76.35 port 46028
Jan 18 07:24:45 host sshd[31802]: input_userauth_request: invalid user testuser [preauth]
Jan 18 07:24:45 host sshd[31809]: User root from 43.142.76.35 not allowed because not listed in AllowUsers
Jan 18 07:24:45 host sshd[31809]: input_userauth_request: invalid user root [preauth]
Jan 18 07:24:45 host sshd[31813]: Invalid user admin from 43.142.76.35 port 45996
Jan 18 07:24:45 host sshd[31813]: input_userauth_request: invalid user admin [preauth]
Jan 18 07:24:45 host sshd[31775]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31776]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31779]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31777]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31783]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31778]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31780]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31784]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31789]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host unix_chkpwd[31838]: password check failed for user (root)
Jan 18 07:24:45 host sshd[31782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35 user=root
Jan 18 07:24:45 host sshd[31782]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:24:45 host sshd[31787]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31785]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host unix_chkpwd[31840]: password check failed for user (root)
Jan 18 07:24:45 host sshd[31781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35 user=root
Jan 18 07:24:45 host sshd[31781]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:24:45 host sshd[31795]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31793]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31786]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31798]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31799]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31794]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host sshd[31802]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:45 host unix_chkpwd[31841]: password check failed for user (root)
Jan 18 07:24:45 host sshd[31796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35 user=root
Jan 18 07:24:45 host sshd[31796]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:24:45 host unix_chkpwd[31843]: password check failed for user (root)
Jan 18 07:24:45 host sshd[31800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35 user=root
Jan 18 07:24:45 host sshd[31800]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:24:45 host unix_chkpwd[31844]: password check failed for user (root)
Jan 18 07:24:45 host sshd[31803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35 user=root
Jan 18 07:24:45 host sshd[31803]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:24:45 host unix_chkpwd[31842]: password check failed for user (root)
Jan 18 07:24:45 host sshd[31797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35 user=root
Jan 18 07:24:45 host sshd[31797]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:24:45 host unix_chkpwd[31845]: password check failed for user (root)
Jan 18 07:24:45 host sshd[31809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35 user=root
Jan 18 07:24:45 host sshd[31809]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:24:45 host sshd[31813]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:45 host sshd[31813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:46 host sshd[31830]: Invalid user tester from 43.142.76.35 port 45984
Jan 18 07:24:46 host sshd[31830]: input_userauth_request: invalid user tester [preauth]
Jan 18 07:24:46 host sshd[31828]: Invalid user zjw from 43.142.76.35 port 45990
Jan 18 07:24:46 host sshd[31828]: input_userauth_request: invalid user zjw [preauth]
Jan 18 07:24:46 host sshd[31831]: Invalid user postgres from 43.142.76.35 port 46004
Jan 18 07:24:46 host sshd[31831]: input_userauth_request: invalid user postgres [preauth]
Jan 18 07:24:46 host sshd[31830]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:46 host sshd[31830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:46 host sshd[31828]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:46 host sshd[31828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:46 host sshd[31831]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:24:46 host sshd[31831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.142.76.35
Jan 18 07:24:46 host sshd[31775]: Failed password for invalid user ec2-user from 43.142.76.35 port 45994 ssh2
Jan 18 07:24:46 host sshd[31776]: Failed password for invalid user bot from 43.142.76.35 port 45970 ssh2
Jan 18 07:24:46 host sshd[31779]: Failed password for invalid user vagrant from 43.142.76.35 port 46002 ssh2
Jan 18 07:24:46 host sshd[31777]: Failed password for invalid user user from 43.142.76.35 port 45954 ssh2
Jan 18 07:24:46 host sshd[31783]: Failed password for invalid user postgres from 43.142.76.35 port 46032 ssh2
Jan 18 07:24:46 host sshd[31778]: Failed password for invalid user admin from 43.142.76.35 port 45962 ssh2
Jan 18 07:24:46 host sshd[31780]: Failed password for invalid user oracle from 43.142.76.35 port 46012 ssh2
Jan 18 07:24:46 host sshd[31784]: Failed password for invalid user user from 43.142.76.35 port 45966 ssh2
Jan 18 07:24:46 host sshd[31789]: Failed password for invalid user steam from 43.142.76.35 port 45998 ssh2
Jan 18 07:24:46 host sshd[31782]: Failed password for invalid user root from 43.142.76.35 port 45978 ssh2
Jan 18 07:24:46 host sshd[31787]: Failed password for invalid user es from 43.142.76.35 port 45986 ssh2
Jan 18 07:24:46 host sshd[31785]: Failed password for invalid user oracle from 43.142.76.35 port 45968 ssh2
Jan 18 07:24:46 host sshd[31781]: Failed password for invalid user root from 43.142.76.35 port 46020 ssh2
Jan 18 07:24:46 host sshd[31795]: Failed password for invalid user ansadmin from 43.142.76.35 port 46024 ssh2
Jan 18 07:24:46 host sshd[31793]: Failed password for invalid user postgres from 43.142.76.35 port 45956 ssh2
Jan 18 07:24:46 host sshd[31786]: Failed password for invalid user admin from 43.142.76.35 port 45976 ssh2
Jan 18 07:24:46 host sshd[31798]: Failed password for invalid user hadoop from 43.142.76.35 port 46014 ssh2
Jan 18 07:24:46 host sshd[31799]: Failed password for invalid user test from 43.142.76.35 port 45964 ssh2
Jan 18 07:24:46 host sshd[31794]: Failed password for invalid user ubuntu from 43.142.76.35 port 46008 ssh2
Jan 18 07:24:46 host sshd[31802]: Failed password for invalid user testuser from 43.142.76.35 port 46028 ssh2
Jan 18 07:24:46 host sshd[31796]: Failed password for invalid user root from 43.142.76.35 port 45992 ssh2
Jan 18 07:24:46 host sshd[31800]: Failed password for invalid user root from 43.142.76.35 port 45958 ssh2
Jan 18 07:24:47 host sshd[31803]: Failed password for invalid user root from 43.142.76.35 port 46026 ssh2
Jan 18 07:24:47 host sshd[31797]: Failed password for invalid user root from 43.142.76.35 port 46000 ssh2
Jan 18 07:24:47 host sshd[31809]: Failed password for invalid user root from 43.142.76.35 port 46018 ssh2
Jan 18 07:24:47 host sshd[31813]: Failed password for invalid user admin from 43.142.76.35 port 45996 ssh2
Jan 18 07:24:48 host sshd[31830]: Failed password for invalid user tester from 43.142.76.35 port 45984 ssh2
Jan 18 07:24:48 host sshd[31828]: Failed password for invalid user zjw from 43.142.76.35 port 45990 ssh2
Jan 18 07:24:48 host sshd[31831]: Failed password for invalid user postgres from 43.142.76.35 port 46004 ssh2
Jan 18 07:29:30 host sshd[390]: Invalid user kevin from 90.187.195.53 port 44334
Jan 18 07:29:30 host sshd[390]: input_userauth_request: invalid user kevin [preauth]
Jan 18 07:29:30 host sshd[390]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:29:30 host sshd[390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.187.195.53
Jan 18 07:29:32 host sshd[390]: Failed password for invalid user kevin from 90.187.195.53 port 44334 ssh2
Jan 18 07:29:33 host sshd[390]: Received disconnect from 90.187.195.53 port 44334:11: Bye Bye [preauth]
Jan 18 07:29:33 host sshd[390]: Disconnected from 90.187.195.53 port 44334 [preauth]
Jan 18 07:32:24 host sshd[841]: Invalid user remnux from 152.32.190.176 port 47452
Jan 18 07:32:24 host sshd[841]: input_userauth_request: invalid user remnux [preauth]
Jan 18 07:32:24 host sshd[841]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:32:24 host sshd[841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.176
Jan 18 07:32:27 host sshd[841]: Failed password for invalid user remnux from 152.32.190.176 port 47452 ssh2
Jan 18 07:32:27 host sshd[841]: Received disconnect from 152.32.190.176 port 47452:11: Bye Bye [preauth]
Jan 18 07:32:27 host sshd[841]: Disconnected from 152.32.190.176 port 47452 [preauth]
Jan 18 07:33:57 host sshd[1167]: Invalid user ark from 167.99.236.74 port 46834
Jan 18 07:33:57 host sshd[1167]: input_userauth_request: invalid user ark [preauth]
Jan 18 07:33:57 host sshd[1167]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:33:57 host sshd[1167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.236.74
Jan 18 07:33:59 host sshd[1167]: Failed password for invalid user ark from 167.99.236.74 port 46834 ssh2
Jan 18 07:34:00 host sshd[1167]: Received disconnect from 167.99.236.74 port 46834:11: Bye Bye [preauth]
Jan 18 07:34:00 host sshd[1167]: Disconnected from 167.99.236.74 port 46834 [preauth]
Jan 18 07:34:02 host sshd[1173]: User root from 119.193.209.204 not allowed because not listed in AllowUsers
Jan 18 07:34:02 host sshd[1173]: input_userauth_request: invalid user root [preauth]
Jan 18 07:34:02 host unix_chkpwd[1189]: password check failed for user (root)
Jan 18 07:34:02 host sshd[1173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.209.204 user=root
Jan 18 07:34:02 host sshd[1173]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:34:04 host sshd[1173]: Failed password for invalid user root from 119.193.209.204 port 33589 ssh2
Jan 18 07:34:05 host unix_chkpwd[1195]: password check failed for user (root)
Jan 18 07:34:05 host sshd[1173]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:34:08 host sshd[1173]: Failed password for invalid user root from 119.193.209.204 port 33589 ssh2
Jan 18 07:34:09 host unix_chkpwd[1205]: password check failed for user (root)
Jan 18 07:34:09 host sshd[1173]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:34:11 host sshd[1173]: Failed password for invalid user root from 119.193.209.204 port 33589 ssh2
Jan 18 07:35:40 host sshd[1576]: User root from 90.187.195.53 not allowed because not listed in AllowUsers
Jan 18 07:35:40 host sshd[1576]: input_userauth_request: invalid user root [preauth]
Jan 18 07:35:40 host unix_chkpwd[1579]: password check failed for user (root)
Jan 18 07:35:40 host sshd[1576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.187.195.53 user=root
Jan 18 07:35:40 host sshd[1576]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:35:42 host sshd[1576]: Failed password for invalid user root from 90.187.195.53 port 44198 ssh2
Jan 18 07:35:42 host sshd[1576]: Received disconnect from 90.187.195.53 port 44198:11: Bye Bye [preauth]
Jan 18 07:35:42 host sshd[1576]: Disconnected from 90.187.195.53 port 44198 [preauth]
Jan 18 07:35:55 host sshd[1654]: Invalid user dockeradmin from 167.99.236.74 port 34722
Jan 18 07:35:55 host sshd[1654]: input_userauth_request: invalid user dockeradmin [preauth]
Jan 18 07:35:55 host sshd[1654]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:35:55 host sshd[1654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.236.74
Jan 18 07:35:57 host sshd[1654]: Failed password for invalid user dockeradmin from 167.99.236.74 port 34722 ssh2
Jan 18 07:35:57 host sshd[1654]: Received disconnect from 167.99.236.74 port 34722:11: Bye Bye [preauth]
Jan 18 07:35:57 host sshd[1654]: Disconnected from 167.99.236.74 port 34722 [preauth]
Jan 18 07:36:45 host sshd[1842]: User root from 152.32.190.176 not allowed because not listed in AllowUsers
Jan 18 07:36:45 host sshd[1842]: input_userauth_request: invalid user root [preauth]
Jan 18 07:36:45 host unix_chkpwd[1846]: password check failed for user (root)
Jan 18 07:36:45 host sshd[1842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.176 user=root
Jan 18 07:36:45 host sshd[1842]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 07:36:48 host sshd[1842]: Failed password for invalid user root from 152.32.190.176 port 59868 ssh2
Jan 18 07:36:48 host sshd[1842]: Received disconnect from 152.32.190.176 port 59868:11: Bye Bye [preauth]
Jan 18 07:36:48 host sshd[1842]: Disconnected from 152.32.190.176 port 59868 [preauth]
Jan 18 07:37:02 host sshd[1931]: Invalid user kali from 167.99.236.74 port 38288
Jan 18 07:37:02 host sshd[1931]: input_userauth_request: invalid user kali [preauth]
Jan 18 07:37:02 host sshd[1931]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:37:02 host sshd[1931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.236.74
Jan 18 07:37:03 host sshd[1931]: Failed password for invalid user kali from 167.99.236.74 port 38288 ssh2
Jan 18 07:37:04 host sshd[1931]: Received disconnect from 167.99.236.74 port 38288:11: Bye Bye [preauth]
Jan 18 07:37:04 host sshd[1931]: Disconnected from 167.99.236.74 port 38288 [preauth]
Jan 18 07:37:31 host sshd[2015]: Connection closed by 169.228.66.212 port 51574 [preauth]
Jan 18 07:37:34 host sshd[2083]: Invalid user nginx from 220.118.36.133 port 39969
Jan 18 07:37:34 host sshd[2083]: input_userauth_request: invalid user nginx [preauth]
Jan 18 07:37:34 host sshd[2083]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:37:34 host sshd[2083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.36.133
Jan 18 07:37:36 host sshd[2083]: Failed password for invalid user nginx from 220.118.36.133 port 39969 ssh2
Jan 18 07:37:37 host sshd[2083]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:37:39 host sshd[2083]: Failed password for invalid user nginx from 220.118.36.133 port 39969 ssh2
Jan 18 07:37:40 host sshd[2083]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:37:42 host sshd[2083]: Failed password for invalid user nginx from 220.118.36.133 port 39969 ssh2
Jan 18 07:41:04 host sshd[2813]: Invalid user vyos from 195.226.194.242 port 28546
Jan 18 07:41:04 host sshd[2813]: input_userauth_request: invalid user vyos [preauth]
Jan 18 07:41:04 host sshd[2813]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:41:04 host sshd[2813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 18 07:41:06 host sshd[2813]: Failed password for invalid user vyos from 195.226.194.242 port 28546 ssh2
Jan 18 07:41:07 host sshd[2813]: Received disconnect from 195.226.194.242 port 28546:11: Bye Bye [preauth]
Jan 18 07:41:07 host sshd[2813]: Disconnected from 195.226.194.242 port 28546 [preauth]
Jan 18 07:43:04 host sshd[3022]: Invalid user admin from 73.205.122.220 port 47607
Jan 18 07:43:04 host sshd[3022]: input_userauth_request: invalid user admin [preauth]
Jan 18 07:43:04 host sshd[3022]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:43:04 host sshd[3022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=73.205.122.220
Jan 18 07:43:05 host sshd[3022]: Failed password for invalid user admin from 73.205.122.220 port 47607 ssh2
Jan 18 07:43:08 host sshd[3022]: Connection reset by 73.205.122.220 port 47607 [preauth]
Jan 18 07:47:50 host sshd[4046]: Invalid user steam from 183.99.161.113 port 34846
Jan 18 07:47:50 host sshd[4046]: input_userauth_request: invalid user steam [preauth]
Jan 18 07:47:50 host sshd[4046]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:47:50 host sshd[4046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.99.161.113
Jan 18 07:47:53 host sshd[4046]: Failed password for invalid user steam from 183.99.161.113 port 34846 ssh2
Jan 18 07:47:53 host sshd[4046]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:47:55 host sshd[4046]: Failed password for invalid user steam from 183.99.161.113 port 34846 ssh2
Jan 18 07:47:56 host sshd[4046]: Failed password for invalid user steam from 183.99.161.113 port 34846 ssh2
Jan 18 07:47:57 host sshd[4046]: Connection closed by 183.99.161.113 port 34846 [preauth]
Jan 18 07:47:57 host sshd[4046]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.99.161.113
Jan 18 07:50:52 host sshd[4606]: Invalid user ubuntu from 61.60.166.201 port 32939
Jan 18 07:50:52 host sshd[4606]: input_userauth_request: invalid user ubuntu [preauth]
Jan 18 07:50:52 host sshd[4606]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:50:52 host sshd[4606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.60.166.201
Jan 18 07:50:54 host sshd[4606]: Failed password for invalid user ubuntu from 61.60.166.201 port 32939 ssh2
Jan 18 07:50:54 host sshd[4606]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:50:56 host sshd[4606]: Failed password for invalid user ubuntu from 61.60.166.201 port 32939 ssh2
Jan 18 07:50:56 host sshd[4606]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 07:50:59 host sshd[4606]: Failed password for invalid user ubuntu from 61.60.166.201 port 32939 ssh2
Jan 18 07:50:59 host sshd[4606]: Connection reset by 61.60.166.201 port 32939 [preauth]
Jan 18 07:50:59 host sshd[4606]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.60.166.201
Jan 18 07:58:08 host sshd[5590]: Did not receive identification string from 46.101.97.107 port 61000
Jan 18 08:07:46 host sshd[7029]: User root from 143.198.79.85 not allowed because not listed in AllowUsers
Jan 18 08:07:46 host sshd[7029]: input_userauth_request: invalid user root [preauth]
Jan 18 08:07:46 host unix_chkpwd[7036]: password check failed for user (root)
Jan 18 08:07:46 host sshd[7029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.79.85 user=root
Jan 18 08:07:46 host sshd[7029]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 08:07:48 host sshd[7029]: Failed password for invalid user root from 143.198.79.85 port 48702 ssh2
Jan 18 08:07:49 host sshd[7029]: Received disconnect from 143.198.79.85 port 48702:11: Bye Bye [preauth]
Jan 18 08:07:49 host sshd[7029]: Disconnected from 143.198.79.85 port 48702 [preauth]
Jan 18 08:08:59 host sshd[7171]: Invalid user temp from 185.137.27.170 port 44930
Jan 18 08:08:59 host sshd[7171]: input_userauth_request: invalid user temp [preauth]
Jan 18 08:08:59 host sshd[7171]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:08:59 host sshd[7171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.137.27.170
Jan 18 08:09:02 host sshd[7171]: Failed password for invalid user temp from 185.137.27.170 port 44930 ssh2
Jan 18 08:09:02 host sshd[7171]: Received disconnect from 185.137.27.170 port 44930:11: Bye Bye [preauth]
Jan 18 08:09:02 host sshd[7171]: Disconnected from 185.137.27.170 port 44930 [preauth]
Jan 18 08:09:26 host sshd[7221]: Invalid user arkserver from 164.92.210.129 port 45566
Jan 18 08:09:26 host sshd[7221]: input_userauth_request: invalid user arkserver [preauth]
Jan 18 08:09:26 host sshd[7221]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:09:26 host sshd[7221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.210.129
Jan 18 08:09:28 host sshd[7221]: Failed password for invalid user arkserver from 164.92.210.129 port 45566 ssh2
Jan 18 08:09:28 host sshd[7221]: Received disconnect from 164.92.210.129 port 45566:11: Bye Bye [preauth]
Jan 18 08:09:28 host sshd[7221]: Disconnected from 164.92.210.129 port 45566 [preauth]
Jan 18 08:09:36 host sshd[7272]: Invalid user dockeradmin from 142.93.211.159 port 47540
Jan 18 08:09:36 host sshd[7272]: input_userauth_request: invalid user dockeradmin [preauth]
Jan 18 08:09:36 host sshd[7272]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:09:36 host sshd[7272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.159
Jan 18 08:09:38 host sshd[7272]: Failed password for invalid user dockeradmin from 142.93.211.159 port 47540 ssh2
Jan 18 08:09:38 host sshd[7272]: Received disconnect from 142.93.211.159 port 47540:11: Bye Bye [preauth]
Jan 18 08:09:38 host sshd[7272]: Disconnected from 142.93.211.159 port 47540 [preauth]
Jan 18 08:09:47 host sshd[7284]: Invalid user prueba from 167.172.112.115 port 33586
Jan 18 08:09:47 host sshd[7284]: input_userauth_request: invalid user prueba [preauth]
Jan 18 08:09:47 host sshd[7284]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:09:47 host sshd[7284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.112.115
Jan 18 08:09:49 host sshd[7284]: Failed password for invalid user prueba from 167.172.112.115 port 33586 ssh2
Jan 18 08:09:49 host sshd[7284]: Received disconnect from 167.172.112.115 port 33586:11: Bye Bye [preauth]
Jan 18 08:09:49 host sshd[7284]: Disconnected from 167.172.112.115 port 33586 [preauth]
Jan 18 08:11:28 host sshd[7611]: User root from 195.226.194.242 not allowed because not listed in AllowUsers
Jan 18 08:11:28 host sshd[7611]: input_userauth_request: invalid user root [preauth]
Jan 18 08:11:28 host unix_chkpwd[7622]: password check failed for user (root)
Jan 18 08:11:28 host sshd[7611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242 user=root
Jan 18 08:11:28 host sshd[7611]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 08:11:30 host sshd[7611]: Failed password for invalid user root from 195.226.194.242 port 30550 ssh2
Jan 18 08:11:30 host sshd[7611]: Received disconnect from 195.226.194.242 port 30550:11: Bye Bye [preauth]
Jan 18 08:11:30 host sshd[7611]: Disconnected from 195.226.194.242 port 30550 [preauth]
Jan 18 08:11:52 host sshd[7684]: User root from 103.10.20.136 not allowed because not listed in AllowUsers
Jan 18 08:11:52 host sshd[7684]: input_userauth_request: invalid user root [preauth]
Jan 18 08:11:52 host unix_chkpwd[7688]: password check failed for user (root)
Jan 18 08:11:52 host sshd[7684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.20.136 user=root
Jan 18 08:11:52 host sshd[7684]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 08:11:54 host sshd[7684]: Failed password for invalid user root from 103.10.20.136 port 50768 ssh2
Jan 18 08:11:54 host sshd[7684]: Received disconnect from 103.10.20.136 port 50768:11: Bye Bye [preauth]
Jan 18 08:11:54 host sshd[7684]: Disconnected from 103.10.20.136 port 50768 [preauth]
Jan 18 08:13:17 host sshd[7869]: Invalid user frappe from 164.92.210.129 port 34262
Jan 18 08:13:17 host sshd[7869]: input_userauth_request: invalid user frappe [preauth]
Jan 18 08:13:17 host sshd[7869]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:13:17 host sshd[7869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.210.129
Jan 18 08:13:19 host sshd[7869]: Failed password for invalid user frappe from 164.92.210.129 port 34262 ssh2
Jan 18 08:13:19 host sshd[7869]: Received disconnect from 164.92.210.129 port 34262:11: Bye Bye [preauth]
Jan 18 08:13:19 host sshd[7869]: Disconnected from 164.92.210.129 port 34262 [preauth]
Jan 18 08:13:48 host sshd[7940]: User root from 142.93.211.159 not allowed because not listed in AllowUsers
Jan 18 08:13:48 host sshd[7940]: input_userauth_request: invalid user root [preauth]
Jan 18 08:13:48 host unix_chkpwd[7942]: password check failed for user (root)
Jan 18 08:13:48 host sshd[7940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.159 user=root
Jan 18 08:13:48 host sshd[7940]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 08:13:51 host sshd[7940]: Failed password for invalid user root from 142.93.211.159 port 36510 ssh2
Jan 18 08:13:51 host sshd[7940]: Received disconnect from 142.93.211.159 port 36510:11: Bye Bye [preauth]
Jan 18 08:13:51 host sshd[7940]: Disconnected from 142.93.211.159 port 36510 [preauth]
Jan 18 08:13:55 host sshd[8012]: Invalid user esuser from 143.198.79.85 port 48032
Jan 18 08:13:55 host sshd[8012]: input_userauth_request: invalid user esuser [preauth]
Jan 18 08:13:55 host sshd[8012]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:13:55 host sshd[8012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.79.85
Jan 18 08:13:57 host sshd[8012]: Failed password for invalid user esuser from 143.198.79.85 port 48032 ssh2
Jan 18 08:13:58 host sshd[8012]: Received disconnect from 143.198.79.85 port 48032:11: Bye Bye [preauth]
Jan 18 08:13:58 host sshd[8012]: Disconnected from 143.198.79.85 port 48032 [preauth]
Jan 18 08:14:01 host sshd[8053]: Invalid user user3 from 167.172.112.115 port 40872
Jan 18 08:14:01 host sshd[8053]: input_userauth_request: invalid user user3 [preauth]
Jan 18 08:14:01 host sshd[8053]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:14:01 host sshd[8053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.112.115
Jan 18 08:14:04 host sshd[8053]: Failed password for invalid user user3 from 167.172.112.115 port 40872 ssh2
Jan 18 08:14:04 host sshd[8053]: Received disconnect from 167.172.112.115 port 40872:11: Bye Bye [preauth]
Jan 18 08:14:04 host sshd[8053]: Disconnected from 167.172.112.115 port 40872 [preauth]
Jan 18 08:14:21 host sshd[8097]: Invalid user ts2 from 103.10.20.136 port 57298
Jan 18 08:14:21 host sshd[8097]: input_userauth_request: invalid user ts2 [preauth]
Jan 18 08:14:21 host sshd[8097]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:14:21 host sshd[8097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.20.136
Jan 18 08:14:22 host sshd[8100]: Invalid user ftptest from 164.92.210.129 port 60984
Jan 18 08:14:22 host sshd[8100]: input_userauth_request: invalid user ftptest [preauth]
Jan 18 08:14:22 host sshd[8100]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:14:22 host sshd[8100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.210.129
Jan 18 08:14:23 host sshd[8097]: Failed password for invalid user ts2 from 103.10.20.136 port 57298 ssh2
Jan 18 08:14:23 host sshd[8097]: Received disconnect from 103.10.20.136 port 57298:11: Bye Bye [preauth]
Jan 18 08:14:23 host sshd[8097]: Disconnected from 103.10.20.136 port 57298 [preauth]
Jan 18 08:14:25 host sshd[8100]: Failed password for invalid user ftptest from 164.92.210.129 port 60984 ssh2
Jan 18 08:14:27 host sshd[8137]: Invalid user seafile from 68.183.87.50 port 43980
Jan 18 08:14:27 host sshd[8137]: input_userauth_request: invalid user seafile [preauth]
Jan 18 08:14:27 host sshd[8137]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:14:27 host sshd[8137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.87.50
Jan 18 08:14:28 host sshd[8137]: Failed password for invalid user seafile from 68.183.87.50 port 43980 ssh2
Jan 18 08:14:28 host sshd[8137]: Received disconnect from 68.183.87.50 port 43980:11: Bye Bye [preauth]
Jan 18 08:14:28 host sshd[8137]: Disconnected from 68.183.87.50 port 43980 [preauth]
Jan 18 08:14:56 host sshd[8229]: Invalid user admin from 185.137.27.170 port 39036
Jan 18 08:14:56 host sshd[8229]: input_userauth_request: invalid user admin [preauth]
Jan 18 08:14:56 host sshd[8229]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:14:56 host sshd[8229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.137.27.170
Jan 18 08:14:58 host sshd[8229]: Failed password for invalid user admin from 185.137.27.170 port 39036 ssh2
Jan 18 08:14:58 host sshd[8229]: Received disconnect from 185.137.27.170 port 39036:11: Bye Bye [preauth]
Jan 18 08:14:58 host sshd[8229]: Disconnected from 185.137.27.170 port 39036 [preauth]
Jan 18 08:15:02 host sshd[8262]: Invalid user pi from 211.34.251.153 port 33894
Jan 18 08:15:02 host sshd[8262]: input_userauth_request: invalid user pi [preauth]
Jan 18 08:15:02 host sshd[8265]: Invalid user pi from 211.34.251.153 port 33898
Jan 18 08:15:02 host sshd[8265]: input_userauth_request: invalid user pi [preauth]
Jan 18 08:15:02 host sshd[8262]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:15:02 host sshd[8262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.34.251.153
Jan 18 08:15:02 host sshd[8265]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:15:02 host sshd[8265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.34.251.153
Jan 18 08:15:04 host sshd[8262]: Failed password for invalid user pi from 211.34.251.153 port 33894 ssh2
Jan 18 08:15:04 host sshd[8265]: Failed password for invalid user pi from 211.34.251.153 port 33898 ssh2
Jan 18 08:15:04 host sshd[8262]: Connection closed by 211.34.251.153 port 33894 [preauth]
Jan 18 08:15:04 host sshd[8265]: Connection closed by 211.34.251.153 port 33898 [preauth]
Jan 18 08:15:16 host sshd[8287]: User root from 167.172.112.115 not allowed because not listed in AllowUsers
Jan 18 08:15:16 host sshd[8287]: input_userauth_request: invalid user root [preauth]
Jan 18 08:15:16 host unix_chkpwd[8292]: password check failed for user (root)
Jan 18 08:15:16 host sshd[8287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.112.115 user=root
Jan 18 08:15:16 host sshd[8287]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 08:15:18 host sshd[8287]: Failed password for invalid user root from 167.172.112.115 port 42328 ssh2
Jan 18 08:16:21 host sshd[8546]: Invalid user user1 from 185.137.27.170 port 33226
Jan 18 08:16:21 host sshd[8546]: input_userauth_request: invalid user user1 [preauth]
Jan 18 08:16:21 host sshd[8546]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:16:21 host sshd[8546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.137.27.170
Jan 18 08:16:23 host sshd[8546]: Failed password for invalid user user1 from 185.137.27.170 port 33226 ssh2
Jan 18 08:16:23 host sshd[8546]: Received disconnect from 185.137.27.170 port 33226:11: Bye Bye [preauth]
Jan 18 08:16:23 host sshd[8546]: Disconnected from 185.137.27.170 port 33226 [preauth]
Jan 18 08:18:45 host sshd[8866]: Invalid user user1 from 68.183.87.50 port 51294
Jan 18 08:18:45 host sshd[8866]: input_userauth_request: invalid user user1 [preauth]
Jan 18 08:18:45 host sshd[8866]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:18:45 host sshd[8866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.87.50
Jan 18 08:18:47 host sshd[8866]: Failed password for invalid user user1 from 68.183.87.50 port 51294 ssh2
Jan 18 08:18:47 host sshd[8866]: Received disconnect from 68.183.87.50 port 51294:11: Bye Bye [preauth]
Jan 18 08:18:47 host sshd[8866]: Disconnected from 68.183.87.50 port 51294 [preauth]
Jan 18 08:18:58 host sshd[8814]: User root from 220.133.141.70 not allowed because not listed in AllowUsers
Jan 18 08:18:58 host sshd[8814]: input_userauth_request: invalid user root [preauth]
Jan 18 08:18:58 host unix_chkpwd[8880]: password check failed for user (root)
Jan 18 08:18:58 host sshd[8814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.141.70 user=root
Jan 18 08:18:58 host sshd[8814]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 08:19:00 host sshd[8814]: Failed password for invalid user root from 220.133.141.70 port 54566 ssh2
Jan 18 08:19:08 host sshd[8814]: Connection reset by 220.133.141.70 port 54566 [preauth]
Jan 18 08:20:56 host sshd[9122]: Invalid user installer from 68.183.87.50 port 49872
Jan 18 08:20:56 host sshd[9122]: input_userauth_request: invalid user installer [preauth]
Jan 18 08:20:56 host sshd[9122]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:20:56 host sshd[9122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.87.50
Jan 18 08:20:57 host sshd[9122]: Failed password for invalid user installer from 68.183.87.50 port 49872 ssh2
Jan 18 08:20:57 host sshd[9122]: Received disconnect from 68.183.87.50 port 49872:11: Bye Bye [preauth]
Jan 18 08:20:57 host sshd[9122]: Disconnected from 68.183.87.50 port 49872 [preauth]
Jan 18 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 08:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 08:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 08:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkaretakers user-2=cochintaxi user-3=dartsimp user-4=a2zgroup user-5=laundryboniface user-6=wwwpmcresource user-7=travelboniface user-8=ugotscom user-9=wwwrmswll user-10=keralaholi user-11=wwwresourcehunte user-12=disposeat user-13=wwwkmaorg user-14=remysagr user-15=woodpeck user-16=wwwkapin user-17=wwwtestugo user-18=shalinijames user-19=vfmassets user-20=pmcresources user-21=wwwevmhonda user-22=bonifacegroup user-23=straightcurve user-24=wwwletsstalkfood user-25=phmetals user-26=kottayamcalldriv user-27=gifterman user-28=palco123 user-29=mrsclean user-30=wwwnexidigital feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 08:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-fxZx8c9QCMTShkhA.~
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-fxZx8c9QCMTShkhA.~'
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-fxZx8c9QCMTShkhA.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 08:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 08:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 08:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 08:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 08:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 08:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 08:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 08:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 08:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 08:25:17 host sshd[9983]: Invalid user hplip from 104.244.74.6 port 58174
Jan 18 08:25:17 host sshd[9983]: input_userauth_request: invalid user hplip [preauth]
Jan 18 08:25:17 host sshd[9983]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:25:17 host sshd[9983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 18 08:25:20 host sshd[9983]: Failed password for invalid user hplip from 104.244.74.6 port 58174 ssh2
Jan 18 08:25:20 host sshd[9983]: Connection closed by 104.244.74.6 port 58174 [preauth]
Jan 18 08:29:17 host sshd[10598]: Invalid user hplip from 104.244.74.6 port 43514
Jan 18 08:29:17 host sshd[10598]: input_userauth_request: invalid user hplip [preauth]
Jan 18 08:29:17 host sshd[10598]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:29:17 host sshd[10598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 18 08:29:18 host sshd[10598]: Failed password for invalid user hplip from 104.244.74.6 port 43514 ssh2
Jan 18 08:29:19 host sshd[10598]: Connection closed by 104.244.74.6 port 43514 [preauth]
Jan 18 08:32:55 host sshd[11082]: User root from 187.220.14.210 not allowed because not listed in AllowUsers
Jan 18 08:32:55 host sshd[11082]: input_userauth_request: invalid user root [preauth]
Jan 18 08:32:55 host unix_chkpwd[11155]: password check failed for user (root)
Jan 18 08:32:55 host sshd[11082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.220.14.210 user=root
Jan 18 08:32:55 host sshd[11082]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 08:32:57 host sshd[11082]: Failed password for invalid user root from 187.220.14.210 port 40948 ssh2
Jan 18 08:32:59 host unix_chkpwd[11206]: password check failed for user (root)
Jan 18 08:32:59 host sshd[11082]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 08:33:01 host sshd[11082]: Failed password for invalid user root from 187.220.14.210 port 40948 ssh2
Jan 18 08:33:02 host sshd[11082]: Connection reset by 187.220.14.210 port 40948 [preauth]
Jan 18 08:33:02 host sshd[11082]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.220.14.210 user=root
Jan 18 08:35:18 host sshd[11575]: Invalid user justin from 209.141.56.48 port 40718
Jan 18 08:35:18 host sshd[11575]: input_userauth_request: invalid user justin [preauth]
Jan 18 08:35:18 host sshd[11575]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:35:18 host sshd[11575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 18 08:35:19 host sshd[11575]: Failed password for invalid user justin from 209.141.56.48 port 40718 ssh2
Jan 18 08:35:20 host sshd[11575]: Connection closed by 209.141.56.48 port 40718 [preauth]
Jan 18 08:44:43 host sshd[13233]: Invalid user fv from 194.110.203.109 port 60872
Jan 18 08:44:43 host sshd[13233]: input_userauth_request: invalid user fv [preauth]
Jan 18 08:44:43 host sshd[13233]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:44:43 host sshd[13233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 08:44:45 host sshd[13233]: Failed password for invalid user fv from 194.110.203.109 port 60872 ssh2
Jan 18 08:44:48 host sshd[13233]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:44:50 host sshd[13233]: Failed password for invalid user fv from 194.110.203.109 port 60872 ssh2
Jan 18 08:44:53 host sshd[13233]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:44:56 host sshd[13233]: Failed password for invalid user fv from 194.110.203.109 port 60872 ssh2
Jan 18 08:44:59 host sshd[13233]: Connection closed by 194.110.203.109 port 60872 [preauth]
Jan 18 08:44:59 host sshd[13233]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 08:46:16 host sshd[13471]: Invalid user vagrant from 59.24.2.176 port 40656
Jan 18 08:46:16 host sshd[13471]: input_userauth_request: invalid user vagrant [preauth]
Jan 18 08:46:16 host sshd[13471]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:46:16 host sshd[13471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.24.2.176
Jan 18 08:46:18 host sshd[13471]: Failed password for invalid user vagrant from 59.24.2.176 port 40656 ssh2
Jan 18 08:46:19 host sshd[13471]: Failed password for invalid user vagrant from 59.24.2.176 port 40656 ssh2
Jan 18 08:46:19 host sshd[13471]: Connection reset by 59.24.2.176 port 40656 [preauth]
Jan 18 08:51:04 host sshd[14236]: Invalid user jboss from 178.33.6.226 port 59288
Jan 18 08:51:04 host sshd[14236]: input_userauth_request: invalid user jboss [preauth]
Jan 18 08:51:04 host sshd[14236]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:51:04 host sshd[14236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.33.6.226
Jan 18 08:51:06 host sshd[14236]: Failed password for invalid user jboss from 178.33.6.226 port 59288 ssh2
Jan 18 08:51:07 host sshd[14236]: Received disconnect from 178.33.6.226 port 59288:11: Bye Bye [preauth]
Jan 18 08:51:07 host sshd[14236]: Disconnected from 178.33.6.226 port 59288 [preauth]
Jan 18 08:53:06 host sshd[14507]: Invalid user jboss from 54.39.177.44 port 59996
Jan 18 08:53:06 host sshd[14507]: input_userauth_request: invalid user jboss [preauth]
Jan 18 08:53:06 host sshd[14507]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:53:06 host sshd[14507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.39.177.44
Jan 18 08:53:08 host sshd[14507]: Failed password for invalid user jboss from 54.39.177.44 port 59996 ssh2
Jan 18 08:53:08 host sshd[14507]: Received disconnect from 54.39.177.44 port 59996:11: Bye Bye [preauth]
Jan 18 08:53:08 host sshd[14507]: Disconnected from 54.39.177.44 port 59996 [preauth]
Jan 18 08:54:48 host sshd[14822]: Invalid user testuser from 45.240.88.106 port 43196
Jan 18 08:54:48 host sshd[14822]: input_userauth_request: invalid user testuser [preauth]
Jan 18 08:54:48 host sshd[14822]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:54:48 host sshd[14822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.240.88.106
Jan 18 08:54:50 host sshd[14822]: Failed password for invalid user testuser from 45.240.88.106 port 43196 ssh2
Jan 18 08:54:50 host sshd[14822]: Received disconnect from 45.240.88.106 port 43196:11: Bye Bye [preauth]
Jan 18 08:54:50 host sshd[14822]: Disconnected from 45.240.88.106 port 43196 [preauth]
Jan 18 08:55:09 host sshd[14888]: User root from 14.161.27.163 not allowed because not listed in AllowUsers
Jan 18 08:55:09 host sshd[14888]: input_userauth_request: invalid user root [preauth]
Jan 18 08:55:09 host unix_chkpwd[14890]: password check failed for user (root)
Jan 18 08:55:09 host sshd[14888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.161.27.163 user=root
Jan 18 08:55:09 host sshd[14888]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 08:55:11 host sshd[14888]: Failed password for invalid user root from 14.161.27.163 port 39684 ssh2
Jan 18 08:55:11 host sshd[14888]: Received disconnect from 14.161.27.163 port 39684:11: Bye Bye [preauth]
Jan 18 08:55:11 host sshd[14888]: Disconnected from 14.161.27.163 port 39684 [preauth]
Jan 18 08:55:43 host sshd[14975]: Invalid user web from 134.209.200.13 port 36750
Jan 18 08:55:43 host sshd[14975]: input_userauth_request: invalid user web [preauth]
Jan 18 08:55:43 host sshd[14975]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:55:43 host sshd[14975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.200.13
Jan 18 08:55:45 host sshd[14975]: Failed password for invalid user web from 134.209.200.13 port 36750 ssh2
Jan 18 08:55:45 host sshd[14975]: Received disconnect from 134.209.200.13 port 36750:11: Bye Bye [preauth]
Jan 18 08:55:45 host sshd[14975]: Disconnected from 134.209.200.13 port 36750 [preauth]
Jan 18 08:55:55 host sshd[14894]: User root from 123.240.202.59 not allowed because not listed in AllowUsers
Jan 18 08:55:55 host sshd[14894]: input_userauth_request: invalid user root [preauth]
Jan 18 08:55:55 host unix_chkpwd[15008]: password check failed for user (root)
Jan 18 08:55:55 host sshd[14894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.240.202.59 user=root
Jan 18 08:55:55 host sshd[14894]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 08:55:57 host sshd[14894]: Failed password for invalid user root from 123.240.202.59 port 40499 ssh2
Jan 18 08:55:58 host unix_chkpwd[15012]: password check failed for user (root)
Jan 18 08:55:58 host sshd[14894]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 08:56:00 host sshd[14894]: Failed password for invalid user root from 123.240.202.59 port 40499 ssh2
Jan 18 08:56:01 host unix_chkpwd[15016]: password check failed for user (root)
Jan 18 08:56:01 host sshd[14894]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 08:56:03 host sshd[14894]: Failed password for invalid user root from 123.240.202.59 port 40499 ssh2
Jan 18 08:56:04 host sshd[14894]: Connection reset by 123.240.202.59 port 40499 [preauth]
Jan 18 08:56:04 host sshd[14894]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.240.202.59 user=root
Jan 18 08:56:46 host sshd[15153]: User root from 27.112.78.28 not allowed because not listed in AllowUsers
Jan 18 08:56:46 host sshd[15153]: input_userauth_request: invalid user root [preauth]
Jan 18 08:56:46 host unix_chkpwd[15156]: password check failed for user (root)
Jan 18 08:56:46 host sshd[15153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.28 user=root
Jan 18 08:56:46 host sshd[15153]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 08:56:48 host sshd[15153]: Failed password for invalid user root from 27.112.78.28 port 45132 ssh2
Jan 18 08:56:48 host sshd[15153]: Received disconnect from 27.112.78.28 port 45132:11: Bye Bye [preauth]
Jan 18 08:56:48 host sshd[15153]: Disconnected from 27.112.78.28 port 45132 [preauth]
Jan 18 08:57:03 host sshd[15184]: User root from 61.7.147.42 not allowed because not listed in AllowUsers
Jan 18 08:57:03 host sshd[15184]: input_userauth_request: invalid user root [preauth]
Jan 18 08:57:03 host unix_chkpwd[15186]: password check failed for user (root)
Jan 18 08:57:03 host sshd[15184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.7.147.42 user=root
Jan 18 08:57:03 host sshd[15184]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 08:57:05 host sshd[15184]: Failed password for invalid user root from 61.7.147.42 port 19940 ssh2
Jan 18 08:57:05 host sshd[15184]: Received disconnect from 61.7.147.42 port 19940:11: Bye Bye [preauth]
Jan 18 08:57:05 host sshd[15184]: Disconnected from 61.7.147.42 port 19940 [preauth]
Jan 18 08:57:36 host sshd[15305]: Invalid user arkserver from 134.209.200.13 port 36124
Jan 18 08:57:36 host sshd[15305]: input_userauth_request: invalid user arkserver [preauth]
Jan 18 08:57:36 host sshd[15305]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:57:36 host sshd[15305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.200.13
Jan 18 08:57:38 host sshd[15305]: Failed password for invalid user arkserver from 134.209.200.13 port 36124 ssh2
Jan 18 08:57:38 host sshd[15305]: Received disconnect from 134.209.200.13 port 36124:11: Bye Bye [preauth]
Jan 18 08:57:38 host sshd[15305]: Disconnected from 134.209.200.13 port 36124 [preauth]
Jan 18 08:57:39 host sshd[15309]: Invalid user terraria from 178.33.6.226 port 39592
Jan 18 08:57:39 host sshd[15309]: input_userauth_request: invalid user terraria [preauth]
Jan 18 08:57:39 host sshd[15309]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:57:39 host sshd[15309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.33.6.226
Jan 18 08:57:41 host sshd[15309]: Failed password for invalid user terraria from 178.33.6.226 port 39592 ssh2
Jan 18 08:57:41 host sshd[15309]: Received disconnect from 178.33.6.226 port 39592:11: Bye Bye [preauth]
Jan 18 08:57:41 host sshd[15309]: Disconnected from 178.33.6.226 port 39592 [preauth]
Jan 18 08:57:50 host sshd[15328]: Invalid user kafka from 138.197.162.56 port 32912
Jan 18 08:57:50 host sshd[15328]: input_userauth_request: invalid user kafka [preauth]
Jan 18 08:57:50 host sshd[15328]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:57:50 host sshd[15328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.162.56
Jan 18 08:57:51 host sshd[15332]: Invalid user webadmin from 43.157.26.210 port 34200
Jan 18 08:57:51 host sshd[15332]: input_userauth_request: invalid user webadmin [preauth]
Jan 18 08:57:51 host sshd[15332]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:57:51 host sshd[15332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.26.210
Jan 18 08:57:52 host sshd[15328]: Failed password for invalid user kafka from 138.197.162.56 port 32912 ssh2
Jan 18 08:57:52 host sshd[15328]: Received disconnect from 138.197.162.56 port 32912:11: Bye Bye [preauth]
Jan 18 08:57:52 host sshd[15328]: Disconnected from 138.197.162.56 port 32912 [preauth]
Jan 18 08:57:53 host sshd[15332]: Failed password for invalid user webadmin from 43.157.26.210 port 34200 ssh2
Jan 18 08:57:54 host sshd[15332]: Received disconnect from 43.157.26.210 port 34200:11: Bye Bye [preauth]
Jan 18 08:57:54 host sshd[15332]: Disconnected from 43.157.26.210 port 34200 [preauth]
Jan 18 08:58:10 host sshd[15379]: Invalid user terraria from 54.39.177.44 port 49712
Jan 18 08:58:10 host sshd[15379]: input_userauth_request: invalid user terraria [preauth]
Jan 18 08:58:10 host sshd[15379]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:58:10 host sshd[15379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.39.177.44
Jan 18 08:58:12 host sshd[15379]: Failed password for invalid user terraria from 54.39.177.44 port 49712 ssh2
Jan 18 08:58:12 host sshd[15379]: Received disconnect from 54.39.177.44 port 49712:11: Bye Bye [preauth]
Jan 18 08:58:12 host sshd[15379]: Disconnected from 54.39.177.44 port 49712 [preauth]
Jan 18 08:58:22 host sshd[15498]: Invalid user builder from 27.112.78.28 port 41216
Jan 18 08:58:22 host sshd[15498]: input_userauth_request: invalid user builder [preauth]
Jan 18 08:58:22 host sshd[15498]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:58:23 host sshd[15498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.28
Jan 18 08:58:24 host sshd[15498]: Failed password for invalid user builder from 27.112.78.28 port 41216 ssh2
Jan 18 08:58:25 host sshd[15498]: Received disconnect from 27.112.78.28 port 41216:11: Bye Bye [preauth]
Jan 18 08:58:25 host sshd[15498]: Disconnected from 27.112.78.28 port 41216 [preauth]
Jan 18 08:58:44 host sshd[15589]: Invalid user manager from 43.134.176.134 port 50936
Jan 18 08:58:44 host sshd[15589]: input_userauth_request: invalid user manager [preauth]
Jan 18 08:58:44 host sshd[15589]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:58:44 host sshd[15589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.176.134
Jan 18 08:58:44 host sshd[15587]: Invalid user arkserver from 134.209.200.13 port 59782
Jan 18 08:58:44 host sshd[15587]: input_userauth_request: invalid user arkserver [preauth]
Jan 18 08:58:44 host sshd[15587]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:58:44 host sshd[15587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.200.13
Jan 18 08:58:45 host sshd[15589]: Failed password for invalid user manager from 43.134.176.134 port 50936 ssh2
Jan 18 08:58:45 host sshd[15589]: Received disconnect from 43.134.176.134 port 50936:11: Bye Bye [preauth]
Jan 18 08:58:45 host sshd[15589]: Disconnected from 43.134.176.134 port 50936 [preauth]
Jan 18 08:58:46 host sshd[15587]: Failed password for invalid user arkserver from 134.209.200.13 port 59782 ssh2
Jan 18 08:58:46 host sshd[15587]: Received disconnect from 134.209.200.13 port 59782:11: Bye Bye [preauth]
Jan 18 08:58:46 host sshd[15587]: Disconnected from 134.209.200.13 port 59782 [preauth]
Jan 18 08:58:59 host sshd[15642]: Invalid user hplip from 104.244.74.6 port 48346
Jan 18 08:58:59 host sshd[15642]: input_userauth_request: invalid user hplip [preauth]
Jan 18 08:58:59 host sshd[15642]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:58:59 host sshd[15642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 18 08:59:01 host sshd[15642]: Failed password for invalid user hplip from 104.244.74.6 port 48346 ssh2
Jan 18 08:59:02 host sshd[15642]: Connection closed by 104.244.74.6 port 48346 [preauth]
Jan 18 08:59:18 host sshd[15706]: Invalid user builder from 54.39.177.44 port 44356
Jan 18 08:59:18 host sshd[15706]: input_userauth_request: invalid user builder [preauth]
Jan 18 08:59:18 host sshd[15706]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:59:18 host sshd[15706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.39.177.44
Jan 18 08:59:20 host sshd[15706]: Failed password for invalid user builder from 54.39.177.44 port 44356 ssh2
Jan 18 08:59:26 host sshd[15747]: Invalid user deamon from 178.33.6.226 port 55612
Jan 18 08:59:26 host sshd[15747]: input_userauth_request: invalid user deamon [preauth]
Jan 18 08:59:26 host sshd[15747]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:59:26 host sshd[15747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.33.6.226
Jan 18 08:59:28 host sshd[15747]: Failed password for invalid user deamon from 178.33.6.226 port 55612 ssh2
Jan 18 08:59:28 host sshd[15747]: Received disconnect from 178.33.6.226 port 55612:11: Bye Bye [preauth]
Jan 18 08:59:28 host sshd[15747]: Disconnected from 178.33.6.226 port 55612 [preauth]
Jan 18 08:59:42 host sshd[15837]: Invalid user int from 43.157.26.210 port 59616
Jan 18 08:59:42 host sshd[15837]: input_userauth_request: invalid user int [preauth]
Jan 18 08:59:42 host sshd[15837]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 08:59:42 host sshd[15837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.26.210
Jan 18 08:59:44 host sshd[15837]: Failed password for invalid user int from 43.157.26.210 port 59616 ssh2
Jan 18 08:59:44 host sshd[15837]: Received disconnect from 43.157.26.210 port 59616:11: Bye Bye [preauth]
Jan 18 08:59:44 host sshd[15837]: Disconnected from 43.157.26.210 port 59616 [preauth]
Jan 18 09:00:51 host sshd[16055]: User root from 45.240.88.106 not allowed because not listed in AllowUsers
Jan 18 09:00:51 host sshd[16055]: input_userauth_request: invalid user root [preauth]
Jan 18 09:00:51 host unix_chkpwd[16058]: password check failed for user (root)
Jan 18 09:00:51 host sshd[16055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.240.88.106 user=root
Jan 18 09:00:51 host sshd[16055]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 09:00:52 host sshd[16055]: Failed password for invalid user root from 45.240.88.106 port 44704 ssh2
Jan 18 09:00:52 host sshd[16055]: Received disconnect from 45.240.88.106 port 44704:11: Bye Bye [preauth]
Jan 18 09:00:52 host sshd[16055]: Disconnected from 45.240.88.106 port 44704 [preauth]
Jan 18 09:00:53 host sshd[16060]: Invalid user demo from 43.157.26.210 port 53848
Jan 18 09:00:53 host sshd[16060]: input_userauth_request: invalid user demo [preauth]
Jan 18 09:00:53 host sshd[16060]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:00:53 host sshd[16060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.26.210
Jan 18 09:00:55 host sshd[16060]: Failed password for invalid user demo from 43.157.26.210 port 53848 ssh2
Jan 18 09:00:55 host sshd[16060]: Received disconnect from 43.157.26.210 port 53848:11: Bye Bye [preauth]
Jan 18 09:00:55 host sshd[16060]: Disconnected from 43.157.26.210 port 53848 [preauth]
Jan 18 09:01:24 host sshd[16197]: Invalid user master from 138.197.162.56 port 52084
Jan 18 09:01:24 host sshd[16197]: input_userauth_request: invalid user master [preauth]
Jan 18 09:01:24 host sshd[16197]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:01:24 host sshd[16197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.162.56
Jan 18 09:01:26 host sshd[16197]: Failed password for invalid user master from 138.197.162.56 port 52084 ssh2
Jan 18 09:01:26 host sshd[16197]: Received disconnect from 138.197.162.56 port 52084:11: Bye Bye [preauth]
Jan 18 09:01:26 host sshd[16197]: Disconnected from 138.197.162.56 port 52084 [preauth]
Jan 18 09:02:01 host sshd[16281]: Invalid user kali from 14.161.27.163 port 34728
Jan 18 09:02:01 host sshd[16281]: input_userauth_request: invalid user kali [preauth]
Jan 18 09:02:01 host sshd[16281]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:02:01 host sshd[16281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.161.27.163
Jan 18 09:02:04 host sshd[16281]: Failed password for invalid user kali from 14.161.27.163 port 34728 ssh2
Jan 18 09:02:04 host sshd[16281]: Received disconnect from 14.161.27.163 port 34728:11: Bye Bye [preauth]
Jan 18 09:02:04 host sshd[16281]: Disconnected from 14.161.27.163 port 34728 [preauth]
Jan 18 09:02:32 host sshd[16397]: Connection closed by 114.35.102.81 port 58905 [preauth]
Jan 18 09:02:34 host sshd[16415]: Invalid user testuser from 138.197.162.56 port 51286
Jan 18 09:02:34 host sshd[16415]: input_userauth_request: invalid user testuser [preauth]
Jan 18 09:02:34 host sshd[16415]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:02:34 host sshd[16415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.162.56
Jan 18 09:02:36 host sshd[16415]: Failed password for invalid user testuser from 138.197.162.56 port 51286 ssh2
Jan 18 09:02:37 host sshd[16415]: Received disconnect from 138.197.162.56 port 51286:11: Bye Bye [preauth]
Jan 18 09:02:37 host sshd[16415]: Disconnected from 138.197.162.56 port 51286 [preauth]
Jan 18 09:03:12 host sshd[16537]: Invalid user kafka from 130.162.135.31 port 37286
Jan 18 09:03:12 host sshd[16537]: input_userauth_request: invalid user kafka [preauth]
Jan 18 09:03:12 host sshd[16537]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:03:12 host sshd[16537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.162.135.31
Jan 18 09:03:15 host sshd[16537]: Failed password for invalid user kafka from 130.162.135.31 port 37286 ssh2
Jan 18 09:03:15 host sshd[16537]: Received disconnect from 130.162.135.31 port 37286:11: Bye Bye [preauth]
Jan 18 09:03:15 host sshd[16537]: Disconnected from 130.162.135.31 port 37286 [preauth]
Jan 18 09:03:49 host sshd[16740]: Invalid user a from 43.134.176.134 port 55152
Jan 18 09:03:49 host sshd[16740]: input_userauth_request: invalid user a [preauth]
Jan 18 09:03:49 host sshd[16740]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:03:49 host sshd[16740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.176.134
Jan 18 09:03:52 host sshd[16740]: Failed password for invalid user a from 43.134.176.134 port 55152 ssh2
Jan 18 09:03:52 host sshd[16740]: Received disconnect from 43.134.176.134 port 55152:11: Bye Bye [preauth]
Jan 18 09:03:52 host sshd[16740]: Disconnected from 43.134.176.134 port 55152 [preauth]
Jan 18 09:05:23 host sshd[17010]: User sshd from 194.169.175.102 not allowed because not listed in AllowUsers
Jan 18 09:05:23 host sshd[17010]: input_userauth_request: invalid user sshd [preauth]
Jan 18 09:05:23 host unix_chkpwd[17020]: password check failed for user (sshd)
Jan 18 09:05:23 host sshd[17010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 user=sshd
Jan 18 09:05:23 host sshd[17010]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd"
Jan 18 09:05:25 host sshd[17010]: Failed password for invalid user sshd from 194.169.175.102 port 51317 ssh2
Jan 18 09:05:25 host sshd[17010]: Received disconnect from 194.169.175.102 port 51317:11: Client disconnecting normally [preauth]
Jan 18 09:05:25 host sshd[17010]: Disconnected from 194.169.175.102 port 51317 [preauth]
Jan 18 09:05:38 host sshd[17120]: Invalid user acs from 43.134.176.134 port 57468
Jan 18 09:05:38 host sshd[17120]: input_userauth_request: invalid user acs [preauth]
Jan 18 09:05:38 host sshd[17120]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:05:38 host sshd[17120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.176.134
Jan 18 09:05:41 host sshd[17120]: Failed password for invalid user acs from 43.134.176.134 port 57468 ssh2
Jan 18 09:06:40 host sshd[17300]: Invalid user alex from 130.162.135.31 port 37396
Jan 18 09:06:40 host sshd[17300]: input_userauth_request: invalid user alex [preauth]
Jan 18 09:06:40 host sshd[17300]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:06:40 host sshd[17300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.162.135.31
Jan 18 09:06:42 host sshd[17300]: Failed password for invalid user alex from 130.162.135.31 port 37396 ssh2
Jan 18 09:06:42 host sshd[17300]: Received disconnect from 130.162.135.31 port 37396:11: Bye Bye [preauth]
Jan 18 09:06:42 host sshd[17300]: Disconnected from 130.162.135.31 port 37396 [preauth]
Jan 18 09:08:49 host sshd[17746]: Invalid user mc from 130.162.135.31 port 37502
Jan 18 09:08:49 host sshd[17746]: input_userauth_request: invalid user mc [preauth]
Jan 18 09:08:49 host sshd[17746]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:08:49 host sshd[17746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.162.135.31
Jan 18 09:08:51 host sshd[17746]: Failed password for invalid user mc from 130.162.135.31 port 37502 ssh2
Jan 18 09:10:27 host sshd[18083]: Bad protocol version identification '\026\003\001' from 106.75.182.206 port 33994
Jan 18 09:10:43 host sshd[18133]: Bad protocol version identification 'USER anonymous' from 106.75.182.206 port 37978
Jan 18 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 09:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 09:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 09:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 09:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 09:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=shalinijames user-2=wwwtestugo user-3=vfmassets user-4=pmcresources user-5=disposeat user-6=remysagr user-7=wwwkmaorg user-8=wwwkapin user-9=woodpeck user-10=phmetals user-11=kottayamcalldriv user-12=palco123 user-13=gifterman user-14=wwwnexidigital user-15=mrsclean user-16=wwwevmhonda user-17=bonifacegroup user-18=wwwletsstalkfood user-19=straightcurve user-20=a2zgroup user-21=dartsimp user-22=laundryboniface user-23=cochintaxi user-24=wwwkaretakers user-25=travelboniface user-26=ugotscom user-27=wwwresourcehunte user-28=keralaholi user-29=wwwrmswll user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 09:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-zk2TYBXdlSBSqKhq.~
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-zk2TYBXdlSBSqKhq.~'
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-zk2TYBXdlSBSqKhq.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 09:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 09:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 09:23:29 host sshd[20825]: Invalid user ubnt from 125.228.28.243 port 48178
Jan 18 09:23:29 host sshd[20825]: input_userauth_request: invalid user ubnt [preauth]
Jan 18 09:23:29 host sshd[20825]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:23:29 host sshd[20825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.28.243
Jan 18 09:23:32 host sshd[20825]: Failed password for invalid user ubnt from 125.228.28.243 port 48178 ssh2
Jan 18 09:23:33 host sshd[20825]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:23:34 host sshd[20825]: Failed password for invalid user ubnt from 125.228.28.243 port 48178 ssh2
Jan 18 09:23:35 host sshd[20825]: Failed password for invalid user ubnt from 125.228.28.243 port 48178 ssh2
Jan 18 09:23:35 host sshd[20825]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:23:38 host sshd[20825]: Failed password for invalid user ubnt from 125.228.28.243 port 48178 ssh2
Jan 18 09:23:38 host sshd[20825]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:23:40 host sshd[20825]: Failed password for invalid user ubnt from 125.228.28.243 port 48178 ssh2
Jan 18 09:25:55 host sshd[21259]: Invalid user admin from 175.183.32.151 port 33480
Jan 18 09:25:55 host sshd[21259]: input_userauth_request: invalid user admin [preauth]
Jan 18 09:25:55 host sshd[21259]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:25:55 host sshd[21259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.183.32.151
Jan 18 09:25:57 host sshd[21259]: Failed password for invalid user admin from 175.183.32.151 port 33480 ssh2
Jan 18 09:25:57 host sshd[21259]: Failed password for invalid user admin from 175.183.32.151 port 33480 ssh2
Jan 18 09:25:58 host sshd[21259]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:26:00 host sshd[21259]: Failed password for invalid user admin from 175.183.32.151 port 33480 ssh2
Jan 18 09:26:00 host sshd[21259]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:26:03 host sshd[21259]: Failed password for invalid user admin from 175.183.32.151 port 33480 ssh2
Jan 18 09:26:03 host sshd[21259]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:26:04 host sshd[21259]: Failed password for invalid user admin from 175.183.32.151 port 33480 ssh2
Jan 18 09:26:06 host sshd[21259]: Connection reset by 175.183.32.151 port 33480 [preauth]
Jan 18 09:26:06 host sshd[21259]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.183.32.151
Jan 18 09:26:06 host sshd[21259]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 18 09:27:24 host sshd[21464]: User root from 59.126.116.127 not allowed because not listed in AllowUsers
Jan 18 09:27:24 host sshd[21464]: input_userauth_request: invalid user root [preauth]
Jan 18 09:27:24 host unix_chkpwd[21468]: password check failed for user (root)
Jan 18 09:27:24 host sshd[21464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.116.127 user=root
Jan 18 09:27:24 host sshd[21464]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 09:27:26 host sshd[21464]: Failed password for invalid user root from 59.126.116.127 port 52966 ssh2
Jan 18 09:27:26 host unix_chkpwd[21473]: password check failed for user (root)
Jan 18 09:27:26 host sshd[21464]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 09:27:28 host sshd[21464]: Failed password for invalid user root from 59.126.116.127 port 52966 ssh2
Jan 18 09:27:29 host unix_chkpwd[21499]: password check failed for user (root)
Jan 18 09:27:29 host sshd[21464]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 09:27:32 host sshd[21464]: Failed password for invalid user root from 59.126.116.127 port 52966 ssh2
Jan 18 09:27:33 host sshd[21464]: Connection reset by 59.126.116.127 port 52966 [preauth]
Jan 18 09:27:33 host sshd[21464]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.116.127 user=root
Jan 18 09:29:00 host sshd[21695]: Invalid user ubnt from 36.231.188.232 port 39672
Jan 18 09:29:00 host sshd[21695]: input_userauth_request: invalid user ubnt [preauth]
Jan 18 09:29:00 host sshd[21695]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:29:00 host sshd[21695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.231.188.232
Jan 18 09:29:02 host sshd[21695]: Failed password for invalid user ubnt from 36.231.188.232 port 39672 ssh2
Jan 18 09:29:03 host sshd[21695]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:29:05 host sshd[21695]: Failed password for invalid user ubnt from 36.231.188.232 port 39672 ssh2
Jan 18 09:29:05 host sshd[21695]: Connection reset by 36.231.188.232 port 39672 [preauth]
Jan 18 09:29:05 host sshd[21695]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.231.188.232
Jan 18 09:35:51 host sshd[22779]: Connection reset by 220.134.12.214 port 55283 [preauth]
Jan 18 09:36:10 host sshd[22811]: Invalid user kira from 103.119.155.83 port 47322
Jan 18 09:36:10 host sshd[22811]: input_userauth_request: invalid user kira [preauth]
Jan 18 09:36:10 host sshd[22811]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:36:10 host sshd[22811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.119.155.83
Jan 18 09:36:12 host sshd[22811]: Failed password for invalid user kira from 103.119.155.83 port 47322 ssh2
Jan 18 09:36:12 host sshd[22811]: Received disconnect from 103.119.155.83 port 47322:11: Bye Bye [preauth]
Jan 18 09:36:12 host sshd[22811]: Disconnected from 103.119.155.83 port 47322 [preauth]
Jan 18 09:36:29 host sshd[22860]: User root from 180.168.95.234 not allowed because not listed in AllowUsers
Jan 18 09:36:29 host sshd[22860]: input_userauth_request: invalid user root [preauth]
Jan 18 09:36:29 host unix_chkpwd[22863]: password check failed for user (root)
Jan 18 09:36:29 host sshd[22860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.168.95.234 user=root
Jan 18 09:36:29 host sshd[22860]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 09:36:32 host sshd[22860]: Failed password for invalid user root from 180.168.95.234 port 41454 ssh2
Jan 18 09:36:32 host sshd[22860]: Received disconnect from 180.168.95.234 port 41454:11: Bye Bye [preauth]
Jan 18 09:36:32 host sshd[22860]: Disconnected from 180.168.95.234 port 41454 [preauth]
Jan 18 09:37:33 host sshd[22991]: User root from 134.209.127.189 not allowed because not listed in AllowUsers
Jan 18 09:37:33 host sshd[22991]: input_userauth_request: invalid user root [preauth]
Jan 18 09:37:33 host unix_chkpwd[22995]: password check failed for user (root)
Jan 18 09:37:33 host sshd[22991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.127.189 user=root
Jan 18 09:37:33 host sshd[22991]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 09:37:35 host sshd[22991]: Failed password for invalid user root from 134.209.127.189 port 35086 ssh2
Jan 18 09:37:35 host sshd[22991]: Received disconnect from 134.209.127.189 port 35086:11: Bye Bye [preauth]
Jan 18 09:37:35 host sshd[22991]: Disconnected from 134.209.127.189 port 35086 [preauth]
Jan 18 09:37:59 host sshd[23017]: User root from 202.179.0.89 not allowed because not listed in AllowUsers
Jan 18 09:37:59 host sshd[23017]: input_userauth_request: invalid user root [preauth]
Jan 18 09:37:59 host unix_chkpwd[23020]: password check failed for user (root)
Jan 18 09:37:59 host sshd[23017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.0.89 user=root
Jan 18 09:37:59 host sshd[23017]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 09:38:01 host sshd[23017]: Failed password for invalid user root from 202.179.0.89 port 12398 ssh2
Jan 18 09:38:01 host sshd[23017]: Received disconnect from 202.179.0.89 port 12398:11: Bye Bye [preauth]
Jan 18 09:38:01 host sshd[23017]: Disconnected from 202.179.0.89 port 12398 [preauth]
Jan 18 09:38:48 host sshd[23145]: Invalid user vagrant from 114.34.129.50 port 34757
Jan 18 09:38:48 host sshd[23145]: input_userauth_request: invalid user vagrant [preauth]
Jan 18 09:38:48 host sshd[23145]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:38:48 host sshd[23145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.129.50
Jan 18 09:38:51 host sshd[23145]: Failed password for invalid user vagrant from 114.34.129.50 port 34757 ssh2
Jan 18 09:38:52 host sshd[23145]: Failed password for invalid user vagrant from 114.34.129.50 port 34757 ssh2
Jan 18 09:38:53 host sshd[23145]: Connection closed by 114.34.129.50 port 34757 [preauth]
Jan 18 09:39:07 host sshd[23190]: User root from 38.87.247.82 not allowed because not listed in AllowUsers
Jan 18 09:39:07 host sshd[23190]: input_userauth_request: invalid user root [preauth]
Jan 18 09:39:07 host unix_chkpwd[23194]: password check failed for user (root)
Jan 18 09:39:07 host sshd[23190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.87.247.82 user=root
Jan 18 09:39:07 host sshd[23190]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 09:39:09 host sshd[23190]: Failed password for invalid user root from 38.87.247.82 port 55622 ssh2
Jan 18 09:39:10 host sshd[23190]: Received disconnect from 38.87.247.82 port 55622:11: Bye Bye [preauth]
Jan 18 09:39:10 host sshd[23190]: Disconnected from 38.87.247.82 port 55622 [preauth]
Jan 18 09:40:00 host sshd[23309]: Invalid user usr from 221.164.234.19 port 44677
Jan 18 09:40:00 host sshd[23309]: input_userauth_request: invalid user usr [preauth]
Jan 18 09:40:00 host sshd[23309]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:40:00 host sshd[23309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.164.234.19
Jan 18 09:40:02 host sshd[23309]: Failed password for invalid user usr from 221.164.234.19 port 44677 ssh2
Jan 18 09:40:03 host sshd[23309]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:40:05 host sshd[23309]: Failed password for invalid user usr from 221.164.234.19 port 44677 ssh2
Jan 18 09:40:05 host sshd[23309]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:40:07 host sshd[23309]: Failed password for invalid user usr from 221.164.234.19 port 44677 ssh2
Jan 18 09:40:08 host sshd[23309]: Connection reset by 221.164.234.19 port 44677 [preauth]
Jan 18 09:40:08 host sshd[23309]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.164.234.19
Jan 18 09:42:18 host sshd[23743]: Invalid user hb from 45.156.21.70 port 51520
Jan 18 09:42:18 host sshd[23743]: input_userauth_request: invalid user hb [preauth]
Jan 18 09:42:18 host sshd[23743]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:42:18 host sshd[23743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.21.70
Jan 18 09:42:20 host sshd[23743]: Failed password for invalid user hb from 45.156.21.70 port 51520 ssh2
Jan 18 09:42:20 host sshd[23743]: Received disconnect from 45.156.21.70 port 51520:11: Bye Bye [preauth]
Jan 18 09:42:20 host sshd[23743]: Disconnected from 45.156.21.70 port 51520 [preauth]
Jan 18 09:42:37 host sshd[23844]: Invalid user frappe from 180.168.95.234 port 39364
Jan 18 09:42:37 host sshd[23844]: input_userauth_request: invalid user frappe [preauth]
Jan 18 09:42:37 host sshd[23844]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:42:37 host sshd[23844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.168.95.234
Jan 18 09:42:37 host sshd[23848]: Invalid user alex from 201.184.50.251 port 58616
Jan 18 09:42:37 host sshd[23848]: input_userauth_request: invalid user alex [preauth]
Jan 18 09:42:37 host sshd[23848]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:42:37 host sshd[23848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jan 18 09:42:39 host sshd[23844]: Failed password for invalid user frappe from 180.168.95.234 port 39364 ssh2
Jan 18 09:42:39 host sshd[23844]: Received disconnect from 180.168.95.234 port 39364:11: Bye Bye [preauth]
Jan 18 09:42:39 host sshd[23844]: Disconnected from 180.168.95.234 port 39364 [preauth]
Jan 18 09:42:40 host sshd[23848]: Failed password for invalid user alex from 201.184.50.251 port 58616 ssh2
Jan 18 09:42:40 host sshd[23848]: Received disconnect from 201.184.50.251 port 58616:11: Bye Bye [preauth]
Jan 18 09:42:40 host sshd[23848]: Disconnected from 201.184.50.251 port 58616 [preauth]
Jan 18 09:42:43 host sshd[23890]: Invalid user hz from 103.119.155.83 port 50242
Jan 18 09:42:43 host sshd[23890]: input_userauth_request: invalid user hz [preauth]
Jan 18 09:42:43 host sshd[23890]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:42:43 host sshd[23890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.119.155.83
Jan 18 09:42:45 host sshd[23890]: Failed password for invalid user hz from 103.119.155.83 port 50242 ssh2
Jan 18 09:42:45 host sshd[23890]: Received disconnect from 103.119.155.83 port 50242:11: Bye Bye [preauth]
Jan 18 09:42:45 host sshd[23890]: Disconnected from 103.119.155.83 port 50242 [preauth]
Jan 18 09:42:53 host sshd[23913]: Invalid user frappe from 134.209.127.189 port 54024
Jan 18 09:42:53 host sshd[23913]: input_userauth_request: invalid user frappe [preauth]
Jan 18 09:42:53 host sshd[23913]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:42:53 host sshd[23913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.127.189
Jan 18 09:42:53 host sshd[23921]: Invalid user hz from 202.179.0.89 port 35460
Jan 18 09:42:53 host sshd[23921]: input_userauth_request: invalid user hz [preauth]
Jan 18 09:42:53 host sshd[23921]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:42:53 host sshd[23921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.0.89
Jan 18 09:42:55 host sshd[23913]: Failed password for invalid user frappe from 134.209.127.189 port 54024 ssh2
Jan 18 09:42:55 host sshd[23913]: Received disconnect from 134.209.127.189 port 54024:11: Bye Bye [preauth]
Jan 18 09:42:55 host sshd[23913]: Disconnected from 134.209.127.189 port 54024 [preauth]
Jan 18 09:42:56 host sshd[23921]: Failed password for invalid user hz from 202.179.0.89 port 35460 ssh2
Jan 18 09:42:56 host sshd[23921]: Received disconnect from 202.179.0.89 port 35460:11: Bye Bye [preauth]
Jan 18 09:42:56 host sshd[23921]: Disconnected from 202.179.0.89 port 35460 [preauth]
Jan 18 09:44:08 host sshd[24137]: Invalid user hb from 103.119.155.83 port 49024
Jan 18 09:44:08 host sshd[24137]: input_userauth_request: invalid user hb [preauth]
Jan 18 09:44:08 host sshd[24137]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:44:08 host sshd[24137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.119.155.83
Jan 18 09:44:10 host sshd[24137]: Failed password for invalid user hb from 103.119.155.83 port 49024 ssh2
Jan 18 09:44:10 host sshd[24137]: Received disconnect from 103.119.155.83 port 49024:11: Bye Bye [preauth]
Jan 18 09:44:10 host sshd[24137]: Disconnected from 103.119.155.83 port 49024 [preauth]
Jan 18 09:44:17 host sshd[24175]: Invalid user kira from 45.156.21.70 port 37658
Jan 18 09:44:17 host sshd[24175]: input_userauth_request: invalid user kira [preauth]
Jan 18 09:44:17 host sshd[24175]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:44:17 host sshd[24175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.21.70
Jan 18 09:44:19 host sshd[24175]: Failed password for invalid user kira from 45.156.21.70 port 37658 ssh2
Jan 18 09:44:19 host sshd[24175]: Received disconnect from 45.156.21.70 port 37658:11: Bye Bye [preauth]
Jan 18 09:44:19 host sshd[24175]: Disconnected from 45.156.21.70 port 37658 [preauth]
Jan 18 09:44:46 host sshd[24286]: Invalid user hb from 201.184.50.251 port 56602
Jan 18 09:44:46 host sshd[24286]: input_userauth_request: invalid user hb [preauth]
Jan 18 09:44:46 host sshd[24286]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:44:46 host sshd[24286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jan 18 09:44:48 host sshd[24286]: Failed password for invalid user hb from 201.184.50.251 port 56602 ssh2
Jan 18 09:44:48 host sshd[24286]: Received disconnect from 201.184.50.251 port 56602:11: Bye Bye [preauth]
Jan 18 09:44:48 host sshd[24286]: Disconnected from 201.184.50.251 port 56602 [preauth]
Jan 18 09:45:54 host sshd[24549]: Invalid user factorio from 45.156.21.70 port 45134
Jan 18 09:45:54 host sshd[24549]: input_userauth_request: invalid user factorio [preauth]
Jan 18 09:45:54 host sshd[24549]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:45:54 host sshd[24549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.156.21.70
Jan 18 09:45:56 host sshd[24549]: Failed password for invalid user factorio from 45.156.21.70 port 45134 ssh2
Jan 18 09:45:56 host sshd[24549]: Received disconnect from 45.156.21.70 port 45134:11: Bye Bye [preauth]
Jan 18 09:45:56 host sshd[24549]: Disconnected from 45.156.21.70 port 45134 [preauth]
Jan 18 09:46:11 host sshd[24607]: Invalid user frappe from 201.184.50.251 port 51250
Jan 18 09:46:11 host sshd[24607]: input_userauth_request: invalid user frappe [preauth]
Jan 18 09:46:11 host sshd[24607]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 09:46:11 host sshd[24607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.50.251
Jan 18 09:46:13 host sshd[24607]: Failed password for invalid user frappe from 201.184.50.251 port 51250 ssh2
Jan 18 09:46:14 host sshd[24607]: Received disconnect from 201.184.50.251 port 51250:11: Bye Bye [preauth]
Jan 18 09:46:14 host sshd[24607]: Disconnected from 201.184.50.251 port 51250 [preauth]
Jan 18 09:49:26 host sshd[25050]: User root from 38.87.247.82 not allowed because not listed in AllowUsers
Jan 18 09:49:26 host sshd[25050]: input_userauth_request: invalid user root [preauth]
Jan 18 09:49:26 host unix_chkpwd[25053]: password check failed for user (root)
Jan 18 09:49:26 host sshd[25050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.87.247.82 user=root
Jan 18 09:49:26 host sshd[25050]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 09:49:29 host sshd[25050]: Failed password for invalid user root from 38.87.247.82 port 40122 ssh2
Jan 18 10:01:03 host sshd[26949]: Invalid user ONTUSER from 113.176.76.139 port 58829
Jan 18 10:01:03 host sshd[26949]: input_userauth_request: invalid user ONTUSER [preauth]
Jan 18 10:01:03 host sshd[26949]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 10:01:03 host sshd[26949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.176.76.139
Jan 18 10:01:05 host sshd[26953]: User root from 113.176.76.139 not allowed because not listed in AllowUsers
Jan 18 10:01:05 host sshd[26953]: input_userauth_request: invalid user root [preauth]
Jan 18 10:01:05 host unix_chkpwd[26956]: password check failed for user (root)
Jan 18 10:01:05 host sshd[26953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.176.76.139 user=root
Jan 18 10:01:05 host sshd[26953]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 10:01:06 host sshd[26949]: Failed password for invalid user ONTUSER from 113.176.76.139 port 58829 ssh2
Jan 18 10:01:07 host sshd[26953]: Failed password for invalid user root from 113.176.76.139 port 58837 ssh2
Jan 18 10:01:07 host sshd[26949]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 10:01:07 host sshd[26953]: Connection reset by 113.176.76.139 port 58837 [preauth]
Jan 18 10:01:09 host sshd[26949]: Failed password for invalid user ONTUSER from 113.176.76.139 port 58829 ssh2
Jan 18 10:01:09 host sshd[26949]: Failed password for invalid user ONTUSER from 113.176.76.139 port 58829 ssh2
Jan 18 10:01:09 host sshd[26949]: Connection closed by 113.176.76.139 port 58829 [preauth]
Jan 18 10:01:09 host sshd[26949]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.176.76.139
Jan 18 10:15:45 host sshd[29502]: Invalid user support from 65.158.137.178 port 62361
Jan 18 10:15:45 host sshd[29502]: input_userauth_request: invalid user support [preauth]
Jan 18 10:15:45 host sshd[29502]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 10:15:45 host sshd[29502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.158.137.178
Jan 18 10:15:46 host sshd[29502]: Failed password for invalid user support from 65.158.137.178 port 62361 ssh2
Jan 18 10:15:47 host sshd[29502]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 10:15:49 host sshd[29502]: Failed password for invalid user support from 65.158.137.178 port 62361 ssh2
Jan 18 10:15:50 host sshd[29502]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 10:15:52 host sshd[29502]: Failed password for invalid user support from 65.158.137.178 port 62361 ssh2
Jan 18 10:15:53 host sshd[29502]: Connection reset by 65.158.137.178 port 62361 [preauth]
Jan 18 10:15:53 host sshd[29502]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.158.137.178
Jan 18 10:19:59 host sshd[30076]: Invalid user dmdba from 220.134.225.206 port 44454
Jan 18 10:19:59 host sshd[30076]: input_userauth_request: invalid user dmdba [preauth]
Jan 18 10:19:59 host sshd[30076]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 10:19:59 host sshd[30076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.225.206
Jan 18 10:20:01 host sshd[30076]: Failed password for invalid user dmdba from 220.134.225.206 port 44454 ssh2
Jan 18 10:20:01 host sshd[30076]: Failed password for invalid user dmdba from 220.134.225.206 port 44454 ssh2
Jan 18 10:20:02 host sshd[30076]: Connection closed by 220.134.225.206 port 44454 [preauth]
Jan 18 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 10:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 10:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 10:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 10:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 10:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 10:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 10:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 10:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=travelboniface user-2=ugotscom user-3=wwwrmswll user-4=keralaholi user-5=wwwresourcehunte user-6=wwwpmcresource user-7=dartsimp user-8=a2zgroup user-9=laundryboniface user-10=wwwkaretakers user-11=cochintaxi user-12=phmetals user-13=kottayamcalldriv user-14=gifterman user-15=palco123 user-16=wwwnexidigital user-17=mrsclean user-18=wwwevmhonda user-19=bonifacegroup user-20=straightcurve user-21=wwwletsstalkfood user-22=wwwtestugo user-23=shalinijames user-24=vfmassets user-25=pmcresources user-26=disposeat user-27=wwwkmaorg user-28=remysagr user-29=wwwkapin user-30=woodpeck feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 10:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-qJOhH8PU9QLeMO48.~
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-qJOhH8PU9QLeMO48.~'
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-qJOhH8PU9QLeMO48.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 10:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 10:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 10:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 10:23:03 host sshd[30812]: Invalid user vadmin from 222.112.19.89 port 60397
Jan 18 10:23:03 host sshd[30812]: input_userauth_request: invalid user vadmin [preauth]
Jan 18 10:23:03 host sshd[30812]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 10:23:03 host sshd[30812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.112.19.89
Jan 18 10:23:05 host sshd[30812]: Failed password for invalid user vadmin from 222.112.19.89 port 60397 ssh2
Jan 18 10:23:06 host sshd[30812]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 10:23:08 host sshd[30812]: Failed password for invalid user vadmin from 222.112.19.89 port 60397 ssh2
Jan 18 10:23:09 host sshd[30812]: Connection reset by 222.112.19.89 port 60397 [preauth]
Jan 18 10:23:09 host sshd[30812]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.112.19.89
Jan 18 10:25:33 host sshd[31172]: User root from 220.119.92.214 not allowed because not listed in AllowUsers
Jan 18 10:25:33 host sshd[31172]: input_userauth_request: invalid user root [preauth]
Jan 18 10:25:33 host unix_chkpwd[31182]: password check failed for user (root)
Jan 18 10:25:33 host sshd[31172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.119.92.214 user=root
Jan 18 10:25:33 host sshd[31172]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 10:25:35 host sshd[31172]: Failed password for invalid user root from 220.119.92.214 port 36995 ssh2
Jan 18 10:25:35 host sshd[31172]: Connection reset by 220.119.92.214 port 36995 [preauth]
Jan 18 10:25:38 host sshd[31187]: Invalid user default from 78.10.234.22 port 40200
Jan 18 10:25:38 host sshd[31187]: input_userauth_request: invalid user default [preauth]
Jan 18 10:25:38 host sshd[31187]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 10:25:38 host sshd[31187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.10.234.22
Jan 18 10:25:41 host sshd[31187]: Failed password for invalid user default from 78.10.234.22 port 40200 ssh2
Jan 18 10:25:42 host sshd[31187]: Connection reset by 78.10.234.22 port 40200 [preauth]
Jan 18 10:27:34 host sshd[31473]: Invalid user fw from 194.110.203.109 port 44660
Jan 18 10:27:34 host sshd[31473]: input_userauth_request: invalid user fw [preauth]
Jan 18 10:27:34 host sshd[31473]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 10:27:34 host sshd[31473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 10:27:37 host sshd[31473]: Failed password for invalid user fw from 194.110.203.109 port 44660 ssh2
Jan 18 10:27:40 host sshd[31473]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 10:27:41 host sshd[31473]: Failed password for invalid user fw from 194.110.203.109 port 44660 ssh2
Jan 18 10:27:45 host sshd[31473]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 10:27:47 host sshd[31473]: Failed password for invalid user fw from 194.110.203.109 port 44660 ssh2
Jan 18 10:27:50 host sshd[31473]: Connection closed by 194.110.203.109 port 44660 [preauth]
Jan 18 10:27:50 host sshd[31473]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 10:29:50 host sshd[31862]: User root from 114.33.153.175 not allowed because not listed in AllowUsers
Jan 18 10:29:50 host sshd[31862]: input_userauth_request: invalid user root [preauth]
Jan 18 10:29:50 host unix_chkpwd[31877]: password check failed for user (root)
Jan 18 10:29:50 host sshd[31862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.153.175 user=root
Jan 18 10:29:50 host sshd[31862]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 10:29:52 host sshd[31862]: Failed password for invalid user root from 114.33.153.175 port 40550 ssh2
Jan 18 10:29:52 host sshd[31862]: Connection reset by 114.33.153.175 port 40550 [preauth]
Jan 18 10:32:28 host sshd[32221]: Invalid user admin from 210.91.130.137 port 62082
Jan 18 10:32:28 host sshd[32221]: input_userauth_request: invalid user admin [preauth]
Jan 18 10:32:28 host sshd[32221]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 10:32:28 host sshd[32221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.130.137
Jan 18 10:32:30 host sshd[32221]: Failed password for invalid user admin from 210.91.130.137 port 62082 ssh2
Jan 18 10:32:30 host sshd[32221]: Connection reset by 210.91.130.137 port 62082 [preauth]
Jan 18 10:35:30 host sshd[302]: Connection reset by 170.250.225.151 port 34642 [preauth]
Jan 18 10:46:13 host sshd[1959]: Connection reset by 121.157.182.16 port 61188 [preauth]
Jan 18 10:58:13 host sshd[4019]: User root from 87.26.122.156 not allowed because not listed in AllowUsers
Jan 18 10:58:13 host sshd[4019]: input_userauth_request: invalid user root [preauth]
Jan 18 10:58:13 host unix_chkpwd[4022]: password check failed for user (root)
Jan 18 10:58:13 host sshd[4019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.26.122.156 user=root
Jan 18 10:58:13 host sshd[4019]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 10:58:15 host sshd[4019]: Failed password for invalid user root from 87.26.122.156 port 43519 ssh2
Jan 18 10:58:16 host unix_chkpwd[4025]: password check failed for user (root)
Jan 18 10:58:16 host sshd[4019]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 10:58:18 host sshd[4019]: Failed password for invalid user root from 87.26.122.156 port 43519 ssh2
Jan 18 10:58:19 host unix_chkpwd[4030]: password check failed for user (root)
Jan 18 10:58:19 host sshd[4019]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 10:58:21 host sshd[4019]: Failed password for invalid user root from 87.26.122.156 port 43519 ssh2
Jan 18 10:58:22 host sshd[4019]: Connection reset by 87.26.122.156 port 43519 [preauth]
Jan 18 10:58:22 host sshd[4019]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.26.122.156 user=root
Jan 18 11:06:07 host sshd[5551]: Invalid user airflow from 14.63.203.207 port 52836
Jan 18 11:06:07 host sshd[5551]: input_userauth_request: invalid user airflow [preauth]
Jan 18 11:06:07 host sshd[5551]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:06:07 host sshd[5551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.63.203.207
Jan 18 11:06:09 host sshd[5551]: Failed password for invalid user airflow from 14.63.203.207 port 52836 ssh2
Jan 18 11:06:09 host sshd[5551]: Received disconnect from 14.63.203.207 port 52836:11: Bye Bye [preauth]
Jan 18 11:06:09 host sshd[5551]: Disconnected from 14.63.203.207 port 52836 [preauth]
Jan 18 11:06:54 host sshd[5658]: Invalid user hadoop from 123.138.161.107 port 51212
Jan 18 11:06:54 host sshd[5658]: input_userauth_request: invalid user hadoop [preauth]
Jan 18 11:06:54 host sshd[5658]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:06:54 host sshd[5658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.138.161.107
Jan 18 11:06:56 host sshd[5658]: Failed password for invalid user hadoop from 123.138.161.107 port 51212 ssh2
Jan 18 11:06:56 host sshd[5658]: Received disconnect from 123.138.161.107 port 51212:11: Bye Bye [preauth]
Jan 18 11:06:56 host sshd[5658]: Disconnected from 123.138.161.107 port 51212 [preauth]
Jan 18 11:11:52 host sshd[6527]: Invalid user temp from 14.63.203.207 port 50648
Jan 18 11:11:52 host sshd[6527]: input_userauth_request: invalid user temp [preauth]
Jan 18 11:11:52 host sshd[6527]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:11:52 host sshd[6527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.63.203.207
Jan 18 11:11:54 host sshd[6527]: Failed password for invalid user temp from 14.63.203.207 port 50648 ssh2
Jan 18 11:11:54 host sshd[6527]: Received disconnect from 14.63.203.207 port 50648:11: Bye Bye [preauth]
Jan 18 11:11:54 host sshd[6527]: Disconnected from 14.63.203.207 port 50648 [preauth]
Jan 18 11:12:58 host sshd[6842]: Invalid user zjw from 14.63.203.207 port 36724
Jan 18 11:12:58 host sshd[6842]: input_userauth_request: invalid user zjw [preauth]
Jan 18 11:12:58 host sshd[6842]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:12:58 host sshd[6842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.63.203.207
Jan 18 11:13:00 host sshd[6842]: Failed password for invalid user zjw from 14.63.203.207 port 36724 ssh2
Jan 18 11:16:37 host sshd[7632]: Invalid user ts3 from 123.138.161.107 port 52700
Jan 18 11:16:37 host sshd[7632]: input_userauth_request: invalid user ts3 [preauth]
Jan 18 11:16:37 host sshd[7632]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:16:37 host sshd[7632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.138.161.107
Jan 18 11:16:39 host sshd[7632]: Failed password for invalid user ts3 from 123.138.161.107 port 52700 ssh2
Jan 18 11:16:40 host sshd[7632]: Received disconnect from 123.138.161.107 port 52700:11: Bye Bye [preauth]
Jan 18 11:16:40 host sshd[7632]: Disconnected from 123.138.161.107 port 52700 [preauth]
Jan 18 11:16:48 host sshd[7652]: Invalid user support from 125.228.32.127 port 44299
Jan 18 11:16:48 host sshd[7652]: input_userauth_request: invalid user support [preauth]
Jan 18 11:16:48 host sshd[7652]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:16:48 host sshd[7652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.32.127
Jan 18 11:16:50 host sshd[7652]: Failed password for invalid user support from 125.228.32.127 port 44299 ssh2
Jan 18 11:16:51 host sshd[7652]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:16:53 host sshd[7652]: Failed password for invalid user support from 125.228.32.127 port 44299 ssh2
Jan 18 11:16:54 host sshd[7652]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:16:57 host sshd[7652]: Failed password for invalid user support from 125.228.32.127 port 44299 ssh2
Jan 18 11:16:57 host sshd[7652]: Failed password for invalid user support from 125.228.32.127 port 44299 ssh2
Jan 18 11:16:58 host sshd[7652]: Connection reset by 125.228.32.127 port 44299 [preauth]
Jan 18 11:16:58 host sshd[7652]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.32.127
Jan 18 11:17:17 host sshd[7757]: User root from 123.138.161.107 not allowed because not listed in AllowUsers
Jan 18 11:17:17 host sshd[7757]: input_userauth_request: invalid user root [preauth]
Jan 18 11:17:17 host unix_chkpwd[7765]: password check failed for user (root)
Jan 18 11:17:17 host sshd[7757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.138.161.107 user=root
Jan 18 11:17:17 host sshd[7757]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 11:17:20 host sshd[7757]: Failed password for invalid user root from 123.138.161.107 port 60588 ssh2
Jan 18 11:17:20 host sshd[7757]: Received disconnect from 123.138.161.107 port 60588:11: Bye Bye [preauth]
Jan 18 11:17:20 host sshd[7757]: Disconnected from 123.138.161.107 port 60588 [preauth]
Jan 18 11:20:24 host sshd[8564]: Invalid user pi from 220.80.142.228 port 61148
Jan 18 11:20:24 host sshd[8564]: input_userauth_request: invalid user pi [preauth]
Jan 18 11:20:24 host sshd[8564]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:20:24 host sshd[8564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.80.142.228
Jan 18 11:20:26 host sshd[8564]: Failed password for invalid user pi from 220.80.142.228 port 61148 ssh2
Jan 18 11:20:26 host sshd[8564]: Connection reset by 220.80.142.228 port 61148 [preauth]
Jan 18 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 11:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 11:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 11:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 11:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 11:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 11:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 11:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 11:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 11:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=travelboniface user-2=wwwrmswll user-3=wwwresourcehunte user-4=keralaholi user-5=ugotscom user-6=wwwpmcresource user-7=dartsimp user-8=a2zgroup user-9=laundryboniface user-10=wwwkaretakers user-11=cochintaxi user-12=gifterman user-13=palco123 user-14=phmetals user-15=kottayamcalldriv user-16=mrsclean user-17=wwwnexidigital user-18=bonifacegroup user-19=wwwevmhonda user-20=wwwletsstalkfood user-21=straightcurve user-22=vfmassets user-23=wwwtestugo user-24=shalinijames user-25=pmcresources user-26=disposeat user-27=wwwkmaorg user-28=remysagr user-29=wwwkapin user-30=woodpeck feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 11:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 11:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 11:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ERXE4ctfbI7pvk19.~
Jan 18 11:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ERXE4ctfbI7pvk19.~'
Jan 18 11:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ERXE4ctfbI7pvk19.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 11:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 11:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 11:21:09 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 11:21:09 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 11:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 11:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 11:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 11:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 11:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 11:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 11:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 11:35:28 host sshd[11691]: Invalid user bigipuser3 from 159.196.28.11 port 45796
Jan 18 11:35:28 host sshd[11691]: input_userauth_request: invalid user bigipuser3 [preauth]
Jan 18 11:35:28 host sshd[11691]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:35:28 host sshd[11691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.196.28.11
Jan 18 11:35:31 host sshd[11691]: Failed password for invalid user bigipuser3 from 159.196.28.11 port 45796 ssh2
Jan 18 11:35:32 host sshd[11691]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:35:34 host sshd[11691]: Failed password for invalid user bigipuser3 from 159.196.28.11 port 45796 ssh2
Jan 18 11:35:35 host sshd[11691]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:35:37 host sshd[11691]: Failed password for invalid user bigipuser3 from 159.196.28.11 port 45796 ssh2
Jan 18 11:35:39 host sshd[11691]: Failed password for invalid user bigipuser3 from 159.196.28.11 port 45796 ssh2
Jan 18 11:35:39 host sshd[11691]: Connection closed by 159.196.28.11 port 45796 [preauth]
Jan 18 11:35:39 host sshd[11691]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.196.28.11
Jan 18 11:37:23 host sshd[12211]: Connection reset by 119.77.134.56 port 52692 [preauth]
Jan 18 11:38:03 host sshd[12305]: Did not receive identification string from 46.101.97.107 port 61000
Jan 18 11:46:16 host sshd[13454]: Invalid user steam from 111.33.43.86 port 8893
Jan 18 11:46:16 host sshd[13454]: input_userauth_request: invalid user steam [preauth]
Jan 18 11:46:16 host sshd[13454]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:46:16 host sshd[13454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.33.43.86
Jan 18 11:46:18 host sshd[13454]: Failed password for invalid user steam from 111.33.43.86 port 8893 ssh2
Jan 18 11:46:18 host sshd[13454]: Received disconnect from 111.33.43.86 port 8893:11: Bye Bye [preauth]
Jan 18 11:46:18 host sshd[13454]: Disconnected from 111.33.43.86 port 8893 [preauth]
Jan 18 11:46:40 host sshd[13610]: Invalid user media from 179.48.124.242 port 55380
Jan 18 11:46:40 host sshd[13610]: input_userauth_request: invalid user media [preauth]
Jan 18 11:46:40 host sshd[13610]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:46:40 host sshd[13610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.48.124.242
Jan 18 11:46:42 host sshd[13610]: Failed password for invalid user media from 179.48.124.242 port 55380 ssh2
Jan 18 11:46:42 host sshd[13610]: Received disconnect from 179.48.124.242 port 55380:11: Bye Bye [preauth]
Jan 18 11:46:42 host sshd[13610]: Disconnected from 179.48.124.242 port 55380 [preauth]
Jan 18 11:47:03 host sshd[13646]: User root from 46.101.2.4 not allowed because not listed in AllowUsers
Jan 18 11:47:03 host sshd[13646]: input_userauth_request: invalid user root [preauth]
Jan 18 11:47:03 host unix_chkpwd[13652]: password check failed for user (root)
Jan 18 11:47:03 host sshd[13646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.2.4 user=root
Jan 18 11:47:03 host sshd[13646]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 11:47:05 host sshd[13646]: Failed password for invalid user root from 46.101.2.4 port 38590 ssh2
Jan 18 11:47:05 host sshd[13646]: Received disconnect from 46.101.2.4 port 38590:11: Bye Bye [preauth]
Jan 18 11:47:05 host sshd[13646]: Disconnected from 46.101.2.4 port 38590 [preauth]
Jan 18 11:47:37 host sshd[13722]: Invalid user packer from 111.220.139.23 port 59972
Jan 18 11:47:37 host sshd[13722]: input_userauth_request: invalid user packer [preauth]
Jan 18 11:47:37 host sshd[13722]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:47:37 host sshd[13722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.220.139.23
Jan 18 11:47:39 host sshd[13722]: Failed password for invalid user packer from 111.220.139.23 port 59972 ssh2
Jan 18 11:47:39 host sshd[13722]: Received disconnect from 111.220.139.23 port 59972:11: Bye Bye [preauth]
Jan 18 11:47:39 host sshd[13722]: Disconnected from 111.220.139.23 port 59972 [preauth]
Jan 18 11:47:45 host sshd[13737]: Invalid user user from 142.93.58.181 port 56290
Jan 18 11:47:45 host sshd[13737]: input_userauth_request: invalid user user [preauth]
Jan 18 11:47:45 host sshd[13737]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:47:45 host sshd[13737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.58.181
Jan 18 11:47:47 host sshd[13737]: Failed password for invalid user user from 142.93.58.181 port 56290 ssh2
Jan 18 11:47:47 host sshd[13737]: Received disconnect from 142.93.58.181 port 56290:11: Bye Bye [preauth]
Jan 18 11:47:47 host sshd[13737]: Disconnected from 142.93.58.181 port 56290 [preauth]
Jan 18 11:48:10 host sshd[13790]: Invalid user smart from 162.216.141.255 port 57114
Jan 18 11:48:10 host sshd[13790]: input_userauth_request: invalid user smart [preauth]
Jan 18 11:48:10 host sshd[13790]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:48:10 host sshd[13790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.216.141.255
Jan 18 11:48:12 host sshd[13790]: Failed password for invalid user smart from 162.216.141.255 port 57114 ssh2
Jan 18 11:48:12 host sshd[13790]: Received disconnect from 162.216.141.255 port 57114:11: Bye Bye [preauth]
Jan 18 11:48:12 host sshd[13790]: Disconnected from 162.216.141.255 port 57114 [preauth]
Jan 18 11:48:19 host sshd[13805]: Invalid user elastic from 139.59.248.243 port 36128
Jan 18 11:48:19 host sshd[13805]: input_userauth_request: invalid user elastic [preauth]
Jan 18 11:48:19 host sshd[13805]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:48:19 host sshd[13805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.248.243
Jan 18 11:48:21 host sshd[13805]: Failed password for invalid user elastic from 139.59.248.243 port 36128 ssh2
Jan 18 11:48:21 host sshd[13805]: Received disconnect from 139.59.248.243 port 36128:11: Bye Bye [preauth]
Jan 18 11:48:21 host sshd[13805]: Disconnected from 139.59.248.243 port 36128 [preauth]
Jan 18 11:49:28 host sshd[13932]: Invalid user remnux from 165.22.20.44 port 56176
Jan 18 11:49:28 host sshd[13932]: input_userauth_request: invalid user remnux [preauth]
Jan 18 11:49:28 host sshd[13932]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:49:28 host sshd[13932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.20.44
Jan 18 11:49:30 host sshd[13932]: Failed password for invalid user remnux from 165.22.20.44 port 56176 ssh2
Jan 18 11:49:30 host sshd[13932]: Received disconnect from 165.22.20.44 port 56176:11: Bye Bye [preauth]
Jan 18 11:49:30 host sshd[13932]: Disconnected from 165.22.20.44 port 56176 [preauth]
Jan 18 11:50:50 host sshd[14181]: Invalid user deploy from 45.10.152.15 port 45886
Jan 18 11:50:50 host sshd[14181]: input_userauth_request: invalid user deploy [preauth]
Jan 18 11:50:50 host sshd[14181]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:50:51 host sshd[14181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.10.152.15
Jan 18 11:50:53 host sshd[14181]: Failed password for invalid user deploy from 45.10.152.15 port 45886 ssh2
Jan 18 11:50:53 host sshd[14181]: Received disconnect from 45.10.152.15 port 45886:11: Bye Bye [preauth]
Jan 18 11:50:53 host sshd[14181]: Disconnected from 45.10.152.15 port 45886 [preauth]
Jan 18 11:51:01 host sshd[14206]: Invalid user jack from 179.184.199.23 port 51098
Jan 18 11:51:01 host sshd[14206]: input_userauth_request: invalid user jack [preauth]
Jan 18 11:51:01 host sshd[14206]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:51:01 host sshd[14206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.184.199.23
Jan 18 11:51:03 host sshd[14206]: Failed password for invalid user jack from 179.184.199.23 port 51098 ssh2
Jan 18 11:51:03 host sshd[14206]: Received disconnect from 179.184.199.23 port 51098:11: Bye Bye [preauth]
Jan 18 11:51:03 host sshd[14206]: Disconnected from 179.184.199.23 port 51098 [preauth]
Jan 18 11:52:51 host sshd[14540]: Invalid user remnux from 46.101.2.4 port 48816
Jan 18 11:52:51 host sshd[14540]: input_userauth_request: invalid user remnux [preauth]
Jan 18 11:52:51 host sshd[14540]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:52:51 host sshd[14540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.2.4
Jan 18 11:52:54 host sshd[14540]: Failed password for invalid user remnux from 46.101.2.4 port 48816 ssh2
Jan 18 11:52:54 host sshd[14540]: Received disconnect from 46.101.2.4 port 48816:11: Bye Bye [preauth]
Jan 18 11:52:54 host sshd[14540]: Disconnected from 46.101.2.4 port 48816 [preauth]
Jan 18 11:52:59 host sshd[14594]: Invalid user packer from 142.93.58.181 port 49924
Jan 18 11:52:59 host sshd[14594]: input_userauth_request: invalid user packer [preauth]
Jan 18 11:52:59 host sshd[14594]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:52:59 host sshd[14594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.58.181
Jan 18 11:53:01 host sshd[14594]: Failed password for invalid user packer from 142.93.58.181 port 49924 ssh2
Jan 18 11:53:01 host sshd[14594]: Received disconnect from 142.93.58.181 port 49924:11: Bye Bye [preauth]
Jan 18 11:53:01 host sshd[14594]: Disconnected from 142.93.58.181 port 49924 [preauth]
Jan 18 11:53:04 host sshd[14612]: User root from 139.59.248.243 not allowed because not listed in AllowUsers
Jan 18 11:53:04 host sshd[14612]: input_userauth_request: invalid user root [preauth]
Jan 18 11:53:04 host unix_chkpwd[14615]: password check failed for user (root)
Jan 18 11:53:04 host sshd[14612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.248.243 user=root
Jan 18 11:53:04 host sshd[14612]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 11:53:06 host sshd[14612]: Failed password for invalid user root from 139.59.248.243 port 40660 ssh2
Jan 18 11:53:06 host sshd[14612]: Received disconnect from 139.59.248.243 port 40660:11: Bye Bye [preauth]
Jan 18 11:53:06 host sshd[14612]: Disconnected from 139.59.248.243 port 40660 [preauth]
Jan 18 11:53:18 host sshd[14671]: Invalid user steam from 111.220.139.23 port 55100
Jan 18 11:53:18 host sshd[14671]: input_userauth_request: invalid user steam [preauth]
Jan 18 11:53:18 host sshd[14671]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:53:18 host sshd[14671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.220.139.23
Jan 18 11:53:20 host sshd[14671]: Failed password for invalid user steam from 111.220.139.23 port 55100 ssh2
Jan 18 11:53:20 host sshd[14671]: Received disconnect from 111.220.139.23 port 55100:11: Bye Bye [preauth]
Jan 18 11:53:20 host sshd[14671]: Disconnected from 111.220.139.23 port 55100 [preauth]
Jan 18 11:53:37 host sshd[14729]: Invalid user user from 162.216.141.255 port 48878
Jan 18 11:53:37 host sshd[14729]: input_userauth_request: invalid user user [preauth]
Jan 18 11:53:37 host sshd[14729]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:53:37 host sshd[14729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.216.141.255
Jan 18 11:53:39 host sshd[14729]: Failed password for invalid user user from 162.216.141.255 port 48878 ssh2
Jan 18 11:53:39 host sshd[14729]: Received disconnect from 162.216.141.255 port 48878:11: Bye Bye [preauth]
Jan 18 11:53:39 host sshd[14729]: Disconnected from 162.216.141.255 port 48878 [preauth]
Jan 18 11:53:45 host sshd[14739]: User root from 179.184.199.23 not allowed because not listed in AllowUsers
Jan 18 11:53:45 host sshd[14739]: input_userauth_request: invalid user root [preauth]
Jan 18 11:53:45 host unix_chkpwd[14746]: password check failed for user (root)
Jan 18 11:53:45 host sshd[14739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.184.199.23 user=root
Jan 18 11:53:45 host sshd[14739]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 11:53:47 host sshd[14739]: Failed password for invalid user root from 179.184.199.23 port 40882 ssh2
Jan 18 11:53:47 host sshd[14739]: Received disconnect from 179.184.199.23 port 40882:11: Bye Bye [preauth]
Jan 18 11:53:47 host sshd[14739]: Disconnected from 179.184.199.23 port 40882 [preauth]
Jan 18 11:54:00 host sshd[14792]: Invalid user ntc from 142.93.58.181 port 44224
Jan 18 11:54:00 host sshd[14792]: input_userauth_request: invalid user ntc [preauth]
Jan 18 11:54:00 host sshd[14792]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:54:00 host sshd[14792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.58.181
Jan 18 11:54:02 host sshd[14792]: Failed password for invalid user ntc from 142.93.58.181 port 44224 ssh2
Jan 18 11:54:05 host sshd[14849]: Invalid user test from 45.10.152.15 port 57968
Jan 18 11:54:05 host sshd[14849]: input_userauth_request: invalid user test [preauth]
Jan 18 11:54:05 host sshd[14849]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:54:05 host sshd[14849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.10.152.15
Jan 18 11:54:06 host sshd[14849]: Failed password for invalid user test from 45.10.152.15 port 57968 ssh2
Jan 18 11:54:07 host sshd[14849]: Received disconnect from 45.10.152.15 port 57968:11: Bye Bye [preauth]
Jan 18 11:54:07 host sshd[14849]: Disconnected from 45.10.152.15 port 57968 [preauth]
Jan 18 11:54:46 host sshd[14925]: User root from 111.220.139.23 not allowed because not listed in AllowUsers
Jan 18 11:54:46 host sshd[14925]: input_userauth_request: invalid user root [preauth]
Jan 18 11:54:46 host unix_chkpwd[14930]: password check failed for user (root)
Jan 18 11:54:46 host sshd[14925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.220.139.23 user=root
Jan 18 11:54:46 host sshd[14925]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 11:54:48 host sshd[14925]: Failed password for invalid user root from 111.220.139.23 port 49504 ssh2
Jan 18 11:54:48 host sshd[14925]: Received disconnect from 111.220.139.23 port 49504:11: Bye Bye [preauth]
Jan 18 11:54:48 host sshd[14925]: Disconnected from 111.220.139.23 port 49504 [preauth]
Jan 18 11:55:09 host sshd[15016]: Invalid user training from 162.216.141.255 port 47250
Jan 18 11:55:09 host sshd[15016]: input_userauth_request: invalid user training [preauth]
Jan 18 11:55:09 host sshd[15016]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:55:09 host sshd[15016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.216.141.255
Jan 18 11:55:12 host sshd[15016]: Failed password for invalid user training from 162.216.141.255 port 47250 ssh2
Jan 18 11:55:19 host sshd[15057]: User root from 45.10.152.15 not allowed because not listed in AllowUsers
Jan 18 11:55:19 host sshd[15057]: input_userauth_request: invalid user root [preauth]
Jan 18 11:55:19 host unix_chkpwd[15062]: password check failed for user (root)
Jan 18 11:55:19 host sshd[15057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.10.152.15 user=root
Jan 18 11:55:19 host sshd[15057]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 11:55:21 host sshd[15057]: Failed password for invalid user root from 45.10.152.15 port 56308 ssh2
Jan 18 11:55:21 host sshd[15057]: Received disconnect from 45.10.152.15 port 56308:11: Bye Bye [preauth]
Jan 18 11:55:21 host sshd[15057]: Disconnected from 45.10.152.15 port 56308 [preauth]
Jan 18 11:55:32 host sshd[15150]: User root from 175.205.244.176 not allowed because not listed in AllowUsers
Jan 18 11:55:32 host sshd[15150]: input_userauth_request: invalid user root [preauth]
Jan 18 11:55:32 host unix_chkpwd[15164]: password check failed for user (root)
Jan 18 11:55:32 host sshd[15150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.205.244.176 user=root
Jan 18 11:55:32 host sshd[15150]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 11:55:34 host sshd[15150]: Failed password for invalid user root from 175.205.244.176 port 61555 ssh2
Jan 18 11:55:35 host sshd[15150]: Connection reset by 175.205.244.176 port 61555 [preauth]
Jan 18 11:57:05 host sshd[15416]: Invalid user elastic from 111.33.43.86 port 52595
Jan 18 11:57:05 host sshd[15416]: input_userauth_request: invalid user elastic [preauth]
Jan 18 11:57:05 host sshd[15416]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:57:05 host sshd[15416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.33.43.86
Jan 18 11:57:07 host sshd[15416]: Failed password for invalid user elastic from 111.33.43.86 port 52595 ssh2
Jan 18 11:57:07 host sshd[15416]: Received disconnect from 111.33.43.86 port 52595:11: Bye Bye [preauth]
Jan 18 11:57:07 host sshd[15416]: Disconnected from 111.33.43.86 port 52595 [preauth]
Jan 18 11:57:59 host sshd[15611]: Invalid user test from 111.33.43.86 port 59577
Jan 18 11:57:59 host sshd[15611]: input_userauth_request: invalid user test [preauth]
Jan 18 11:57:59 host sshd[15611]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 11:57:59 host sshd[15611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.33.43.86
Jan 18 11:58:00 host sshd[15611]: Failed password for invalid user test from 111.33.43.86 port 59577 ssh2
Jan 18 11:58:00 host sshd[15611]: Received disconnect from 111.33.43.86 port 59577:11: Bye Bye [preauth]
Jan 18 11:58:00 host sshd[15611]: Disconnected from 111.33.43.86 port 59577 [preauth]
Jan 18 12:06:48 host sshd[16921]: Invalid user ravi from 103.38.4.238 port 55176
Jan 18 12:06:48 host sshd[16921]: input_userauth_request: invalid user ravi [preauth]
Jan 18 12:06:48 host sshd[16921]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:06:48 host sshd[16921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.38.4.238
Jan 18 12:06:50 host sshd[16921]: Failed password for invalid user ravi from 103.38.4.238 port 55176 ssh2
Jan 18 12:06:50 host sshd[16921]: Received disconnect from 103.38.4.238 port 55176:11: Bye Bye [preauth]
Jan 18 12:06:50 host sshd[16921]: Disconnected from 103.38.4.238 port 55176 [preauth]
Jan 18 12:07:03 host sshd[16970]: Invalid user ec2-user from 179.48.124.242 port 59470
Jan 18 12:07:03 host sshd[16970]: input_userauth_request: invalid user ec2-user [preauth]
Jan 18 12:07:03 host sshd[16970]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:07:03 host sshd[16970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.48.124.242
Jan 18 12:07:05 host sshd[16970]: Failed password for invalid user ec2-user from 179.48.124.242 port 59470 ssh2
Jan 18 12:07:06 host sshd[16970]: Received disconnect from 179.48.124.242 port 59470:11: Bye Bye [preauth]
Jan 18 12:07:06 host sshd[16970]: Disconnected from 179.48.124.242 port 59470 [preauth]
Jan 18 12:08:19 host sshd[17199]: User root from 179.48.124.242 not allowed because not listed in AllowUsers
Jan 18 12:08:19 host sshd[17199]: input_userauth_request: invalid user root [preauth]
Jan 18 12:08:19 host unix_chkpwd[17204]: password check failed for user (root)
Jan 18 12:08:19 host sshd[17199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.48.124.242 user=root
Jan 18 12:08:19 host sshd[17199]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 12:08:21 host sshd[17199]: Failed password for invalid user root from 179.48.124.242 port 55010 ssh2
Jan 18 12:08:26 host sshd[17297]: User root from 59.126.32.51 not allowed because not listed in AllowUsers
Jan 18 12:08:26 host sshd[17297]: input_userauth_request: invalid user root [preauth]
Jan 18 12:08:26 host unix_chkpwd[17353]: password check failed for user (root)
Jan 18 12:08:26 host sshd[17297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.32.51 user=root
Jan 18 12:08:26 host sshd[17297]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 12:08:28 host sshd[17297]: Failed password for invalid user root from 59.126.32.51 port 36910 ssh2
Jan 18 12:08:28 host sshd[17297]: Connection reset by 59.126.32.51 port 36910 [preauth]
Jan 18 12:11:57 host sshd[18142]: User root from 103.38.4.238 not allowed because not listed in AllowUsers
Jan 18 12:11:57 host sshd[18142]: input_userauth_request: invalid user root [preauth]
Jan 18 12:11:57 host unix_chkpwd[18146]: password check failed for user (root)
Jan 18 12:11:57 host sshd[18142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.38.4.238 user=root
Jan 18 12:11:57 host sshd[18142]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 12:11:59 host sshd[18142]: Failed password for invalid user root from 103.38.4.238 port 45458 ssh2
Jan 18 12:11:59 host sshd[18142]: Received disconnect from 103.38.4.238 port 45458:11: Bye Bye [preauth]
Jan 18 12:11:59 host sshd[18142]: Disconnected from 103.38.4.238 port 45458 [preauth]
Jan 18 12:13:59 host sshd[18686]: Invalid user vincent from 107.189.30.59 port 57624
Jan 18 12:13:59 host sshd[18686]: input_userauth_request: invalid user vincent [preauth]
Jan 18 12:13:59 host sshd[18686]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:13:59 host sshd[18686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 18 12:14:01 host sshd[18686]: Failed password for invalid user vincent from 107.189.30.59 port 57624 ssh2
Jan 18 12:14:03 host sshd[18686]: Connection closed by 107.189.30.59 port 57624 [preauth]
Jan 18 12:14:09 host sshd[18734]: Invalid user vadmin from 211.223.185.206 port 60903
Jan 18 12:14:09 host sshd[18734]: input_userauth_request: invalid user vadmin [preauth]
Jan 18 12:14:09 host sshd[18734]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:14:09 host sshd[18734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.223.185.206
Jan 18 12:14:10 host sshd[18734]: Failed password for invalid user vadmin from 211.223.185.206 port 60903 ssh2
Jan 18 12:14:10 host sshd[18734]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:14:13 host sshd[18734]: Failed password for invalid user vadmin from 211.223.185.206 port 60903 ssh2
Jan 18 12:14:13 host sshd[18734]: Connection reset by 211.223.185.206 port 60903 [preauth]
Jan 18 12:14:13 host sshd[18734]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.223.185.206
Jan 18 12:16:45 host sshd[19686]: Invalid user fx from 194.110.203.109 port 39714
Jan 18 12:16:45 host sshd[19686]: input_userauth_request: invalid user fx [preauth]
Jan 18 12:16:45 host sshd[19686]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:16:45 host sshd[19686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 12:16:47 host sshd[19686]: Failed password for invalid user fx from 194.110.203.109 port 39714 ssh2
Jan 18 12:16:50 host sshd[19686]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:16:51 host sshd[19686]: Failed password for invalid user fx from 194.110.203.109 port 39714 ssh2
Jan 18 12:16:55 host sshd[19686]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:16:57 host sshd[19686]: Failed password for invalid user fx from 194.110.203.109 port 39714 ssh2
Jan 18 12:17:00 host sshd[19686]: Connection closed by 194.110.203.109 port 39714 [preauth]
Jan 18 12:17:00 host sshd[19686]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 12:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=dartsimp user-2=a2zgroup user-3=laundryboniface user-4=cochintaxi user-5=wwwkaretakers user-6=travelboniface user-7=wwwrmswll user-8=keralaholi user-9=wwwresourcehunte user-10=ugotscom user-11=wwwpmcresource user-12=vfmassets user-13=wwwtestugo user-14=shalinijames user-15=pmcresources user-16=disposeat user-17=wwwkmaorg user-18=remysagr user-19=woodpeck user-20=wwwkapin user-21=gifterman user-22=palco123 user-23=phmetals user-24=kottayamcalldriv user-25=mrsclean user-26=wwwnexidigital user-27=bonifacegroup user-28=wwwevmhonda user-29=wwwletsstalkfood user-30=straightcurve feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 12:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8pOxWuMAlUANPDTh.~
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8pOxWuMAlUANPDTh.~'
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8pOxWuMAlUANPDTh.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 12:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 12:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 12:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 12:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 12:21:08 host sshd[21515]: Invalid user vadmin from 78.189.47.153 port 49448
Jan 18 12:21:08 host sshd[21515]: input_userauth_request: invalid user vadmin [preauth]
Jan 18 12:21:08 host sshd[21515]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:21:08 host sshd[21515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.189.47.153
Jan 18 12:21:11 host sshd[21515]: Failed password for invalid user vadmin from 78.189.47.153 port 49448 ssh2
Jan 18 12:21:11 host sshd[21515]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:21:13 host sshd[21515]: Failed password for invalid user vadmin from 78.189.47.153 port 49448 ssh2
Jan 18 12:21:14 host sshd[21515]: Failed password for invalid user vadmin from 78.189.47.153 port 49448 ssh2
Jan 18 12:21:16 host sshd[21515]: Connection reset by 78.189.47.153 port 49448 [preauth]
Jan 18 12:21:16 host sshd[21515]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.189.47.153
Jan 18 12:28:24 host sshd[22946]: Connection closed by 45.79.172.21 port 24620 [preauth]
Jan 18 12:28:27 host sshd[22956]: Connection closed by 45.79.172.21 port 24628 [preauth]
Jan 18 12:28:30 host sshd[22982]: Connection closed by 45.79.172.21 port 22662 [preauth]
Jan 18 12:31:56 host sshd[23502]: Invalid user user from 103.250.144.169 port 38116
Jan 18 12:31:56 host sshd[23502]: input_userauth_request: invalid user user [preauth]
Jan 18 12:31:56 host sshd[23502]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:31:56 host sshd[23502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.250.144.169
Jan 18 12:31:58 host sshd[23502]: Failed password for invalid user user from 103.250.144.169 port 38116 ssh2
Jan 18 12:31:59 host sshd[23502]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:32:01 host sshd[23502]: Failed password for invalid user user from 103.250.144.169 port 38116 ssh2
Jan 18 12:32:02 host sshd[23502]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:32:04 host sshd[23502]: Failed password for invalid user user from 103.250.144.169 port 38116 ssh2
Jan 18 12:32:05 host sshd[23502]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:32:07 host sshd[23502]: Failed password for invalid user user from 103.250.144.169 port 38116 ssh2
Jan 18 12:32:08 host sshd[23502]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:32:10 host sshd[23502]: Failed password for invalid user user from 103.250.144.169 port 38116 ssh2
Jan 18 12:32:10 host sshd[23502]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:32:12 host sshd[23502]: Failed password for invalid user user from 103.250.144.169 port 38116 ssh2
Jan 18 12:32:12 host sshd[23502]: error: maximum authentication attempts exceeded for invalid user user from 103.250.144.169 port 38116 ssh2 [preauth]
Jan 18 12:32:12 host sshd[23502]: Disconnecting: Too many authentication failures [preauth]
Jan 18 12:32:12 host sshd[23502]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.250.144.169
Jan 18 12:32:12 host sshd[23502]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 18 12:33:32 host sshd[23739]: Invalid user support from 114.34.89.28 port 41498
Jan 18 12:33:32 host sshd[23739]: input_userauth_request: invalid user support [preauth]
Jan 18 12:33:32 host sshd[23739]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:33:32 host sshd[23739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.89.28
Jan 18 12:33:33 host sshd[23742]: Invalid user oracle from 114.34.89.28 port 41517
Jan 18 12:33:33 host sshd[23742]: input_userauth_request: invalid user oracle [preauth]
Jan 18 12:33:33 host sshd[23742]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:33:33 host sshd[23742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.89.28
Jan 18 12:33:35 host sshd[23739]: Failed password for invalid user support from 114.34.89.28 port 41498 ssh2
Jan 18 12:33:35 host sshd[23739]: Connection reset by 114.34.89.28 port 41498 [preauth]
Jan 18 12:33:36 host sshd[23742]: Failed password for invalid user oracle from 114.34.89.28 port 41517 ssh2
Jan 18 12:33:36 host sshd[23742]: Connection reset by 114.34.89.28 port 41517 [preauth]
Jan 18 12:43:44 host sshd[25309]: Invalid user hikvision from 111.249.82.55 port 43508
Jan 18 12:43:44 host sshd[25309]: input_userauth_request: invalid user hikvision [preauth]
Jan 18 12:43:44 host sshd[25309]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:43:44 host sshd[25309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.249.82.55
Jan 18 12:43:46 host sshd[25309]: Failed password for invalid user hikvision from 111.249.82.55 port 43508 ssh2
Jan 18 12:43:47 host sshd[25309]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:43:48 host sshd[25309]: Failed password for invalid user hikvision from 111.249.82.55 port 43508 ssh2
Jan 18 12:43:49 host sshd[25309]: Connection reset by 111.249.82.55 port 43508 [preauth]
Jan 18 12:43:49 host sshd[25309]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.249.82.55
Jan 18 12:48:15 host sshd[25973]: Invalid user ubnt from 175.143.30.19 port 54126
Jan 18 12:48:15 host sshd[25973]: input_userauth_request: invalid user ubnt [preauth]
Jan 18 12:48:15 host sshd[25973]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 12:48:15 host sshd[25973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.143.30.19
Jan 18 12:48:17 host sshd[25973]: Failed password for invalid user ubnt from 175.143.30.19 port 54126 ssh2
Jan 18 12:48:17 host sshd[25973]: Connection reset by 175.143.30.19 port 54126 [preauth]
Jan 18 12:58:25 host sshd[27410]: Did not receive identification string from 103.203.57.11 port 40282
Jan 18 12:58:44 host sshd[27462]: User root from 41.86.17.229 not allowed because not listed in AllowUsers
Jan 18 12:58:44 host sshd[27462]: input_userauth_request: invalid user root [preauth]
Jan 18 12:58:45 host unix_chkpwd[27465]: password check failed for user (root)
Jan 18 12:58:45 host sshd[27462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.86.17.229 user=root
Jan 18 12:58:45 host sshd[27462]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 12:58:46 host sshd[27462]: Failed password for invalid user root from 41.86.17.229 port 56798 ssh2
Jan 18 12:58:47 host unix_chkpwd[27468]: password check failed for user (root)
Jan 18 12:58:47 host sshd[27462]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 12:58:49 host sshd[27462]: Failed password for invalid user root from 41.86.17.229 port 56798 ssh2
Jan 18 12:58:49 host unix_chkpwd[27472]: password check failed for user (root)
Jan 18 12:58:49 host sshd[27462]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 12:58:51 host sshd[27462]: Failed password for invalid user root from 41.86.17.229 port 56798 ssh2
Jan 18 12:58:52 host unix_chkpwd[27475]: password check failed for user (root)
Jan 18 12:58:52 host sshd[27462]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 12:58:53 host sshd[27462]: Failed password for invalid user root from 41.86.17.229 port 56798 ssh2
Jan 18 12:59:24 host sshd[27550]: User root from 121.180.81.149 not allowed because not listed in AllowUsers
Jan 18 12:59:24 host sshd[27550]: input_userauth_request: invalid user root [preauth]
Jan 18 12:59:24 host unix_chkpwd[27558]: password check failed for user (root)
Jan 18 12:59:24 host sshd[27550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.180.81.149 user=root
Jan 18 12:59:24 host sshd[27550]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 12:59:27 host sshd[27550]: Failed password for invalid user root from 121.180.81.149 port 61858 ssh2
Jan 18 12:59:28 host unix_chkpwd[27582]: password check failed for user (root)
Jan 18 12:59:28 host sshd[27550]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 12:59:30 host sshd[27550]: Failed password for invalid user root from 121.180.81.149 port 61858 ssh2
Jan 18 12:59:31 host unix_chkpwd[27590]: password check failed for user (root)
Jan 18 12:59:31 host sshd[27550]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 12:59:33 host sshd[27550]: Failed password for invalid user root from 121.180.81.149 port 61858 ssh2
Jan 18 12:59:34 host unix_chkpwd[27596]: password check failed for user (root)
Jan 18 12:59:34 host sshd[27550]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 12:59:36 host sshd[27550]: Failed password for invalid user root from 121.180.81.149 port 61858 ssh2
Jan 18 12:59:36 host sshd[27550]: Connection reset by 121.180.81.149 port 61858 [preauth]
Jan 18 12:59:36 host sshd[27550]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.180.81.149 user=root
Jan 18 12:59:36 host sshd[27550]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 18 13:02:47 host sshd[28144]: Invalid user admin from 112.186.184.222 port 60979
Jan 18 13:02:47 host sshd[28144]: input_userauth_request: invalid user admin [preauth]
Jan 18 13:02:47 host sshd[28144]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:02:47 host sshd[28144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.186.184.222
Jan 18 13:02:49 host sshd[28144]: Failed password for invalid user admin from 112.186.184.222 port 60979 ssh2
Jan 18 13:02:50 host sshd[28144]: Failed password for invalid user admin from 112.186.184.222 port 60979 ssh2
Jan 18 13:02:51 host sshd[28144]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:02:53 host sshd[28144]: Failed password for invalid user admin from 112.186.184.222 port 60979 ssh2
Jan 18 13:02:54 host sshd[28144]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:02:55 host sshd[28144]: Failed password for invalid user admin from 112.186.184.222 port 60979 ssh2
Jan 18 13:02:56 host sshd[28144]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:02:58 host sshd[28144]: Failed password for invalid user admin from 112.186.184.222 port 60979 ssh2
Jan 18 13:11:45 host sshd[29493]: Invalid user Admin from 175.194.219.239 port 47437
Jan 18 13:11:45 host sshd[29493]: input_userauth_request: invalid user Admin [preauth]
Jan 18 13:11:45 host sshd[29493]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:11:45 host sshd[29493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.194.219.239
Jan 18 13:11:48 host sshd[29493]: Failed password for invalid user Admin from 175.194.219.239 port 47437 ssh2
Jan 18 13:11:48 host sshd[29493]: Connection reset by 175.194.219.239 port 47437 [preauth]
Jan 18 13:15:18 host sshd[30101]: Connection reset by 123.1.71.148 port 63338 [preauth]
Jan 18 13:18:24 host sshd[30630]: User root from 220.132.40.212 not allowed because not listed in AllowUsers
Jan 18 13:18:24 host sshd[30630]: input_userauth_request: invalid user root [preauth]
Jan 18 13:18:24 host unix_chkpwd[30637]: password check failed for user (root)
Jan 18 13:18:24 host sshd[30630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.40.212 user=root
Jan 18 13:18:24 host sshd[30630]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 13:18:26 host sshd[30630]: Failed password for invalid user root from 220.132.40.212 port 41283 ssh2
Jan 18 13:18:27 host unix_chkpwd[30650]: password check failed for user (root)
Jan 18 13:18:27 host sshd[30630]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 13:18:30 host sshd[30630]: Failed password for invalid user root from 220.132.40.212 port 41283 ssh2
Jan 18 13:18:31 host unix_chkpwd[30676]: password check failed for user (root)
Jan 18 13:18:31 host sshd[30630]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 13:18:33 host sshd[30630]: Failed password for invalid user root from 220.132.40.212 port 41283 ssh2
Jan 18 13:18:33 host unix_chkpwd[30685]: password check failed for user (root)
Jan 18 13:18:33 host sshd[30630]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 13:18:35 host sshd[30630]: Failed password for invalid user root from 220.132.40.212 port 41283 ssh2
Jan 18 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 13:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=woodpeck user-2=wwwkapin user-3=remysagr user-4=disposeat user-5=wwwkmaorg user-6=pmcresources user-7=vfmassets user-8=wwwtestugo user-9=shalinijames user-10=straightcurve user-11=wwwletsstalkfood user-12=bonifacegroup user-13=wwwevmhonda user-14=wwwnexidigital user-15=mrsclean user-16=gifterman user-17=palco123 user-18=phmetals user-19=kottayamcalldriv user-20=wwwkaretakers user-21=cochintaxi user-22=laundryboniface user-23=dartsimp user-24=a2zgroup user-25=wwwpmcresource user-26=wwwrmswll user-27=wwwresourcehunte user-28=keralaholi user-29=ugotscom user-30=travelboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 13:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-25iHUksyELK6at4U.~
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-25iHUksyELK6at4U.~'
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-25iHUksyELK6at4U.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 13:21:09 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 13:21:09 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 13:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 13:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 13:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 13:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 13:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 13:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 13:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 13:22:53 host sshd[31495]: User root from 197.5.145.93 not allowed because not listed in AllowUsers
Jan 18 13:22:53 host sshd[31495]: input_userauth_request: invalid user root [preauth]
Jan 18 13:22:53 host unix_chkpwd[31498]: password check failed for user (root)
Jan 18 13:22:53 host sshd[31495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.93 user=root
Jan 18 13:22:53 host sshd[31495]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 13:22:54 host sshd[31495]: Failed password for invalid user root from 197.5.145.93 port 34011 ssh2
Jan 18 13:22:54 host sshd[31495]: Received disconnect from 197.5.145.93 port 34011:11: Bye Bye [preauth]
Jan 18 13:22:54 host sshd[31495]: Disconnected from 197.5.145.93 port 34011 [preauth]
Jan 18 13:29:36 host sshd[32452]: User root from 91.195.158.163 not allowed because not listed in AllowUsers
Jan 18 13:29:36 host sshd[32452]: input_userauth_request: invalid user root [preauth]
Jan 18 13:29:36 host unix_chkpwd[32455]: password check failed for user (root)
Jan 18 13:29:36 host sshd[32452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.195.158.163 user=root
Jan 18 13:29:36 host sshd[32452]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 13:29:38 host sshd[32452]: Failed password for invalid user root from 91.195.158.163 port 42167 ssh2
Jan 18 13:29:39 host unix_chkpwd[32460]: password check failed for user (root)
Jan 18 13:29:39 host sshd[32452]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 13:29:39 host sshd[32457]: Invalid user conectar from 197.5.145.93 port 34013
Jan 18 13:29:39 host sshd[32457]: input_userauth_request: invalid user conectar [preauth]
Jan 18 13:29:39 host sshd[32457]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:29:39 host sshd[32457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.93
Jan 18 13:29:41 host sshd[32452]: Failed password for invalid user root from 91.195.158.163 port 42167 ssh2
Jan 18 13:29:41 host sshd[32457]: Failed password for invalid user conectar from 197.5.145.93 port 34013 ssh2
Jan 18 13:29:41 host sshd[32457]: Received disconnect from 197.5.145.93 port 34013:11: Bye Bye [preauth]
Jan 18 13:29:41 host sshd[32457]: Disconnected from 197.5.145.93 port 34013 [preauth]
Jan 18 13:29:41 host unix_chkpwd[32468]: password check failed for user (root)
Jan 18 13:29:41 host sshd[32452]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 13:29:43 host sshd[32452]: Failed password for invalid user root from 91.195.158.163 port 42167 ssh2
Jan 18 13:29:43 host unix_chkpwd[32472]: password check failed for user (root)
Jan 18 13:29:43 host sshd[32452]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 13:29:45 host sshd[32452]: Failed password for invalid user root from 91.195.158.163 port 42167 ssh2
Jan 18 13:31:38 host sshd[398]: Connection reset by 59.126.35.92 port 49127 [preauth]
Jan 18 13:36:51 host sshd[1118]: Connection reset by 121.187.152.29 port 59760 [preauth]
Jan 18 13:42:07 host sshd[1700]: Invalid user http from 195.3.147.77 port 30657
Jan 18 13:42:07 host sshd[1700]: input_userauth_request: invalid user http [preauth]
Jan 18 13:42:07 host sshd[1700]: Failed none for invalid user http from 195.3.147.77 port 30657 ssh2
Jan 18 13:42:08 host sshd[1700]: Disconnecting: Change of username or service not allowed: (http,ssh-connection) -> (factory,ssh-connection) [preauth]
Jan 18 13:42:10 host sshd[1748]: Invalid user factory from 195.3.147.77 port 50603
Jan 18 13:42:10 host sshd[1748]: input_userauth_request: invalid user factory [preauth]
Jan 18 13:42:11 host sshd[1748]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:42:11 host sshd[1748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.3.147.77
Jan 18 13:42:13 host sshd[1748]: Failed password for invalid user factory from 195.3.147.77 port 50603 ssh2
Jan 18 13:42:13 host sshd[1748]: Disconnecting: Change of username or service not allowed: (factory,ssh-connection) -> (3comcso,ssh-connection) [preauth]
Jan 18 13:42:16 host sshd[1757]: Invalid user 3comcso from 195.3.147.77 port 20678
Jan 18 13:42:16 host sshd[1757]: input_userauth_request: invalid user 3comcso [preauth]
Jan 18 13:42:17 host sshd[1757]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:42:17 host sshd[1757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.3.147.77
Jan 18 13:42:18 host sshd[1757]: Failed password for invalid user 3comcso from 195.3.147.77 port 20678 ssh2
Jan 18 13:42:20 host sshd[1757]: Disconnecting: Change of username or service not allowed: (3comcso,ssh-connection) -> (,ssh-connection) [preauth]
Jan 18 13:48:37 host sshd[3008]: Invalid user bitwarden from 152.32.226.121 port 38880
Jan 18 13:48:37 host sshd[3008]: input_userauth_request: invalid user bitwarden [preauth]
Jan 18 13:48:37 host sshd[3008]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:48:37 host sshd[3008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.226.121
Jan 18 13:48:39 host sshd[3008]: Failed password for invalid user bitwarden from 152.32.226.121 port 38880 ssh2
Jan 18 13:48:39 host sshd[3008]: Received disconnect from 152.32.226.121 port 38880:11: Bye Bye [preauth]
Jan 18 13:48:39 host sshd[3008]: Disconnected from 152.32.226.121 port 38880 [preauth]
Jan 18 13:48:49 host sshd[3026]: User root from 118.70.180.189 not allowed because not listed in AllowUsers
Jan 18 13:48:49 host sshd[3026]: input_userauth_request: invalid user root [preauth]
Jan 18 13:48:49 host unix_chkpwd[3029]: password check failed for user (root)
Jan 18 13:48:49 host sshd[3026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.180.189 user=root
Jan 18 13:48:49 host sshd[3026]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 13:48:51 host sshd[3026]: Failed password for invalid user root from 118.70.180.189 port 57873 ssh2
Jan 18 13:48:51 host sshd[3026]: Received disconnect from 118.70.180.189 port 57873:11: Bye Bye [preauth]
Jan 18 13:48:51 host sshd[3026]: Disconnected from 118.70.180.189 port 57873 [preauth]
Jan 18 13:48:59 host sshd[3037]: Invalid user tom from 103.162.20.122 port 43326
Jan 18 13:48:59 host sshd[3037]: input_userauth_request: invalid user tom [preauth]
Jan 18 13:48:59 host sshd[3037]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:48:59 host sshd[3037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.20.122
Jan 18 13:49:01 host sshd[3037]: Failed password for invalid user tom from 103.162.20.122 port 43326 ssh2
Jan 18 13:49:01 host sshd[3037]: Received disconnect from 103.162.20.122 port 43326:11: Bye Bye [preauth]
Jan 18 13:49:01 host sshd[3037]: Disconnected from 103.162.20.122 port 43326 [preauth]
Jan 18 13:49:22 host sshd[3184]: Invalid user gpadmin from 81.30.195.246 port 57270
Jan 18 13:49:22 host sshd[3184]: input_userauth_request: invalid user gpadmin [preauth]
Jan 18 13:49:22 host sshd[3184]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:49:22 host sshd[3184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.30.195.246
Jan 18 13:49:24 host sshd[3184]: Failed password for invalid user gpadmin from 81.30.195.246 port 57270 ssh2
Jan 18 13:49:24 host sshd[3184]: Received disconnect from 81.30.195.246 port 57270:11: Bye Bye [preauth]
Jan 18 13:49:24 host sshd[3184]: Disconnected from 81.30.195.246 port 57270 [preauth]
Jan 18 13:50:11 host sshd[3311]: Invalid user user from 114.32.196.29 port 58287
Jan 18 13:50:11 host sshd[3311]: input_userauth_request: invalid user user [preauth]
Jan 18 13:50:11 host sshd[3311]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:50:11 host sshd[3311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.196.29
Jan 18 13:50:13 host sshd[3311]: Failed password for invalid user user from 114.32.196.29 port 58287 ssh2
Jan 18 13:50:16 host sshd[3311]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:50:18 host sshd[3311]: Failed password for invalid user user from 114.32.196.29 port 58287 ssh2
Jan 18 13:50:20 host sshd[3324]: User root from 103.175.16.22 not allowed because not listed in AllowUsers
Jan 18 13:50:20 host sshd[3324]: input_userauth_request: invalid user root [preauth]
Jan 18 13:50:20 host unix_chkpwd[3328]: password check failed for user (root)
Jan 18 13:50:20 host sshd[3324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.175.16.22 user=root
Jan 18 13:50:20 host sshd[3324]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 13:50:20 host sshd[3311]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:50:21 host sshd[3324]: Failed password for invalid user root from 103.175.16.22 port 59424 ssh2
Jan 18 13:50:21 host sshd[3311]: Failed password for invalid user user from 114.32.196.29 port 58287 ssh2
Jan 18 13:50:22 host sshd[3324]: Received disconnect from 103.175.16.22 port 59424:11: Bye Bye [preauth]
Jan 18 13:50:22 host sshd[3324]: Disconnected from 103.175.16.22 port 59424 [preauth]
Jan 18 13:50:22 host sshd[3311]: Connection reset by 114.32.196.29 port 58287 [preauth]
Jan 18 13:50:22 host sshd[3311]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.196.29
Jan 18 13:50:50 host sshd[3408]: Invalid user administrator from 152.32.226.121 port 25778
Jan 18 13:50:50 host sshd[3408]: input_userauth_request: invalid user administrator [preauth]
Jan 18 13:50:50 host sshd[3408]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:50:50 host sshd[3408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.226.121
Jan 18 13:50:53 host sshd[3408]: Failed password for invalid user administrator from 152.32.226.121 port 25778 ssh2
Jan 18 13:50:53 host sshd[3408]: Received disconnect from 152.32.226.121 port 25778:11: Bye Bye [preauth]
Jan 18 13:50:53 host sshd[3408]: Disconnected from 152.32.226.121 port 25778 [preauth]
Jan 18 13:51:15 host sshd[3451]: Invalid user gpadmin from 139.59.39.185 port 34404
Jan 18 13:51:15 host sshd[3451]: input_userauth_request: invalid user gpadmin [preauth]
Jan 18 13:51:15 host sshd[3451]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:51:15 host sshd[3451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.39.185
Jan 18 13:51:17 host sshd[3451]: Failed password for invalid user gpadmin from 139.59.39.185 port 34404 ssh2
Jan 18 13:51:17 host sshd[3451]: Received disconnect from 139.59.39.185 port 34404:11: Bye Bye [preauth]
Jan 18 13:51:17 host sshd[3451]: Disconnected from 139.59.39.185 port 34404 [preauth]
Jan 18 13:51:22 host sshd[3457]: Invalid user bet from 134.209.211.170 port 39850
Jan 18 13:51:22 host sshd[3457]: input_userauth_request: invalid user bet [preauth]
Jan 18 13:51:22 host sshd[3457]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:51:22 host sshd[3457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.211.170
Jan 18 13:51:24 host sshd[3457]: Failed password for invalid user bet from 134.209.211.170 port 39850 ssh2
Jan 18 13:51:24 host sshd[3457]: Received disconnect from 134.209.211.170 port 39850:11: Bye Bye [preauth]
Jan 18 13:51:24 host sshd[3457]: Disconnected from 134.209.211.170 port 39850 [preauth]
Jan 18 13:52:07 host sshd[3577]: Invalid user ntc from 152.32.226.121 port 52672
Jan 18 13:52:07 host sshd[3577]: input_userauth_request: invalid user ntc [preauth]
Jan 18 13:52:07 host sshd[3577]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:52:07 host sshd[3577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.226.121
Jan 18 13:52:10 host sshd[3577]: Failed password for invalid user ntc from 152.32.226.121 port 52672 ssh2
Jan 18 13:52:10 host sshd[3577]: Received disconnect from 152.32.226.121 port 52672:11: Bye Bye [preauth]
Jan 18 13:52:10 host sshd[3577]: Disconnected from 152.32.226.121 port 52672 [preauth]
Jan 18 13:52:22 host sshd[3620]: Invalid user steam from 183.108.54.139 port 61416
Jan 18 13:52:22 host sshd[3620]: input_userauth_request: invalid user steam [preauth]
Jan 18 13:52:22 host sshd[3620]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:52:22 host sshd[3620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.108.54.139
Jan 18 13:52:23 host sshd[3620]: Failed password for invalid user steam from 183.108.54.139 port 61416 ssh2
Jan 18 13:52:24 host sshd[3620]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:52:26 host sshd[3620]: Failed password for invalid user steam from 183.108.54.139 port 61416 ssh2
Jan 18 13:52:26 host sshd[3631]: Invalid user elastic from 14.97.218.174 port 33409
Jan 18 13:52:26 host sshd[3631]: input_userauth_request: invalid user elastic [preauth]
Jan 18 13:52:26 host sshd[3631]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:52:26 host sshd[3631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.97.218.174
Jan 18 13:52:27 host sshd[3620]: Connection reset by 183.108.54.139 port 61416 [preauth]
Jan 18 13:52:27 host sshd[3620]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.108.54.139
Jan 18 13:52:29 host sshd[3631]: Failed password for invalid user elastic from 14.97.218.174 port 33409 ssh2
Jan 18 13:52:29 host sshd[3631]: Received disconnect from 14.97.218.174 port 33409:11: Bye Bye [preauth]
Jan 18 13:52:29 host sshd[3631]: Disconnected from 14.97.218.174 port 33409 [preauth]
Jan 18 13:53:46 host sshd[3805]: Invalid user gpadmin from 159.65.91.105 port 53254
Jan 18 13:53:46 host sshd[3805]: input_userauth_request: invalid user gpadmin [preauth]
Jan 18 13:53:46 host sshd[3805]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:53:46 host sshd[3805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.91.105
Jan 18 13:53:47 host sshd[3805]: Failed password for invalid user gpadmin from 159.65.91.105 port 53254 ssh2
Jan 18 13:53:47 host sshd[3805]: Received disconnect from 159.65.91.105 port 53254:11: Bye Bye [preauth]
Jan 18 13:53:47 host sshd[3805]: Disconnected from 159.65.91.105 port 53254 [preauth]
Jan 18 13:54:22 host sshd[3891]: Invalid user tom from 118.70.180.188 port 55583
Jan 18 13:54:22 host sshd[3891]: input_userauth_request: invalid user tom [preauth]
Jan 18 13:54:22 host sshd[3891]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:54:22 host sshd[3891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.180.188
Jan 18 13:54:23 host sshd[3894]: Invalid user kevin from 103.162.20.122 port 40614
Jan 18 13:54:23 host sshd[3894]: input_userauth_request: invalid user kevin [preauth]
Jan 18 13:54:23 host sshd[3894]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:54:23 host sshd[3894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.20.122
Jan 18 13:54:23 host sshd[3891]: Failed password for invalid user tom from 118.70.180.188 port 55583 ssh2
Jan 18 13:54:23 host sshd[3891]: Received disconnect from 118.70.180.188 port 55583:11: Bye Bye [preauth]
Jan 18 13:54:23 host sshd[3891]: Disconnected from 118.70.180.188 port 55583 [preauth]
Jan 18 13:54:25 host sshd[3894]: Failed password for invalid user kevin from 103.162.20.122 port 40614 ssh2
Jan 18 13:54:25 host sshd[3894]: Received disconnect from 103.162.20.122 port 40614:11: Bye Bye [preauth]
Jan 18 13:54:25 host sshd[3894]: Disconnected from 103.162.20.122 port 40614 [preauth]
Jan 18 13:54:37 host sshd[4052]: Invalid user elastic from 134.209.211.170 port 51880
Jan 18 13:54:37 host sshd[4052]: input_userauth_request: invalid user elastic [preauth]
Jan 18 13:54:37 host sshd[4052]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:54:37 host sshd[4052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.211.170
Jan 18 13:54:39 host sshd[4052]: Failed password for invalid user elastic from 134.209.211.170 port 51880 ssh2
Jan 18 13:54:39 host sshd[4052]: Received disconnect from 134.209.211.170 port 51880:11: Bye Bye [preauth]
Jan 18 13:54:39 host sshd[4052]: Disconnected from 134.209.211.170 port 51880 [preauth]
Jan 18 13:54:43 host sshd[4066]: Invalid user oscar from 81.30.195.246 port 51098
Jan 18 13:54:43 host sshd[4066]: input_userauth_request: invalid user oscar [preauth]
Jan 18 13:54:43 host sshd[4066]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:54:43 host sshd[4066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.30.195.246
Jan 18 13:54:45 host sshd[4066]: Failed password for invalid user oscar from 81.30.195.246 port 51098 ssh2
Jan 18 13:54:45 host sshd[4066]: Received disconnect from 81.30.195.246 port 51098:11: Bye Bye [preauth]
Jan 18 13:54:45 host sshd[4066]: Disconnected from 81.30.195.246 port 51098 [preauth]
Jan 18 13:54:58 host sshd[4088]: Invalid user oscar from 14.97.218.174 port 2148
Jan 18 13:54:58 host sshd[4088]: input_userauth_request: invalid user oscar [preauth]
Jan 18 13:54:58 host sshd[4088]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:54:58 host sshd[4088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.97.218.174
Jan 18 13:55:00 host sshd[4088]: Failed password for invalid user oscar from 14.97.218.174 port 2148 ssh2
Jan 18 13:55:00 host sshd[4088]: Received disconnect from 14.97.218.174 port 2148:11: Bye Bye [preauth]
Jan 18 13:55:00 host sshd[4088]: Disconnected from 14.97.218.174 port 2148 [preauth]
Jan 18 13:55:07 host sshd[4117]: Invalid user administrator from 159.65.91.105 port 53244
Jan 18 13:55:07 host sshd[4117]: input_userauth_request: invalid user administrator [preauth]
Jan 18 13:55:07 host sshd[4117]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:55:07 host sshd[4117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.91.105
Jan 18 13:55:09 host sshd[4117]: Failed password for invalid user administrator from 159.65.91.105 port 53244 ssh2
Jan 18 13:55:09 host sshd[4117]: Received disconnect from 159.65.91.105 port 53244:11: Bye Bye [preauth]
Jan 18 13:55:09 host sshd[4117]: Disconnected from 159.65.91.105 port 53244 [preauth]
Jan 18 13:55:17 host sshd[4135]: Invalid user ark from 139.59.39.185 port 36690
Jan 18 13:55:17 host sshd[4135]: input_userauth_request: invalid user ark [preauth]
Jan 18 13:55:17 host sshd[4135]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:55:17 host sshd[4135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.39.185
Jan 18 13:55:18 host sshd[4135]: Failed password for invalid user ark from 139.59.39.185 port 36690 ssh2
Jan 18 13:55:18 host sshd[4135]: Received disconnect from 139.59.39.185 port 36690:11: Bye Bye [preauth]
Jan 18 13:55:18 host sshd[4135]: Disconnected from 139.59.39.185 port 36690 [preauth]
Jan 18 13:55:40 host sshd[4197]: Invalid user postgres from 134.209.211.170 port 49018
Jan 18 13:55:40 host sshd[4197]: input_userauth_request: invalid user postgres [preauth]
Jan 18 13:55:40 host sshd[4197]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:55:40 host sshd[4197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.211.170
Jan 18 13:55:41 host sshd[4206]: Invalid user admin1 from 118.70.180.188 port 54385
Jan 18 13:55:41 host sshd[4206]: input_userauth_request: invalid user admin1 [preauth]
Jan 18 13:55:41 host sshd[4206]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:55:41 host sshd[4206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.180.188
Jan 18 13:55:42 host sshd[4197]: Failed password for invalid user postgres from 134.209.211.170 port 49018 ssh2
Jan 18 13:55:42 host sshd[4197]: Received disconnect from 134.209.211.170 port 49018:11: Bye Bye [preauth]
Jan 18 13:55:42 host sshd[4197]: Disconnected from 134.209.211.170 port 49018 [preauth]
Jan 18 13:55:43 host sshd[4206]: Failed password for invalid user admin1 from 118.70.180.188 port 54385 ssh2
Jan 18 13:55:43 host sshd[4206]: Received disconnect from 118.70.180.188 port 54385:11: Bye Bye [preauth]
Jan 18 13:55:43 host sshd[4206]: Disconnected from 118.70.180.188 port 54385 [preauth]
Jan 18 13:55:52 host sshd[4247]: Invalid user oscar from 81.30.195.246 port 45580
Jan 18 13:55:52 host sshd[4247]: input_userauth_request: invalid user oscar [preauth]
Jan 18 13:55:52 host sshd[4247]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:55:52 host sshd[4247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.30.195.246
Jan 18 13:55:54 host sshd[4247]: Failed password for invalid user oscar from 81.30.195.246 port 45580 ssh2
Jan 18 13:55:54 host sshd[4247]: Received disconnect from 81.30.195.246 port 45580:11: Bye Bye [preauth]
Jan 18 13:55:54 host sshd[4247]: Disconnected from 81.30.195.246 port 45580 [preauth]
Jan 18 13:56:01 host sshd[4287]: Invalid user test1 from 103.162.20.122 port 39620
Jan 18 13:56:01 host sshd[4287]: input_userauth_request: invalid user test1 [preauth]
Jan 18 13:56:01 host sshd[4287]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:56:01 host sshd[4287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.20.122
Jan 18 13:56:03 host sshd[4287]: Failed password for invalid user test1 from 103.162.20.122 port 39620 ssh2
Jan 18 13:56:03 host sshd[4287]: Received disconnect from 103.162.20.122 port 39620:11: Bye Bye [preauth]
Jan 18 13:56:03 host sshd[4287]: Disconnected from 103.162.20.122 port 39620 [preauth]
Jan 18 13:56:12 host sshd[4343]: Invalid user postgres from 103.175.16.22 port 50242
Jan 18 13:56:12 host sshd[4343]: input_userauth_request: invalid user postgres [preauth]
Jan 18 13:56:12 host sshd[4343]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:56:12 host sshd[4343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.175.16.22
Jan 18 13:56:13 host sshd[4343]: Failed password for invalid user postgres from 103.175.16.22 port 50242 ssh2
Jan 18 13:56:14 host sshd[4348]: Invalid user arkserver from 159.65.91.105 port 51970
Jan 18 13:56:14 host sshd[4348]: input_userauth_request: invalid user arkserver [preauth]
Jan 18 13:56:14 host sshd[4348]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:56:14 host sshd[4348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.91.105
Jan 18 13:56:14 host sshd[4343]: Received disconnect from 103.175.16.22 port 50242:11: Bye Bye [preauth]
Jan 18 13:56:14 host sshd[4343]: Disconnected from 103.175.16.22 port 50242 [preauth]
Jan 18 13:56:16 host sshd[4348]: Failed password for invalid user arkserver from 159.65.91.105 port 51970 ssh2
Jan 18 13:56:28 host sshd[4449]: Invalid user test from 14.97.218.174 port 9211
Jan 18 13:56:28 host sshd[4449]: input_userauth_request: invalid user test [preauth]
Jan 18 13:56:28 host sshd[4449]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:56:28 host sshd[4449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.97.218.174
Jan 18 13:56:29 host sshd[4449]: Failed password for invalid user test from 14.97.218.174 port 9211 ssh2
Jan 18 13:56:29 host sshd[4449]: Received disconnect from 14.97.218.174 port 9211:11: Bye Bye [preauth]
Jan 18 13:56:29 host sshd[4449]: Disconnected from 14.97.218.174 port 9211 [preauth]
Jan 18 13:56:34 host sshd[4489]: Invalid user master from 139.59.39.185 port 34252
Jan 18 13:56:34 host sshd[4489]: input_userauth_request: invalid user master [preauth]
Jan 18 13:56:34 host sshd[4489]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:56:34 host sshd[4489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.39.185
Jan 18 13:56:36 host sshd[4489]: Failed password for invalid user master from 139.59.39.185 port 34252 ssh2
Jan 18 13:57:04 host sshd[4567]: Invalid user master from 118.70.180.188 port 53189
Jan 18 13:57:04 host sshd[4567]: input_userauth_request: invalid user master [preauth]
Jan 18 13:57:04 host sshd[4567]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:57:04 host sshd[4567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.180.188
Jan 18 13:57:06 host sshd[4567]: Failed password for invalid user master from 118.70.180.188 port 53189 ssh2
Jan 18 13:59:09 host sshd[4865]: Invalid user terry from 209.141.56.48 port 58532
Jan 18 13:59:09 host sshd[4865]: input_userauth_request: invalid user terry [preauth]
Jan 18 13:59:09 host sshd[4865]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 13:59:09 host sshd[4865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 18 13:59:11 host sshd[4865]: Failed password for invalid user terry from 209.141.56.48 port 58532 ssh2
Jan 18 13:59:12 host sshd[4865]: Connection closed by 209.141.56.48 port 58532 [preauth]
Jan 18 14:02:43 host sshd[5533]: Invalid user fy from 194.110.203.109 port 55848
Jan 18 14:02:43 host sshd[5533]: input_userauth_request: invalid user fy [preauth]
Jan 18 14:02:43 host sshd[5533]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:02:43 host sshd[5533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 14:02:45 host sshd[5533]: Failed password for invalid user fy from 194.110.203.109 port 55848 ssh2
Jan 18 14:02:49 host sshd[5533]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:02:50 host sshd[5533]: Failed password for invalid user fy from 194.110.203.109 port 55848 ssh2
Jan 18 14:02:54 host sshd[5533]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:02:56 host sshd[5533]: Failed password for invalid user fy from 194.110.203.109 port 55848 ssh2
Jan 18 14:02:59 host sshd[5533]: Connection closed by 194.110.203.109 port 55848 [preauth]
Jan 18 14:02:59 host sshd[5533]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 14:04:41 host sshd[5772]: Connection reset by 81.8.65.148 port 7867 [preauth]
Jan 18 14:08:26 host sshd[6267]: User root from 123.240.182.181 not allowed because not listed in AllowUsers
Jan 18 14:08:26 host sshd[6267]: input_userauth_request: invalid user root [preauth]
Jan 18 14:08:26 host unix_chkpwd[6278]: password check failed for user (root)
Jan 18 14:08:26 host sshd[6267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.240.182.181 user=root
Jan 18 14:08:26 host sshd[6267]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:08:28 host sshd[6267]: Failed password for invalid user root from 123.240.182.181 port 39159 ssh2
Jan 18 14:08:28 host unix_chkpwd[6302]: password check failed for user (root)
Jan 18 14:08:28 host sshd[6267]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:08:31 host sshd[6267]: Failed password for invalid user root from 123.240.182.181 port 39159 ssh2
Jan 18 14:08:31 host unix_chkpwd[6306]: password check failed for user (root)
Jan 18 14:08:31 host sshd[6267]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:08:33 host sshd[6267]: Failed password for invalid user root from 123.240.182.181 port 39159 ssh2
Jan 18 14:08:33 host unix_chkpwd[6309]: password check failed for user (root)
Jan 18 14:08:33 host sshd[6267]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:08:36 host sshd[6267]: Failed password for invalid user root from 123.240.182.181 port 39159 ssh2
Jan 18 14:08:36 host unix_chkpwd[6330]: password check failed for user (root)
Jan 18 14:08:36 host sshd[6267]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:08:38 host sshd[6267]: Failed password for invalid user root from 123.240.182.181 port 39159 ssh2
Jan 18 14:10:29 host sshd[6582]: Invalid user ec2-user from 82.53.79.212 port 58339
Jan 18 14:10:29 host sshd[6582]: input_userauth_request: invalid user ec2-user [preauth]
Jan 18 14:10:29 host sshd[6582]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:10:29 host sshd[6582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.53.79.212
Jan 18 14:10:31 host sshd[6582]: Failed password for invalid user ec2-user from 82.53.79.212 port 58339 ssh2
Jan 18 14:10:32 host sshd[6582]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:10:34 host sshd[6582]: Failed password for invalid user ec2-user from 82.53.79.212 port 58339 ssh2
Jan 18 14:10:35 host sshd[6582]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:10:37 host sshd[6582]: Failed password for invalid user ec2-user from 82.53.79.212 port 58339 ssh2
Jan 18 14:10:37 host sshd[6582]: Failed password for invalid user ec2-user from 82.53.79.212 port 58339 ssh2
Jan 18 14:10:38 host sshd[6582]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:10:40 host sshd[6582]: Failed password for invalid user ec2-user from 82.53.79.212 port 58339 ssh2
Jan 18 14:10:41 host sshd[6582]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:10:43 host sshd[6582]: Failed password for invalid user ec2-user from 82.53.79.212 port 58339 ssh2
Jan 18 14:10:43 host sshd[6582]: error: maximum authentication attempts exceeded for invalid user ec2-user from 82.53.79.212 port 58339 ssh2 [preauth]
Jan 18 14:10:43 host sshd[6582]: Disconnecting: Too many authentication failures [preauth]
Jan 18 14:10:43 host sshd[6582]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.53.79.212
Jan 18 14:10:43 host sshd[6582]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 18 14:10:49 host sshd[6773]: User root from 35.234.63.166 not allowed because not listed in AllowUsers
Jan 18 14:10:49 host sshd[6773]: input_userauth_request: invalid user root [preauth]
Jan 18 14:10:49 host unix_chkpwd[6775]: password check failed for user (root)
Jan 18 14:10:49 host sshd[6773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.234.63.166 user=root
Jan 18 14:10:49 host sshd[6773]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:10:50 host sshd[6773]: Failed password for invalid user root from 35.234.63.166 port 33958 ssh2
Jan 18 14:10:50 host sshd[6773]: Received disconnect from 35.234.63.166 port 33958:11: Bye Bye [preauth]
Jan 18 14:10:50 host sshd[6773]: Disconnected from 35.234.63.166 port 33958 [preauth]
Jan 18 14:11:18 host sshd[6831]: User root from 95.51.122.85 not allowed because not listed in AllowUsers
Jan 18 14:11:18 host sshd[6831]: input_userauth_request: invalid user root [preauth]
Jan 18 14:11:18 host unix_chkpwd[6834]: password check failed for user (root)
Jan 18 14:11:18 host sshd[6831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.51.122.85 user=root
Jan 18 14:11:18 host sshd[6831]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:11:18 host sshd[6829]: User root from 43.135.153.55 not allowed because not listed in AllowUsers
Jan 18 14:11:18 host sshd[6829]: input_userauth_request: invalid user root [preauth]
Jan 18 14:11:18 host unix_chkpwd[6835]: password check failed for user (root)
Jan 18 14:11:18 host sshd[6829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.153.55 user=root
Jan 18 14:11:18 host sshd[6829]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:11:20 host sshd[6831]: Failed password for invalid user root from 95.51.122.85 port 49592 ssh2
Jan 18 14:11:20 host sshd[6831]: Received disconnect from 95.51.122.85 port 49592:11: Bye Bye [preauth]
Jan 18 14:11:20 host sshd[6831]: Disconnected from 95.51.122.85 port 49592 [preauth]
Jan 18 14:11:20 host sshd[6829]: Failed password for invalid user root from 43.135.153.55 port 59986 ssh2
Jan 18 14:11:20 host sshd[6829]: Received disconnect from 43.135.153.55 port 59986:11: Bye Bye [preauth]
Jan 18 14:11:20 host sshd[6829]: Disconnected from 43.135.153.55 port 59986 [preauth]
Jan 18 14:12:30 host sshd[6970]: User root from 211.43.15.80 not allowed because not listed in AllowUsers
Jan 18 14:12:30 host sshd[6970]: input_userauth_request: invalid user root [preauth]
Jan 18 14:12:30 host unix_chkpwd[6973]: password check failed for user (root)
Jan 18 14:12:30 host sshd[6970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.43.15.80 user=root
Jan 18 14:12:30 host sshd[6970]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:12:32 host sshd[6970]: Failed password for invalid user root from 211.43.15.80 port 58058 ssh2
Jan 18 14:12:32 host sshd[6970]: Received disconnect from 211.43.15.80 port 58058:11: Bye Bye [preauth]
Jan 18 14:12:32 host sshd[6970]: Disconnected from 211.43.15.80 port 58058 [preauth]
Jan 18 14:13:24 host sshd[7071]: Invalid user hadoop from 202.160.145.243 port 56432
Jan 18 14:13:24 host sshd[7071]: input_userauth_request: invalid user hadoop [preauth]
Jan 18 14:13:24 host sshd[7071]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:13:24 host sshd[7071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.160.145.243
Jan 18 14:13:25 host sshd[7071]: Failed password for invalid user hadoop from 202.160.145.243 port 56432 ssh2
Jan 18 14:13:25 host sshd[7071]: Received disconnect from 202.160.145.243 port 56432:11: Bye Bye [preauth]
Jan 18 14:13:25 host sshd[7071]: Disconnected from 202.160.145.243 port 56432 [preauth]
Jan 18 14:15:27 host sshd[7301]: Invalid user webadmin from 142.44.247.187 port 60664
Jan 18 14:15:27 host sshd[7301]: input_userauth_request: invalid user webadmin [preauth]
Jan 18 14:15:27 host sshd[7301]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:15:27 host sshd[7301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.44.247.187
Jan 18 14:15:30 host sshd[7301]: Failed password for invalid user webadmin from 142.44.247.187 port 60664 ssh2
Jan 18 14:15:30 host sshd[7301]: Received disconnect from 142.44.247.187 port 60664:11: Bye Bye [preauth]
Jan 18 14:15:30 host sshd[7301]: Disconnected from 142.44.247.187 port 60664 [preauth]
Jan 18 14:16:25 host sshd[7538]: Invalid user albert from 35.234.63.166 port 34016
Jan 18 14:16:25 host sshd[7538]: input_userauth_request: invalid user albert [preauth]
Jan 18 14:16:25 host sshd[7538]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:16:25 host sshd[7538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.234.63.166
Jan 18 14:16:27 host sshd[7538]: Failed password for invalid user albert from 35.234.63.166 port 34016 ssh2
Jan 18 14:16:27 host sshd[7538]: Received disconnect from 35.234.63.166 port 34016:11: Bye Bye [preauth]
Jan 18 14:16:27 host sshd[7538]: Disconnected from 35.234.63.166 port 34016 [preauth]
Jan 18 14:16:43 host sshd[7614]: User root from 43.135.153.55 not allowed because not listed in AllowUsers
Jan 18 14:16:43 host sshd[7614]: input_userauth_request: invalid user root [preauth]
Jan 18 14:16:43 host unix_chkpwd[7617]: password check failed for user (root)
Jan 18 14:16:43 host sshd[7614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.153.55 user=root
Jan 18 14:16:43 host sshd[7614]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:16:45 host sshd[7614]: Failed password for invalid user root from 43.135.153.55 port 58664 ssh2
Jan 18 14:16:45 host sshd[7614]: Received disconnect from 43.135.153.55 port 58664:11: Bye Bye [preauth]
Jan 18 14:16:45 host sshd[7614]: Disconnected from 43.135.153.55 port 58664 [preauth]
Jan 18 14:17:06 host sshd[7677]: Invalid user ts2 from 211.43.15.80 port 49306
Jan 18 14:17:06 host sshd[7677]: input_userauth_request: invalid user ts2 [preauth]
Jan 18 14:17:06 host sshd[7677]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:17:06 host sshd[7677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.43.15.80
Jan 18 14:17:07 host sshd[7677]: Failed password for invalid user ts2 from 211.43.15.80 port 49306 ssh2
Jan 18 14:17:07 host sshd[7677]: Received disconnect from 211.43.15.80 port 49306:11: Bye Bye [preauth]
Jan 18 14:17:07 host sshd[7677]: Disconnected from 211.43.15.80 port 49306 [preauth]
Jan 18 14:17:40 host sshd[7787]: Invalid user sales1 from 118.70.180.189 port 64647
Jan 18 14:17:40 host sshd[7787]: input_userauth_request: invalid user sales1 [preauth]
Jan 18 14:17:40 host sshd[7787]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:17:40 host sshd[7787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.180.189
Jan 18 14:17:42 host sshd[7787]: Failed password for invalid user sales1 from 118.70.180.189 port 64647 ssh2
Jan 18 14:17:42 host sshd[7787]: Received disconnect from 118.70.180.189 port 64647:11: Bye Bye [preauth]
Jan 18 14:17:42 host sshd[7787]: Disconnected from 118.70.180.189 port 64647 [preauth]
Jan 18 14:17:47 host sshd[7800]: Invalid user postgres from 142.44.247.187 port 55264
Jan 18 14:17:47 host sshd[7800]: input_userauth_request: invalid user postgres [preauth]
Jan 18 14:17:47 host sshd[7800]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:17:47 host sshd[7800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.44.247.187
Jan 18 14:17:49 host sshd[7800]: Failed password for invalid user postgres from 142.44.247.187 port 55264 ssh2
Jan 18 14:17:49 host sshd[7800]: Received disconnect from 142.44.247.187 port 55264:11: Bye Bye [preauth]
Jan 18 14:17:49 host sshd[7800]: Disconnected from 142.44.247.187 port 55264 [preauth]
Jan 18 14:18:01 host sshd[7849]: Invalid user ts2 from 95.51.122.85 port 47142
Jan 18 14:18:01 host sshd[7849]: input_userauth_request: invalid user ts2 [preauth]
Jan 18 14:18:01 host sshd[7849]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:18:01 host sshd[7849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.51.122.85
Jan 18 14:18:03 host sshd[7849]: Failed password for invalid user ts2 from 95.51.122.85 port 47142 ssh2
Jan 18 14:18:03 host sshd[7849]: Received disconnect from 95.51.122.85 port 47142:11: Bye Bye [preauth]
Jan 18 14:18:03 host sshd[7849]: Disconnected from 95.51.122.85 port 47142 [preauth]
Jan 18 14:18:19 host sshd[7923]: Invalid user pivpn from 202.160.145.243 port 50224
Jan 18 14:18:19 host sshd[7923]: input_userauth_request: invalid user pivpn [preauth]
Jan 18 14:18:19 host sshd[7923]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:18:19 host sshd[7923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.160.145.243
Jan 18 14:18:20 host sshd[7923]: Failed password for invalid user pivpn from 202.160.145.243 port 50224 ssh2
Jan 18 14:18:20 host sshd[7923]: Received disconnect from 202.160.145.243 port 50224:11: Bye Bye [preauth]
Jan 18 14:18:20 host sshd[7923]: Disconnected from 202.160.145.243 port 50224 [preauth]
Jan 18 14:18:52 host sshd[7986]: Invalid user kafka from 142.44.247.187 port 59862
Jan 18 14:18:52 host sshd[7986]: input_userauth_request: invalid user kafka [preauth]
Jan 18 14:18:52 host sshd[7986]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:18:52 host sshd[7986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.44.247.187
Jan 18 14:18:54 host sshd[7986]: Failed password for invalid user kafka from 142.44.247.187 port 59862 ssh2
Jan 18 14:18:54 host sshd[7986]: Received disconnect from 142.44.247.187 port 59862:11: Bye Bye [preauth]
Jan 18 14:18:54 host sshd[7986]: Disconnected from 142.44.247.187 port 59862 [preauth]
Jan 18 14:19:55 host sshd[8127]: Invalid user mapr from 202.160.145.243 port 33332
Jan 18 14:19:55 host sshd[8127]: input_userauth_request: invalid user mapr [preauth]
Jan 18 14:19:55 host sshd[8127]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:19:55 host sshd[8127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.160.145.243
Jan 18 14:19:57 host sshd[8127]: Failed password for invalid user mapr from 202.160.145.243 port 33332 ssh2
Jan 18 14:19:57 host sshd[8127]: Received disconnect from 202.160.145.243 port 33332:11: Bye Bye [preauth]
Jan 18 14:19:57 host sshd[8127]: Disconnected from 202.160.145.243 port 33332 [preauth]
Jan 18 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 14:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 14:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=a2zgroup user-2=dartsimp user-3=laundryboniface user-4=wwwkaretakers user-5=cochintaxi user-6=travelboniface user-7=ugotscom user-8=wwwresourcehunte user-9=keralaholi user-10=wwwrmswll user-11=wwwpmcresource user-12=shalinijames user-13=wwwtestugo user-14=vfmassets user-15=pmcresources user-16=disposeat user-17=wwwkmaorg user-18=remysagr user-19=woodpeck user-20=wwwkapin user-21=phmetals user-22=kottayamcalldriv user-23=palco123 user-24=gifterman user-25=mrsclean user-26=wwwnexidigital user-27=wwwevmhonda user-28=bonifacegroup user-29=straightcurve user-30=wwwletsstalkfood feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 14:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-gUsp1G6rtR8zYD4Q.~
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-gUsp1G6rtR8zYD4Q.~'
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-gUsp1G6rtR8zYD4Q.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 14:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 14:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 14:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 14:25:38 host sshd[9188]: Invalid user nginx from 183.109.210.172 port 59154
Jan 18 14:25:38 host sshd[9188]: input_userauth_request: invalid user nginx [preauth]
Jan 18 14:25:38 host sshd[9188]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:25:38 host sshd[9188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.109.210.172
Jan 18 14:25:40 host sshd[9188]: Failed password for invalid user nginx from 183.109.210.172 port 59154 ssh2
Jan 18 14:25:41 host sshd[9188]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:25:43 host sshd[9207]: Invalid user vadmin from 220.135.26.2 port 60621
Jan 18 14:25:43 host sshd[9207]: input_userauth_request: invalid user vadmin [preauth]
Jan 18 14:25:43 host sshd[9207]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:25:43 host sshd[9207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.26.2
Jan 18 14:25:43 host sshd[9188]: Failed password for invalid user nginx from 183.109.210.172 port 59154 ssh2
Jan 18 14:25:45 host sshd[9188]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:25:45 host sshd[9207]: Failed password for invalid user vadmin from 220.135.26.2 port 60621 ssh2
Jan 18 14:25:46 host sshd[9207]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:25:46 host sshd[9188]: Failed password for invalid user nginx from 183.109.210.172 port 59154 ssh2
Jan 18 14:25:47 host sshd[9188]: Failed password for invalid user nginx from 183.109.210.172 port 59154 ssh2
Jan 18 14:25:48 host sshd[9188]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:25:48 host sshd[9207]: Failed password for invalid user vadmin from 220.135.26.2 port 60621 ssh2
Jan 18 14:25:49 host sshd[9207]: Failed password for invalid user vadmin from 220.135.26.2 port 60621 ssh2
Jan 18 14:25:49 host sshd[9207]: Connection closed by 220.135.26.2 port 60621 [preauth]
Jan 18 14:25:49 host sshd[9207]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.26.2
Jan 18 14:25:50 host sshd[9188]: Failed password for invalid user nginx from 183.109.210.172 port 59154 ssh2
Jan 18 14:25:51 host sshd[9188]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:25:53 host sshd[9188]: Failed password for invalid user nginx from 183.109.210.172 port 59154 ssh2
Jan 18 14:25:53 host sshd[9188]: error: maximum authentication attempts exceeded for invalid user nginx from 183.109.210.172 port 59154 ssh2 [preauth]
Jan 18 14:25:53 host sshd[9188]: Disconnecting: Too many authentication failures [preauth]
Jan 18 14:25:53 host sshd[9188]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.109.210.172
Jan 18 14:25:53 host sshd[9188]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 18 14:27:12 host sshd[9395]: User root from 59.127.234.24 not allowed because not listed in AllowUsers
Jan 18 14:27:12 host sshd[9395]: input_userauth_request: invalid user root [preauth]
Jan 18 14:27:12 host unix_chkpwd[9401]: password check failed for user (root)
Jan 18 14:27:12 host sshd[9395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.234.24 user=root
Jan 18 14:27:12 host sshd[9395]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:27:14 host sshd[9395]: Failed password for invalid user root from 59.127.234.24 port 36977 ssh2
Jan 18 14:27:15 host unix_chkpwd[9404]: password check failed for user (root)
Jan 18 14:27:15 host sshd[9395]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:27:16 host sshd[9395]: Failed password for invalid user root from 59.127.234.24 port 36977 ssh2
Jan 18 14:27:17 host sshd[9395]: Connection reset by 59.127.234.24 port 36977 [preauth]
Jan 18 14:27:17 host sshd[9395]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.234.24 user=root
Jan 18 14:29:20 host sshd[9727]: Invalid user terry from 209.141.56.48 port 35130
Jan 18 14:29:20 host sshd[9727]: input_userauth_request: invalid user terry [preauth]
Jan 18 14:29:20 host sshd[9727]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:29:20 host sshd[9727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 18 14:29:22 host sshd[9727]: Failed password for invalid user terry from 209.141.56.48 port 35130 ssh2
Jan 18 14:29:23 host sshd[9727]: Connection closed by 209.141.56.48 port 35130 [preauth]
Jan 18 14:31:45 host sshd[10053]: User root from 100.15.215.175 not allowed because not listed in AllowUsers
Jan 18 14:31:45 host sshd[10053]: input_userauth_request: invalid user root [preauth]
Jan 18 14:31:45 host unix_chkpwd[10058]: password check failed for user (root)
Jan 18 14:31:45 host sshd[10053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=100.15.215.175 user=root
Jan 18 14:31:45 host sshd[10053]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:31:47 host sshd[10053]: Failed password for invalid user root from 100.15.215.175 port 62813 ssh2
Jan 18 14:31:48 host unix_chkpwd[10063]: password check failed for user (root)
Jan 18 14:31:48 host sshd[10053]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:31:50 host sshd[10053]: Failed password for invalid user root from 100.15.215.175 port 62813 ssh2
Jan 18 14:31:51 host unix_chkpwd[10074]: password check failed for user (root)
Jan 18 14:31:51 host sshd[10053]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:31:53 host sshd[10053]: Failed password for invalid user root from 100.15.215.175 port 62813 ssh2
Jan 18 14:31:54 host unix_chkpwd[10080]: password check failed for user (root)
Jan 18 14:31:54 host sshd[10053]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 14:31:55 host sshd[10053]: Failed password for invalid user root from 100.15.215.175 port 62813 ssh2
Jan 18 14:31:56 host sshd[10053]: Connection reset by 100.15.215.175 port 62813 [preauth]
Jan 18 14:31:56 host sshd[10053]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=100.15.215.175 user=root
Jan 18 14:31:56 host sshd[10053]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 18 14:35:02 host sshd[10633]: Invalid user ec2-user from 59.126.150.149 port 36390
Jan 18 14:35:02 host sshd[10633]: input_userauth_request: invalid user ec2-user [preauth]
Jan 18 14:35:02 host sshd[10633]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:35:02 host sshd[10633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.150.149
Jan 18 14:35:04 host sshd[10633]: Failed password for invalid user ec2-user from 59.126.150.149 port 36390 ssh2
Jan 18 14:35:06 host sshd[10633]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:35:08 host sshd[10633]: Failed password for invalid user ec2-user from 59.126.150.149 port 36390 ssh2
Jan 18 14:35:09 host sshd[10633]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:35:11 host sshd[10633]: Failed password for invalid user ec2-user from 59.126.150.149 port 36390 ssh2
Jan 18 14:35:12 host sshd[10633]: Failed password for invalid user ec2-user from 59.126.150.149 port 36390 ssh2
Jan 18 14:35:12 host sshd[10633]: Connection reset by 59.126.150.149 port 36390 [preauth]
Jan 18 14:35:12 host sshd[10633]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.150.149
Jan 18 14:51:19 host sshd[13036]: Invalid user admin from 128.199.136.139 port 46946
Jan 18 14:51:19 host sshd[13036]: input_userauth_request: invalid user admin [preauth]
Jan 18 14:51:19 host sshd[13036]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:51:19 host sshd[13036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.136.139
Jan 18 14:51:21 host sshd[13036]: Failed password for invalid user admin from 128.199.136.139 port 46946 ssh2
Jan 18 14:51:21 host sshd[13036]: Connection closed by 128.199.136.139 port 46946 [preauth]
Jan 18 14:54:14 host sshd[13393]: Invalid user ONTUSER from 220.133.223.157 port 54503
Jan 18 14:54:14 host sshd[13393]: input_userauth_request: invalid user ONTUSER [preauth]
Jan 18 14:54:14 host sshd[13393]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:54:14 host sshd[13393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.223.157
Jan 18 14:54:16 host sshd[13393]: Failed password for invalid user ONTUSER from 220.133.223.157 port 54503 ssh2
Jan 18 14:54:17 host sshd[13393]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 14:54:19 host sshd[13393]: Failed password for invalid user ONTUSER from 220.133.223.157 port 54503 ssh2
Jan 18 14:54:19 host sshd[13393]: Failed password for invalid user ONTUSER from 220.133.223.157 port 54503 ssh2
Jan 18 14:54:19 host sshd[13393]: Connection reset by 220.133.223.157 port 54503 [preauth]
Jan 18 14:54:19 host sshd[13393]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.223.157
Jan 18 14:59:41 host sshd[14285]: Did not receive identification string from 149.129.220.222 port 61000
Jan 18 15:04:15 host sshd[14869]: Invalid user user from 96.69.52.5 port 57372
Jan 18 15:04:15 host sshd[14869]: input_userauth_request: invalid user user [preauth]
Jan 18 15:04:15 host sshd[14869]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:04:15 host sshd[14869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.69.52.5
Jan 18 15:04:16 host sshd[14869]: Failed password for invalid user user from 96.69.52.5 port 57372 ssh2
Jan 18 15:04:17 host sshd[14869]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:04:19 host sshd[14869]: Failed password for invalid user user from 96.69.52.5 port 57372 ssh2
Jan 18 15:04:20 host sshd[14869]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:04:22 host sshd[14869]: Failed password for invalid user user from 96.69.52.5 port 57372 ssh2
Jan 18 15:04:23 host sshd[14869]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:04:26 host sshd[14869]: Failed password for invalid user user from 96.69.52.5 port 57372 ssh2
Jan 18 15:04:27 host sshd[14869]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:04:28 host sshd[14869]: Failed password for invalid user user from 96.69.52.5 port 57372 ssh2
Jan 18 15:06:35 host sshd[15289]: Invalid user admin from 121.153.216.202 port 63575
Jan 18 15:06:35 host sshd[15289]: input_userauth_request: invalid user admin [preauth]
Jan 18 15:06:35 host sshd[15289]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:06:35 host sshd[15289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.153.216.202
Jan 18 15:06:37 host sshd[15289]: Failed password for invalid user admin from 121.153.216.202 port 63575 ssh2
Jan 18 15:06:38 host sshd[15289]: Failed password for invalid user admin from 121.153.216.202 port 63575 ssh2
Jan 18 15:06:38 host sshd[15289]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:06:41 host sshd[15289]: Failed password for invalid user admin from 121.153.216.202 port 63575 ssh2
Jan 18 15:06:42 host sshd[15289]: Connection reset by 121.153.216.202 port 63575 [preauth]
Jan 18 15:06:42 host sshd[15289]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.153.216.202
Jan 18 15:10:11 host sshd[15727]: Invalid user terry from 209.141.56.48 port 34008
Jan 18 15:10:11 host sshd[15727]: input_userauth_request: invalid user terry [preauth]
Jan 18 15:10:11 host sshd[15727]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:10:11 host sshd[15727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 18 15:10:13 host sshd[15727]: Failed password for invalid user terry from 209.141.56.48 port 34008 ssh2
Jan 18 15:10:13 host sshd[15727]: Connection closed by 209.141.56.48 port 34008 [preauth]
Jan 18 15:20:10 host sshd[17198]: Invalid user backuprestore from 205.185.113.129 port 54652
Jan 18 15:20:10 host sshd[17198]: input_userauth_request: invalid user backuprestore [preauth]
Jan 18 15:20:10 host sshd[17198]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:20:10 host sshd[17198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 18 15:20:12 host sshd[17198]: Failed password for invalid user backuprestore from 205.185.113.129 port 54652 ssh2
Jan 18 15:20:13 host sshd[17198]: Connection closed by 205.185.113.129 port 54652 [preauth]
Jan 18 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 15:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=vfmassets user-2=shalinijames user-3=wwwtestugo user-4=pmcresources user-5=wwwkmaorg user-6=disposeat user-7=remysagr user-8=wwwkapin user-9=woodpeck user-10=palco123 user-11=gifterman user-12=kottayamcalldriv user-13=phmetals user-14=mrsclean user-15=wwwnexidigital user-16=bonifacegroup user-17=wwwevmhonda user-18=straightcurve user-19=wwwletsstalkfood user-20=a2zgroup user-21=dartsimp user-22=laundryboniface user-23=cochintaxi user-24=wwwkaretakers user-25=travelboniface user-26=keralaholi user-27=wwwresourcehunte user-28=wwwrmswll user-29=ugotscom user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 15:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 15:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 15:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-mtLW7CcQwYHFlXIs.~
Jan 18 15:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-mtLW7CcQwYHFlXIs.~'
Jan 18 15:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-mtLW7CcQwYHFlXIs.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 15:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 15:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 15:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 15:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 15:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 15:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 15:28:15 host sshd[18723]: Connection reset by 126.28.12.129 port 34639 [preauth]
Jan 18 15:31:34 host sshd[19331]: User root from 121.159.193.163 not allowed because not listed in AllowUsers
Jan 18 15:31:34 host sshd[19331]: input_userauth_request: invalid user root [preauth]
Jan 18 15:31:34 host unix_chkpwd[19339]: password check failed for user (root)
Jan 18 15:31:34 host sshd[19331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.159.193.163 user=root
Jan 18 15:31:34 host sshd[19331]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 15:31:36 host sshd[19331]: Failed password for invalid user root from 121.159.193.163 port 61978 ssh2
Jan 18 15:31:37 host sshd[19331]: Connection reset by 121.159.193.163 port 61978 [preauth]
Jan 18 15:36:22 host sshd[20086]: Invalid user terry from 209.141.56.48 port 52926
Jan 18 15:36:22 host sshd[20086]: input_userauth_request: invalid user terry [preauth]
Jan 18 15:36:22 host sshd[20086]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:36:22 host sshd[20086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 18 15:36:24 host sshd[20086]: Failed password for invalid user terry from 209.141.56.48 port 52926 ssh2
Jan 18 15:36:24 host sshd[20086]: Connection closed by 209.141.56.48 port 52926 [preauth]
Jan 18 15:38:42 host sshd[20384]: Invalid user terry from 209.141.56.48 port 56556
Jan 18 15:38:42 host sshd[20384]: input_userauth_request: invalid user terry [preauth]
Jan 18 15:38:42 host sshd[20384]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:38:42 host sshd[20384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 18 15:38:44 host sshd[20384]: Failed password for invalid user terry from 209.141.56.48 port 56556 ssh2
Jan 18 15:38:44 host sshd[20384]: Connection closed by 209.141.56.48 port 56556 [preauth]
Jan 18 15:46:08 host sshd[21510]: Invalid user fz from 194.110.203.109 port 39910
Jan 18 15:46:08 host sshd[21510]: input_userauth_request: invalid user fz [preauth]
Jan 18 15:46:08 host sshd[21510]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:46:08 host sshd[21510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 15:46:09 host sshd[21510]: Failed password for invalid user fz from 194.110.203.109 port 39910 ssh2
Jan 18 15:46:12 host sshd[21510]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:46:15 host sshd[21510]: Failed password for invalid user fz from 194.110.203.109 port 39910 ssh2
Jan 18 15:46:18 host sshd[21510]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:46:20 host sshd[21510]: Failed password for invalid user fz from 194.110.203.109 port 39910 ssh2
Jan 18 15:46:23 host sshd[21510]: Connection closed by 194.110.203.109 port 39910 [preauth]
Jan 18 15:46:23 host sshd[21510]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 15:53:35 host sshd[22622]: Invalid user admin from 59.126.185.56 port 34778
Jan 18 15:53:35 host sshd[22622]: input_userauth_request: invalid user admin [preauth]
Jan 18 15:53:35 host sshd[22622]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:53:35 host sshd[22622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.185.56
Jan 18 15:53:37 host sshd[22622]: Failed password for invalid user admin from 59.126.185.56 port 34778 ssh2
Jan 18 15:53:37 host sshd[22622]: Failed password for invalid user admin from 59.126.185.56 port 34778 ssh2
Jan 18 15:53:38 host sshd[22622]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:53:40 host sshd[22622]: Failed password for invalid user admin from 59.126.185.56 port 34778 ssh2
Jan 18 15:53:41 host sshd[22622]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:53:42 host sshd[22622]: Failed password for invalid user admin from 59.126.185.56 port 34778 ssh2
Jan 18 15:53:43 host sshd[22622]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 15:53:45 host sshd[22622]: Failed password for invalid user admin from 59.126.185.56 port 34778 ssh2
Jan 18 16:07:23 host sshd[24630]: Invalid user elasticsearch from 14.99.4.82 port 50708
Jan 18 16:07:23 host sshd[24630]: input_userauth_request: invalid user elasticsearch [preauth]
Jan 18 16:07:23 host sshd[24630]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:07:23 host sshd[24630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.99.4.82
Jan 18 16:07:24 host sshd[24630]: Failed password for invalid user elasticsearch from 14.99.4.82 port 50708 ssh2
Jan 18 16:07:24 host sshd[24630]: Received disconnect from 14.99.4.82 port 50708:11: Bye Bye [preauth]
Jan 18 16:07:24 host sshd[24630]: Disconnected from 14.99.4.82 port 50708 [preauth]
Jan 18 16:08:44 host sshd[24790]: Invalid user ec2-user from 79.45.153.175 port 39157
Jan 18 16:08:44 host sshd[24790]: input_userauth_request: invalid user ec2-user [preauth]
Jan 18 16:08:44 host sshd[24790]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:08:44 host sshd[24790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.45.153.175
Jan 18 16:08:47 host sshd[24790]: Failed password for invalid user ec2-user from 79.45.153.175 port 39157 ssh2
Jan 18 16:08:47 host sshd[24790]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:08:49 host sshd[24790]: Failed password for invalid user ec2-user from 79.45.153.175 port 39157 ssh2
Jan 18 16:08:50 host sshd[24790]: Connection reset by 79.45.153.175 port 39157 [preauth]
Jan 18 16:08:50 host sshd[24790]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.45.153.175
Jan 18 16:09:59 host sshd[24925]: User root from 202.83.17.243 not allowed because not listed in AllowUsers
Jan 18 16:09:59 host sshd[24925]: input_userauth_request: invalid user root [preauth]
Jan 18 16:09:59 host unix_chkpwd[24927]: password check failed for user (root)
Jan 18 16:09:59 host sshd[24925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.17.243 user=root
Jan 18 16:09:59 host sshd[24925]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 16:10:01 host sshd[24925]: Failed password for invalid user root from 202.83.17.243 port 57062 ssh2
Jan 18 16:10:01 host sshd[24925]: Received disconnect from 202.83.17.243 port 57062:11: Bye Bye [preauth]
Jan 18 16:10:01 host sshd[24925]: Disconnected from 202.83.17.243 port 57062 [preauth]
Jan 18 16:11:31 host sshd[25211]: Invalid user deamon from 14.99.4.82 port 54656
Jan 18 16:11:31 host sshd[25211]: input_userauth_request: invalid user deamon [preauth]
Jan 18 16:11:31 host sshd[25211]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:11:31 host sshd[25211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.99.4.82
Jan 18 16:11:33 host sshd[25211]: Failed password for invalid user deamon from 14.99.4.82 port 54656 ssh2
Jan 18 16:11:33 host sshd[25211]: Received disconnect from 14.99.4.82 port 54656:11: Bye Bye [preauth]
Jan 18 16:11:33 host sshd[25211]: Disconnected from 14.99.4.82 port 54656 [preauth]
Jan 18 16:12:08 host sshd[25278]: Invalid user ubuntu from 61.80.194.115 port 60036
Jan 18 16:12:08 host sshd[25278]: input_userauth_request: invalid user ubuntu [preauth]
Jan 18 16:12:08 host sshd[25278]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:12:08 host sshd[25278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.80.194.115
Jan 18 16:12:10 host sshd[25278]: Failed password for invalid user ubuntu from 61.80.194.115 port 60036 ssh2
Jan 18 16:12:10 host sshd[25278]: Connection reset by 61.80.194.115 port 60036 [preauth]
Jan 18 16:12:56 host sshd[25363]: User root from 202.83.17.243 not allowed because not listed in AllowUsers
Jan 18 16:12:56 host sshd[25363]: input_userauth_request: invalid user root [preauth]
Jan 18 16:12:56 host unix_chkpwd[25365]: password check failed for user (root)
Jan 18 16:12:56 host sshd[25363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.17.243 user=root
Jan 18 16:12:56 host sshd[25363]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 16:12:59 host sshd[25363]: Failed password for invalid user root from 202.83.17.243 port 52084 ssh2
Jan 18 16:12:59 host sshd[25363]: Received disconnect from 202.83.17.243 port 52084:11: Bye Bye [preauth]
Jan 18 16:12:59 host sshd[25363]: Disconnected from 202.83.17.243 port 52084 [preauth]
Jan 18 16:15:09 host sshd[25656]: Invalid user nginx from 122.117.50.131 port 56519
Jan 18 16:15:09 host sshd[25656]: input_userauth_request: invalid user nginx [preauth]
Jan 18 16:15:09 host sshd[25656]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:15:09 host sshd[25656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.50.131
Jan 18 16:15:11 host sshd[25656]: Failed password for invalid user nginx from 122.117.50.131 port 56519 ssh2
Jan 18 16:15:12 host sshd[25656]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:15:14 host sshd[25656]: Failed password for invalid user nginx from 122.117.50.131 port 56519 ssh2
Jan 18 16:15:15 host sshd[25656]: Connection reset by 122.117.50.131 port 56519 [preauth]
Jan 18 16:15:15 host sshd[25656]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.50.131
Jan 18 16:15:53 host sshd[25868]: User root from 14.99.4.82 not allowed because not listed in AllowUsers
Jan 18 16:15:53 host sshd[25868]: input_userauth_request: invalid user root [preauth]
Jan 18 16:15:53 host unix_chkpwd[25870]: password check failed for user (root)
Jan 18 16:15:53 host sshd[25868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.99.4.82 user=root
Jan 18 16:15:53 host sshd[25868]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 16:15:56 host sshd[25868]: Failed password for invalid user root from 14.99.4.82 port 47108 ssh2
Jan 18 16:15:56 host sshd[25868]: Received disconnect from 14.99.4.82 port 47108:11: Bye Bye [preauth]
Jan 18 16:15:56 host sshd[25868]: Disconnected from 14.99.4.82 port 47108 [preauth]
Jan 18 16:18:48 host sshd[26243]: User root from 103.224.36.226 not allowed because not listed in AllowUsers
Jan 18 16:18:48 host sshd[26243]: input_userauth_request: invalid user root [preauth]
Jan 18 16:18:48 host unix_chkpwd[26248]: password check failed for user (root)
Jan 18 16:18:48 host sshd[26243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.224.36.226 user=root
Jan 18 16:18:48 host sshd[26243]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 16:18:49 host sshd[26243]: Failed password for invalid user root from 103.224.36.226 port 41964 ssh2
Jan 18 16:18:49 host sshd[26243]: Received disconnect from 103.224.36.226 port 41964:11: Bye Bye [preauth]
Jan 18 16:18:49 host sshd[26243]: Disconnected from 103.224.36.226 port 41964 [preauth]
Jan 18 16:19:40 host sshd[26342]: Invalid user support from 114.34.195.135 port 44804
Jan 18 16:19:40 host sshd[26342]: input_userauth_request: invalid user support [preauth]
Jan 18 16:19:40 host sshd[26342]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:19:40 host sshd[26342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.195.135
Jan 18 16:19:41 host sshd[26342]: Failed password for invalid user support from 114.34.195.135 port 44804 ssh2
Jan 18 16:19:42 host sshd[26342]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:19:44 host sshd[26342]: Failed password for invalid user support from 114.34.195.135 port 44804 ssh2
Jan 18 16:19:45 host sshd[26342]: Connection reset by 114.34.195.135 port 44804 [preauth]
Jan 18 16:19:45 host sshd[26342]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.195.135
Jan 18 16:20:10 host sshd[26420]: Invalid user informix from 103.224.36.226 port 39204
Jan 18 16:20:10 host sshd[26420]: input_userauth_request: invalid user informix [preauth]
Jan 18 16:20:10 host sshd[26420]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:20:10 host sshd[26420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.224.36.226
Jan 18 16:20:12 host sshd[26420]: Failed password for invalid user informix from 103.224.36.226 port 39204 ssh2
Jan 18 16:20:12 host sshd[26420]: Received disconnect from 103.224.36.226 port 39204:11: Bye Bye [preauth]
Jan 18 16:20:12 host sshd[26420]: Disconnected from 103.224.36.226 port 39204 [preauth]
Jan 18 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 16:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=dartsimp user-2=a2zgroup user-3=laundryboniface user-4=wwwkaretakers user-5=cochintaxi user-6=travelboniface user-7=ugotscom user-8=wwwrmswll user-9=wwwresourcehunte user-10=keralaholi user-11=wwwpmcresource user-12=wwwtestugo user-13=shalinijames user-14=vfmassets user-15=pmcresources user-16=remysagr user-17=disposeat user-18=wwwkmaorg user-19=wwwkapin user-20=woodpeck user-21=kottayamcalldriv user-22=phmetals user-23=gifterman user-24=palco123 user-25=mrsclean user-26=wwwnexidigital user-27=wwwevmhonda user-28=bonifacegroup user-29=straightcurve user-30=wwwletsstalkfood feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 16:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 16:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Z4NOXfbVaNVDiXul.~
Jan 18 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Z4NOXfbVaNVDiXul.~'
Jan 18 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Z4NOXfbVaNVDiXul.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 16:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 16:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 16:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 16:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 16:28:07 host sshd[27782]: Invalid user admin from 181.111.20.111 port 49878
Jan 18 16:28:07 host sshd[27782]: input_userauth_request: invalid user admin [preauth]
Jan 18 16:28:07 host sshd[27782]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:28:07 host sshd[27782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.111.20.111
Jan 18 16:28:08 host sshd[27782]: Failed password for invalid user admin from 181.111.20.111 port 49878 ssh2
Jan 18 16:28:10 host sshd[27782]: Connection reset by 181.111.20.111 port 49878 [preauth]
Jan 18 16:39:56 host sshd[29326]: Invalid user dnsekakf2$$ from 49.213.248.204 port 56712
Jan 18 16:39:56 host sshd[29326]: input_userauth_request: invalid user dnsekakf2$$ [preauth]
Jan 18 16:39:56 host sshd[29326]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:39:56 host sshd[29326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.248.204
Jan 18 16:39:58 host sshd[29326]: Failed password for invalid user dnsekakf2$$ from 49.213.248.204 port 56712 ssh2
Jan 18 16:39:59 host sshd[29326]: Failed password for invalid user dnsekakf2$$ from 49.213.248.204 port 56712 ssh2
Jan 18 16:39:59 host sshd[29326]: Connection closed by 49.213.248.204 port 56712 [preauth]
Jan 18 16:42:21 host sshd[29735]: Invalid user zyfwp from 114.33.66.157 port 56120
Jan 18 16:42:21 host sshd[29735]: input_userauth_request: invalid user zyfwp [preauth]
Jan 18 16:42:21 host sshd[29735]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:42:21 host sshd[29735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.66.157
Jan 18 16:42:23 host sshd[29735]: Failed password for invalid user zyfwp from 114.33.66.157 port 56120 ssh2
Jan 18 16:42:24 host sshd[29735]: Connection reset by 114.33.66.157 port 56120 [preauth]
Jan 18 16:43:28 host sshd[29860]: Invalid user admin from 175.203.118.149 port 43290
Jan 18 16:43:28 host sshd[29860]: input_userauth_request: invalid user admin [preauth]
Jan 18 16:43:28 host sshd[29860]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:43:28 host sshd[29860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.203.118.149
Jan 18 16:43:30 host sshd[29860]: Failed password for invalid user admin from 175.203.118.149 port 43290 ssh2
Jan 18 16:43:31 host sshd[29860]: Failed password for invalid user admin from 175.203.118.149 port 43290 ssh2
Jan 18 16:43:31 host sshd[29860]: Connection reset by 175.203.118.149 port 43290 [preauth]
Jan 18 16:51:08 host sshd[30947]: Invalid user user from 110.239.141.231 port 35263
Jan 18 16:51:08 host sshd[30947]: input_userauth_request: invalid user user [preauth]
Jan 18 16:51:08 host sshd[30947]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 16:51:08 host sshd[30947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.239.141.231
Jan 18 16:51:11 host sshd[30947]: Failed password for invalid user user from 110.239.141.231 port 35263 ssh2
Jan 18 16:51:11 host sshd[30947]: Connection closed by 110.239.141.231 port 35263 [preauth]
Jan 18 16:57:25 host sshd[31792]: User root from 59.126.249.176 not allowed because not listed in AllowUsers
Jan 18 16:57:25 host sshd[31792]: input_userauth_request: invalid user root [preauth]
Jan 18 16:57:25 host unix_chkpwd[31795]: password check failed for user (root)
Jan 18 16:57:25 host sshd[31792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.249.176 user=root
Jan 18 16:57:25 host sshd[31792]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 16:57:27 host sshd[31792]: Failed password for invalid user root from 59.126.249.176 port 46807 ssh2
Jan 18 16:57:28 host unix_chkpwd[31819]: password check failed for user (root)
Jan 18 16:57:28 host sshd[31792]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 16:57:30 host sshd[31792]: Failed password for invalid user root from 59.126.249.176 port 46807 ssh2
Jan 18 16:57:30 host sshd[31792]: Connection reset by 59.126.249.176 port 46807 [preauth]
Jan 18 16:57:30 host sshd[31792]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.249.176 user=root
Jan 18 17:06:50 host sshd[793]: Did not receive identification string from 143.110.189.156 port 37922
Jan 18 17:07:23 host sshd[853]: Invalid user admin from 143.110.189.156 port 60730
Jan 18 17:07:23 host sshd[853]: input_userauth_request: invalid user admin [preauth]
Jan 18 17:07:23 host sshd[853]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:07:23 host sshd[853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.189.156
Jan 18 17:07:26 host sshd[853]: Failed password for invalid user admin from 143.110.189.156 port 60730 ssh2
Jan 18 17:07:26 host sshd[853]: Connection closed by 143.110.189.156 port 60730 [preauth]
Jan 18 17:07:40 host sshd[890]: Invalid user dnsekakf2$$ from 81.10.112.130 port 35430
Jan 18 17:07:40 host sshd[890]: input_userauth_request: invalid user dnsekakf2$$ [preauth]
Jan 18 17:07:40 host sshd[890]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:07:40 host sshd[890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.10.112.130
Jan 18 17:07:42 host sshd[890]: Failed password for invalid user dnsekakf2$$ from 81.10.112.130 port 35430 ssh2
Jan 18 17:07:43 host sshd[890]: Connection reset by 81.10.112.130 port 35430 [preauth]
Jan 18 17:08:08 host sshd[940]: Invalid user admin from 143.110.189.156 port 44510
Jan 18 17:08:08 host sshd[940]: input_userauth_request: invalid user admin [preauth]
Jan 18 17:08:08 host sshd[940]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:08:08 host sshd[940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.189.156
Jan 18 17:08:10 host sshd[940]: Failed password for invalid user admin from 143.110.189.156 port 44510 ssh2
Jan 18 17:08:10 host sshd[940]: Connection closed by 143.110.189.156 port 44510 [preauth]
Jan 18 17:10:44 host sshd[1416]: Invalid user admin from 211.24.100.56 port 42721
Jan 18 17:10:44 host sshd[1416]: input_userauth_request: invalid user admin [preauth]
Jan 18 17:10:45 host sshd[1416]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:10:45 host sshd[1416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.24.100.56
Jan 18 17:10:46 host sshd[1416]: Failed password for invalid user admin from 211.24.100.56 port 42721 ssh2
Jan 18 17:10:47 host sshd[1416]: Connection closed by 211.24.100.56 port 42721 [preauth]
Jan 18 17:13:31 host sshd[1787]: User root from 114.34.125.68 not allowed because not listed in AllowUsers
Jan 18 17:13:31 host sshd[1787]: input_userauth_request: invalid user root [preauth]
Jan 18 17:13:31 host unix_chkpwd[1794]: password check failed for user (root)
Jan 18 17:13:31 host sshd[1787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.125.68 user=root
Jan 18 17:13:31 host sshd[1787]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 17:13:33 host sshd[1787]: Failed password for invalid user root from 114.34.125.68 port 33952 ssh2
Jan 18 17:13:33 host unix_chkpwd[1807]: password check failed for user (root)
Jan 18 17:13:33 host sshd[1787]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 17:13:36 host sshd[1787]: Failed password for invalid user root from 114.34.125.68 port 33952 ssh2
Jan 18 17:13:36 host unix_chkpwd[1811]: password check failed for user (root)
Jan 18 17:13:36 host sshd[1787]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 17:13:38 host sshd[1787]: Failed password for invalid user root from 114.34.125.68 port 33952 ssh2
Jan 18 17:13:40 host unix_chkpwd[1818]: password check failed for user (root)
Jan 18 17:13:40 host sshd[1787]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 17:13:42 host sshd[1787]: Failed password for invalid user root from 114.34.125.68 port 33952 ssh2
Jan 18 17:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwletsstalkfood user-2=straightcurve user-3=wwwevmhonda user-4=bonifacegroup user-5=mrsclean user-6=wwwnexidigital user-7=phmetals user-8=kottayamcalldriv user-9=gifterman user-10=palco123 user-11=wwwkapin user-12=woodpeck user-13=remysagr user-14=disposeat user-15=wwwkmaorg user-16=pmcresources user-17=wwwtestugo user-18=shalinijames user-19=vfmassets user-20=wwwpmcresource user-21=ugotscom user-22=wwwrmswll user-23=wwwresourcehunte user-24=keralaholi user-25=travelboniface user-26=wwwkaretakers user-27=cochintaxi user-28=laundryboniface user-29=dartsimp user-30=a2zgroup feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 17:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-bBTwiuPlCWiHYbgi.~
Jan 18 17:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-bBTwiuPlCWiHYbgi.~'
Jan 18 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-bBTwiuPlCWiHYbgi.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 17:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 17:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 17:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 17:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 17:21:29 host sshd[3241]: Invalid user pi from 176.149.224.221 port 44170
Jan 18 17:21:29 host sshd[3241]: input_userauth_request: invalid user pi [preauth]
Jan 18 17:21:29 host sshd[3243]: Invalid user pi from 176.149.224.221 port 44176
Jan 18 17:21:29 host sshd[3243]: input_userauth_request: invalid user pi [preauth]
Jan 18 17:21:30 host sshd[3241]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:21:30 host sshd[3241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.149.224.221
Jan 18 17:21:30 host sshd[3243]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:21:30 host sshd[3243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.149.224.221
Jan 18 17:21:31 host sshd[3241]: Failed password for invalid user pi from 176.149.224.221 port 44170 ssh2
Jan 18 17:21:31 host sshd[3243]: Failed password for invalid user pi from 176.149.224.221 port 44176 ssh2
Jan 18 17:21:31 host sshd[3241]: Connection closed by 176.149.224.221 port 44170 [preauth]
Jan 18 17:21:32 host sshd[3243]: Connection closed by 176.149.224.221 port 44176 [preauth]
Jan 18 17:22:33 host sshd[3361]: Invalid user glenn from 107.189.30.59 port 44084
Jan 18 17:22:33 host sshd[3361]: input_userauth_request: invalid user glenn [preauth]
Jan 18 17:22:33 host sshd[3361]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:22:33 host sshd[3361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 18 17:22:35 host sshd[3361]: Failed password for invalid user glenn from 107.189.30.59 port 44084 ssh2
Jan 18 17:22:36 host sshd[3361]: Connection closed by 107.189.30.59 port 44084 [preauth]
Jan 18 17:29:22 host sshd[4290]: User root from 183.80.11.233 not allowed because not listed in AllowUsers
Jan 18 17:29:22 host sshd[4290]: input_userauth_request: invalid user root [preauth]
Jan 18 17:29:22 host unix_chkpwd[4294]: password check failed for user (root)
Jan 18 17:29:22 host sshd[4290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.80.11.233 user=root
Jan 18 17:29:22 host sshd[4290]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 17:29:25 host sshd[4290]: Failed password for invalid user root from 183.80.11.233 port 43034 ssh2
Jan 18 17:29:25 host sshd[4290]: Connection closed by 183.80.11.233 port 43034 [preauth]
Jan 18 17:36:18 host sshd[5253]: Invalid user g from 194.110.203.109 port 59104
Jan 18 17:36:18 host sshd[5253]: input_userauth_request: invalid user g [preauth]
Jan 18 17:36:18 host sshd[5253]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:36:18 host sshd[5253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 17:36:20 host sshd[5253]: Failed password for invalid user g from 194.110.203.109 port 59104 ssh2
Jan 18 17:36:23 host sshd[5253]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:36:25 host sshd[5253]: Failed password for invalid user g from 194.110.203.109 port 59104 ssh2
Jan 18 17:36:28 host sshd[5253]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:36:31 host sshd[5253]: Failed password for invalid user g from 194.110.203.109 port 59104 ssh2
Jan 18 17:36:34 host sshd[5253]: Connection closed by 194.110.203.109 port 59104 [preauth]
Jan 18 17:36:34 host sshd[5253]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 17:36:47 host sshd[5301]: Invalid user admin from 125.228.178.73 port 49096
Jan 18 17:36:47 host sshd[5301]: input_userauth_request: invalid user admin [preauth]
Jan 18 17:36:47 host sshd[5301]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:36:47 host sshd[5301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.178.73
Jan 18 17:36:50 host sshd[5301]: Failed password for invalid user admin from 125.228.178.73 port 49096 ssh2
Jan 18 17:36:51 host sshd[5301]: Failed password for invalid user admin from 125.228.178.73 port 49096 ssh2
Jan 18 17:36:52 host sshd[5301]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:36:54 host sshd[5301]: Failed password for invalid user admin from 125.228.178.73 port 49096 ssh2
Jan 18 17:36:55 host sshd[5301]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:36:56 host sshd[5301]: Failed password for invalid user admin from 125.228.178.73 port 49096 ssh2
Jan 18 17:36:58 host sshd[5301]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:37:00 host sshd[5301]: Failed password for invalid user admin from 125.228.178.73 port 49096 ssh2
Jan 18 17:40:19 host sshd[5909]: Invalid user conectar from 43.134.186.121 port 48578
Jan 18 17:40:19 host sshd[5909]: input_userauth_request: invalid user conectar [preauth]
Jan 18 17:40:19 host sshd[5909]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:40:19 host sshd[5909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.186.121
Jan 18 17:40:21 host sshd[5909]: Failed password for invalid user conectar from 43.134.186.121 port 48578 ssh2
Jan 18 17:40:21 host sshd[5909]: Received disconnect from 43.134.186.121 port 48578:11: Bye Bye [preauth]
Jan 18 17:40:21 host sshd[5909]: Disconnected from 43.134.186.121 port 48578 [preauth]
Jan 18 17:40:41 host sshd[5961]: Invalid user docker from 104.248.51.246 port 51358
Jan 18 17:40:41 host sshd[5961]: input_userauth_request: invalid user docker [preauth]
Jan 18 17:40:41 host sshd[5961]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:40:41 host sshd[5961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.51.246
Jan 18 17:40:43 host sshd[5961]: Failed password for invalid user docker from 104.248.51.246 port 51358 ssh2
Jan 18 17:40:43 host sshd[5961]: Received disconnect from 104.248.51.246 port 51358:11: Bye Bye [preauth]
Jan 18 17:40:43 host sshd[5961]: Disconnected from 104.248.51.246 port 51358 [preauth]
Jan 18 17:41:11 host sshd[6033]: Invalid user hadoop from 80.87.33.100 port 35650
Jan 18 17:41:11 host sshd[6033]: input_userauth_request: invalid user hadoop [preauth]
Jan 18 17:41:11 host sshd[6033]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:41:11 host sshd[6033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.87.33.100
Jan 18 17:41:13 host sshd[6033]: Failed password for invalid user hadoop from 80.87.33.100 port 35650 ssh2
Jan 18 17:41:13 host sshd[6033]: Received disconnect from 80.87.33.100 port 35650:11: Bye Bye [preauth]
Jan 18 17:41:13 host sshd[6033]: Disconnected from 80.87.33.100 port 35650 [preauth]
Jan 18 17:41:22 host sshd[6051]: User root from 51.38.226.20 not allowed because not listed in AllowUsers
Jan 18 17:41:22 host sshd[6051]: input_userauth_request: invalid user root [preauth]
Jan 18 17:41:22 host unix_chkpwd[6053]: password check failed for user (root)
Jan 18 17:41:22 host sshd[6051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.38.226.20 user=root
Jan 18 17:41:22 host sshd[6051]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 17:41:24 host sshd[6051]: Failed password for invalid user root from 51.38.226.20 port 36180 ssh2
Jan 18 17:41:24 host sshd[6051]: Received disconnect from 51.38.226.20 port 36180:11: Bye Bye [preauth]
Jan 18 17:41:24 host sshd[6051]: Disconnected from 51.38.226.20 port 36180 [preauth]
Jan 18 17:41:30 host sshd[6082]: Invalid user app from 34.125.201.253 port 59776
Jan 18 17:41:30 host sshd[6082]: input_userauth_request: invalid user app [preauth]
Jan 18 17:41:30 host sshd[6082]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:41:30 host sshd[6082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.125.201.253
Jan 18 17:41:32 host sshd[6082]: Failed password for invalid user app from 34.125.201.253 port 59776 ssh2
Jan 18 17:41:32 host sshd[6082]: Received disconnect from 34.125.201.253 port 59776:11: Bye Bye [preauth]
Jan 18 17:41:32 host sshd[6082]: Disconnected from 34.125.201.253 port 59776 [preauth]
Jan 18 17:43:34 host sshd[6433]: Invalid user weblogic from 92.27.157.252 port 43411
Jan 18 17:43:34 host sshd[6433]: input_userauth_request: invalid user weblogic [preauth]
Jan 18 17:43:34 host sshd[6433]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:43:34 host sshd[6433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.157.252
Jan 18 17:43:36 host sshd[6433]: Failed password for invalid user weblogic from 92.27.157.252 port 43411 ssh2
Jan 18 17:43:36 host sshd[6433]: Received disconnect from 92.27.157.252 port 43411:11: Bye Bye [preauth]
Jan 18 17:43:36 host sshd[6433]: Disconnected from 92.27.157.252 port 43411 [preauth]
Jan 18 17:45:13 host sshd[6637]: Invalid user cat from 202.64.141.218 port 41698
Jan 18 17:45:13 host sshd[6637]: input_userauth_request: invalid user cat [preauth]
Jan 18 17:45:13 host sshd[6637]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:45:13 host sshd[6637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.64.141.218
Jan 18 17:45:15 host sshd[6637]: Failed password for invalid user cat from 202.64.141.218 port 41698 ssh2
Jan 18 17:45:15 host sshd[6637]: Received disconnect from 202.64.141.218 port 41698:11: Bye Bye [preauth]
Jan 18 17:45:15 host sshd[6637]: Disconnected from 202.64.141.218 port 41698 [preauth]
Jan 18 17:46:14 host sshd[6744]: User root from 104.248.51.246 not allowed because not listed in AllowUsers
Jan 18 17:46:14 host sshd[6744]: input_userauth_request: invalid user root [preauth]
Jan 18 17:46:15 host unix_chkpwd[6747]: password check failed for user (root)
Jan 18 17:46:15 host sshd[6744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.51.246 user=root
Jan 18 17:46:15 host sshd[6744]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 17:46:17 host sshd[6744]: Failed password for invalid user root from 104.248.51.246 port 57724 ssh2
Jan 18 17:46:17 host sshd[6744]: Received disconnect from 104.248.51.246 port 57724:11: Bye Bye [preauth]
Jan 18 17:46:17 host sshd[6744]: Disconnected from 104.248.51.246 port 57724 [preauth]
Jan 18 17:46:23 host sshd[6788]: User root from 34.125.201.253 not allowed because not listed in AllowUsers
Jan 18 17:46:23 host sshd[6788]: input_userauth_request: invalid user root [preauth]
Jan 18 17:46:23 host unix_chkpwd[6792]: password check failed for user (root)
Jan 18 17:46:23 host sshd[6788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.125.201.253 user=root
Jan 18 17:46:23 host sshd[6788]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 17:46:25 host sshd[6788]: Failed password for invalid user root from 34.125.201.253 port 60120 ssh2
Jan 18 17:46:26 host sshd[6788]: Received disconnect from 34.125.201.253 port 60120:11: Bye Bye [preauth]
Jan 18 17:46:26 host sshd[6788]: Disconnected from 34.125.201.253 port 60120 [preauth]
Jan 18 17:46:40 host sshd[6865]: Invalid user ansible from 43.134.186.121 port 46834
Jan 18 17:46:40 host sshd[6865]: input_userauth_request: invalid user ansible [preauth]
Jan 18 17:46:40 host sshd[6865]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:46:40 host sshd[6865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.186.121
Jan 18 17:46:42 host sshd[6865]: Failed password for invalid user ansible from 43.134.186.121 port 46834 ssh2
Jan 18 17:46:42 host sshd[6865]: Received disconnect from 43.134.186.121 port 46834:11: Bye Bye [preauth]
Jan 18 17:46:42 host sshd[6865]: Disconnected from 43.134.186.121 port 46834 [preauth]
Jan 18 17:46:53 host sshd[6883]: Invalid user weblogic from 80.87.33.100 port 60204
Jan 18 17:46:53 host sshd[6883]: input_userauth_request: invalid user weblogic [preauth]
Jan 18 17:46:53 host sshd[6883]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:46:53 host sshd[6883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.87.33.100
Jan 18 17:46:55 host sshd[6883]: Failed password for invalid user weblogic from 80.87.33.100 port 60204 ssh2
Jan 18 17:46:55 host sshd[6883]: Received disconnect from 80.87.33.100 port 60204:11: Bye Bye [preauth]
Jan 18 17:46:55 host sshd[6883]: Disconnected from 80.87.33.100 port 60204 [preauth]
Jan 18 17:47:02 host sshd[6906]: Invalid user hadoop from 51.38.226.20 port 33204
Jan 18 17:47:02 host sshd[6906]: input_userauth_request: invalid user hadoop [preauth]
Jan 18 17:47:02 host sshd[6906]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:47:02 host sshd[6906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.38.226.20
Jan 18 17:47:04 host sshd[6906]: Failed password for invalid user hadoop from 51.38.226.20 port 33204 ssh2
Jan 18 17:47:05 host sshd[6906]: Received disconnect from 51.38.226.20 port 33204:11: Bye Bye [preauth]
Jan 18 17:47:05 host sshd[6906]: Disconnected from 51.38.226.20 port 33204 [preauth]
Jan 18 17:47:10 host sshd[6923]: User root from 92.27.157.252 not allowed because not listed in AllowUsers
Jan 18 17:47:10 host sshd[6923]: input_userauth_request: invalid user root [preauth]
Jan 18 17:47:10 host unix_chkpwd[6991]: password check failed for user (root)
Jan 18 17:47:10 host sshd[6923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.157.252 user=root
Jan 18 17:47:10 host sshd[6923]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 17:47:12 host sshd[6923]: Failed password for invalid user root from 92.27.157.252 port 36819 ssh2
Jan 18 17:47:12 host sshd[6923]: Received disconnect from 92.27.157.252 port 36819:11: Bye Bye [preauth]
Jan 18 17:47:12 host sshd[6923]: Disconnected from 92.27.157.252 port 36819 [preauth]
Jan 18 17:47:24 host sshd[7090]: User root from 202.64.141.218 not allowed because not listed in AllowUsers
Jan 18 17:47:24 host sshd[7090]: input_userauth_request: invalid user root [preauth]
Jan 18 17:47:24 host unix_chkpwd[7093]: password check failed for user (root)
Jan 18 17:47:24 host sshd[7090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.64.141.218 user=root
Jan 18 17:47:24 host sshd[7090]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 17:47:26 host sshd[7090]: Failed password for invalid user root from 202.64.141.218 port 44828 ssh2
Jan 18 17:47:26 host sshd[7090]: Received disconnect from 202.64.141.218 port 44828:11: Bye Bye [preauth]
Jan 18 17:47:26 host sshd[7090]: Disconnected from 202.64.141.218 port 44828 [preauth]
Jan 18 17:47:43 host sshd[7165]: Invalid user support from 173.56.122.212 port 51801
Jan 18 17:47:43 host sshd[7165]: input_userauth_request: invalid user support [preauth]
Jan 18 17:47:44 host sshd[7165]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:47:44 host sshd[7165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.56.122.212
Jan 18 17:47:45 host sshd[7165]: Failed password for invalid user support from 173.56.122.212 port 51801 ssh2
Jan 18 17:47:46 host sshd[7165]: Connection closed by 173.56.122.212 port 51801 [preauth]
Jan 18 17:47:55 host sshd[7185]: User root from 43.134.186.121 not allowed because not listed in AllowUsers
Jan 18 17:47:55 host sshd[7185]: input_userauth_request: invalid user root [preauth]
Jan 18 17:47:55 host unix_chkpwd[7187]: password check failed for user (root)
Jan 18 17:47:55 host sshd[7185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.186.121 user=root
Jan 18 17:47:55 host sshd[7185]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 17:47:57 host sshd[7185]: Failed password for invalid user root from 43.134.186.121 port 37554 ssh2
Jan 18 17:47:57 host sshd[7185]: Received disconnect from 43.134.186.121 port 37554:11: Bye Bye [preauth]
Jan 18 17:47:57 host sshd[7185]: Disconnected from 43.134.186.121 port 37554 [preauth]
Jan 18 17:48:03 host sshd[7237]: User root from 80.87.33.100 not allowed because not listed in AllowUsers
Jan 18 17:48:03 host sshd[7237]: input_userauth_request: invalid user root [preauth]
Jan 18 17:48:03 host unix_chkpwd[7240]: password check failed for user (root)
Jan 18 17:48:03 host sshd[7237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.87.33.100 user=root
Jan 18 17:48:03 host sshd[7237]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 17:48:04 host sshd[7237]: Failed password for invalid user root from 80.87.33.100 port 54326 ssh2
Jan 18 17:48:05 host sshd[7237]: Received disconnect from 80.87.33.100 port 54326:11: Bye Bye [preauth]
Jan 18 17:48:05 host sshd[7237]: Disconnected from 80.87.33.100 port 54326 [preauth]
Jan 18 17:48:46 host sshd[7358]: Did not receive identification string from 1.116.135.59 port 37788
Jan 18 17:51:58 host sshd[7799]: Invalid user oracle from 149.90.157.108 port 44633
Jan 18 17:51:58 host sshd[7799]: input_userauth_request: invalid user oracle [preauth]
Jan 18 17:51:59 host sshd[7799]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:51:59 host sshd[7799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.90.157.108
Jan 18 17:52:01 host sshd[7799]: Failed password for invalid user oracle from 149.90.157.108 port 44633 ssh2
Jan 18 17:52:01 host sshd[7799]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:52:03 host sshd[7799]: Failed password for invalid user oracle from 149.90.157.108 port 44633 ssh2
Jan 18 17:52:04 host sshd[7799]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 17:52:06 host sshd[7799]: Failed password for invalid user oracle from 149.90.157.108 port 44633 ssh2
Jan 18 17:52:07 host sshd[7799]: Connection reset by 149.90.157.108 port 44633 [preauth]
Jan 18 17:52:07 host sshd[7799]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.90.157.108
Jan 18 18:06:10 host sshd[9788]: User root from 201.130.128.222 not allowed because not listed in AllowUsers
Jan 18 18:06:10 host sshd[9788]: input_userauth_request: invalid user root [preauth]
Jan 18 18:06:10 host unix_chkpwd[9792]: password check failed for user (root)
Jan 18 18:06:10 host sshd[9788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.130.128.222 user=root
Jan 18 18:06:10 host sshd[9788]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 18:06:12 host sshd[9788]: Failed password for invalid user root from 201.130.128.222 port 42408 ssh2
Jan 18 18:06:13 host sshd[9788]: Connection closed by 201.130.128.222 port 42408 [preauth]
Jan 18 18:12:39 host sshd[10633]: Invalid user vpn from 93.125.114.51 port 57828
Jan 18 18:12:39 host sshd[10633]: input_userauth_request: invalid user vpn [preauth]
Jan 18 18:12:39 host sshd[10633]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:12:39 host sshd[10633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.125.114.51
Jan 18 18:12:41 host sshd[10633]: Failed password for invalid user vpn from 93.125.114.51 port 57828 ssh2
Jan 18 18:12:42 host sshd[10633]: Received disconnect from 93.125.114.51 port 57828:11: Bye Bye [preauth]
Jan 18 18:12:42 host sshd[10633]: Disconnected from 93.125.114.51 port 57828 [preauth]
Jan 18 18:14:27 host sshd[10956]: Invalid user master from 27.254.149.199 port 58050
Jan 18 18:14:27 host sshd[10956]: input_userauth_request: invalid user master [preauth]
Jan 18 18:14:27 host sshd[10956]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:14:27 host sshd[10956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199
Jan 18 18:14:29 host sshd[10956]: Failed password for invalid user master from 27.254.149.199 port 58050 ssh2
Jan 18 18:14:29 host sshd[10956]: Received disconnect from 27.254.149.199 port 58050:11: Bye Bye [preauth]
Jan 18 18:14:29 host sshd[10956]: Disconnected from 27.254.149.199 port 58050 [preauth]
Jan 18 18:14:46 host sshd[10995]: Invalid user gitlab-runner from 121.139.83.37 port 53304
Jan 18 18:14:46 host sshd[10995]: input_userauth_request: invalid user gitlab-runner [preauth]
Jan 18 18:14:46 host sshd[10995]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:14:46 host sshd[10995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.139.83.37
Jan 18 18:14:48 host sshd[10995]: Failed password for invalid user gitlab-runner from 121.139.83.37 port 53304 ssh2
Jan 18 18:14:49 host sshd[10995]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:14:50 host sshd[10995]: Failed password for invalid user gitlab-runner from 121.139.83.37 port 53304 ssh2
Jan 18 18:14:52 host sshd[10995]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:14:54 host sshd[10995]: Failed password for invalid user gitlab-runner from 121.139.83.37 port 53304 ssh2
Jan 18 18:14:56 host sshd[10995]: Failed password for invalid user gitlab-runner from 121.139.83.37 port 53304 ssh2
Jan 18 18:14:57 host sshd[10995]: Connection closed by 121.139.83.37 port 53304 [preauth]
Jan 18 18:14:57 host sshd[10995]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.139.83.37
Jan 18 18:15:34 host sshd[11135]: Invalid user uno85 from 93.125.114.51 port 60396
Jan 18 18:15:34 host sshd[11135]: input_userauth_request: invalid user uno85 [preauth]
Jan 18 18:15:34 host sshd[11135]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:15:34 host sshd[11135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.125.114.51
Jan 18 18:15:36 host sshd[11135]: Failed password for invalid user uno85 from 93.125.114.51 port 60396 ssh2
Jan 18 18:15:36 host sshd[11135]: Received disconnect from 93.125.114.51 port 60396:11: Bye Bye [preauth]
Jan 18 18:15:36 host sshd[11135]: Disconnected from 93.125.114.51 port 60396 [preauth]
Jan 18 18:16:17 host sshd[11199]: Invalid user developer from 27.254.149.199 port 55724
Jan 18 18:16:17 host sshd[11199]: input_userauth_request: invalid user developer [preauth]
Jan 18 18:16:17 host sshd[11199]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:16:17 host sshd[11199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199
Jan 18 18:16:20 host sshd[11199]: Failed password for invalid user developer from 27.254.149.199 port 55724 ssh2
Jan 18 18:16:20 host sshd[11199]: Received disconnect from 27.254.149.199 port 55724:11: Bye Bye [preauth]
Jan 18 18:16:20 host sshd[11199]: Disconnected from 27.254.149.199 port 55724 [preauth]
Jan 18 18:16:51 host sshd[11258]: User root from 93.125.114.51 not allowed because not listed in AllowUsers
Jan 18 18:16:51 host sshd[11258]: input_userauth_request: invalid user root [preauth]
Jan 18 18:16:51 host unix_chkpwd[11260]: password check failed for user (root)
Jan 18 18:16:51 host sshd[11258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.125.114.51 user=root
Jan 18 18:16:51 host sshd[11258]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 18:16:53 host sshd[11258]: Failed password for invalid user root from 93.125.114.51 port 51506 ssh2
Jan 18 18:16:53 host sshd[11258]: Received disconnect from 93.125.114.51 port 51506:11: Bye Bye [preauth]
Jan 18 18:16:53 host sshd[11258]: Disconnected from 93.125.114.51 port 51506 [preauth]
Jan 18 18:17:44 host sshd[11418]: Invalid user system from 27.254.149.199 port 50448
Jan 18 18:17:44 host sshd[11418]: input_userauth_request: invalid user system [preauth]
Jan 18 18:17:44 host sshd[11418]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:17:44 host sshd[11418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.149.199
Jan 18 18:17:47 host sshd[11418]: Failed password for invalid user system from 27.254.149.199 port 50448 ssh2
Jan 18 18:19:03 host sshd[11680]: Invalid user ubnt from 50.79.164.74 port 44740
Jan 18 18:19:03 host sshd[11680]: input_userauth_request: invalid user ubnt [preauth]
Jan 18 18:19:03 host sshd[11680]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:19:03 host sshd[11680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.79.164.74
Jan 18 18:19:05 host sshd[11680]: Failed password for invalid user ubnt from 50.79.164.74 port 44740 ssh2
Jan 18 18:19:06 host sshd[11680]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:19:08 host sshd[11680]: Failed password for invalid user ubnt from 50.79.164.74 port 44740 ssh2
Jan 18 18:19:09 host sshd[11680]: Failed password for invalid user ubnt from 50.79.164.74 port 44740 ssh2
Jan 18 18:19:09 host sshd[11680]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:19:11 host sshd[11680]: Failed password for invalid user ubnt from 50.79.164.74 port 44740 ssh2
Jan 18 18:19:12 host sshd[11680]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:19:13 host sshd[11680]: Failed password for invalid user ubnt from 50.79.164.74 port 44740 ssh2
Jan 18 18:19:14 host sshd[11680]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:19:15 host sshd[11680]: Failed password for invalid user ubnt from 50.79.164.74 port 44740 ssh2
Jan 18 18:19:15 host sshd[11680]: error: maximum authentication attempts exceeded for invalid user ubnt from 50.79.164.74 port 44740 ssh2 [preauth]
Jan 18 18:19:15 host sshd[11680]: Disconnecting: Too many authentication failures [preauth]
Jan 18 18:19:15 host sshd[11680]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.79.164.74
Jan 18 18:19:15 host sshd[11680]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 18 18:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=a2zgroup user-2=dartsimp user-3=laundryboniface user-4=wwwkaretakers user-5=cochintaxi user-6=travelboniface user-7=ugotscom user-8=keralaholi user-9=wwwresourcehunte user-10=wwwrmswll user-11=wwwpmcresource user-12=shalinijames user-13=wwwtestugo user-14=vfmassets user-15=pmcresources user-16=remysagr user-17=disposeat user-18=wwwkmaorg user-19=wwwkapin user-20=woodpeck user-21=kottayamcalldriv user-22=phmetals user-23=palco123 user-24=gifterman user-25=wwwnexidigital user-26=mrsclean user-27=wwwevmhonda user-28=bonifacegroup user-29=straightcurve user-30=wwwletsstalkfood feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 18:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-J8hyn27gGOrxbviJ.~
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-J8hyn27gGOrxbviJ.~'
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-J8hyn27gGOrxbviJ.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 18:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 18:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 18:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 18:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 18:22:10 host sshd[12295]: Connection closed by 45.79.181.94 port 35430 [preauth]
Jan 18 18:22:12 host sshd[12299]: Connection closed by 45.79.181.94 port 35444 [preauth]
Jan 18 18:22:13 host sshd[12303]: Connection closed by 45.79.181.94 port 35450 [preauth]
Jan 18 18:24:48 host sshd[12705]: User root from 81.201.156.55 not allowed because not listed in AllowUsers
Jan 18 18:24:48 host sshd[12705]: input_userauth_request: invalid user root [preauth]
Jan 18 18:24:48 host unix_chkpwd[12709]: password check failed for user (root)
Jan 18 18:24:48 host sshd[12705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.201.156.55 user=root
Jan 18 18:24:48 host sshd[12705]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 18:24:51 host sshd[12705]: Failed password for invalid user root from 81.201.156.55 port 60418 ssh2
Jan 18 18:24:51 host sshd[12705]: Connection closed by 81.201.156.55 port 60418 [preauth]
Jan 18 18:31:20 host sshd[13548]: Invalid user admin from 218.147.239.137 port 61580
Jan 18 18:31:20 host sshd[13548]: input_userauth_request: invalid user admin [preauth]
Jan 18 18:31:20 host sshd[13548]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:31:20 host sshd[13548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.147.239.137
Jan 18 18:31:22 host sshd[13548]: Failed password for invalid user admin from 218.147.239.137 port 61580 ssh2
Jan 18 18:31:24 host sshd[13548]: Failed password for invalid user admin from 218.147.239.137 port 61580 ssh2
Jan 18 18:31:24 host sshd[13548]: Connection reset by 218.147.239.137 port 61580 [preauth]
Jan 18 18:41:02 host sshd[14873]: Invalid user admin from 106.249.128.120 port 62440
Jan 18 18:41:02 host sshd[14873]: input_userauth_request: invalid user admin [preauth]
Jan 18 18:41:02 host sshd[14873]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:41:02 host sshd[14873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.249.128.120
Jan 18 18:41:04 host sshd[14873]: Failed password for invalid user admin from 106.249.128.120 port 62440 ssh2
Jan 18 18:41:04 host sshd[14873]: Failed password for invalid user admin from 106.249.128.120 port 62440 ssh2
Jan 18 18:41:05 host sshd[14873]: Connection reset by 106.249.128.120 port 62440 [preauth]
Jan 18 18:43:27 host sshd[15199]: Invalid user user from 129.126.185.159 port 52206
Jan 18 18:43:27 host sshd[15199]: input_userauth_request: invalid user user [preauth]
Jan 18 18:43:27 host sshd[15199]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:43:27 host sshd[15199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.126.185.159
Jan 18 18:43:30 host sshd[15199]: Failed password for invalid user user from 129.126.185.159 port 52206 ssh2
Jan 18 18:43:30 host sshd[15199]: Connection closed by 129.126.185.159 port 52206 [preauth]
Jan 18 18:56:19 host sshd[17220]: Invalid user admin from 125.229.90.59 port 54017
Jan 18 18:56:19 host sshd[17220]: input_userauth_request: invalid user admin [preauth]
Jan 18 18:56:19 host sshd[17220]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 18:56:19 host sshd[17220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.90.59
Jan 18 18:56:22 host sshd[17220]: Failed password for invalid user admin from 125.229.90.59 port 54017 ssh2
Jan 18 18:56:22 host sshd[17220]: Connection reset by 125.229.90.59 port 54017 [preauth]
Jan 18 19:01:47 host sshd[18175]: Invalid user admin from 45.29.147.45 port 37893
Jan 18 19:01:47 host sshd[18175]: input_userauth_request: invalid user admin [preauth]
Jan 18 19:01:47 host sshd[18175]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:01:47 host sshd[18175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.29.147.45
Jan 18 19:01:50 host sshd[18175]: Failed password for invalid user admin from 45.29.147.45 port 37893 ssh2
Jan 18 19:01:50 host sshd[18175]: Connection closed by 45.29.147.45 port 37893 [preauth]
Jan 18 19:06:08 host sshd[18644]: Invalid user oracle from 186.132.21.142 port 44594
Jan 18 19:06:08 host sshd[18644]: input_userauth_request: invalid user oracle [preauth]
Jan 18 19:06:08 host sshd[18644]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:06:08 host sshd[18644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.132.21.142
Jan 18 19:06:10 host sshd[18644]: Failed password for invalid user oracle from 186.132.21.142 port 44594 ssh2
Jan 18 19:06:11 host sshd[18644]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:06:13 host sshd[18644]: Failed password for invalid user oracle from 186.132.21.142 port 44594 ssh2
Jan 18 19:06:16 host sshd[18644]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:06:18 host sshd[18644]: Failed password for invalid user oracle from 186.132.21.142 port 44594 ssh2
Jan 18 19:06:18 host sshd[18644]: Failed password for invalid user oracle from 186.132.21.142 port 44594 ssh2
Jan 18 19:06:19 host sshd[18644]: Connection reset by 186.132.21.142 port 44594 [preauth]
Jan 18 19:06:19 host sshd[18644]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.132.21.142
Jan 18 19:10:30 host sshd[19389]: Invalid user admin from 49.213.172.52 port 56855
Jan 18 19:10:30 host sshd[19389]: input_userauth_request: invalid user admin [preauth]
Jan 18 19:10:30 host sshd[19389]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:10:30 host sshd[19389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.172.52
Jan 18 19:10:32 host sshd[19389]: Failed password for invalid user admin from 49.213.172.52 port 56855 ssh2
Jan 18 19:10:33 host sshd[19389]: Failed password for invalid user admin from 49.213.172.52 port 56855 ssh2
Jan 18 19:10:35 host sshd[19389]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:10:37 host sshd[19389]: Failed password for invalid user admin from 49.213.172.52 port 56855 ssh2
Jan 18 19:10:38 host sshd[19389]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:10:40 host sshd[19389]: Failed password for invalid user admin from 49.213.172.52 port 56855 ssh2
Jan 18 19:10:40 host sshd[19389]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:10:42 host sshd[19389]: Failed password for invalid user admin from 49.213.172.52 port 56855 ssh2
Jan 18 19:15:13 host sshd[20095]: Invalid user support from 59.126.163.166 port 48488
Jan 18 19:15:13 host sshd[20095]: input_userauth_request: invalid user support [preauth]
Jan 18 19:15:13 host sshd[20095]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:15:13 host sshd[20095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.163.166
Jan 18 19:15:14 host sshd[20095]: Failed password for invalid user support from 59.126.163.166 port 48488 ssh2
Jan 18 19:15:15 host sshd[20095]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:15:17 host sshd[20095]: Failed password for invalid user support from 59.126.163.166 port 48488 ssh2
Jan 18 19:15:18 host sshd[20095]: Connection reset by 59.126.163.166 port 48488 [preauth]
Jan 18 19:15:18 host sshd[20095]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.163.166
Jan 18 19:19:45 host sshd[20714]: Invalid user ubnt from 187.93.191.162 port 37079
Jan 18 19:19:45 host sshd[20714]: input_userauth_request: invalid user ubnt [preauth]
Jan 18 19:19:46 host sshd[20714]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:19:46 host sshd[20714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.93.191.162
Jan 18 19:19:48 host sshd[20714]: Failed password for invalid user ubnt from 187.93.191.162 port 37079 ssh2
Jan 18 19:19:49 host sshd[20714]: Connection closed by 187.93.191.162 port 37079 [preauth]
Jan 18 19:20:55 host sshd[20866]: Invalid user ga from 194.110.203.109 port 55068
Jan 18 19:20:55 host sshd[20866]: input_userauth_request: invalid user ga [preauth]
Jan 18 19:20:55 host sshd[20866]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:20:55 host sshd[20866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 19:20:58 host sshd[20866]: Failed password for invalid user ga from 194.110.203.109 port 55068 ssh2
Jan 18 19:21:01 host sshd[20866]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:04 host sshd[20866]: Failed password for invalid user ga from 194.110.203.109 port 55068 ssh2
Jan 18 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=ugotscom user-4=wwwrmswll user-5=keralaholi user-6=wwwresourcehunte user-7=wwwkaretakers user-8=cochintaxi user-9=dartsimp user-10=a2zgroup user-11=laundryboniface user-12=wwwevmhonda user-13=bonifacegroup user-14=straightcurve user-15=wwwletsstalkfood user-16=kottayamcalldriv user-17=phmetals user-18=gifterman user-19=palco123 user-20=wwwnexidigital user-21=mrsclean user-22=disposeat user-23=wwwkmaorg user-24=remysagr user-25=woodpeck user-26=wwwkapin user-27=wwwtestugo user-28=shalinijames user-29=vfmassets user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 19:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-O9bK3gCvjJ8tRwsV.~
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-O9bK3gCvjJ8tRwsV.~'
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-O9bK3gCvjJ8tRwsV.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 19:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 19:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 19:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 19:21:07 host sshd[20866]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:21:10 host sshd[20866]: Failed password for invalid user ga from 194.110.203.109 port 55068 ssh2
Jan 18 19:21:13 host sshd[20866]: Connection closed by 194.110.203.109 port 55068 [preauth]
Jan 18 19:21:13 host sshd[20866]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 19:28:26 host sshd[22283]: Invalid user informix from 205.185.113.129 port 41112
Jan 18 19:28:26 host sshd[22283]: input_userauth_request: invalid user informix [preauth]
Jan 18 19:28:26 host sshd[22283]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:28:26 host sshd[22283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 18 19:28:28 host sshd[22283]: Failed password for invalid user informix from 205.185.113.129 port 41112 ssh2
Jan 18 19:28:28 host sshd[22283]: Connection closed by 205.185.113.129 port 41112 [preauth]
Jan 18 19:28:38 host sshd[22335]: User root from 1.34.122.186 not allowed because not listed in AllowUsers
Jan 18 19:28:38 host sshd[22335]: input_userauth_request: invalid user root [preauth]
Jan 18 19:28:38 host unix_chkpwd[22340]: password check failed for user (root)
Jan 18 19:28:38 host sshd[22335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.122.186 user=root
Jan 18 19:28:38 host sshd[22335]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 19:28:40 host sshd[22335]: Failed password for invalid user root from 1.34.122.186 port 35733 ssh2
Jan 18 19:28:40 host sshd[22335]: Connection reset by 1.34.122.186 port 35733 [preauth]
Jan 18 19:30:24 host sshd[22683]: Invalid user zyfwp from 220.132.194.158 port 48550
Jan 18 19:30:24 host sshd[22683]: input_userauth_request: invalid user zyfwp [preauth]
Jan 18 19:30:24 host sshd[22683]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:30:24 host sshd[22683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.194.158
Jan 18 19:30:25 host sshd[22683]: Failed password for invalid user zyfwp from 220.132.194.158 port 48550 ssh2
Jan 18 19:30:26 host sshd[22683]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:30:28 host sshd[22683]: Failed password for invalid user zyfwp from 220.132.194.158 port 48550 ssh2
Jan 18 19:30:28 host sshd[22683]: Connection reset by 220.132.194.158 port 48550 [preauth]
Jan 18 19:30:28 host sshd[22683]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.194.158
Jan 18 19:35:35 host sshd[23539]: User root from 14.231.220.135 not allowed because not listed in AllowUsers
Jan 18 19:35:35 host sshd[23539]: input_userauth_request: invalid user root [preauth]
Jan 18 19:35:37 host sshd[23539]: Failed none for invalid user root from 14.231.220.135 port 53627 ssh2
Jan 18 19:35:41 host sshd[23539]: Connection closed by 14.231.220.135 port 53627 [preauth]
Jan 18 19:38:36 host sshd[24110]: Did not receive identification string from 58.72.18.130 port 37440
Jan 18 19:39:35 host sshd[24389]: Invalid user admin from 31.41.244.124 port 10344
Jan 18 19:39:35 host sshd[24389]: input_userauth_request: invalid user admin [preauth]
Jan 18 19:39:36 host sshd[24389]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:39:36 host sshd[24389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124
Jan 18 19:39:37 host sshd[24389]: Failed password for invalid user admin from 31.41.244.124 port 10344 ssh2
Jan 18 19:39:37 host sshd[24389]: Received disconnect from 31.41.244.124 port 10344:11: Client disconnecting normally [preauth]
Jan 18 19:39:37 host sshd[24389]: Disconnected from 31.41.244.124 port 10344 [preauth]
Jan 18 19:39:38 host sshd[24398]: Invalid user system from 31.41.244.124 port 13380
Jan 18 19:39:38 host sshd[24398]: input_userauth_request: invalid user system [preauth]
Jan 18 19:39:38 host sshd[24398]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:39:38 host sshd[24398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124
Jan 18 19:39:41 host sshd[24398]: Failed password for invalid user system from 31.41.244.124 port 13380 ssh2
Jan 18 19:39:41 host sshd[24398]: Received disconnect from 31.41.244.124 port 13380:11: Client disconnecting normally [preauth]
Jan 18 19:39:41 host sshd[24398]: Disconnected from 31.41.244.124 port 13380 [preauth]
Jan 18 19:39:42 host sshd[24404]: Invalid user admin from 31.41.244.124 port 17540
Jan 18 19:39:42 host sshd[24404]: input_userauth_request: invalid user admin [preauth]
Jan 18 19:39:42 host sshd[24404]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:39:42 host sshd[24404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124
Jan 18 19:39:44 host sshd[24404]: Failed password for invalid user admin from 31.41.244.124 port 17540 ssh2
Jan 18 19:41:11 host sshd[24717]: Invalid user azureuser from 91.122.197.235 port 44882
Jan 18 19:41:11 host sshd[24717]: input_userauth_request: invalid user azureuser [preauth]
Jan 18 19:41:11 host sshd[24717]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:41:11 host sshd[24717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.122.197.235
Jan 18 19:41:13 host sshd[24717]: Failed password for invalid user azureuser from 91.122.197.235 port 44882 ssh2
Jan 18 19:41:13 host sshd[24717]: Received disconnect from 91.122.197.235 port 44882:11: Bye Bye [preauth]
Jan 18 19:41:13 host sshd[24717]: Disconnected from 91.122.197.235 port 44882 [preauth]
Jan 18 19:41:27 host sshd[24772]: Invalid user sales1 from 35.219.62.194 port 44468
Jan 18 19:41:27 host sshd[24772]: input_userauth_request: invalid user sales1 [preauth]
Jan 18 19:41:27 host sshd[24772]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:41:27 host sshd[24772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.219.62.194
Jan 18 19:41:29 host sshd[24772]: Failed password for invalid user sales1 from 35.219.62.194 port 44468 ssh2
Jan 18 19:41:29 host sshd[24772]: Received disconnect from 35.219.62.194 port 44468:11: Bye Bye [preauth]
Jan 18 19:41:29 host sshd[24772]: Disconnected from 35.219.62.194 port 44468 [preauth]
Jan 18 19:41:57 host sshd[24872]: User root from 206.81.4.81 not allowed because not listed in AllowUsers
Jan 18 19:41:57 host sshd[24872]: input_userauth_request: invalid user root [preauth]
Jan 18 19:41:57 host unix_chkpwd[24877]: password check failed for user (root)
Jan 18 19:41:57 host sshd[24872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.81.4.81 user=root
Jan 18 19:41:57 host sshd[24872]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 19:41:59 host sshd[24872]: Failed password for invalid user root from 206.81.4.81 port 38260 ssh2
Jan 18 19:41:59 host sshd[24872]: Received disconnect from 206.81.4.81 port 38260:11: Bye Bye [preauth]
Jan 18 19:41:59 host sshd[24872]: Disconnected from 206.81.4.81 port 38260 [preauth]
Jan 18 19:44:27 host sshd[25348]: User root from 103.70.39.194 not allowed because not listed in AllowUsers
Jan 18 19:44:27 host sshd[25348]: input_userauth_request: invalid user root [preauth]
Jan 18 19:44:27 host unix_chkpwd[25353]: password check failed for user (root)
Jan 18 19:44:27 host sshd[25348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.39.194 user=root
Jan 18 19:44:27 host sshd[25348]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 19:44:29 host sshd[25348]: Failed password for invalid user root from 103.70.39.194 port 47694 ssh2
Jan 18 19:44:29 host sshd[25348]: Received disconnect from 103.70.39.194 port 47694:11: Bye Bye [preauth]
Jan 18 19:44:29 host sshd[25348]: Disconnected from 103.70.39.194 port 47694 [preauth]
Jan 18 19:44:44 host sshd[25405]: User root from 175.126.146.170 not allowed because not listed in AllowUsers
Jan 18 19:44:44 host sshd[25405]: input_userauth_request: invalid user root [preauth]
Jan 18 19:44:44 host unix_chkpwd[25408]: password check failed for user (root)
Jan 18 19:44:44 host sshd[25405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.126.146.170 user=root
Jan 18 19:44:44 host sshd[25405]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 19:44:46 host sshd[25405]: Failed password for invalid user root from 175.126.146.170 port 54736 ssh2
Jan 18 19:44:46 host sshd[25405]: Received disconnect from 175.126.146.170 port 54736:11: Bye Bye [preauth]
Jan 18 19:44:46 host sshd[25405]: Disconnected from 175.126.146.170 port 54736 [preauth]
Jan 18 19:45:29 host sshd[25580]: User root from 137.184.35.122 not allowed because not listed in AllowUsers
Jan 18 19:45:29 host sshd[25580]: input_userauth_request: invalid user root [preauth]
Jan 18 19:45:29 host unix_chkpwd[25589]: password check failed for user (root)
Jan 18 19:45:29 host sshd[25580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.35.122 user=root
Jan 18 19:45:29 host sshd[25580]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 19:45:31 host sshd[25580]: Failed password for invalid user root from 137.184.35.122 port 34800 ssh2
Jan 18 19:45:31 host sshd[25580]: Received disconnect from 137.184.35.122 port 34800:11: Bye Bye [preauth]
Jan 18 19:45:31 host sshd[25580]: Disconnected from 137.184.35.122 port 34800 [preauth]
Jan 18 19:45:47 host sshd[25665]: User root from 91.122.197.235 not allowed because not listed in AllowUsers
Jan 18 19:45:47 host sshd[25665]: input_userauth_request: invalid user root [preauth]
Jan 18 19:45:47 host unix_chkpwd[25670]: password check failed for user (root)
Jan 18 19:45:47 host sshd[25665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.122.197.235 user=root
Jan 18 19:45:47 host sshd[25665]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 19:45:50 host sshd[25665]: Failed password for invalid user root from 91.122.197.235 port 55620 ssh2
Jan 18 19:45:50 host sshd[25665]: Received disconnect from 91.122.197.235 port 55620:11: Bye Bye [preauth]
Jan 18 19:45:50 host sshd[25665]: Disconnected from 91.122.197.235 port 55620 [preauth]
Jan 18 19:46:38 host sshd[25930]: Invalid user airflow from 206.81.4.81 port 56712
Jan 18 19:46:38 host sshd[25930]: input_userauth_request: invalid user airflow [preauth]
Jan 18 19:46:38 host sshd[25930]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:46:38 host sshd[25930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.81.4.81
Jan 18 19:46:40 host sshd[25930]: Failed password for invalid user airflow from 206.81.4.81 port 56712 ssh2
Jan 18 19:46:40 host sshd[25930]: Received disconnect from 206.81.4.81 port 56712:11: Bye Bye [preauth]
Jan 18 19:46:40 host sshd[25930]: Disconnected from 206.81.4.81 port 56712 [preauth]
Jan 18 19:46:55 host sshd[26027]: Invalid user afa from 35.219.62.194 port 37724
Jan 18 19:46:55 host sshd[26027]: input_userauth_request: invalid user afa [preauth]
Jan 18 19:46:55 host sshd[26027]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:46:55 host sshd[26027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.219.62.194
Jan 18 19:46:57 host sshd[26027]: Failed password for invalid user afa from 35.219.62.194 port 37724 ssh2
Jan 18 19:46:57 host sshd[26027]: Received disconnect from 35.219.62.194 port 37724:11: Bye Bye [preauth]
Jan 18 19:46:57 host sshd[26027]: Disconnected from 35.219.62.194 port 37724 [preauth]
Jan 18 19:47:14 host sshd[26100]: User root from 103.70.39.194 not allowed because not listed in AllowUsers
Jan 18 19:47:14 host sshd[26100]: input_userauth_request: invalid user root [preauth]
Jan 18 19:47:14 host unix_chkpwd[26105]: password check failed for user (root)
Jan 18 19:47:14 host sshd[26100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.39.194 user=root
Jan 18 19:47:14 host sshd[26100]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 19:47:16 host sshd[26106]: User root from 58.148.19.154 not allowed because not listed in AllowUsers
Jan 18 19:47:16 host sshd[26106]: input_userauth_request: invalid user root [preauth]
Jan 18 19:47:16 host unix_chkpwd[26114]: password check failed for user (root)
Jan 18 19:47:16 host sshd[26106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.148.19.154 user=root
Jan 18 19:47:16 host sshd[26106]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 19:47:16 host sshd[26100]: Failed password for invalid user root from 103.70.39.194 port 56646 ssh2
Jan 18 19:47:17 host sshd[26100]: Received disconnect from 103.70.39.194 port 56646:11: Bye Bye [preauth]
Jan 18 19:47:17 host sshd[26100]: Disconnected from 103.70.39.194 port 56646 [preauth]
Jan 18 19:47:18 host sshd[26106]: Failed password for invalid user root from 58.148.19.154 port 48951 ssh2
Jan 18 19:47:19 host unix_chkpwd[26142]: password check failed for user (root)
Jan 18 19:47:19 host sshd[26106]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 19:47:21 host sshd[26106]: Failed password for invalid user root from 58.148.19.154 port 48951 ssh2
Jan 18 19:47:21 host unix_chkpwd[26168]: password check failed for user (root)
Jan 18 19:47:21 host sshd[26106]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 19:47:24 host sshd[26106]: Failed password for invalid user root from 58.148.19.154 port 48951 ssh2
Jan 18 19:47:24 host unix_chkpwd[26174]: password check failed for user (root)
Jan 18 19:47:24 host sshd[26106]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 19:47:26 host sshd[26106]: Failed password for invalid user root from 58.148.19.154 port 48951 ssh2
Jan 18 19:47:26 host unix_chkpwd[26180]: password check failed for user (root)
Jan 18 19:47:26 host sshd[26106]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 19:47:29 host sshd[26106]: Failed password for invalid user root from 58.148.19.154 port 48951 ssh2
Jan 18 19:47:31 host sshd[26239]: User root from 137.184.35.122 not allowed because not listed in AllowUsers
Jan 18 19:47:31 host sshd[26239]: input_userauth_request: invalid user root [preauth]
Jan 18 19:47:31 host unix_chkpwd[26245]: password check failed for user (root)
Jan 18 19:47:31 host sshd[26239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.35.122 user=root
Jan 18 19:47:31 host sshd[26239]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 19:47:33 host sshd[26239]: Failed password for invalid user root from 137.184.35.122 port 58010 ssh2
Jan 18 19:47:33 host sshd[26239]: Received disconnect from 137.184.35.122 port 58010:11: Bye Bye [preauth]
Jan 18 19:47:33 host sshd[26239]: Disconnected from 137.184.35.122 port 58010 [preauth]
Jan 18 19:48:12 host sshd[26351]: User root from 35.219.62.194 not allowed because not listed in AllowUsers
Jan 18 19:48:12 host sshd[26351]: input_userauth_request: invalid user root [preauth]
Jan 18 19:48:12 host unix_chkpwd[26354]: password check failed for user (root)
Jan 18 19:48:12 host sshd[26351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.219.62.194 user=root
Jan 18 19:48:12 host sshd[26351]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 19:48:14 host sshd[26351]: Failed password for invalid user root from 35.219.62.194 port 60058 ssh2
Jan 18 19:49:38 host sshd[26699]: Invalid user gitlab-runner from 49.191.28.191 port 42469
Jan 18 19:49:38 host sshd[26699]: input_userauth_request: invalid user gitlab-runner [preauth]
Jan 18 19:49:38 host sshd[26699]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:49:38 host sshd[26699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.191.28.191
Jan 18 19:49:40 host sshd[26699]: Failed password for invalid user gitlab-runner from 49.191.28.191 port 42469 ssh2
Jan 18 19:49:42 host sshd[26699]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:49:44 host sshd[26699]: Failed password for invalid user gitlab-runner from 49.191.28.191 port 42469 ssh2
Jan 18 19:50:06 host sshd[26775]: Invalid user ftpuser from 175.126.146.170 port 53060
Jan 18 19:50:06 host sshd[26775]: input_userauth_request: invalid user ftpuser [preauth]
Jan 18 19:50:06 host sshd[26775]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:50:06 host sshd[26775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.126.146.170
Jan 18 19:50:08 host sshd[26775]: Failed password for invalid user ftpuser from 175.126.146.170 port 53060 ssh2
Jan 18 19:50:08 host sshd[26775]: Received disconnect from 175.126.146.170 port 53060:11: Bye Bye [preauth]
Jan 18 19:50:08 host sshd[26775]: Disconnected from 175.126.146.170 port 53060 [preauth]
Jan 18 19:53:31 host sshd[27226]: Invalid user admin from 103.247.167.90 port 43320
Jan 18 19:53:31 host sshd[27226]: input_userauth_request: invalid user admin [preauth]
Jan 18 19:53:32 host sshd[27226]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 19:53:32 host sshd[27226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.247.167.90
Jan 18 19:53:33 host sshd[27226]: Failed password for invalid user admin from 103.247.167.90 port 43320 ssh2
Jan 18 19:53:34 host sshd[27226]: Connection closed by 103.247.167.90 port 43320 [preauth]
Jan 18 19:54:38 host sshd[27469]: Connection reset by 114.33.20.73 port 44472 [preauth]
Jan 18 19:58:49 host sshd[27966]: Did not receive identification string from 206.189.23.129 port 61000
Jan 18 20:04:03 host sshd[28704]: ssh_dispatch_run_fatal: Connection from 69.112.204.55 port 40942: Connection corrupted [preauth]
Jan 18 20:12:16 host sshd[29835]: User root from 189.56.217.183 not allowed because not listed in AllowUsers
Jan 18 20:12:16 host sshd[29835]: input_userauth_request: invalid user root [preauth]
Jan 18 20:12:17 host unix_chkpwd[29844]: password check failed for user (root)
Jan 18 20:12:17 host sshd[29835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.56.217.183 user=root
Jan 18 20:12:17 host sshd[29835]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 20:12:20 host sshd[29835]: Failed password for invalid user root from 189.56.217.183 port 54224 ssh2
Jan 18 20:12:21 host sshd[29835]: Connection closed by 189.56.217.183 port 54224 [preauth]
Jan 18 20:14:57 host sshd[30148]: Invalid user admin from 49.213.226.183 port 41262
Jan 18 20:14:57 host sshd[30148]: input_userauth_request: invalid user admin [preauth]
Jan 18 20:14:57 host sshd[30148]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:14:57 host sshd[30148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.226.183
Jan 18 20:14:59 host sshd[30148]: Failed password for invalid user admin from 49.213.226.183 port 41262 ssh2
Jan 18 20:15:01 host sshd[30148]: Failed password for invalid user admin from 49.213.226.183 port 41262 ssh2
Jan 18 20:15:01 host sshd[30148]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:15:03 host sshd[30148]: Failed password for invalid user admin from 49.213.226.183 port 41262 ssh2
Jan 18 20:15:03 host sshd[30148]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:15:05 host sshd[30148]: Failed password for invalid user admin from 49.213.226.183 port 41262 ssh2
Jan 18 20:15:06 host sshd[30148]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:15:08 host sshd[30148]: Failed password for invalid user admin from 49.213.226.183 port 41262 ssh2
Jan 18 20:15:08 host sshd[30148]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:15:10 host sshd[30148]: Failed password for invalid user admin from 49.213.226.183 port 41262 ssh2
Jan 18 20:15:10 host sshd[30148]: error: maximum authentication attempts exceeded for invalid user admin from 49.213.226.183 port 41262 ssh2 [preauth]
Jan 18 20:15:10 host sshd[30148]: Disconnecting: Too many authentication failures [preauth]
Jan 18 20:15:10 host sshd[30148]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.226.183
Jan 18 20:15:10 host sshd[30148]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 18 20:20:46 host sshd[30974]: Invalid user admin from 125.229.130.156 port 43519
Jan 18 20:20:46 host sshd[30974]: input_userauth_request: invalid user admin [preauth]
Jan 18 20:20:46 host sshd[30974]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:20:46 host sshd[30974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.130.156
Jan 18 20:20:49 host sshd[30974]: Failed password for invalid user admin from 125.229.130.156 port 43519 ssh2
Jan 18 20:20:49 host sshd[30974]: Failed password for invalid user admin from 125.229.130.156 port 43519 ssh2
Jan 18 20:20:50 host sshd[30974]: Connection reset by 125.229.130.156 port 43519 [preauth]
Jan 18 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwnexidigital user-2=mrsclean user-3=palco123 user-4=gifterman user-5=phmetals user-6=kottayamcalldriv user-7=straightcurve user-8=wwwletsstalkfood user-9=bonifacegroup user-10=wwwevmhonda user-11=pmcresources user-12=vfmassets user-13=shalinijames user-14=wwwtestugo user-15=woodpeck user-16=wwwkapin user-17=remysagr user-18=disposeat user-19=wwwkmaorg user-20=keralaholi user-21=wwwresourcehunte user-22=wwwrmswll user-23=ugotscom user-24=travelboniface user-25=wwwpmcresource user-26=laundryboniface user-27=a2zgroup user-28=dartsimp user-29=cochintaxi user-30=wwwkaretakers feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 20:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-id6cRep6syTJgLuX.~
Jan 18 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-id6cRep6syTJgLuX.~'
Jan 18 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-id6cRep6syTJgLuX.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 20:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 20:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 20:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 20:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 20:21:59 host sshd[31429]: Invalid user ONTUSER from 220.86.118.225 port 39665
Jan 18 20:21:59 host sshd[31429]: input_userauth_request: invalid user ONTUSER [preauth]
Jan 18 20:21:59 host sshd[31429]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:21:59 host sshd[31429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.86.118.225
Jan 18 20:22:01 host sshd[31429]: Failed password for invalid user ONTUSER from 220.86.118.225 port 39665 ssh2
Jan 18 20:22:02 host sshd[31429]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:22:04 host sshd[31429]: Failed password for invalid user ONTUSER from 220.86.118.225 port 39665 ssh2
Jan 18 20:22:04 host sshd[31429]: Failed password for invalid user ONTUSER from 220.86.118.225 port 39665 ssh2
Jan 18 20:22:04 host sshd[31429]: Connection closed by 220.86.118.225 port 39665 [preauth]
Jan 18 20:22:04 host sshd[31429]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.86.118.225
Jan 18 20:30:18 host sshd[32492]: Invalid user 1234 from 177.84.49.155 port 56710
Jan 18 20:30:18 host sshd[32492]: input_userauth_request: invalid user 1234 [preauth]
Jan 18 20:30:18 host sshd[32492]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:30:18 host sshd[32492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.84.49.155
Jan 18 20:30:21 host sshd[32492]: Failed password for invalid user 1234 from 177.84.49.155 port 56710 ssh2
Jan 18 20:30:21 host sshd[32492]: Connection closed by 177.84.49.155 port 56710 [preauth]
Jan 18 20:34:22 host sshd[573]: User sshd from 194.169.175.102 not allowed because not listed in AllowUsers
Jan 18 20:34:22 host sshd[573]: input_userauth_request: invalid user sshd [preauth]
Jan 18 20:34:22 host unix_chkpwd[577]: password check failed for user (sshd)
Jan 18 20:34:22 host sshd[573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 user=sshd
Jan 18 20:34:22 host sshd[573]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd"
Jan 18 20:34:23 host sshd[573]: Failed password for invalid user sshd from 194.169.175.102 port 52777 ssh2
Jan 18 20:34:24 host sshd[573]: Received disconnect from 194.169.175.102 port 52777:11: Client disconnecting normally [preauth]
Jan 18 20:34:24 host sshd[573]: Disconnected from 194.169.175.102 port 52777 [preauth]
Jan 18 20:44:14 host sshd[1791]: Invalid user oracle from 125.140.222.113 port 60332
Jan 18 20:44:14 host sshd[1791]: input_userauth_request: invalid user oracle [preauth]
Jan 18 20:44:14 host sshd[1791]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:44:14 host sshd[1791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.140.222.113
Jan 18 20:44:15 host sshd[1791]: Failed password for invalid user oracle from 125.140.222.113 port 60332 ssh2
Jan 18 20:44:16 host sshd[1791]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:44:18 host sshd[1791]: Failed password for invalid user oracle from 125.140.222.113 port 60332 ssh2
Jan 18 20:44:18 host sshd[1791]: Connection reset by 125.140.222.113 port 60332 [preauth]
Jan 18 20:44:18 host sshd[1791]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.140.222.113
Jan 18 20:45:12 host sshd[2018]: Invalid user admin from 114.33.38.40 port 58546
Jan 18 20:45:12 host sshd[2018]: input_userauth_request: invalid user admin [preauth]
Jan 18 20:45:12 host sshd[2018]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:45:12 host sshd[2018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.38.40
Jan 18 20:45:14 host sshd[2018]: Failed password for invalid user admin from 114.33.38.40 port 58546 ssh2
Jan 18 20:45:15 host sshd[2018]: Failed password for invalid user admin from 114.33.38.40 port 58546 ssh2
Jan 18 20:45:16 host sshd[2018]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:45:17 host sshd[2018]: Failed password for invalid user admin from 114.33.38.40 port 58546 ssh2
Jan 18 20:45:18 host sshd[2018]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:45:20 host sshd[2018]: Failed password for invalid user admin from 114.33.38.40 port 58546 ssh2
Jan 18 20:45:21 host sshd[2018]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:45:24 host sshd[2018]: Failed password for invalid user admin from 114.33.38.40 port 58546 ssh2
Jan 18 20:45:24 host sshd[2018]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:45:26 host sshd[2018]: Failed password for invalid user admin from 114.33.38.40 port 58546 ssh2
Jan 18 20:45:26 host sshd[2018]: error: maximum authentication attempts exceeded for invalid user admin from 114.33.38.40 port 58546 ssh2 [preauth]
Jan 18 20:45:26 host sshd[2018]: Disconnecting: Too many authentication failures [preauth]
Jan 18 20:45:26 host sshd[2018]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.38.40
Jan 18 20:45:26 host sshd[2018]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 18 20:48:30 host sshd[2452]: Invalid user admin from 118.98.90.2 port 60029
Jan 18 20:48:30 host sshd[2452]: input_userauth_request: invalid user admin [preauth]
Jan 18 20:48:30 host sshd[2452]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:48:30 host sshd[2452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.98.90.2
Jan 18 20:48:32 host sshd[2452]: Failed password for invalid user admin from 118.98.90.2 port 60029 ssh2
Jan 18 20:48:32 host sshd[2452]: Connection closed by 118.98.90.2 port 60029 [preauth]
Jan 18 20:50:11 host sshd[2785]: Invalid user admin from 119.196.240.71 port 62377
Jan 18 20:50:11 host sshd[2785]: input_userauth_request: invalid user admin [preauth]
Jan 18 20:50:11 host sshd[2785]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:50:11 host sshd[2785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.196.240.71
Jan 18 20:50:14 host sshd[2785]: Failed password for invalid user admin from 119.196.240.71 port 62377 ssh2
Jan 18 20:50:14 host sshd[2785]: Connection reset by 119.196.240.71 port 62377 [preauth]
Jan 18 20:54:21 host sshd[3215]: Invalid user support from 218.147.120.208 port 63708
Jan 18 20:54:21 host sshd[3215]: input_userauth_request: invalid user support [preauth]
Jan 18 20:54:21 host sshd[3215]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:54:21 host sshd[3215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.147.120.208
Jan 18 20:54:23 host sshd[3215]: Failed password for invalid user support from 218.147.120.208 port 63708 ssh2
Jan 18 20:54:24 host sshd[3215]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:54:25 host sshd[3215]: Failed password for invalid user support from 218.147.120.208 port 63708 ssh2
Jan 18 20:54:26 host sshd[3215]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:54:28 host sshd[3215]: Failed password for invalid user support from 218.147.120.208 port 63708 ssh2
Jan 18 20:54:28 host sshd[3215]: Connection reset by 218.147.120.208 port 63708 [preauth]
Jan 18 20:54:28 host sshd[3215]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.147.120.208
Jan 18 20:56:50 host sshd[3605]: Invalid user telnet from 60.250.139.147 port 56842
Jan 18 20:56:50 host sshd[3605]: input_userauth_request: invalid user telnet [preauth]
Jan 18 20:56:50 host sshd[3605]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:56:50 host sshd[3605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.250.139.147
Jan 18 20:56:53 host sshd[3605]: Failed password for invalid user telnet from 60.250.139.147 port 56842 ssh2
Jan 18 20:56:53 host sshd[3605]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:56:56 host sshd[3605]: Failed password for invalid user telnet from 60.250.139.147 port 56842 ssh2
Jan 18 20:56:57 host sshd[3605]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:56:59 host sshd[3605]: Failed password for invalid user telnet from 60.250.139.147 port 56842 ssh2
Jan 18 20:57:00 host sshd[3605]: Failed password for invalid user telnet from 60.250.139.147 port 56842 ssh2
Jan 18 20:57:00 host sshd[3605]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 20:57:02 host sshd[3605]: Failed password for invalid user telnet from 60.250.139.147 port 56842 ssh2
Jan 18 21:00:53 host sshd[4104]: User root from 173.22.101.62 not allowed because not listed in AllowUsers
Jan 18 21:00:53 host sshd[4104]: input_userauth_request: invalid user root [preauth]
Jan 18 21:00:53 host unix_chkpwd[4119]: password check failed for user (root)
Jan 18 21:00:53 host sshd[4104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.22.101.62 user=root
Jan 18 21:00:53 host sshd[4104]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:00:55 host sshd[4104]: Failed password for invalid user root from 173.22.101.62 port 36494 ssh2
Jan 18 21:00:56 host unix_chkpwd[4130]: password check failed for user (root)
Jan 18 21:00:56 host sshd[4104]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:00:58 host sshd[4104]: Failed password for invalid user root from 173.22.101.62 port 36494 ssh2
Jan 18 21:00:59 host unix_chkpwd[4133]: password check failed for user (root)
Jan 18 21:00:59 host sshd[4104]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:01:01 host sshd[4104]: Failed password for invalid user root from 173.22.101.62 port 36494 ssh2
Jan 18 21:01:01 host unix_chkpwd[4159]: password check failed for user (root)
Jan 18 21:01:01 host sshd[4104]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:01:03 host sshd[4104]: Failed password for invalid user root from 173.22.101.62 port 36494 ssh2
Jan 18 21:01:04 host unix_chkpwd[4164]: password check failed for user (root)
Jan 18 21:01:04 host sshd[4104]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:01:06 host sshd[4104]: Failed password for invalid user root from 173.22.101.62 port 36494 ssh2
Jan 18 21:06:31 host sshd[5021]: Bad protocol version identification '\376\b\001adminSSH-2.0-PuTTY_Release_0.77' from 69.117.245.81 port 57629
Jan 18 21:07:50 host sshd[5153]: Invalid user oracle from 112.162.138.228 port 63195
Jan 18 21:07:50 host sshd[5153]: input_userauth_request: invalid user oracle [preauth]
Jan 18 21:07:50 host sshd[5153]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:07:50 host sshd[5153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.162.138.228
Jan 18 21:07:52 host sshd[5153]: Failed password for invalid user oracle from 112.162.138.228 port 63195 ssh2
Jan 18 21:07:54 host sshd[5153]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:07:56 host sshd[5153]: Failed password for invalid user oracle from 112.162.138.228 port 63195 ssh2
Jan 18 21:07:58 host sshd[5153]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:08:01 host sshd[5153]: Failed password for invalid user oracle from 112.162.138.228 port 63195 ssh2
Jan 18 21:08:02 host sshd[5153]: Failed password for invalid user oracle from 112.162.138.228 port 63195 ssh2
Jan 18 21:08:04 host sshd[5153]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:08:06 host sshd[5153]: Failed password for invalid user oracle from 112.162.138.228 port 63195 ssh2
Jan 18 21:09:38 host sshd[5398]: Invalid user gb from 194.110.203.109 port 35884
Jan 18 21:09:38 host sshd[5398]: input_userauth_request: invalid user gb [preauth]
Jan 18 21:09:38 host sshd[5398]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:09:38 host sshd[5398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 21:09:40 host sshd[5398]: Failed password for invalid user gb from 194.110.203.109 port 35884 ssh2
Jan 18 21:09:43 host sshd[5398]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:09:45 host sshd[5398]: Failed password for invalid user gb from 194.110.203.109 port 35884 ssh2
Jan 18 21:09:49 host sshd[5398]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:09:50 host sshd[5398]: Failed password for invalid user gb from 194.110.203.109 port 35884 ssh2
Jan 18 21:09:53 host sshd[5398]: Connection closed by 194.110.203.109 port 35884 [preauth]
Jan 18 21:09:53 host sshd[5398]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 21:12:48 host sshd[5795]: Invalid user pi from 121.150.235.113 port 61763
Jan 18 21:12:48 host sshd[5795]: input_userauth_request: invalid user pi [preauth]
Jan 18 21:12:48 host sshd[5795]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:12:48 host sshd[5795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.150.235.113
Jan 18 21:12:50 host sshd[5795]: Failed password for invalid user pi from 121.150.235.113 port 61763 ssh2
Jan 18 21:12:51 host sshd[5795]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:12:53 host sshd[5795]: Failed password for invalid user pi from 121.150.235.113 port 61763 ssh2
Jan 18 21:12:54 host sshd[5795]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:12:56 host sshd[5795]: Failed password for invalid user pi from 121.150.235.113 port 61763 ssh2
Jan 18 21:12:56 host sshd[5795]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:12:58 host sshd[5795]: Failed password for invalid user pi from 121.150.235.113 port 61763 ssh2
Jan 18 21:12:59 host sshd[5795]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:13:01 host sshd[5795]: Failed password for invalid user pi from 121.150.235.113 port 61763 ssh2
Jan 18 21:13:01 host sshd[5795]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:13:03 host sshd[5795]: Failed password for invalid user pi from 121.150.235.113 port 61763 ssh2
Jan 18 21:13:03 host sshd[5795]: error: maximum authentication attempts exceeded for invalid user pi from 121.150.235.113 port 61763 ssh2 [preauth]
Jan 18 21:13:03 host sshd[5795]: Disconnecting: Too many authentication failures [preauth]
Jan 18 21:13:03 host sshd[5795]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.150.235.113
Jan 18 21:13:03 host sshd[5795]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 18 21:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=keralaholi user-4=wwwresourcehunte user-5=wwwrmswll user-6=ugotscom user-7=cochintaxi user-8=wwwkaretakers user-9=a2zgroup user-10=dartsimp user-11=laundryboniface user-12=bonifacegroup user-13=wwwevmhonda user-14=wwwletsstalkfood user-15=straightcurve user-16=palco123 user-17=gifterman user-18=phmetals user-19=kottayamcalldriv user-20=wwwnexidigital user-21=mrsclean user-22=remysagr user-23=disposeat user-24=wwwkmaorg user-25=wwwkapin user-26=woodpeck user-27=vfmassets user-28=shalinijames user-29=wwwtestugo user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 21:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-V0wuUBJ34p56ggHd.~
Jan 18 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-V0wuUBJ34p56ggHd.~'
Jan 18 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-V0wuUBJ34p56ggHd.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 21:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 21:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 21:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 21:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 21:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 21:21:10 host sshd[7150]: User root from 118.46.27.148 not allowed because not listed in AllowUsers
Jan 18 21:21:10 host sshd[7150]: input_userauth_request: invalid user root [preauth]
Jan 18 21:21:10 host unix_chkpwd[7173]: password check failed for user (root)
Jan 18 21:21:10 host sshd[7150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.46.27.148 user=root
Jan 18 21:21:10 host sshd[7150]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:21:12 host sshd[7150]: Failed password for invalid user root from 118.46.27.148 port 62252 ssh2
Jan 18 21:21:13 host unix_chkpwd[7195]: password check failed for user (root)
Jan 18 21:21:13 host sshd[7150]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:21:15 host sshd[7150]: Failed password for invalid user root from 118.46.27.148 port 62252 ssh2
Jan 18 21:21:16 host unix_chkpwd[7225]: password check failed for user (root)
Jan 18 21:21:16 host sshd[7150]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:21:18 host sshd[7150]: Failed password for invalid user root from 118.46.27.148 port 62252 ssh2
Jan 18 21:21:18 host unix_chkpwd[7249]: password check failed for user (root)
Jan 18 21:21:18 host sshd[7150]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:21:21 host sshd[7150]: Failed password for invalid user root from 118.46.27.148 port 62252 ssh2
Jan 18 21:21:22 host unix_chkpwd[7280]: password check failed for user (root)
Jan 18 21:21:22 host sshd[7150]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:21:24 host sshd[7150]: Failed password for invalid user root from 118.46.27.148 port 62252 ssh2
Jan 18 21:21:33 host sshd[7324]: User root from 87.27.38.143 not allowed because not listed in AllowUsers
Jan 18 21:21:33 host sshd[7324]: input_userauth_request: invalid user root [preauth]
Jan 18 21:21:33 host unix_chkpwd[7327]: password check failed for user (root)
Jan 18 21:21:33 host sshd[7324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.27.38.143 user=root
Jan 18 21:21:33 host sshd[7324]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:21:35 host sshd[7324]: Failed password for invalid user root from 87.27.38.143 port 41958 ssh2
Jan 18 21:21:36 host unix_chkpwd[7331]: password check failed for user (root)
Jan 18 21:21:36 host sshd[7324]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:21:38 host sshd[7324]: Failed password for invalid user root from 87.27.38.143 port 41958 ssh2
Jan 18 21:21:38 host unix_chkpwd[7334]: password check failed for user (root)
Jan 18 21:21:38 host sshd[7324]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:21:40 host sshd[7324]: Failed password for invalid user root from 87.27.38.143 port 41958 ssh2
Jan 18 21:21:41 host sshd[7324]: Connection reset by 87.27.38.143 port 41958 [preauth]
Jan 18 21:21:41 host sshd[7324]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.27.38.143 user=root
Jan 18 21:42:07 host sshd[9966]: Invalid user guest from 61.131.137.72 port 56580
Jan 18 21:42:07 host sshd[9966]: input_userauth_request: invalid user guest [preauth]
Jan 18 21:42:08 host sshd[9966]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:42:08 host sshd[9966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.131.137.72
Jan 18 21:42:10 host sshd[9966]: Failed password for invalid user guest from 61.131.137.72 port 56580 ssh2
Jan 18 21:42:10 host sshd[9966]: Connection closed by 61.131.137.72 port 56580 [preauth]
Jan 18 21:43:06 host sshd[10101]: Did not receive identification string from 117.50.160.88 port 35044
Jan 18 21:43:34 host sshd[10159]: Invalid user dev from 117.50.160.88 port 35242
Jan 18 21:43:34 host sshd[10159]: input_userauth_request: invalid user dev [preauth]
Jan 18 21:43:34 host sshd[10159]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:43:34 host sshd[10159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.160.88
Jan 18 21:43:36 host sshd[10159]: Failed password for invalid user dev from 117.50.160.88 port 35242 ssh2
Jan 18 21:43:36 host sshd[10159]: Connection closed by 117.50.160.88 port 35242 [preauth]
Jan 18 21:43:36 host sshd[10125]: Invalid user steam from 117.50.160.88 port 35314
Jan 18 21:43:36 host sshd[10125]: input_userauth_request: invalid user steam [preauth]
Jan 18 21:43:37 host sshd[10125]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:43:37 host sshd[10125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.160.88
Jan 18 21:43:38 host sshd[10125]: Failed password for invalid user steam from 117.50.160.88 port 35314 ssh2
Jan 18 21:43:38 host sshd[10128]: Invalid user admin from 117.50.160.88 port 35254
Jan 18 21:43:38 host sshd[10128]: input_userauth_request: invalid user admin [preauth]
Jan 18 21:43:38 host sshd[10130]: Invalid user vagrant from 117.50.160.88 port 35292
Jan 18 21:43:38 host sshd[10130]: input_userauth_request: invalid user vagrant [preauth]
Jan 18 21:43:39 host sshd[10128]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:43:39 host sshd[10128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.160.88
Jan 18 21:43:39 host sshd[10130]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 21:43:39 host sshd[10130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.160.88
Jan 18 21:43:39 host sshd[10125]: Connection closed by 117.50.160.88 port 35314 [preauth]
Jan 18 21:43:41 host sshd[10128]: Failed password for invalid user admin from 117.50.160.88 port 35254 ssh2
Jan 18 21:43:42 host sshd[10130]: Failed password for invalid user vagrant from 117.50.160.88 port 35292 ssh2
Jan 18 21:43:42 host sshd[10128]: Connection closed by 117.50.160.88 port 35254 [preauth]
Jan 18 21:43:42 host sshd[10130]: Connection closed by 117.50.160.88 port 35292 [preauth]
Jan 18 21:54:08 host sshd[11906]: User root from 95.168.48.245 not allowed because not listed in AllowUsers
Jan 18 21:54:08 host sshd[11906]: input_userauth_request: invalid user root [preauth]
Jan 18 21:54:08 host unix_chkpwd[11911]: password check failed for user (root)
Jan 18 21:54:08 host sshd[11906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.168.48.245 user=root
Jan 18 21:54:08 host sshd[11906]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:54:10 host sshd[11906]: Failed password for invalid user root from 95.168.48.245 port 35553 ssh2
Jan 18 21:54:10 host unix_chkpwd[11914]: password check failed for user (root)
Jan 18 21:54:10 host sshd[11906]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:54:13 host sshd[11906]: Failed password for invalid user root from 95.168.48.245 port 35553 ssh2
Jan 18 21:54:14 host unix_chkpwd[11918]: password check failed for user (root)
Jan 18 21:54:14 host sshd[11906]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:54:16 host sshd[11906]: Failed password for invalid user root from 95.168.48.245 port 35553 ssh2
Jan 18 21:54:17 host unix_chkpwd[11921]: password check failed for user (root)
Jan 18 21:54:17 host sshd[11906]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 21:54:20 host sshd[11906]: Failed password for invalid user root from 95.168.48.245 port 35553 ssh2
Jan 18 22:00:18 host sshd[12829]: Invalid user squid from 76.177.163.35 port 50188
Jan 18 22:00:18 host sshd[12829]: input_userauth_request: invalid user squid [preauth]
Jan 18 22:00:19 host sshd[12829]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:00:19 host sshd[12829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=76.177.163.35
Jan 18 22:00:21 host sshd[12829]: Failed password for invalid user squid from 76.177.163.35 port 50188 ssh2
Jan 18 22:00:22 host sshd[12829]: Connection closed by 76.177.163.35 port 50188 [preauth]
Jan 18 22:02:09 host sshd[13064]: User root from 121.178.180.231 not allowed because not listed in AllowUsers
Jan 18 22:02:09 host sshd[13064]: input_userauth_request: invalid user root [preauth]
Jan 18 22:02:09 host unix_chkpwd[13069]: password check failed for user (root)
Jan 18 22:02:09 host sshd[13064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.178.180.231 user=root
Jan 18 22:02:09 host sshd[13064]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 22:02:10 host sshd[13064]: Failed password for invalid user root from 121.178.180.231 port 62794 ssh2
Jan 18 22:02:11 host unix_chkpwd[13078]: password check failed for user (root)
Jan 18 22:02:11 host sshd[13064]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 22:02:13 host sshd[13064]: Failed password for invalid user root from 121.178.180.231 port 62794 ssh2
Jan 18 22:02:14 host sshd[13064]: Connection reset by 121.178.180.231 port 62794 [preauth]
Jan 18 22:02:14 host sshd[13064]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.178.180.231 user=root
Jan 18 22:18:00 host sshd[15259]: Invalid user admin from 190.3.63.97 port 52956
Jan 18 22:18:00 host sshd[15259]: input_userauth_request: invalid user admin [preauth]
Jan 18 22:18:00 host sshd[15259]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:18:00 host sshd[15259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.3.63.97
Jan 18 22:18:02 host sshd[15259]: Failed password for invalid user admin from 190.3.63.97 port 52956 ssh2
Jan 18 22:18:03 host sshd[15259]: Failed password for invalid user admin from 190.3.63.97 port 52956 ssh2
Jan 18 22:18:04 host sshd[15259]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:18:06 host sshd[15259]: Failed password for invalid user admin from 190.3.63.97 port 52956 ssh2
Jan 18 22:18:08 host sshd[15259]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:18:10 host sshd[15259]: Failed password for invalid user admin from 190.3.63.97 port 52956 ssh2
Jan 18 22:18:10 host sshd[15259]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:18:12 host sshd[15259]: Failed password for invalid user admin from 190.3.63.97 port 52956 ssh2
Jan 18 22:18:13 host sshd[15259]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:18:15 host sshd[15259]: Failed password for invalid user admin from 190.3.63.97 port 52956 ssh2
Jan 18 22:18:15 host sshd[15259]: error: maximum authentication attempts exceeded for invalid user admin from 190.3.63.97 port 52956 ssh2 [preauth]
Jan 18 22:18:15 host sshd[15259]: Disconnecting: Too many authentication failures [preauth]
Jan 18 22:18:15 host sshd[15259]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.3.63.97
Jan 18 22:18:15 host sshd[15259]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 18 22:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=pmcresources user-2=shalinijames user-3=wwwtestugo user-4=vfmassets user-5=wwwkapin user-6=woodpeck user-7=disposeat user-8=remysagr user-9=wwwkmaorg user-10=wwwnexidigital user-11=mrsclean user-12=phmetals user-13=kottayamcalldriv user-14=palco123 user-15=gifterman user-16=wwwletsstalkfood user-17=straightcurve user-18=wwwevmhonda user-19=bonifacegroup user-20=laundryboniface user-21=a2zgroup user-22=dartsimp user-23=wwwkaretakers user-24=cochintaxi user-25=ugotscom user-26=wwwresourcehunte user-27=keralaholi user-28=wwwrmswll user-29=travelboniface user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 22:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-6IAIxv4l2gEeWLLR.~
Jan 18 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-6IAIxv4l2gEeWLLR.~'
Jan 18 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-6IAIxv4l2gEeWLLR.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 22:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 22:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 22:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 22:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 22:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 22:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 22:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 22:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 22:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 22:25:31 host sshd[16593]: Invalid user jeffery from 107.189.30.59 port 58776
Jan 18 22:25:31 host sshd[16593]: input_userauth_request: invalid user jeffery [preauth]
Jan 18 22:25:31 host sshd[16593]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:25:31 host sshd[16593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 18 22:25:32 host sshd[16593]: Failed password for invalid user jeffery from 107.189.30.59 port 58776 ssh2
Jan 18 22:25:33 host sshd[16593]: Connection closed by 107.189.30.59 port 58776 [preauth]
Jan 18 22:36:22 host sshd[18077]: Connection reset by 220.134.84.152 port 38907 [preauth]
Jan 18 22:36:23 host sshd[18080]: User root from 220.134.84.152 not allowed because not listed in AllowUsers
Jan 18 22:36:23 host sshd[18080]: input_userauth_request: invalid user root [preauth]
Jan 18 22:36:23 host unix_chkpwd[18084]: password check failed for user (root)
Jan 18 22:36:23 host sshd[18080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.84.152 user=root
Jan 18 22:36:23 host sshd[18080]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 22:36:25 host sshd[18080]: Failed password for invalid user root from 220.134.84.152 port 38918 ssh2
Jan 18 22:36:25 host unix_chkpwd[18087]: password check failed for user (root)
Jan 18 22:36:25 host sshd[18080]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 22:36:28 host sshd[18080]: Failed password for invalid user root from 220.134.84.152 port 38918 ssh2
Jan 18 22:36:28 host unix_chkpwd[18111]: password check failed for user (root)
Jan 18 22:36:28 host sshd[18080]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 22:36:30 host sshd[18112]: User ftp from 27.121.83.12 not allowed because not listed in AllowUsers
Jan 18 22:36:30 host sshd[18112]: input_userauth_request: invalid user ftp [preauth]
Jan 18 22:36:30 host sshd[18080]: Failed password for invalid user root from 220.134.84.152 port 38918 ssh2
Jan 18 22:36:30 host unix_chkpwd[18117]: password check failed for user (ftp)
Jan 18 22:36:30 host sshd[18112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.121.83.12 user=ftp
Jan 18 22:36:30 host sshd[18112]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 18 22:36:31 host unix_chkpwd[18118]: password check failed for user (root)
Jan 18 22:36:31 host sshd[18080]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 22:36:33 host sshd[18112]: Failed password for invalid user ftp from 27.121.83.12 port 55441 ssh2
Jan 18 22:36:33 host sshd[18112]: Connection closed by 27.121.83.12 port 55441 [preauth]
Jan 18 22:36:33 host sshd[18080]: Failed password for invalid user root from 220.134.84.152 port 38918 ssh2
Jan 18 22:36:35 host unix_chkpwd[18141]: password check failed for user (root)
Jan 18 22:36:35 host sshd[18080]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 22:36:37 host sshd[18080]: Failed password for invalid user root from 220.134.84.152 port 38918 ssh2
Jan 18 22:41:40 host sshd[18829]: Invalid user bigipuser3 from 125.229.130.72 port 51226
Jan 18 22:41:40 host sshd[18829]: input_userauth_request: invalid user bigipuser3 [preauth]
Jan 18 22:41:40 host sshd[18829]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:41:40 host sshd[18829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.130.72
Jan 18 22:41:41 host sshd[18829]: Failed password for invalid user bigipuser3 from 125.229.130.72 port 51226 ssh2
Jan 18 22:41:42 host sshd[18829]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:41:44 host sshd[18829]: Failed password for invalid user bigipuser3 from 125.229.130.72 port 51226 ssh2
Jan 18 22:41:45 host sshd[18829]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:41:46 host sshd[18829]: Failed password for invalid user bigipuser3 from 125.229.130.72 port 51226 ssh2
Jan 18 22:41:49 host sshd[18829]: Failed password for invalid user bigipuser3 from 125.229.130.72 port 51226 ssh2
Jan 18 22:41:49 host sshd[18829]: Connection reset by 125.229.130.72 port 51226 [preauth]
Jan 18 22:41:49 host sshd[18829]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.130.72
Jan 18 22:43:40 host sshd[19054]: Invalid user user from 220.134.196.96 port 42217
Jan 18 22:43:40 host sshd[19054]: input_userauth_request: invalid user user [preauth]
Jan 18 22:43:40 host sshd[19054]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:43:40 host sshd[19054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.196.96
Jan 18 22:43:42 host sshd[19054]: Failed password for invalid user user from 220.134.196.96 port 42217 ssh2
Jan 18 22:43:43 host sshd[19054]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:43:45 host sshd[19054]: Failed password for invalid user user from 220.134.196.96 port 42217 ssh2
Jan 18 22:43:46 host sshd[19054]: Connection reset by 220.134.196.96 port 42217 [preauth]
Jan 18 22:43:46 host sshd[19054]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.196.96
Jan 18 22:49:12 host sshd[19836]: Invalid user sFTPUser from 72.209.29.177 port 39971
Jan 18 22:49:12 host sshd[19836]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 18 22:49:12 host sshd[19836]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:49:12 host sshd[19836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.209.29.177
Jan 18 22:49:15 host sshd[19836]: Failed password for invalid user sFTPUser from 72.209.29.177 port 39971 ssh2
Jan 18 22:49:18 host sshd[19841]: Invalid user sFTPUser from 72.209.29.177 port 40005
Jan 18 22:49:18 host sshd[19841]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 18 22:49:18 host sshd[19841]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:49:18 host sshd[19841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.209.29.177
Jan 18 22:49:18 host sshd[19836]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:49:20 host sshd[19841]: Failed password for invalid user sFTPUser from 72.209.29.177 port 40005 ssh2
Jan 18 22:49:20 host sshd[19836]: Failed password for invalid user sFTPUser from 72.209.29.177 port 39971 ssh2
Jan 18 22:49:21 host sshd[19841]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:49:21 host sshd[19836]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:49:23 host sshd[19841]: Failed password for invalid user sFTPUser from 72.209.29.177 port 40005 ssh2
Jan 18 22:49:23 host sshd[19836]: Failed password for invalid user sFTPUser from 72.209.29.177 port 39971 ssh2
Jan 18 22:49:23 host sshd[19841]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:49:23 host sshd[19836]: Failed password for invalid user sFTPUser from 72.209.29.177 port 39971 ssh2
Jan 18 22:49:25 host sshd[19836]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:49:25 host sshd[19841]: Failed password for invalid user sFTPUser from 72.209.29.177 port 40005 ssh2
Jan 18 22:49:27 host sshd[19836]: Failed password for invalid user sFTPUser from 72.209.29.177 port 39971 ssh2
Jan 18 22:53:52 host sshd[20659]: User root from 114.33.164.157 not allowed because not listed in AllowUsers
Jan 18 22:53:52 host sshd[20659]: input_userauth_request: invalid user root [preauth]
Jan 18 22:53:52 host unix_chkpwd[20665]: password check failed for user (root)
Jan 18 22:53:52 host sshd[20659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.164.157 user=root
Jan 18 22:53:52 host sshd[20659]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 22:53:54 host sshd[20659]: Failed password for invalid user root from 114.33.164.157 port 49281 ssh2
Jan 18 22:53:55 host sshd[20659]: Connection reset by 114.33.164.157 port 49281 [preauth]
Jan 18 22:54:56 host sshd[20796]: Invalid user gc from 194.110.203.109 port 50806
Jan 18 22:54:56 host sshd[20796]: input_userauth_request: invalid user gc [preauth]
Jan 18 22:54:56 host sshd[20796]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:54:56 host sshd[20796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 22:54:58 host sshd[20796]: Failed password for invalid user gc from 194.110.203.109 port 50806 ssh2
Jan 18 22:55:01 host sshd[20796]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:55:03 host sshd[20796]: Failed password for invalid user gc from 194.110.203.109 port 50806 ssh2
Jan 18 22:55:06 host sshd[20796]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 22:55:08 host sshd[20796]: Failed password for invalid user gc from 194.110.203.109 port 50806 ssh2
Jan 18 22:55:11 host sshd[20796]: Connection closed by 194.110.203.109 port 50806 [preauth]
Jan 18 22:55:11 host sshd[20796]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 18 23:12:02 host sshd[23168]: User root from 220.133.162.246 not allowed because not listed in AllowUsers
Jan 18 23:12:02 host sshd[23168]: input_userauth_request: invalid user root [preauth]
Jan 18 23:12:03 host unix_chkpwd[23189]: password check failed for user (root)
Jan 18 23:12:03 host sshd[23168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.162.246 user=root
Jan 18 23:12:03 host sshd[23168]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:12:04 host sshd[23168]: Failed password for invalid user root from 220.133.162.246 port 59272 ssh2
Jan 18 23:12:05 host unix_chkpwd[23192]: password check failed for user (root)
Jan 18 23:12:05 host sshd[23168]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:12:07 host sshd[23168]: Failed password for invalid user root from 220.133.162.246 port 59272 ssh2
Jan 18 23:12:08 host unix_chkpwd[23196]: password check failed for user (root)
Jan 18 23:12:08 host sshd[23168]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:12:09 host sshd[23168]: Failed password for invalid user root from 220.133.162.246 port 59272 ssh2
Jan 18 23:12:10 host sshd[23168]: Connection reset by 220.133.162.246 port 59272 [preauth]
Jan 18 23:12:10 host sshd[23168]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.162.246 user=root
Jan 18 23:12:58 host sshd[23305]: Invalid user admin from 156.38.18.25 port 40668
Jan 18 23:12:58 host sshd[23305]: input_userauth_request: invalid user admin [preauth]
Jan 18 23:12:59 host sshd[23305]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:12:59 host sshd[23305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.38.18.25
Jan 18 23:13:01 host sshd[23305]: Failed password for invalid user admin from 156.38.18.25 port 40668 ssh2
Jan 18 23:13:01 host sshd[23305]: Connection closed by 156.38.18.25 port 40668 [preauth]
Jan 18 23:16:39 host sshd[23720]: Invalid user security from 205.185.113.129 port 55804
Jan 18 23:16:39 host sshd[23720]: input_userauth_request: invalid user security [preauth]
Jan 18 23:16:39 host sshd[23720]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:16:39 host sshd[23720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 18 23:16:40 host sshd[23720]: Failed password for invalid user security from 205.185.113.129 port 55804 ssh2
Jan 18 23:16:40 host sshd[23720]: Connection closed by 205.185.113.129 port 55804 [preauth]
Jan 18 23:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 18 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=disposeat user-2=remysagr user-3=wwwkmaorg user-4=woodpeck user-5=wwwkapin user-6=vfmassets user-7=shalinijames user-8=wwwtestugo user-9=pmcresources user-10=bonifacegroup user-11=wwwevmhonda user-12=straightcurve user-13=wwwletsstalkfood user-14=palco123 user-15=gifterman user-16=phmetals user-17=kottayamcalldriv user-18=mrsclean user-19=wwwnexidigital user-20=wwwkaretakers user-21=cochintaxi user-22=a2zgroup user-23=dartsimp user-24=laundryboniface user-25=wwwpmcresource user-26=travelboniface user-27=wwwresourcehunte user-28=keralaholi user-29=wwwrmswll user-30=ugotscom feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 18 23:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 18 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vUDkhXQoklJRYKrl.~
Jan 18 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vUDkhXQoklJRYKrl.~'
Jan 18 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vUDkhXQoklJRYKrl.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 18 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 18 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:05 host sshd[24384]: Invalid user postgres from 209.141.55.27 port 39066
Jan 18 23:21:05 host sshd[24384]: input_userauth_request: invalid user postgres [preauth]
Jan 18 23:21:05 host sshd[24384]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:21:05 host sshd[24384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.55.27
Jan 18 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 18 23:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 18 23:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 18 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 18 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 18 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 18 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 18 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:21:07 host sshd[24384]: Failed password for invalid user postgres from 209.141.55.27 port 39066 ssh2
Jan 18 23:21:07 host sshd[24384]: Received disconnect from 209.141.55.27 port 39066:11: Normal Shutdown, Thank you for playing [preauth]
Jan 18 23:21:07 host sshd[24384]: Disconnected from 209.141.55.27 port 39066 [preauth]
Jan 18 23:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 18 23:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 18 23:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 18 23:26:11 host sshd[25229]: Did not receive identification string from 143.110.183.245 port 61000
Jan 18 23:31:03 host sshd[25890]: Invalid user test from 49.73.6.159 port 35698
Jan 18 23:31:03 host sshd[25890]: input_userauth_request: invalid user test [preauth]
Jan 18 23:31:04 host sshd[25890]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:31:04 host sshd[25890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.73.6.159
Jan 18 23:31:05 host sshd[25890]: Failed password for invalid user test from 49.73.6.159 port 35698 ssh2
Jan 18 23:31:06 host sshd[25890]: Connection closed by 49.73.6.159 port 35698 [preauth]
Jan 18 23:35:14 host sshd[26408]: Connection reset by 125.228.177.177 port 54492 [preauth]
Jan 18 23:36:17 host sshd[26620]: User root from 178.198.61.21 not allowed because not listed in AllowUsers
Jan 18 23:36:17 host sshd[26620]: input_userauth_request: invalid user root [preauth]
Jan 18 23:36:17 host unix_chkpwd[26624]: password check failed for user (root)
Jan 18 23:36:17 host sshd[26620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.198.61.21 user=root
Jan 18 23:36:17 host sshd[26620]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:36:19 host sshd[26620]: Failed password for invalid user root from 178.198.61.21 port 43444 ssh2
Jan 18 23:36:20 host unix_chkpwd[26628]: password check failed for user (root)
Jan 18 23:36:20 host sshd[26620]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:36:22 host sshd[26620]: Failed password for invalid user root from 178.198.61.21 port 43444 ssh2
Jan 18 23:39:53 host sshd[27025]: Invalid user dockeradmin from 118.32.203.33 port 47216
Jan 18 23:39:53 host sshd[27025]: input_userauth_request: invalid user dockeradmin [preauth]
Jan 18 23:39:53 host sshd[27025]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:39:53 host sshd[27025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.32.203.33
Jan 18 23:39:55 host sshd[27025]: Failed password for invalid user dockeradmin from 118.32.203.33 port 47216 ssh2
Jan 18 23:39:56 host sshd[27025]: Received disconnect from 118.32.203.33 port 47216:11: Bye Bye [preauth]
Jan 18 23:39:56 host sshd[27025]: Disconnected from 118.32.203.33 port 47216 [preauth]
Jan 18 23:40:27 host sshd[27091]: Invalid user webadmin from 143.198.222.239 port 57534
Jan 18 23:40:27 host sshd[27091]: input_userauth_request: invalid user webadmin [preauth]
Jan 18 23:40:27 host sshd[27091]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:40:27 host sshd[27091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.222.239
Jan 18 23:40:29 host sshd[27091]: Failed password for invalid user webadmin from 143.198.222.239 port 57534 ssh2
Jan 18 23:40:29 host sshd[27091]: Received disconnect from 143.198.222.239 port 57534:11: Bye Bye [preauth]
Jan 18 23:40:29 host sshd[27091]: Disconnected from 143.198.222.239 port 57534 [preauth]
Jan 18 23:40:40 host sshd[27125]: User root from 170.244.245.201 not allowed because not listed in AllowUsers
Jan 18 23:40:40 host sshd[27125]: input_userauth_request: invalid user root [preauth]
Jan 18 23:40:40 host unix_chkpwd[27129]: password check failed for user (root)
Jan 18 23:40:40 host sshd[27125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.244.245.201 user=root
Jan 18 23:40:40 host sshd[27125]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:40:42 host sshd[27125]: Failed password for invalid user root from 170.244.245.201 port 56607 ssh2
Jan 18 23:40:42 host sshd[27125]: Received disconnect from 170.244.245.201 port 56607:11: Bye Bye [preauth]
Jan 18 23:40:42 host sshd[27125]: Disconnected from 170.244.245.201 port 56607 [preauth]
Jan 18 23:41:35 host sshd[27336]: User root from 222.228.88.86 not allowed because not listed in AllowUsers
Jan 18 23:41:35 host sshd[27336]: input_userauth_request: invalid user root [preauth]
Jan 18 23:41:35 host unix_chkpwd[27341]: password check failed for user (root)
Jan 18 23:41:35 host sshd[27336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.228.88.86 user=root
Jan 18 23:41:35 host sshd[27336]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:41:37 host sshd[27336]: Failed password for invalid user root from 222.228.88.86 port 35663 ssh2
Jan 18 23:41:38 host unix_chkpwd[27347]: password check failed for user (root)
Jan 18 23:41:38 host sshd[27336]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:41:40 host sshd[27336]: Failed password for invalid user root from 222.228.88.86 port 35663 ssh2
Jan 18 23:41:40 host unix_chkpwd[27352]: password check failed for user (root)
Jan 18 23:41:40 host sshd[27336]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:41:42 host sshd[27336]: Failed password for invalid user root from 222.228.88.86 port 35663 ssh2
Jan 18 23:41:43 host unix_chkpwd[27356]: password check failed for user (root)
Jan 18 23:41:43 host sshd[27336]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:41:45 host sshd[27336]: Failed password for invalid user root from 222.228.88.86 port 35663 ssh2
Jan 18 23:41:46 host unix_chkpwd[27360]: password check failed for user (root)
Jan 18 23:41:46 host sshd[27336]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:41:48 host sshd[27336]: Failed password for invalid user root from 222.228.88.86 port 35663 ssh2
Jan 18 23:41:59 host sshd[27412]: Invalid user ftpuser from 217.218.56.142 port 37213
Jan 18 23:41:59 host sshd[27412]: input_userauth_request: invalid user ftpuser [preauth]
Jan 18 23:41:59 host sshd[27412]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:41:59 host sshd[27412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.218.56.142
Jan 18 23:42:01 host sshd[27412]: Failed password for invalid user ftpuser from 217.218.56.142 port 37213 ssh2
Jan 18 23:42:02 host sshd[27412]: Received disconnect from 217.218.56.142 port 37213:11: Bye Bye [preauth]
Jan 18 23:42:02 host sshd[27412]: Disconnected from 217.218.56.142 port 37213 [preauth]
Jan 18 23:42:12 host sshd[27453]: Invalid user mark from 170.64.156.206 port 46802
Jan 18 23:42:12 host sshd[27453]: input_userauth_request: invalid user mark [preauth]
Jan 18 23:42:12 host sshd[27453]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:42:12 host sshd[27453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.156.206
Jan 18 23:42:15 host sshd[27453]: Failed password for invalid user mark from 170.64.156.206 port 46802 ssh2
Jan 18 23:42:15 host sshd[27453]: Received disconnect from 170.64.156.206 port 46802:11: Bye Bye [preauth]
Jan 18 23:42:15 host sshd[27453]: Disconnected from 170.64.156.206 port 46802 [preauth]
Jan 18 23:42:47 host sshd[27521]: Invalid user nginx from 189.60.140.75 port 47129
Jan 18 23:42:47 host sshd[27521]: input_userauth_request: invalid user nginx [preauth]
Jan 18 23:42:47 host sshd[27521]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:42:47 host sshd[27521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.60.140.75
Jan 18 23:42:50 host sshd[27521]: Failed password for invalid user nginx from 189.60.140.75 port 47129 ssh2
Jan 18 23:42:50 host sshd[27521]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:42:52 host sshd[27521]: Failed password for invalid user nginx from 189.60.140.75 port 47129 ssh2
Jan 18 23:42:53 host sshd[27521]: Connection reset by 189.60.140.75 port 47129 [preauth]
Jan 18 23:42:53 host sshd[27521]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.60.140.75
Jan 18 23:44:00 host sshd[27682]: Invalid user ftpuser from 181.176.145.114 port 50410
Jan 18 23:44:00 host sshd[27682]: input_userauth_request: invalid user ftpuser [preauth]
Jan 18 23:44:00 host sshd[27682]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:44:00 host sshd[27682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.145.114
Jan 18 23:44:02 host sshd[27682]: Failed password for invalid user ftpuser from 181.176.145.114 port 50410 ssh2
Jan 18 23:44:03 host sshd[27682]: Received disconnect from 181.176.145.114 port 50410:11: Bye Bye [preauth]
Jan 18 23:44:03 host sshd[27682]: Disconnected from 181.176.145.114 port 50410 [preauth]
Jan 18 23:44:03 host sshd[27705]: Invalid user webadmin from 43.131.27.221 port 42682
Jan 18 23:44:03 host sshd[27705]: input_userauth_request: invalid user webadmin [preauth]
Jan 18 23:44:03 host sshd[27705]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:44:03 host sshd[27705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.27.221
Jan 18 23:44:05 host sshd[27705]: Failed password for invalid user webadmin from 43.131.27.221 port 42682 ssh2
Jan 18 23:44:05 host sshd[27705]: Received disconnect from 43.131.27.221 port 42682:11: Bye Bye [preauth]
Jan 18 23:44:05 host sshd[27705]: Disconnected from 43.131.27.221 port 42682 [preauth]
Jan 18 23:45:49 host sshd[27952]: Invalid user developer from 143.198.222.239 port 39890
Jan 18 23:45:49 host sshd[27952]: input_userauth_request: invalid user developer [preauth]
Jan 18 23:45:49 host sshd[27952]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:45:49 host sshd[27952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.222.239
Jan 18 23:45:50 host sshd[27952]: Failed password for invalid user developer from 143.198.222.239 port 39890 ssh2
Jan 18 23:45:50 host sshd[27952]: Received disconnect from 143.198.222.239 port 39890:11: Bye Bye [preauth]
Jan 18 23:45:50 host sshd[27952]: Disconnected from 143.198.222.239 port 39890 [preauth]
Jan 18 23:46:22 host sshd[28021]: User root from 118.32.203.33 not allowed because not listed in AllowUsers
Jan 18 23:46:22 host sshd[28021]: input_userauth_request: invalid user root [preauth]
Jan 18 23:46:22 host unix_chkpwd[28025]: password check failed for user (root)
Jan 18 23:46:22 host sshd[28021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.32.203.33 user=root
Jan 18 23:46:22 host sshd[28021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:46:24 host sshd[28021]: Failed password for invalid user root from 118.32.203.33 port 47546 ssh2
Jan 18 23:46:24 host sshd[28021]: Received disconnect from 118.32.203.33 port 47546:11: Bye Bye [preauth]
Jan 18 23:46:24 host sshd[28021]: Disconnected from 118.32.203.33 port 47546 [preauth]
Jan 18 23:46:43 host sshd[28210]: Invalid user ubuntu from 181.176.145.114 port 39470
Jan 18 23:46:43 host sshd[28210]: input_userauth_request: invalid user ubuntu [preauth]
Jan 18 23:46:43 host sshd[28210]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:46:43 host sshd[28210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.145.114
Jan 18 23:46:45 host sshd[28214]: Invalid user sammy from 170.244.245.201 port 44624
Jan 18 23:46:45 host sshd[28214]: input_userauth_request: invalid user sammy [preauth]
Jan 18 23:46:45 host sshd[28214]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:46:45 host sshd[28214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.244.245.201
Jan 18 23:46:45 host sshd[28210]: Failed password for invalid user ubuntu from 181.176.145.114 port 39470 ssh2
Jan 18 23:46:45 host sshd[28210]: Received disconnect from 181.176.145.114 port 39470:11: Bye Bye [preauth]
Jan 18 23:46:45 host sshd[28210]: Disconnected from 181.176.145.114 port 39470 [preauth]
Jan 18 23:46:46 host sshd[28214]: Failed password for invalid user sammy from 170.244.245.201 port 44624 ssh2
Jan 18 23:46:47 host sshd[28214]: Received disconnect from 170.244.245.201 port 44624:11: Bye Bye [preauth]
Jan 18 23:46:47 host sshd[28214]: Disconnected from 170.244.245.201 port 44624 [preauth]
Jan 18 23:46:48 host sshd[28227]: Invalid user testing from 217.218.56.142 port 27856
Jan 18 23:46:48 host sshd[28227]: input_userauth_request: invalid user testing [preauth]
Jan 18 23:46:48 host sshd[28227]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:46:48 host sshd[28227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.218.56.142
Jan 18 23:46:50 host sshd[28227]: Failed password for invalid user testing from 217.218.56.142 port 27856 ssh2
Jan 18 23:46:50 host sshd[28227]: Received disconnect from 217.218.56.142 port 27856:11: Bye Bye [preauth]
Jan 18 23:46:50 host sshd[28227]: Disconnected from 217.218.56.142 port 27856 [preauth]
Jan 18 23:46:51 host sshd[28258]: Invalid user elemental from 43.131.27.221 port 48468
Jan 18 23:46:51 host sshd[28258]: input_userauth_request: invalid user elemental [preauth]
Jan 18 23:46:51 host sshd[28258]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:46:51 host sshd[28258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.27.221
Jan 18 23:46:53 host sshd[28258]: Failed password for invalid user elemental from 43.131.27.221 port 48468 ssh2
Jan 18 23:46:53 host sshd[28258]: Received disconnect from 43.131.27.221 port 48468:11: Bye Bye [preauth]
Jan 18 23:46:53 host sshd[28258]: Disconnected from 43.131.27.221 port 48468 [preauth]
Jan 18 23:47:06 host sshd[28302]: Invalid user grid from 170.64.156.206 port 36470
Jan 18 23:47:06 host sshd[28302]: input_userauth_request: invalid user grid [preauth]
Jan 18 23:47:06 host sshd[28302]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:47:06 host sshd[28302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.156.206
Jan 18 23:47:09 host sshd[28302]: Failed password for invalid user grid from 170.64.156.206 port 36470 ssh2
Jan 18 23:47:09 host sshd[28302]: Received disconnect from 170.64.156.206 port 36470:11: Bye Bye [preauth]
Jan 18 23:47:09 host sshd[28302]: Disconnected from 170.64.156.206 port 36470 [preauth]
Jan 18 23:47:11 host sshd[28310]: User root from 143.198.222.239 not allowed because not listed in AllowUsers
Jan 18 23:47:11 host sshd[28310]: input_userauth_request: invalid user root [preauth]
Jan 18 23:47:11 host unix_chkpwd[28312]: password check failed for user (root)
Jan 18 23:47:11 host sshd[28310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.222.239 user=root
Jan 18 23:47:11 host sshd[28310]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:47:13 host sshd[28310]: Failed password for invalid user root from 143.198.222.239 port 35206 ssh2
Jan 18 23:47:39 host sshd[28411]: User root from 195.226.194.142 not allowed because not listed in AllowUsers
Jan 18 23:47:39 host sshd[28411]: input_userauth_request: invalid user root [preauth]
Jan 18 23:47:39 host unix_chkpwd[28414]: password check failed for user (root)
Jan 18 23:47:39 host sshd[28411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142 user=root
Jan 18 23:47:39 host sshd[28411]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:47:41 host sshd[28411]: Failed password for invalid user root from 195.226.194.142 port 59562 ssh2
Jan 18 23:47:41 host sshd[28411]: Received disconnect from 195.226.194.142 port 59562:11: Bye Bye [preauth]
Jan 18 23:47:41 host sshd[28411]: Disconnected from 195.226.194.142 port 59562 [preauth]
Jan 18 23:47:56 host sshd[28439]: Invalid user media from 43.131.27.221 port 42496
Jan 18 23:47:56 host sshd[28439]: input_userauth_request: invalid user media [preauth]
Jan 18 23:47:56 host sshd[28439]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:47:56 host sshd[28439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.131.27.221
Jan 18 23:47:58 host sshd[28439]: Failed password for invalid user media from 43.131.27.221 port 42496 ssh2
Jan 18 23:48:04 host sshd[28497]: Invalid user admin from 217.218.56.142 port 51638
Jan 18 23:48:04 host sshd[28497]: input_userauth_request: invalid user admin [preauth]
Jan 18 23:48:04 host sshd[28497]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:48:04 host sshd[28497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.218.56.142
Jan 18 23:48:06 host sshd[28502]: Invalid user system from 181.176.145.114 port 57242
Jan 18 23:48:06 host sshd[28502]: input_userauth_request: invalid user system [preauth]
Jan 18 23:48:06 host sshd[28502]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:48:06 host sshd[28502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.145.114
Jan 18 23:48:06 host sshd[28497]: Failed password for invalid user admin from 217.218.56.142 port 51638 ssh2
Jan 18 23:48:06 host sshd[28497]: Received disconnect from 217.218.56.142 port 51638:11: Bye Bye [preauth]
Jan 18 23:48:06 host sshd[28497]: Disconnected from 217.218.56.142 port 51638 [preauth]
Jan 18 23:48:08 host sshd[28502]: Failed password for invalid user system from 181.176.145.114 port 57242 ssh2
Jan 18 23:48:29 host sshd[28619]: Invalid user zjw from 170.64.156.206 port 59692
Jan 18 23:48:29 host sshd[28619]: input_userauth_request: invalid user zjw [preauth]
Jan 18 23:48:29 host sshd[28619]: pam_unix(sshd:auth): check pass; user unknown
Jan 18 23:48:29 host sshd[28619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.156.206
Jan 18 23:48:31 host sshd[28619]: Failed password for invalid user zjw from 170.64.156.206 port 59692 ssh2
Jan 18 23:48:32 host sshd[28619]: Received disconnect from 170.64.156.206 port 59692:11: Bye Bye [preauth]
Jan 18 23:48:32 host sshd[28619]: Disconnected from 170.64.156.206 port 59692 [preauth]
Jan 18 23:49:04 host sshd[28697]: Connection closed by 103.94.96.140 port 56834 [preauth]
Jan 18 23:56:19 host sshd[29722]: User root from 219.85.229.21 not allowed because not listed in AllowUsers
Jan 18 23:56:19 host sshd[29722]: input_userauth_request: invalid user root [preauth]
Jan 18 23:56:19 host unix_chkpwd[29725]: password check failed for user (root)
Jan 18 23:56:19 host sshd[29722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.85.229.21 user=root
Jan 18 23:56:19 host sshd[29722]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:56:21 host sshd[29722]: Failed password for invalid user root from 219.85.229.21 port 58944 ssh2
Jan 18 23:56:22 host unix_chkpwd[29728]: password check failed for user (root)
Jan 18 23:56:22 host sshd[29722]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:56:23 host sshd[29722]: Failed password for invalid user root from 219.85.229.21 port 58944 ssh2
Jan 18 23:56:24 host unix_chkpwd[29731]: password check failed for user (root)
Jan 18 23:56:24 host sshd[29722]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:56:26 host sshd[29722]: Failed password for invalid user root from 219.85.229.21 port 58944 ssh2
Jan 18 23:56:27 host unix_chkpwd[29739]: password check failed for user (root)
Jan 18 23:56:27 host sshd[29722]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 18 23:56:30 host sshd[29722]: Failed password for invalid user root from 219.85.229.21 port 58944 ssh2
Jan 19 00:00:29 host sshd[30398]: Bad protocol version identification '\026\003\001\001 \001' from 164.52.25.253 port 39131
Jan 19 00:00:29 host sshd[30400]: Bad protocol version identification '\026\003\001' from 164.52.25.253 port 42516
Jan 19 00:00:30 host sshd[30401]: Bad protocol version identification '\026\003\001' from 164.52.25.253 port 56760
Jan 19 00:00:30 host sshd[30402]: Bad protocol version identification '\026\003\001' from 164.52.25.253 port 59398
Jan 19 00:00:34 host sshd[30403]: Connection reset by 164.52.25.253 port 53668 [preauth]
Jan 19 00:00:35 host sshd[30406]: Invalid user nginx from 153.222.227.102 port 38080
Jan 19 00:00:35 host sshd[30406]: input_userauth_request: invalid user nginx [preauth]
Jan 19 00:00:35 host sshd[30406]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:00:35 host sshd[30406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.222.227.102
Jan 19 00:00:35 host sshd[30410]: Invalid user admin from 153.222.227.102 port 38052
Jan 19 00:00:35 host sshd[30410]: input_userauth_request: invalid user admin [preauth]
Jan 19 00:00:35 host sshd[30410]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:00:35 host sshd[30410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.222.227.102
Jan 19 00:00:37 host sshd[30406]: Failed password for invalid user nginx from 153.222.227.102 port 38080 ssh2
Jan 19 00:00:37 host sshd[30406]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:00:37 host sshd[30410]: Failed password for invalid user admin from 153.222.227.102 port 38052 ssh2
Jan 19 00:00:38 host sshd[30410]: Failed password for invalid user admin from 153.222.227.102 port 38052 ssh2
Jan 19 00:00:38 host sshd[30410]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:00:39 host sshd[30406]: Failed password for invalid user nginx from 153.222.227.102 port 38080 ssh2
Jan 19 00:00:40 host sshd[30410]: Failed password for invalid user admin from 153.222.227.102 port 38052 ssh2
Jan 19 00:02:16 host sshd[30649]: Invalid user admin from 62.233.50.248 port 33813
Jan 19 00:02:16 host sshd[30649]: input_userauth_request: invalid user admin [preauth]
Jan 19 00:02:16 host sshd[30649]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:02:16 host sshd[30649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248
Jan 19 00:02:17 host sshd[30649]: Failed password for invalid user admin from 62.233.50.248 port 33813 ssh2
Jan 19 00:02:18 host sshd[30649]: Received disconnect from 62.233.50.248 port 33813:11: Client disconnecting normally [preauth]
Jan 19 00:02:18 host sshd[30649]: Disconnected from 62.233.50.248 port 33813 [preauth]
Jan 19 00:02:19 host sshd[30657]: User ftp from 62.233.50.248 not allowed because not listed in AllowUsers
Jan 19 00:02:19 host sshd[30657]: input_userauth_request: invalid user ftp [preauth]
Jan 19 00:02:19 host unix_chkpwd[30668]: password check failed for user (ftp)
Jan 19 00:02:19 host sshd[30657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248 user=ftp
Jan 19 00:02:19 host sshd[30657]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 19 00:02:21 host sshd[30657]: Failed password for invalid user ftp from 62.233.50.248 port 37847 ssh2
Jan 19 00:02:22 host sshd[30657]: Received disconnect from 62.233.50.248 port 37847:11: Client disconnecting normally [preauth]
Jan 19 00:02:22 host sshd[30657]: Disconnected from 62.233.50.248 port 37847 [preauth]
Jan 19 00:02:23 host sshd[30697]: Invalid user user1 from 62.233.50.248 port 41949
Jan 19 00:02:23 host sshd[30697]: input_userauth_request: invalid user user1 [preauth]
Jan 19 00:02:23 host sshd[30697]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:02:23 host sshd[30697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248
Jan 19 00:02:25 host sshd[30697]: Failed password for invalid user user1 from 62.233.50.248 port 41949 ssh2
Jan 19 00:05:20 host sshd[31168]: User root from 106.10.122.53 not allowed because not listed in AllowUsers
Jan 19 00:05:20 host sshd[31168]: input_userauth_request: invalid user root [preauth]
Jan 19 00:05:20 host unix_chkpwd[31170]: password check failed for user (root)
Jan 19 00:05:20 host sshd[31168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53 user=root
Jan 19 00:05:20 host sshd[31168]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 00:05:22 host sshd[31168]: Failed password for invalid user root from 106.10.122.53 port 42904 ssh2
Jan 19 00:05:22 host sshd[31168]: Connection closed by 106.10.122.53 port 42904 [preauth]
Jan 19 00:07:26 host sshd[31381]: Invalid user username from 58.242.25.218 port 41273
Jan 19 00:07:26 host sshd[31381]: input_userauth_request: invalid user username [preauth]
Jan 19 00:07:27 host sshd[31381]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:07:27 host sshd[31381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.242.25.218
Jan 19 00:07:29 host sshd[31381]: Failed password for invalid user username from 58.242.25.218 port 41273 ssh2
Jan 19 00:07:29 host sshd[31381]: Connection closed by 58.242.25.218 port 41273 [preauth]
Jan 19 00:08:47 host sshd[31538]: Invalid user support from 218.35.169.102 port 47756
Jan 19 00:08:47 host sshd[31538]: input_userauth_request: invalid user support [preauth]
Jan 19 00:08:47 host sshd[31538]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:08:47 host sshd[31538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.35.169.102
Jan 19 00:08:49 host sshd[31538]: Failed password for invalid user support from 218.35.169.102 port 47756 ssh2
Jan 19 00:08:49 host sshd[31538]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:08:52 host sshd[31538]: Failed password for invalid user support from 218.35.169.102 port 47756 ssh2
Jan 19 00:08:52 host sshd[31538]: Connection reset by 218.35.169.102 port 47756 [preauth]
Jan 19 00:08:52 host sshd[31538]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.35.169.102
Jan 19 00:12:30 host sshd[32068]: Invalid user postgres from 59.126.164.3 port 36576
Jan 19 00:12:30 host sshd[32068]: input_userauth_request: invalid user postgres [preauth]
Jan 19 00:12:30 host sshd[32068]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:12:30 host sshd[32068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.164.3
Jan 19 00:12:32 host sshd[32068]: Failed password for invalid user postgres from 59.126.164.3 port 36576 ssh2
Jan 19 00:12:33 host sshd[32068]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:12:35 host sshd[32068]: Failed password for invalid user postgres from 59.126.164.3 port 36576 ssh2
Jan 19 00:12:35 host sshd[32068]: Connection reset by 59.126.164.3 port 36576 [preauth]
Jan 19 00:12:35 host sshd[32068]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.164.3
Jan 19 00:14:44 host sshd[32508]: User root from 102.68.141.170 not allowed because not listed in AllowUsers
Jan 19 00:14:44 host sshd[32508]: input_userauth_request: invalid user root [preauth]
Jan 19 00:14:44 host unix_chkpwd[32512]: password check failed for user (root)
Jan 19 00:14:44 host sshd[32508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.141.170 user=root
Jan 19 00:14:44 host sshd[32508]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 00:14:46 host sshd[32508]: Failed password for invalid user root from 102.68.141.170 port 45654 ssh2
Jan 19 00:14:47 host sshd[32508]: Connection closed by 102.68.141.170 port 45654 [preauth]
Jan 19 00:16:34 host sshd[1066]: Invalid user ec2-user from 125.229.146.44 port 37067
Jan 19 00:16:34 host sshd[1066]: input_userauth_request: invalid user ec2-user [preauth]
Jan 19 00:16:34 host sshd[1066]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:16:34 host sshd[1066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.146.44
Jan 19 00:16:36 host sshd[1066]: Failed password for invalid user ec2-user from 125.229.146.44 port 37067 ssh2
Jan 19 00:16:36 host sshd[1066]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:16:38 host sshd[1066]: Failed password for invalid user ec2-user from 125.229.146.44 port 37067 ssh2
Jan 19 00:16:39 host sshd[1066]: Connection reset by 125.229.146.44 port 37067 [preauth]
Jan 19 00:16:39 host sshd[1066]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.146.44
Jan 19 00:21:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 00:21:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 00:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 00:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=wwwrmswll user-3=keralaholi user-4=wwwresourcehunte user-5=ugotscom user-6=travelboniface user-7=wwwkaretakers user-8=cochintaxi user-9=laundryboniface user-10=dartsimp user-11=a2zgroup user-12=straightcurve user-13=wwwletsstalkfood user-14=bonifacegroup user-15=wwwevmhonda user-16=mrsclean user-17=wwwnexidigital user-18=gifterman user-19=palco123 user-20=phmetals user-21=kottayamcalldriv user-22=wwwkapin user-23=woodpeck user-24=disposeat user-25=wwwkmaorg user-26=remysagr user-27=pmcresources user-28=vfmassets user-29=wwwtestugo user-30=shalinijames feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 00:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 00:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 00:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8wCWJtzELYlwxOIc.~
Jan 19 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8wCWJtzELYlwxOIc.~'
Jan 19 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-8wCWJtzELYlwxOIc.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 00:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 00:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 00:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 00:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 00:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 00:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 00:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 00:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 00:22:46 host sshd[2540]: Connection reset by 121.165.22.237 port 61319 [preauth]
Jan 19 00:25:37 host sshd[2932]: User root from 124.170.64.213 not allowed because not listed in AllowUsers
Jan 19 00:25:37 host sshd[2932]: input_userauth_request: invalid user root [preauth]
Jan 19 00:25:37 host unix_chkpwd[2937]: password check failed for user (root)
Jan 19 00:25:37 host sshd[2932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.170.64.213 user=root
Jan 19 00:25:37 host sshd[2932]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 00:25:39 host sshd[2932]: Failed password for invalid user root from 124.170.64.213 port 48442 ssh2
Jan 19 00:25:40 host sshd[2932]: Connection closed by 124.170.64.213 port 48442 [preauth]
Jan 19 00:26:17 host sshd[2999]: User root from 93.46.120.42 not allowed because not listed in AllowUsers
Jan 19 00:26:17 host sshd[2999]: input_userauth_request: invalid user root [preauth]
Jan 19 00:26:17 host unix_chkpwd[3013]: password check failed for user (root)
Jan 19 00:26:17 host sshd[2999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.46.120.42 user=root
Jan 19 00:26:17 host sshd[2999]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 00:26:19 host sshd[2999]: Failed password for invalid user root from 93.46.120.42 port 42708 ssh2
Jan 19 00:26:20 host sshd[2999]: Connection reset by 93.46.120.42 port 42708 [preauth]
Jan 19 00:26:27 host sshd[3022]: Connection closed by 172.104.11.34 port 64960 [preauth]
Jan 19 00:26:28 host sshd[3046]: Connection closed by 172.104.11.34 port 64964 [preauth]
Jan 19 00:26:30 host sshd[3050]: Connection closed by 172.104.11.34 port 64974 [preauth]
Jan 19 00:33:30 host sshd[4150]: User root from 92.46.108.20 not allowed because not listed in AllowUsers
Jan 19 00:33:30 host sshd[4150]: input_userauth_request: invalid user root [preauth]
Jan 19 00:33:31 host unix_chkpwd[4185]: password check failed for user (root)
Jan 19 00:33:31 host sshd[4150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.46.108.20 user=root
Jan 19 00:33:31 host sshd[4150]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 00:33:34 host sshd[4150]: Failed password for invalid user root from 92.46.108.20 port 60276 ssh2
Jan 19 00:33:35 host sshd[4150]: Connection closed by 92.46.108.20 port 60276 [preauth]
Jan 19 00:40:46 host sshd[5204]: Invalid user gd from 194.110.203.109 port 45294
Jan 19 00:40:46 host sshd[5204]: input_userauth_request: invalid user gd [preauth]
Jan 19 00:40:46 host sshd[5204]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:40:46 host sshd[5204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 00:40:48 host sshd[5204]: Failed password for invalid user gd from 194.110.203.109 port 45294 ssh2
Jan 19 00:40:51 host sshd[5204]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:40:53 host sshd[5204]: Failed password for invalid user gd from 194.110.203.109 port 45294 ssh2
Jan 19 00:40:56 host sshd[5204]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:40:58 host sshd[5204]: Failed password for invalid user gd from 194.110.203.109 port 45294 ssh2
Jan 19 00:41:01 host sshd[5204]: Connection closed by 194.110.203.109 port 45294 [preauth]
Jan 19 00:41:01 host sshd[5204]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 00:43:57 host sshd[5704]: Invalid user ubnt from 23.164.114.167 port 33922
Jan 19 00:43:57 host sshd[5704]: input_userauth_request: invalid user ubnt [preauth]
Jan 19 00:43:57 host sshd[5704]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 00:43:57 host sshd[5704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.164.114.167
Jan 19 00:43:59 host sshd[5704]: Failed password for invalid user ubnt from 23.164.114.167 port 33922 ssh2
Jan 19 00:43:59 host sshd[5704]: Connection closed by 23.164.114.167 port 33922 [preauth]
Jan 19 01:02:20 host sshd[8274]: Invalid user admin from 83.248.60.139 port 40354
Jan 19 01:02:20 host sshd[8274]: input_userauth_request: invalid user admin [preauth]
Jan 19 01:02:20 host sshd[8274]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:02:20 host sshd[8274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.248.60.139
Jan 19 01:02:22 host sshd[8274]: Failed password for invalid user admin from 83.248.60.139 port 40354 ssh2
Jan 19 01:02:22 host sshd[8274]: Connection closed by 83.248.60.139 port 40354 [preauth]
Jan 19 01:06:14 host sshd[8873]: User root from 162.218.126.136 not allowed because not listed in AllowUsers
Jan 19 01:06:14 host sshd[8873]: input_userauth_request: invalid user root [preauth]
Jan 19 01:06:15 host unix_chkpwd[8877]: password check failed for user (root)
Jan 19 01:06:15 host sshd[8873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.218.126.136 user=root
Jan 19 01:06:15 host sshd[8873]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 01:06:16 host sshd[8873]: Failed password for invalid user root from 162.218.126.136 port 56112 ssh2
Jan 19 01:06:16 host sshd[8873]: Connection closed by 162.218.126.136 port 56112 [preauth]
Jan 19 01:17:14 host sshd[10414]: Invalid user francis from 195.226.194.142 port 39342
Jan 19 01:17:14 host sshd[10414]: input_userauth_request: invalid user francis [preauth]
Jan 19 01:17:15 host sshd[10414]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:17:15 host sshd[10414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 19 01:17:17 host sshd[10414]: Failed password for invalid user francis from 195.226.194.142 port 39342 ssh2
Jan 19 01:17:17 host sshd[10414]: Received disconnect from 195.226.194.142 port 39342:11: Bye Bye [preauth]
Jan 19 01:17:17 host sshd[10414]: Disconnected from 195.226.194.142 port 39342 [preauth]
Jan 19 01:20:50 host sshd[10936]: Invalid user default from 202.139.192.69 port 58542
Jan 19 01:20:50 host sshd[10936]: input_userauth_request: invalid user default [preauth]
Jan 19 01:20:51 host sshd[10936]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:20:51 host sshd[10936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.192.69
Jan 19 01:20:52 host sshd[10936]: Failed password for invalid user default from 202.139.192.69 port 58542 ssh2
Jan 19 01:20:52 host sshd[10936]: Connection closed by 202.139.192.69 port 58542 [preauth]
Jan 19 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 01:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 01:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwevmhonda user-2=bonifacegroup user-3=wwwletsstalkfood user-4=straightcurve user-5=kottayamcalldriv user-6=phmetals user-7=gifterman user-8=palco123 user-9=mrsclean user-10=wwwnexidigital user-11=disposeat user-12=remysagr user-13=wwwkmaorg user-14=woodpeck user-15=wwwkapin user-16=wwwtestugo user-17=shalinijames user-18=vfmassets user-19=pmcresources user-20=wwwpmcresource user-21=travelboniface user-22=ugotscom user-23=wwwrmswll user-24=wwwresourcehunte user-25=keralaholi user-26=wwwkaretakers user-27=cochintaxi user-28=dartsimp user-29=a2zgroup user-30=laundryboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 01:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 01:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-EC3BNNEHbhG1xRIm.~
Jan 19 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-EC3BNNEHbhG1xRIm.~'
Jan 19 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-EC3BNNEHbhG1xRIm.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 01:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 01:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 01:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 01:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 01:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 01:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 01:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 01:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 01:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 01:30:09 host sshd[12480]: Invalid user admin123 from 159.223.197.166 port 56756
Jan 19 01:30:09 host sshd[12480]: input_userauth_request: invalid user admin123 [preauth]
Jan 19 01:30:09 host sshd[12480]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:30:09 host sshd[12480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.197.166
Jan 19 01:30:11 host sshd[12480]: Failed password for invalid user admin123 from 159.223.197.166 port 56756 ssh2
Jan 19 01:30:11 host sshd[12480]: Received disconnect from 159.223.197.166 port 56756:11: Bye Bye [preauth]
Jan 19 01:30:11 host sshd[12480]: Disconnected from 159.223.197.166 port 56756 [preauth]
Jan 19 01:32:15 host sshd[12876]: Invalid user elasticsearch from 43.133.229.111 port 39482
Jan 19 01:32:15 host sshd[12876]: input_userauth_request: invalid user elasticsearch [preauth]
Jan 19 01:32:15 host sshd[12876]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:32:15 host sshd[12876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.133.229.111
Jan 19 01:32:16 host sshd[12876]: Failed password for invalid user elasticsearch from 43.133.229.111 port 39482 ssh2
Jan 19 01:32:17 host sshd[12876]: Received disconnect from 43.133.229.111 port 39482:11: Bye Bye [preauth]
Jan 19 01:32:17 host sshd[12876]: Disconnected from 43.133.229.111 port 39482 [preauth]
Jan 19 01:32:36 host sshd[12936]: Invalid user ranger from 159.65.63.94 port 47990
Jan 19 01:32:36 host sshd[12936]: input_userauth_request: invalid user ranger [preauth]
Jan 19 01:32:36 host sshd[12936]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:32:36 host sshd[12936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.63.94
Jan 19 01:32:38 host sshd[12936]: Failed password for invalid user ranger from 159.65.63.94 port 47990 ssh2
Jan 19 01:32:38 host sshd[12936]: Received disconnect from 159.65.63.94 port 47990:11: Bye Bye [preauth]
Jan 19 01:32:38 host sshd[12936]: Disconnected from 159.65.63.94 port 47990 [preauth]
Jan 19 01:32:48 host sshd[12966]: Invalid user factorio from 92.222.10.235 port 42176
Jan 19 01:32:48 host sshd[12966]: input_userauth_request: invalid user factorio [preauth]
Jan 19 01:32:48 host sshd[12966]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:32:48 host sshd[12966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.222.10.235
Jan 19 01:32:50 host sshd[12966]: Failed password for invalid user factorio from 92.222.10.235 port 42176 ssh2
Jan 19 01:32:50 host sshd[12966]: Received disconnect from 92.222.10.235 port 42176:11: Bye Bye [preauth]
Jan 19 01:32:50 host sshd[12966]: Disconnected from 92.222.10.235 port 42176 [preauth]
Jan 19 01:34:20 host sshd[13195]: Invalid user ravi from 185.245.96.82 port 58948
Jan 19 01:34:20 host sshd[13195]: input_userauth_request: invalid user ravi [preauth]
Jan 19 01:34:20 host sshd[13195]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:34:20 host sshd[13195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.245.96.82
Jan 19 01:34:22 host sshd[13195]: Failed password for invalid user ravi from 185.245.96.82 port 58948 ssh2
Jan 19 01:34:23 host sshd[13195]: Received disconnect from 185.245.96.82 port 58948:11: Bye Bye [preauth]
Jan 19 01:34:23 host sshd[13195]: Disconnected from 185.245.96.82 port 58948 [preauth]
Jan 19 01:35:27 host sshd[13435]: Invalid user debian from 45.55.65.93 port 36684
Jan 19 01:35:27 host sshd[13435]: input_userauth_request: invalid user debian [preauth]
Jan 19 01:35:27 host sshd[13435]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:35:27 host sshd[13435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.65.93
Jan 19 01:35:29 host sshd[13435]: Failed password for invalid user debian from 45.55.65.93 port 36684 ssh2
Jan 19 01:35:29 host sshd[13435]: Received disconnect from 45.55.65.93 port 36684:11: Bye Bye [preauth]
Jan 19 01:35:29 host sshd[13435]: Disconnected from 45.55.65.93 port 36684 [preauth]
Jan 19 01:35:58 host sshd[13522]: User centos from 159.223.197.166 not allowed because not listed in AllowUsers
Jan 19 01:35:58 host sshd[13522]: input_userauth_request: invalid user centos [preauth]
Jan 19 01:35:58 host unix_chkpwd[13526]: password check failed for user (centos)
Jan 19 01:35:58 host sshd[13522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.197.166 user=centos
Jan 19 01:36:00 host sshd[13522]: Failed password for invalid user centos from 159.223.197.166 port 35942 ssh2
Jan 19 01:36:01 host sshd[13522]: Received disconnect from 159.223.197.166 port 35942:11: Bye Bye [preauth]
Jan 19 01:36:01 host sshd[13522]: Disconnected from 159.223.197.166 port 35942 [preauth]
Jan 19 01:36:09 host sshd[13588]: Invalid user factorio from 159.65.63.94 port 34842
Jan 19 01:36:09 host sshd[13588]: input_userauth_request: invalid user factorio [preauth]
Jan 19 01:36:09 host sshd[13588]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:36:09 host sshd[13588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.63.94
Jan 19 01:36:12 host sshd[13588]: Failed password for invalid user factorio from 159.65.63.94 port 34842 ssh2
Jan 19 01:36:12 host sshd[13588]: Received disconnect from 159.65.63.94 port 34842:11: Bye Bye [preauth]
Jan 19 01:36:12 host sshd[13588]: Disconnected from 159.65.63.94 port 34842 [preauth]
Jan 19 01:36:13 host sshd[13597]: Invalid user sammy from 92.222.10.235 port 56122
Jan 19 01:36:13 host sshd[13597]: input_userauth_request: invalid user sammy [preauth]
Jan 19 01:36:13 host sshd[13597]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:36:13 host sshd[13597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.222.10.235
Jan 19 01:36:16 host sshd[13597]: Failed password for invalid user sammy from 92.222.10.235 port 56122 ssh2
Jan 19 01:36:16 host sshd[13597]: Received disconnect from 92.222.10.235 port 56122:11: Bye Bye [preauth]
Jan 19 01:36:16 host sshd[13597]: Disconnected from 92.222.10.235 port 56122 [preauth]
Jan 19 01:36:41 host sshd[13663]: Invalid user celery from 43.133.229.111 port 50352
Jan 19 01:36:41 host sshd[13663]: input_userauth_request: invalid user celery [preauth]
Jan 19 01:36:41 host sshd[13663]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:36:41 host sshd[13663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.133.229.111
Jan 19 01:36:43 host sshd[13663]: Failed password for invalid user celery from 43.133.229.111 port 50352 ssh2
Jan 19 01:36:43 host sshd[13663]: Received disconnect from 43.133.229.111 port 50352:11: Bye Bye [preauth]
Jan 19 01:36:43 host sshd[13663]: Disconnected from 43.133.229.111 port 50352 [preauth]
Jan 19 01:37:19 host sshd[13853]: User root from 45.55.65.93 not allowed because not listed in AllowUsers
Jan 19 01:37:19 host sshd[13853]: input_userauth_request: invalid user root [preauth]
Jan 19 01:37:19 host unix_chkpwd[13861]: password check failed for user (root)
Jan 19 01:37:19 host sshd[13853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.65.93 user=root
Jan 19 01:37:19 host sshd[13853]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 01:37:19 host sshd[13856]: User root from 159.65.63.94 not allowed because not listed in AllowUsers
Jan 19 01:37:19 host sshd[13856]: input_userauth_request: invalid user root [preauth]
Jan 19 01:37:19 host unix_chkpwd[13862]: password check failed for user (root)
Jan 19 01:37:19 host sshd[13856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.63.94 user=root
Jan 19 01:37:19 host sshd[13856]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 01:37:19 host sshd[13859]: Invalid user asterisk from 185.245.96.82 port 57346
Jan 19 01:37:19 host sshd[13859]: input_userauth_request: invalid user asterisk [preauth]
Jan 19 01:37:19 host sshd[13859]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:37:19 host sshd[13859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.245.96.82
Jan 19 01:37:22 host sshd[13853]: Failed password for invalid user root from 45.55.65.93 port 43882 ssh2
Jan 19 01:37:22 host sshd[13856]: Failed password for invalid user root from 159.65.63.94 port 41046 ssh2
Jan 19 01:37:22 host sshd[13859]: Failed password for invalid user asterisk from 185.245.96.82 port 57346 ssh2
Jan 19 01:37:22 host sshd[13853]: Received disconnect from 45.55.65.93 port 43882:11: Bye Bye [preauth]
Jan 19 01:37:22 host sshd[13853]: Disconnected from 45.55.65.93 port 43882 [preauth]
Jan 19 01:37:22 host sshd[13856]: Received disconnect from 159.65.63.94 port 41046:11: Bye Bye [preauth]
Jan 19 01:37:22 host sshd[13856]: Disconnected from 159.65.63.94 port 41046 [preauth]
Jan 19 01:37:22 host sshd[13859]: Received disconnect from 185.245.96.82 port 57346:11: Bye Bye [preauth]
Jan 19 01:37:22 host sshd[13859]: Disconnected from 185.245.96.82 port 57346 [preauth]
Jan 19 01:37:22 host sshd[13867]: Invalid user debian from 92.222.10.235 port 54472
Jan 19 01:37:22 host sshd[13867]: input_userauth_request: invalid user debian [preauth]
Jan 19 01:37:22 host sshd[13867]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:37:22 host sshd[13867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.222.10.235
Jan 19 01:37:24 host sshd[13867]: Failed password for invalid user debian from 92.222.10.235 port 54472 ssh2
Jan 19 01:37:25 host sshd[13867]: Received disconnect from 92.222.10.235 port 54472:11: Bye Bye [preauth]
Jan 19 01:37:25 host sshd[13867]: Disconnected from 92.222.10.235 port 54472 [preauth]
Jan 19 01:38:07 host sshd[14067]: User root from 43.133.229.111 not allowed because not listed in AllowUsers
Jan 19 01:38:07 host sshd[14067]: input_userauth_request: invalid user root [preauth]
Jan 19 01:38:07 host unix_chkpwd[14071]: password check failed for user (root)
Jan 19 01:38:07 host sshd[14067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.133.229.111 user=root
Jan 19 01:38:07 host sshd[14067]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 01:38:09 host sshd[14067]: Failed password for invalid user root from 43.133.229.111 port 58720 ssh2
Jan 19 01:38:25 host sshd[14151]: Invalid user es from 185.245.96.82 port 52242
Jan 19 01:38:25 host sshd[14151]: input_userauth_request: invalid user es [preauth]
Jan 19 01:38:25 host sshd[14151]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:38:25 host sshd[14151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.245.96.82
Jan 19 01:38:27 host sshd[14151]: Failed password for invalid user es from 185.245.96.82 port 52242 ssh2
Jan 19 01:38:27 host sshd[14151]: Received disconnect from 185.245.96.82 port 52242:11: Bye Bye [preauth]
Jan 19 01:38:27 host sshd[14151]: Disconnected from 185.245.96.82 port 52242 [preauth]
Jan 19 01:39:08 host sshd[14299]: User root from 107.143.137.5 not allowed because not listed in AllowUsers
Jan 19 01:39:08 host sshd[14299]: input_userauth_request: invalid user root [preauth]
Jan 19 01:39:08 host unix_chkpwd[14308]: password check failed for user (root)
Jan 19 01:39:08 host sshd[14299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.143.137.5 user=root
Jan 19 01:39:08 host sshd[14299]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 01:39:11 host sshd[14299]: Failed password for invalid user root from 107.143.137.5 port 48065 ssh2
Jan 19 01:39:11 host sshd[14299]: Connection closed by 107.143.137.5 port 48065 [preauth]
Jan 19 01:39:51 host sshd[14411]: Invalid user user01 from 51.195.122.210 port 38308
Jan 19 01:39:51 host sshd[14411]: input_userauth_request: invalid user user01 [preauth]
Jan 19 01:39:51 host sshd[14411]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:39:51 host sshd[14411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.122.210
Jan 19 01:39:53 host sshd[14411]: Failed password for invalid user user01 from 51.195.122.210 port 38308 ssh2
Jan 19 01:39:54 host sshd[14411]: Received disconnect from 51.195.122.210 port 38308:11: Bye Bye [preauth]
Jan 19 01:39:54 host sshd[14411]: Disconnected from 51.195.122.210 port 38308 [preauth]
Jan 19 01:43:01 host sshd[15024]: Received disconnect from 51.195.122.210 port 51804:11: Bye Bye [preauth]
Jan 19 01:43:01 host sshd[15024]: Disconnected from 51.195.122.210 port 51804 [preauth]
Jan 19 01:45:47 host sshd[15593]: Invalid user ansadmin from 51.195.122.210 port 42252
Jan 19 01:45:47 host sshd[15593]: input_userauth_request: invalid user ansadmin [preauth]
Jan 19 01:45:47 host sshd[15593]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:45:47 host sshd[15593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.122.210
Jan 19 01:45:48 host sshd[15593]: Failed password for invalid user ansadmin from 51.195.122.210 port 42252 ssh2
Jan 19 01:45:48 host sshd[15593]: Received disconnect from 51.195.122.210 port 42252:11: Bye Bye [preauth]
Jan 19 01:45:48 host sshd[15593]: Disconnected from 51.195.122.210 port 42252 [preauth]
Jan 19 01:48:35 host sshd[16346]: Connection closed by 51.195.122.210 port 42056 [preauth]
Jan 19 01:51:24 host sshd[16784]: Invalid user factorio from 51.195.122.210 port 48828
Jan 19 01:51:24 host sshd[16784]: input_userauth_request: invalid user factorio [preauth]
Jan 19 01:51:24 host sshd[16784]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:51:24 host sshd[16784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.122.210
Jan 19 01:51:26 host sshd[16784]: Failed password for invalid user factorio from 51.195.122.210 port 48828 ssh2
Jan 19 01:51:27 host sshd[16784]: Received disconnect from 51.195.122.210 port 48828:11: Bye Bye [preauth]
Jan 19 01:51:27 host sshd[16784]: Disconnected from 51.195.122.210 port 48828 [preauth]
Jan 19 01:58:47 host sshd[18043]: Invalid user steam from 114.34.129.188 port 33186
Jan 19 01:58:47 host sshd[18043]: input_userauth_request: invalid user steam [preauth]
Jan 19 01:58:47 host sshd[18043]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 01:58:47 host sshd[18043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.129.188
Jan 19 01:58:49 host sshd[18043]: Failed password for invalid user steam from 114.34.129.188 port 33186 ssh2
Jan 19 01:58:50 host sshd[18043]: Connection reset by 114.34.129.188 port 33186 [preauth]
Jan 19 02:00:51 host sshd[18322]: Invalid user http from 185.246.130.20 port 48461
Jan 19 02:00:51 host sshd[18322]: input_userauth_request: invalid user http [preauth]
Jan 19 02:00:51 host sshd[18322]: Failed none for invalid user http from 185.246.130.20 port 48461 ssh2
Jan 19 02:00:52 host sshd[18322]: Disconnecting: Change of username or service not allowed: (http,ssh-connection) -> (factory,ssh-connection) [preauth]
Jan 19 02:00:55 host sshd[18337]: Invalid user factory from 185.246.130.20 port 17081
Jan 19 02:00:55 host sshd[18337]: input_userauth_request: invalid user factory [preauth]
Jan 19 02:00:55 host sshd[18337]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:00:55 host sshd[18337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.246.130.20
Jan 19 02:00:58 host sshd[18337]: Failed password for invalid user factory from 185.246.130.20 port 17081 ssh2
Jan 19 02:00:58 host sshd[18337]: Disconnecting: Change of username or service not allowed: (factory,ssh-connection) -> (3comcso,ssh-connection) [preauth]
Jan 19 02:01:01 host sshd[18348]: Invalid user 3comcso from 185.246.130.20 port 16869
Jan 19 02:01:01 host sshd[18348]: input_userauth_request: invalid user 3comcso [preauth]
Jan 19 02:01:02 host sshd[18348]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:01:02 host sshd[18348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.246.130.20
Jan 19 02:01:04 host sshd[18348]: Failed password for invalid user 3comcso from 185.246.130.20 port 16869 ssh2
Jan 19 02:01:05 host sshd[18348]: Disconnecting: Change of username or service not allowed: (3comcso,ssh-connection) -> (,ssh-connection) [preauth]
Jan 19 02:01:07 host sshd[18384]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 185.246.130.20 port 1739
Jan 19 02:02:09 host sshd[18524]: Invalid user oracle from 211.223.150.169 port 62613
Jan 19 02:02:09 host sshd[18524]: input_userauth_request: invalid user oracle [preauth]
Jan 19 02:02:09 host sshd[18524]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:02:09 host sshd[18524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.223.150.169
Jan 19 02:02:12 host sshd[18524]: Failed password for invalid user oracle from 211.223.150.169 port 62613 ssh2
Jan 19 02:02:12 host sshd[18524]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:02:14 host sshd[18524]: Failed password for invalid user oracle from 211.223.150.169 port 62613 ssh2
Jan 19 02:02:14 host sshd[18524]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:02:17 host sshd[18524]: Failed password for invalid user oracle from 211.223.150.169 port 62613 ssh2
Jan 19 02:02:18 host sshd[18524]: Failed password for invalid user oracle from 211.223.150.169 port 62613 ssh2
Jan 19 02:02:18 host sshd[18524]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:02:20 host sshd[18524]: Failed password for invalid user oracle from 211.223.150.169 port 62613 ssh2
Jan 19 02:03:28 host sshd[18694]: Invalid user admin from 59.120.231.41 port 58210
Jan 19 02:03:28 host sshd[18694]: input_userauth_request: invalid user admin [preauth]
Jan 19 02:03:28 host sshd[18694]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:03:28 host sshd[18694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.231.41
Jan 19 02:03:30 host sshd[18694]: Failed password for invalid user admin from 59.120.231.41 port 58210 ssh2
Jan 19 02:03:30 host sshd[18694]: Failed password for invalid user admin from 59.120.231.41 port 58210 ssh2
Jan 19 02:03:31 host sshd[18694]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:03:33 host sshd[18694]: Failed password for invalid user admin from 59.120.231.41 port 58210 ssh2
Jan 19 02:03:33 host sshd[18699]: Invalid user postgres from 125.227.205.53 port 58887
Jan 19 02:03:33 host sshd[18699]: input_userauth_request: invalid user postgres [preauth]
Jan 19 02:03:33 host sshd[18699]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:03:33 host sshd[18699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.227.205.53
Jan 19 02:03:33 host sshd[18694]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:03:35 host sshd[18699]: Failed password for invalid user postgres from 125.227.205.53 port 58887 ssh2
Jan 19 02:03:35 host sshd[18694]: Failed password for invalid user admin from 59.120.231.41 port 58210 ssh2
Jan 19 02:03:35 host sshd[18694]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:03:36 host sshd[18699]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:03:38 host sshd[18694]: Failed password for invalid user admin from 59.120.231.41 port 58210 ssh2
Jan 19 02:03:38 host sshd[18699]: Failed password for invalid user postgres from 125.227.205.53 port 58887 ssh2
Jan 19 02:03:38 host sshd[18694]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:03:38 host sshd[18699]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:03:41 host sshd[18694]: Failed password for invalid user admin from 59.120.231.41 port 58210 ssh2
Jan 19 02:03:41 host sshd[18694]: error: maximum authentication attempts exceeded for invalid user admin from 59.120.231.41 port 58210 ssh2 [preauth]
Jan 19 02:03:41 host sshd[18694]: Disconnecting: Too many authentication failures [preauth]
Jan 19 02:03:41 host sshd[18694]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.231.41
Jan 19 02:03:41 host sshd[18694]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 19 02:03:41 host sshd[18699]: Failed password for invalid user postgres from 125.227.205.53 port 58887 ssh2
Jan 19 02:03:42 host sshd[18699]: Failed password for invalid user postgres from 125.227.205.53 port 58887 ssh2
Jan 19 02:03:42 host sshd[18699]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:03:44 host sshd[18699]: Failed password for invalid user postgres from 125.227.205.53 port 58887 ssh2
Jan 19 02:06:24 host sshd[19203]: User root from 121.148.215.114 not allowed because not listed in AllowUsers
Jan 19 02:06:24 host sshd[19203]: input_userauth_request: invalid user root [preauth]
Jan 19 02:06:24 host unix_chkpwd[19207]: password check failed for user (root)
Jan 19 02:06:24 host sshd[19203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.148.215.114 user=root
Jan 19 02:06:24 host sshd[19203]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 02:06:26 host sshd[19203]: Failed password for invalid user root from 121.148.215.114 port 61574 ssh2
Jan 19 02:06:26 host sshd[19203]: Connection reset by 121.148.215.114 port 61574 [preauth]
Jan 19 02:10:01 host sshd[19715]: User root from 41.197.31.178 not allowed because not listed in AllowUsers
Jan 19 02:10:01 host sshd[19715]: input_userauth_request: invalid user root [preauth]
Jan 19 02:10:01 host unix_chkpwd[19742]: password check failed for user (root)
Jan 19 02:10:01 host sshd[19715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.197.31.178 user=root
Jan 19 02:10:01 host sshd[19715]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 02:10:04 host sshd[19715]: Failed password for invalid user root from 41.197.31.178 port 59784 ssh2
Jan 19 02:10:04 host sshd[19715]: Connection closed by 41.197.31.178 port 59784 [preauth]
Jan 19 02:13:14 host sshd[20126]: Connection closed by 192.241.231.9 port 51896 [preauth]
Jan 19 02:16:11 host sshd[20569]: Invalid user admin from 223.22.233.95 port 49507
Jan 19 02:16:11 host sshd[20569]: input_userauth_request: invalid user admin [preauth]
Jan 19 02:16:11 host sshd[20569]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:16:11 host sshd[20569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.22.233.95
Jan 19 02:16:13 host sshd[20569]: Failed password for invalid user admin from 223.22.233.95 port 49507 ssh2
Jan 19 02:16:14 host sshd[20569]: Connection closed by 223.22.233.95 port 49507 [preauth]
Jan 19 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=wwwrmswll user-4=keralaholi user-5=wwwresourcehunte user-6=ugotscom user-7=cochintaxi user-8=wwwkaretakers user-9=dartsimp user-10=a2zgroup user-11=laundryboniface user-12=bonifacegroup user-13=wwwevmhonda user-14=straightcurve user-15=wwwletsstalkfood user-16=gifterman user-17=palco123 user-18=phmetals user-19=kottayamcalldriv user-20=wwwnexidigital user-21=mrsclean user-22=wwwkmaorg user-23=disposeat user-24=remysagr user-25=wwwkapin user-26=woodpeck user-27=vfmassets user-28=wwwtestugo user-29=shalinijames user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 02:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-km7f5964Jizrnc3X.~
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-km7f5964Jizrnc3X.~'
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-km7f5964Jizrnc3X.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 02:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 02:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 02:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 02:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 02:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 02:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 02:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 02:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:22:40 host sshd[21615]: Invalid user ge from 194.110.203.109 port 51742
Jan 19 02:22:40 host sshd[21615]: input_userauth_request: invalid user ge [preauth]
Jan 19 02:22:40 host sshd[21615]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:22:40 host sshd[21615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 02:22:41 host sshd[21615]: Failed password for invalid user ge from 194.110.203.109 port 51742 ssh2
Jan 19 02:22:45 host sshd[21615]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:22:47 host sshd[21615]: Failed password for invalid user ge from 194.110.203.109 port 51742 ssh2
Jan 19 02:22:50 host sshd[21615]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:22:52 host sshd[21615]: Failed password for invalid user ge from 194.110.203.109 port 51742 ssh2
Jan 19 02:22:55 host sshd[21615]: Connection closed by 194.110.203.109 port 51742 [preauth]
Jan 19 02:22:55 host sshd[21615]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 02:27:19 host sshd[22234]: Invalid user gitlab-runner from 112.186.241.34 port 46917
Jan 19 02:27:19 host sshd[22234]: input_userauth_request: invalid user gitlab-runner [preauth]
Jan 19 02:27:19 host sshd[22234]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:27:19 host sshd[22234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.186.241.34
Jan 19 02:27:21 host sshd[22234]: Failed password for invalid user gitlab-runner from 112.186.241.34 port 46917 ssh2
Jan 19 02:27:22 host sshd[22234]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:27:24 host sshd[22234]: Failed password for invalid user gitlab-runner from 112.186.241.34 port 46917 ssh2
Jan 19 02:27:25 host sshd[22234]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:27:27 host sshd[22234]: Failed password for invalid user gitlab-runner from 112.186.241.34 port 46917 ssh2
Jan 19 02:27:28 host sshd[22234]: Failed password for invalid user gitlab-runner from 112.186.241.34 port 46917 ssh2
Jan 19 02:27:28 host sshd[22234]: Connection closed by 112.186.241.34 port 46917 [preauth]
Jan 19 02:27:28 host sshd[22234]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.186.241.34
Jan 19 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkapin user-2=woodpeck user-3=remysagr user-4=disposeat user-5=wwwkmaorg user-6=pmcresources user-7=shalinijames user-8=wwwtestugo user-9=vfmassets user-10=wwwletsstalkfood user-11=straightcurve user-12=wwwevmhonda user-13=bonifacegroup user-14=mrsclean user-15=wwwnexidigital user-16=kottayamcalldriv user-17=phmetals user-18=palco123 user-19=gifterman user-20=wwwkaretakers user-21=cochintaxi user-22=laundryboniface user-23=a2zgroup user-24=dartsimp user-25=wwwpmcresource user-26=ugotscom user-27=wwwresourcehunte user-28=keralaholi user-29=wwwrmswll user-30=travelboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 02:29:02 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwevmhonda --output=json
Jan 19 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/sh -c cd /home/wwwevmhonda/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 19 02:29:10 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 19 02:29:10 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 19 02:29:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwevmhonda LangPHP php_get_vhost_versions --output=json
Jan 19 02:29:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 package_manager_get_package_info package-0=ea-php72 --output=json
Jan 19 02:29:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwletsstalkfood --output=json
Jan 19 02:29:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:25 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/sh -c cd /home/wwwletsstalkfood/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 19 02:29:25 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 19 02:29:25 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 19 02:29:25 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood LangPHP php_get_vhost_versions --output=json
Jan 19 02:29:25 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:25 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood DomainInfo single_domain_data domain=letsstalkfood.com return_https_redirect_status=1 --output=json
Jan 19 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 fetch_vhost_ssl_components --output=json
Jan 19 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 fetch_ssl_vhosts --output=json
Jan 19 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:27 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:27 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood Mime list_redirects --output=json
Jan 19 02:29:27 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:27 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:41 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood DirectoryPrivacy is_directory_protected dir=/home/wwwletsstalkfood/public_html --output=json
Jan 19 02:29:41 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:41 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=mrsclean --output=json
Jan 19 02:29:46 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:46 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean DomainInfo single_domain_data domain=mrsclean.co.in return_https_redirect_status=1 --output=json
Jan 19 02:29:46 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:46 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:47 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean Mime list_redirects --output=json
Jan 19 02:29:47 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:47 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:47 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/sh -c cd /home/mrsclean/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 19 02:29:47 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 19 02:29:47 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 19 02:29:47 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean LangPHP php_get_vhost_versions --output=json
Jan 19 02:29:47 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:47 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:47 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 02:29:47 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 02:29:47 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 02:29:47 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/sh -c cd /home/mrsclean/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 19 02:29:47 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 19 02:29:47 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 19 02:29:47 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=shalinijames --output=json
Jan 19 02:29:47 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:47 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:56 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/sh -c cd /home/shalinijames/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 19 02:29:56 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 19 02:29:56 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 19 02:29:56 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames LangPHP php_get_vhost_versions --output=json
Jan 19 02:29:56 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:56 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:56 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames DomainInfo single_domain_data domain=shalinijames.com return_https_redirect_status=1 --output=json
Jan 19 02:29:56 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:56 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:29:56 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames Mime list_redirects --output=json
Jan 19 02:29:56 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:29:57 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:30:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames DirectoryPrivacy is_directory_protected dir=/home/shalinijames/public_html --output=json
Jan 19 02:30:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:30:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:30:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwtestugo --output=json
Jan 19 02:30:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:30:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:30:25 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 19 02:30:25 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 19 02:30:26 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 19 02:30:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo LangPHP php_get_vhost_versions --output=json
Jan 19 02:30:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:30:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:30:27 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DomainInfo single_domain_data domain=testugo.in return_https_redirect_status=1 --output=json
Jan 19 02:30:27 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:30:27 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:30:27 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo Mime list_redirects --output=json
Jan 19 02:30:27 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:30:27 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:30:33 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/tt1 --output=json
Jan 19 02:30:33 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:30:33 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:30:52 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 19 02:30:52 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 19 02:30:52 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 19 02:30:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/tt --output=json
Jan 19 02:30:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:30:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:31:19 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 19 02:31:19 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 19 02:31:19 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 19 02:31:36 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/HYPE --output=json
Jan 19 02:31:36 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:31:36 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:31:40 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=ugotscom --output=json
Jan 19 02:31:40 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:31:40 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:31:40 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DomainInfo single_domain_data domain=ugotechnologies.com return_https_redirect_status=1 --output=json
Jan 19 02:31:40 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:31:40 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:31:40 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom Mime list_redirects --output=json
Jan 19 02:31:40 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:31:40 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:31:40 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 19 02:31:40 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 02:31:40 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 02:31:41 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom LangPHP php_get_vhost_versions --output=json
Jan 19 02:31:41 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:31:41 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:31:49 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 19 02:31:49 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 02:31:49 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 02:32:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DirectoryPrivacy is_directory_protected dir=/home/ugotscom/public_html/old/UGOCRM/ugo_blg --output=json
Jan 19 02:32:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:32:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:32:27 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 19 02:32:27 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 02:32:27 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 02:32:32 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DirectoryPrivacy is_directory_protected dir=/home/ugotscom/public_html/old/site --output=json
Jan 19 02:32:32 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:32:32 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:32:35 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=woodpeck --output=json
Jan 19 02:32:35 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:32:35 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:32:35 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck DomainInfo single_domain_data domain=woodpeckerindia.com return_https_redirect_status=1 --output=json
Jan 19 02:32:35 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:32:36 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:32:36 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck Mime list_redirects --output=json
Jan 19 02:32:36 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:32:36 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:32:36 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/sh -c cd /home/woodpeck/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 19 02:32:36 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 19 02:32:36 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 19 02:32:36 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck LangPHP php_get_vhost_versions --output=json
Jan 19 02:32:36 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:32:36 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:32:36 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=palco123 --output=json
Jan 19 02:32:36 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:32:36 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:33:28 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/sh -c cd /home/palco123/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 19 02:33:28 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 19 02:33:28 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 19 02:33:28 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 LangPHP php_get_vhost_versions --output=json
Jan 19 02:33:28 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:33:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:33:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 DomainInfo single_domain_data domain=panlys.com return_https_redirect_status=1 --output=json
Jan 19 02:33:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:33:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:33:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 Mime list_redirects --output=json
Jan 19 02:33:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:33:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:33:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 DirectoryPrivacy is_directory_protected dir=/home/palco123/public_html --output=json
Jan 19 02:33:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:33:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:33:48 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwresourcehunte --output=json
Jan 19 02:33:48 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:33:48 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:34:54 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwkapin WpToolkitNotification send_admin_suspicious_instance_notification 'suspicious_instance_text=The following WordPress installations are quarantined:<br/>' 'suspicious_instance_details_info=Website "Resource Hunters" (http://resourcehunters.com): WP Toolkit was not able to finish running an operation on this site in 60 seconds, so the operation was terminated. This could mean that your WordPress installation might be infected with malware. Check the wp-config.php file of the installation for potential malware code or run an anti-virus scan. If you cannot find any traces of malware, try running the operation again later.' --output=json
Jan 19 02:34:54 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:34:54 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:34:54 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte DomainInfo single_domain_data domain=resourcehunters.com return_https_redirect_status=1 --output=json
Jan 19 02:34:54 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:34:54 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:34:54 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte Mime list_redirects --output=json
Jan 19 02:34:54 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:34:55 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:34:55 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/sh -c cd /home/wwwresourcehunte/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 19 02:34:55 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 19 02:34:55 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 19 02:34:55 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte LangPHP php_get_vhost_versions --output=json
Jan 19 02:34:55 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:34:55 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:34:55 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwkapin WpToolkitNotification send_admin_auto_updates_notification 'available_updates_text=<br/><br/>Updates are available for the following items:<br/><br/>' 'available_updates_list=1. Plugin "W3 Total Cache" on Let'"'"'s Stalk Food (http://www.letsstalkfood.com). Installed version: 0.15.1. Available version: 2.2.12.<br/><br/>2. Plugin "W3 Total Cache" on Today'"'"'s Traveller (http://testugo.in/tt). Installed version: 0.14.1. Available version: 2.2.12.<br/><br/>3. Plugin "W3 Total Cache" on Today'"'"'s Traveller (http://testugo.in/tt). Installed version: 0.14.1. Available version: 2.2.12.<br/><br/>4. Plugin "Advanced Custom Fields" on Panlys (https://www.panlys.com). Installed version: 5.9.5. Available version: 6.0.7.<br/><br/>' installed_updates_text= installed_updates_list= 'failure_updates_text=Updates were not
Jan 19 02:34:55 host sudo: wp-toolkit : (command continued) installed for the following items:<br/><br/>' 'failure_updates_list=1. Website "EVM Honda Cochin" (http://www.evmhonda.com): Failed to reset cache for the instance #1: Fatal error: Uncaught Error: Call to undefined function cardealer_is_wpml_active() in /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-options.php:1041#012Stack trace:#012#0 /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-init.php(22): require_once()#012#1 /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/cardealer-helper-library.php(183): require_once('"'"'/home/wwwevmhon...'"'"')#012#2 /home/wwwevmhonda/public_html/wp-includes/class-wp-hook.php(287): cdhl_include_admin_files('"'"''"'"')#012#3 /home/wwwevmhonda/public_html/wp-includes/class-wp-hook.php(311): WP_Hook->apply_filters(NULL, Array)#012#4
Jan 19 02:34:55 host sudo: wp-toolkit : (command continued) /home/wwwevmhonda/public_html/wp-includes/plugin.php(478): WP_Hook->do_action(Array)#012#5 /home/wwwevmhonda/public_html/wp-settings.php(546): do_action('"'"'init'"'"')#012#6 /usr/local/cpanel/3rdparty/wp-toolkit/plib/vendor/wp-cli/vendor/wp-cli/wp-cli/php/WP_CLI/Runner.php(1356): require('"'"'/home/wwwevmhon...'"'"')#012#7 /usr/local/cpanel/3rdparty/wp-toolkit/plib/ve in /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-options.php on line 1041#012Error: There has been a critical error on your website.Learn more about debugging in WordPress. There has been a critical error on your website.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>2. Website "/home/mrsclean/public_html/backup" (http://mrsclean.co.in/backup): Failed to reset cache for the instance #5: Error: Error establishing a database connection. This either means that the username and password
Jan 19 02:34:55 host sudo: wp-toolkit : (command continued) information in your `wp-config.php` file is incorrect or we can’t contact the database server at `localhost`. This could mean your host’s database server is down.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>3. Website "/home/mrsclean/public_html/blog" (http://mrsclean.co.in/blog): Failed to reset cache for the instance #6: Error: Error establishing a database connection. This either means that the username and password information in your `wp-config.php` file is incorrect or we can’t contact the database server at `localhost`. This could mean your host’s database server is down.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>4. Website "/home/ugotscom/public_html/boniface/blog" (http://ugotechnologies.com/boniface/blog): Failed to reset cache for the instance #13: Error: Error establishing a database connection.#012[error]FailedToExecuteWpCliCommand: exit status
Jan 19 02:34:55 host sudo: wp-toolkit : (command continued) 1[/error]#012<br/><br/>5. Website "/home/woodpeck/public_html/wp" (http://woodpeckerindia.com/wp): Failed to reset cache for the instance #16: [error]FailedToExecuteWpCliCommand: chdir /home/woodpeck/public_html/wp: no such file or directory[/error]#012<br/><br/>6. Website "/home/wwwresourcehunte/public_html" (http://resourcehunters.com): Failed to reset cache for the instance #18: WP Toolkit was not able to finish running an operation on this site in 60 seconds, so the operation was terminated. This could mean that your WordPress installation might be infected with malware. Check the wp-config.php file of the installation for potential malware code or run an anti-virus scan. If you cannot find any traces of malware, try running the operation again later.<br/><br/>' --output=json
Jan 19 02:34:55 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:34:55 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c httpd -v
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/palco123/panlys.com/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/palco123/panlys.com/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/palco123/panlys.com/wp-toolkit.conf
Jan 19 02:35:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/palco123/panlys.com/wp-toolkit.conf
Jan 19 02:35:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 19 02:35:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 19 02:35:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 19 02:35:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 19 02:35:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:35:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:35:24 host sshd[25977]: Invalid user engineer from 102.216.33.159 port 45871
Jan 19 02:35:24 host sshd[25977]: input_userauth_request: invalid user engineer [preauth]
Jan 19 02:35:25 host sshd[25977]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:35:25 host sshd[25977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.216.33.159
Jan 19 02:35:27 host sshd[25977]: Failed password for invalid user engineer from 102.216.33.159 port 45871 ssh2
Jan 19 02:35:28 host sshd[25977]: Connection closed by 102.216.33.159 port 45871 [preauth]
Jan 19 02:44:22 host sshd[27119]: User root from 112.186.151.169 not allowed because not listed in AllowUsers
Jan 19 02:44:22 host sshd[27119]: input_userauth_request: invalid user root [preauth]
Jan 19 02:44:22 host unix_chkpwd[27123]: password check failed for user (root)
Jan 19 02:44:22 host sshd[27119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.186.151.169 user=root
Jan 19 02:44:22 host sshd[27119]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 02:44:24 host sshd[27119]: Failed password for invalid user root from 112.186.151.169 port 60128 ssh2
Jan 19 02:44:25 host unix_chkpwd[27129]: password check failed for user (root)
Jan 19 02:44:25 host sshd[27119]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 02:44:27 host sshd[27119]: Failed password for invalid user root from 112.186.151.169 port 60128 ssh2
Jan 19 02:44:28 host unix_chkpwd[27153]: password check failed for user (root)
Jan 19 02:44:28 host sshd[27119]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 02:44:30 host sshd[27119]: Failed password for invalid user root from 112.186.151.169 port 60128 ssh2
Jan 19 02:44:30 host unix_chkpwd[27157]: password check failed for user (root)
Jan 19 02:44:30 host sshd[27119]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 02:44:33 host sshd[27119]: Failed password for invalid user root from 112.186.151.169 port 60128 ssh2
Jan 19 02:44:33 host unix_chkpwd[27160]: password check failed for user (root)
Jan 19 02:44:33 host sshd[27119]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 02:44:35 host sshd[27119]: Failed password for invalid user root from 112.186.151.169 port 60128 ssh2
Jan 19 02:44:35 host unix_chkpwd[27170]: password check failed for user (root)
Jan 19 02:44:35 host sshd[27119]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 02:44:37 host sshd[27119]: Failed password for invalid user root from 112.186.151.169 port 60128 ssh2
Jan 19 02:44:37 host sshd[27119]: error: maximum authentication attempts exceeded for invalid user root from 112.186.151.169 port 60128 ssh2 [preauth]
Jan 19 02:44:37 host sshd[27119]: Disconnecting: Too many authentication failures [preauth]
Jan 19 02:44:37 host sshd[27119]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.186.151.169 user=root
Jan 19 02:44:37 host sshd[27119]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 19 02:46:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 02:46:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:46:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:46:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 02:46:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:46:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:46:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 02:46:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:46:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:46:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 02:46:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:46:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:46:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 02:46:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:46:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:46:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 02:46:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:46:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:46:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 02:46:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 02:46:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 02:46:39 host sshd[27646]: Connection closed by 162.142.125.210 port 50602 [preauth]
Jan 19 02:51:24 host sshd[28401]: Invalid user dmdba from 195.70.93.131 port 44173
Jan 19 02:51:24 host sshd[28401]: input_userauth_request: invalid user dmdba [preauth]
Jan 19 02:51:24 host sshd[28401]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:51:24 host sshd[28401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.70.93.131
Jan 19 02:51:26 host sshd[28401]: Failed password for invalid user dmdba from 195.70.93.131 port 44173 ssh2
Jan 19 02:51:27 host sshd[28401]: Failed password for invalid user dmdba from 195.70.93.131 port 44173 ssh2
Jan 19 02:51:28 host sshd[28401]: Connection closed by 195.70.93.131 port 44173 [preauth]
Jan 19 02:54:40 host sshd[28799]: Invalid user admin from 113.160.15.163 port 43434
Jan 19 02:54:40 host sshd[28799]: input_userauth_request: invalid user admin [preauth]
Jan 19 02:54:44 host sshd[28799]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 02:54:44 host sshd[28799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.160.15.163
Jan 19 02:54:46 host sshd[28799]: Failed password for invalid user admin from 113.160.15.163 port 43434 ssh2
Jan 19 02:54:48 host sshd[28799]: Connection closed by 113.160.15.163 port 43434 [preauth]
Jan 19 02:55:52 host sshd[29063]: Connection reset by 59.126.150.10 port 40337 [preauth]
Jan 19 03:13:04 host sshd[31388]: Invalid user admin from 185.121.0.4 port 17288
Jan 19 03:13:04 host sshd[31388]: input_userauth_request: invalid user admin [preauth]
Jan 19 03:13:04 host sshd[31388]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:13:04 host sshd[31388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.121.0.4
Jan 19 03:13:07 host sshd[31388]: Failed password for invalid user admin from 185.121.0.4 port 17288 ssh2
Jan 19 03:13:08 host sshd[31388]: Connection closed by 185.121.0.4 port 17288 [preauth]
Jan 19 03:13:42 host sshd[31475]: Invalid user vadmin from 121.159.226.42 port 61697
Jan 19 03:13:42 host sshd[31475]: input_userauth_request: invalid user vadmin [preauth]
Jan 19 03:13:42 host sshd[31475]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:13:42 host sshd[31475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.159.226.42
Jan 19 03:13:44 host sshd[31475]: Failed password for invalid user vadmin from 121.159.226.42 port 61697 ssh2
Jan 19 03:13:45 host sshd[31475]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:13:46 host sshd[31475]: Failed password for invalid user vadmin from 121.159.226.42 port 61697 ssh2
Jan 19 03:17:34 host sshd[32150]: Invalid user travis from 107.189.30.59 port 45236
Jan 19 03:17:34 host sshd[32150]: input_userauth_request: invalid user travis [preauth]
Jan 19 03:17:34 host sshd[32150]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:17:34 host sshd[32150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 19 03:17:36 host sshd[32150]: Failed password for invalid user travis from 107.189.30.59 port 45236 ssh2
Jan 19 03:17:37 host sshd[32150]: Connection closed by 107.189.30.59 port 45236 [preauth]
Jan 19 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=pmcresources user-2=vfmassets user-3=shalinijames user-4=wwwtestugo user-5=woodpeck user-6=wwwkapin user-7=remysagr user-8=disposeat user-9=wwwkmaorg user-10=mrsclean user-11=wwwnexidigital user-12=palco123 user-13=gifterman user-14=phmetals user-15=kottayamcalldriv user-16=straightcurve user-17=wwwletsstalkfood user-18=bonifacegroup user-19=wwwevmhonda user-20=laundryboniface user-21=a2zgroup user-22=dartsimp user-23=cochintaxi user-24=wwwkaretakers user-25=keralaholi user-26=wwwresourcehunte user-27=wwwrmswll user-28=ugotscom user-29=travelboniface user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 03:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 03:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-CdNagV7QyNT7dBDo.~
Jan 19 03:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-CdNagV7QyNT7dBDo.~'
Jan 19 03:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-CdNagV7QyNT7dBDo.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 03:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 03:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 03:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 03:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 03:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 03:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 03:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 03:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 03:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 03:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 03:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 03:28:50 host sshd[1834]: User root from 125.228.182.137 not allowed because not listed in AllowUsers
Jan 19 03:28:50 host sshd[1834]: input_userauth_request: invalid user root [preauth]
Jan 19 03:28:50 host unix_chkpwd[1847]: password check failed for user (root)
Jan 19 03:28:50 host sshd[1834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.182.137 user=root
Jan 19 03:28:50 host sshd[1834]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 03:28:52 host sshd[1834]: Failed password for invalid user root from 125.228.182.137 port 39773 ssh2
Jan 19 03:28:54 host unix_chkpwd[1873]: password check failed for user (root)
Jan 19 03:28:54 host sshd[1834]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 03:28:56 host sshd[1834]: Failed password for invalid user root from 125.228.182.137 port 39773 ssh2
Jan 19 03:28:56 host unix_chkpwd[1882]: password check failed for user (root)
Jan 19 03:28:56 host sshd[1834]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 03:28:59 host sshd[1834]: Failed password for invalid user root from 125.228.182.137 port 39773 ssh2
Jan 19 03:28:59 host unix_chkpwd[1889]: password check failed for user (root)
Jan 19 03:28:59 host sshd[1834]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 03:29:01 host sshd[1834]: Failed password for invalid user root from 125.228.182.137 port 39773 ssh2
Jan 19 03:31:59 host sshd[2626]: User root from 116.199.248.81 not allowed because not listed in AllowUsers
Jan 19 03:31:59 host sshd[2626]: input_userauth_request: invalid user root [preauth]
Jan 19 03:31:59 host unix_chkpwd[2632]: password check failed for user (root)
Jan 19 03:31:59 host sshd[2626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.199.248.81 user=root
Jan 19 03:31:59 host sshd[2626]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 03:32:01 host sshd[2626]: Failed password for invalid user root from 116.199.248.81 port 57406 ssh2
Jan 19 03:32:02 host sshd[2626]: Connection closed by 116.199.248.81 port 57406 [preauth]
Jan 19 03:41:16 host sshd[4259]: Invalid user redis from 182.75.139.26 port 37446
Jan 19 03:41:16 host sshd[4259]: input_userauth_request: invalid user redis [preauth]
Jan 19 03:41:16 host sshd[4259]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:41:16 host sshd[4259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.139.26
Jan 19 03:41:18 host sshd[4259]: Failed password for invalid user redis from 182.75.139.26 port 37446 ssh2
Jan 19 03:41:18 host sshd[4259]: Received disconnect from 182.75.139.26 port 37446:11: Bye Bye [preauth]
Jan 19 03:41:18 host sshd[4259]: Disconnected from 182.75.139.26 port 37446 [preauth]
Jan 19 03:42:05 host sshd[4342]: Invalid user deploy from 178.128.171.48 port 34920
Jan 19 03:42:05 host sshd[4342]: input_userauth_request: invalid user deploy [preauth]
Jan 19 03:42:05 host sshd[4342]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:42:05 host sshd[4342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.171.48
Jan 19 03:42:07 host sshd[4342]: Failed password for invalid user deploy from 178.128.171.48 port 34920 ssh2
Jan 19 03:42:07 host sshd[4342]: Received disconnect from 178.128.171.48 port 34920:11: Bye Bye [preauth]
Jan 19 03:42:07 host sshd[4342]: Disconnected from 178.128.171.48 port 34920 [preauth]
Jan 19 03:43:12 host sshd[4483]: Invalid user frappe from 187.95.144.110 port 36706
Jan 19 03:43:12 host sshd[4483]: input_userauth_request: invalid user frappe [preauth]
Jan 19 03:43:12 host sshd[4483]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:43:12 host sshd[4483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.95.144.110
Jan 19 03:43:14 host sshd[4483]: Failed password for invalid user frappe from 187.95.144.110 port 36706 ssh2
Jan 19 03:43:15 host sshd[4483]: Received disconnect from 187.95.144.110 port 36706:11: Bye Bye [preauth]
Jan 19 03:43:15 host sshd[4483]: Disconnected from 187.95.144.110 port 36706 [preauth]
Jan 19 03:43:17 host sshd[4500]: Invalid user bodega from 85.62.218.82 port 60176
Jan 19 03:43:17 host sshd[4500]: input_userauth_request: invalid user bodega [preauth]
Jan 19 03:43:17 host sshd[4500]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:43:17 host sshd[4500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.62.218.82
Jan 19 03:43:19 host sshd[4500]: Failed password for invalid user bodega from 85.62.218.82 port 60176 ssh2
Jan 19 03:43:19 host sshd[4500]: Received disconnect from 85.62.218.82 port 60176:11: Bye Bye [preauth]
Jan 19 03:43:19 host sshd[4500]: Disconnected from 85.62.218.82 port 60176 [preauth]
Jan 19 03:43:39 host sshd[4559]: Invalid user deployer from 35.175.148.93 port 54180
Jan 19 03:43:39 host sshd[4559]: input_userauth_request: invalid user deployer [preauth]
Jan 19 03:43:39 host sshd[4559]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:43:39 host sshd[4559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.175.148.93
Jan 19 03:43:41 host sshd[4559]: Failed password for invalid user deployer from 35.175.148.93 port 54180 ssh2
Jan 19 03:43:41 host sshd[4559]: Received disconnect from 35.175.148.93 port 54180:11: Bye Bye [preauth]
Jan 19 03:43:41 host sshd[4559]: Disconnected from 35.175.148.93 port 54180 [preauth]
Jan 19 03:43:44 host sshd[4567]: Invalid user ftpuser from 143.110.168.248 port 59862
Jan 19 03:43:44 host sshd[4567]: input_userauth_request: invalid user ftpuser [preauth]
Jan 19 03:43:44 host sshd[4567]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:43:44 host sshd[4567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.168.248
Jan 19 03:43:47 host sshd[4567]: Failed password for invalid user ftpuser from 143.110.168.248 port 59862 ssh2
Jan 19 03:43:47 host sshd[4567]: Received disconnect from 143.110.168.248 port 59862:11: Bye Bye [preauth]
Jan 19 03:43:47 host sshd[4567]: Disconnected from 143.110.168.248 port 59862 [preauth]
Jan 19 03:44:18 host sshd[4626]: Invalid user vbox from 134.122.23.33 port 33920
Jan 19 03:44:18 host sshd[4626]: input_userauth_request: invalid user vbox [preauth]
Jan 19 03:44:18 host sshd[4626]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:44:18 host sshd[4626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.23.33
Jan 19 03:44:20 host sshd[4626]: Failed password for invalid user vbox from 134.122.23.33 port 33920 ssh2
Jan 19 03:44:21 host sshd[4626]: Received disconnect from 134.122.23.33 port 33920:11: Bye Bye [preauth]
Jan 19 03:44:21 host sshd[4626]: Disconnected from 134.122.23.33 port 33920 [preauth]
Jan 19 03:45:00 host sshd[4713]: Invalid user postgres from 161.35.117.192 port 35248
Jan 19 03:45:00 host sshd[4713]: input_userauth_request: invalid user postgres [preauth]
Jan 19 03:45:00 host sshd[4713]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:45:00 host sshd[4713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.117.192
Jan 19 03:45:02 host sshd[4713]: Failed password for invalid user postgres from 161.35.117.192 port 35248 ssh2
Jan 19 03:45:02 host sshd[4713]: Received disconnect from 161.35.117.192 port 35248:11: Bye Bye [preauth]
Jan 19 03:45:02 host sshd[4713]: Disconnected from 161.35.117.192 port 35248 [preauth]
Jan 19 03:45:12 host sshd[4770]: Invalid user redis from 51.77.245.237 port 55918
Jan 19 03:45:12 host sshd[4770]: input_userauth_request: invalid user redis [preauth]
Jan 19 03:45:12 host sshd[4770]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:45:12 host sshd[4770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.245.237
Jan 19 03:45:13 host sshd[4773]: Invalid user deploy from 167.172.159.73 port 40698
Jan 19 03:45:13 host sshd[4773]: input_userauth_request: invalid user deploy [preauth]
Jan 19 03:45:13 host sshd[4773]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:45:13 host sshd[4773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.159.73
Jan 19 03:45:14 host sshd[4770]: Failed password for invalid user redis from 51.77.245.237 port 55918 ssh2
Jan 19 03:45:15 host sshd[4770]: Received disconnect from 51.77.245.237 port 55918:11: Bye Bye [preauth]
Jan 19 03:45:15 host sshd[4770]: Disconnected from 51.77.245.237 port 55918 [preauth]
Jan 19 03:45:15 host sshd[4773]: Failed password for invalid user deploy from 167.172.159.73 port 40698 ssh2
Jan 19 03:45:15 host sshd[4773]: Received disconnect from 167.172.159.73 port 40698:11: Bye Bye [preauth]
Jan 19 03:45:15 host sshd[4773]: Disconnected from 167.172.159.73 port 40698 [preauth]
Jan 19 03:45:24 host sshd[4788]: Invalid user postgres from 107.172.201.220 port 36438
Jan 19 03:45:24 host sshd[4788]: input_userauth_request: invalid user postgres [preauth]
Jan 19 03:45:24 host sshd[4788]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:45:24 host sshd[4788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.201.220
Jan 19 03:45:26 host sshd[4788]: Failed password for invalid user postgres from 107.172.201.220 port 36438 ssh2
Jan 19 03:45:27 host sshd[4788]: Received disconnect from 107.172.201.220 port 36438:11: Bye Bye [preauth]
Jan 19 03:45:27 host sshd[4788]: Disconnected from 107.172.201.220 port 36438 [preauth]
Jan 19 03:45:40 host sshd[4922]: Invalid user app from 178.128.150.124 port 43788
Jan 19 03:45:40 host sshd[4922]: input_userauth_request: invalid user app [preauth]
Jan 19 03:45:40 host sshd[4922]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:45:40 host sshd[4922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.150.124
Jan 19 03:45:42 host sshd[4922]: Failed password for invalid user app from 178.128.150.124 port 43788 ssh2
Jan 19 03:45:42 host sshd[4922]: Received disconnect from 178.128.150.124 port 43788:11: Bye Bye [preauth]
Jan 19 03:45:42 host sshd[4922]: Disconnected from 178.128.150.124 port 43788 [preauth]
Jan 19 03:46:57 host sshd[5079]: Invalid user oracle from 137.184.95.238 port 52058
Jan 19 03:46:57 host sshd[5079]: input_userauth_request: invalid user oracle [preauth]
Jan 19 03:46:57 host sshd[5079]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:46:57 host sshd[5079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.95.238
Jan 19 03:47:00 host sshd[5079]: Failed password for invalid user oracle from 137.184.95.238 port 52058 ssh2
Jan 19 03:47:00 host sshd[5079]: Received disconnect from 137.184.95.238 port 52058:11: Bye Bye [preauth]
Jan 19 03:47:00 host sshd[5079]: Disconnected from 137.184.95.238 port 52058 [preauth]
Jan 19 03:47:06 host sshd[5117]: Invalid user elasticsearch from 186.209.62.109 port 41199
Jan 19 03:47:06 host sshd[5117]: input_userauth_request: invalid user elasticsearch [preauth]
Jan 19 03:47:06 host sshd[5117]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:47:06 host sshd[5117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.209.62.109
Jan 19 03:47:06 host sshd[5124]: Invalid user jack from 182.75.139.26 port 38804
Jan 19 03:47:06 host sshd[5124]: input_userauth_request: invalid user jack [preauth]
Jan 19 03:47:06 host sshd[5124]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:47:06 host sshd[5124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.139.26
Jan 19 03:47:08 host sshd[5117]: Failed password for invalid user elasticsearch from 186.209.62.109 port 41199 ssh2
Jan 19 03:47:08 host sshd[5124]: Failed password for invalid user jack from 182.75.139.26 port 38804 ssh2
Jan 19 03:47:08 host sshd[5124]: Received disconnect from 182.75.139.26 port 38804:11: Bye Bye [preauth]
Jan 19 03:47:08 host sshd[5124]: Disconnected from 182.75.139.26 port 38804 [preauth]
Jan 19 03:47:08 host sshd[5117]: Received disconnect from 186.209.62.109 port 41199:11: Bye Bye [preauth]
Jan 19 03:47:08 host sshd[5117]: Disconnected from 186.209.62.109 port 41199 [preauth]
Jan 19 03:47:17 host sshd[5159]: Invalid user samba from 85.62.218.82 port 44376
Jan 19 03:47:17 host sshd[5159]: input_userauth_request: invalid user samba [preauth]
Jan 19 03:47:17 host sshd[5159]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:47:17 host sshd[5159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.62.218.82
Jan 19 03:47:18 host sshd[5159]: Failed password for invalid user samba from 85.62.218.82 port 44376 ssh2
Jan 19 03:47:19 host sshd[5159]: Received disconnect from 85.62.218.82 port 44376:11: Bye Bye [preauth]
Jan 19 03:47:19 host sshd[5159]: Disconnected from 85.62.218.82 port 44376 [preauth]
Jan 19 03:47:20 host sshd[5167]: Invalid user techuser from 122.154.48.30 port 54652
Jan 19 03:47:20 host sshd[5167]: input_userauth_request: invalid user techuser [preauth]
Jan 19 03:47:20 host sshd[5167]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:47:20 host sshd[5167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.48.30
Jan 19 03:47:22 host sshd[5167]: Failed password for invalid user techuser from 122.154.48.30 port 54652 ssh2
Jan 19 03:47:22 host sshd[5167]: Received disconnect from 122.154.48.30 port 54652:11: Bye Bye [preauth]
Jan 19 03:47:22 host sshd[5167]: Disconnected from 122.154.48.30 port 54652 [preauth]
Jan 19 03:47:23 host sshd[5173]: Invalid user vagrant from 161.35.117.192 port 54474
Jan 19 03:47:23 host sshd[5173]: input_userauth_request: invalid user vagrant [preauth]
Jan 19 03:47:23 host sshd[5173]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:47:23 host sshd[5173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.117.192
Jan 19 03:47:25 host sshd[5173]: Failed password for invalid user vagrant from 161.35.117.192 port 54474 ssh2
Jan 19 03:47:25 host sshd[5173]: Received disconnect from 161.35.117.192 port 54474:11: Bye Bye [preauth]
Jan 19 03:47:25 host sshd[5173]: Disconnected from 161.35.117.192 port 54474 [preauth]
Jan 19 03:47:40 host sshd[5231]: User root from 38.54.30.231 not allowed because not listed in AllowUsers
Jan 19 03:47:40 host sshd[5231]: input_userauth_request: invalid user root [preauth]
Jan 19 03:47:40 host unix_chkpwd[5233]: password check failed for user (root)
Jan 19 03:47:40 host sshd[5231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.54.30.231 user=root
Jan 19 03:47:40 host sshd[5231]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 03:47:42 host sshd[5231]: Failed password for invalid user root from 38.54.30.231 port 34518 ssh2
Jan 19 03:47:43 host sshd[5231]: Received disconnect from 38.54.30.231 port 34518:11: Bye Bye [preauth]
Jan 19 03:47:43 host sshd[5231]: Disconnected from 38.54.30.231 port 34518 [preauth]
Jan 19 03:47:44 host sshd[5240]: Invalid user magento from 164.92.233.93 port 35628
Jan 19 03:47:44 host sshd[5240]: input_userauth_request: invalid user magento [preauth]
Jan 19 03:47:44 host sshd[5240]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:47:44 host sshd[5240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.233.93
Jan 19 03:47:46 host sshd[5240]: Failed password for invalid user magento from 164.92.233.93 port 35628 ssh2
Jan 19 03:47:47 host sshd[5240]: Received disconnect from 164.92.233.93 port 35628:11: Bye Bye [preauth]
Jan 19 03:47:47 host sshd[5240]: Disconnected from 164.92.233.93 port 35628 [preauth]
Jan 19 03:47:49 host sshd[5249]: User root from 51.77.245.237 not allowed because not listed in AllowUsers
Jan 19 03:47:49 host sshd[5249]: input_userauth_request: invalid user root [preauth]
Jan 19 03:47:49 host unix_chkpwd[5252]: password check failed for user (root)
Jan 19 03:47:49 host sshd[5249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.245.237 user=root
Jan 19 03:47:49 host sshd[5249]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 03:47:51 host sshd[5249]: Failed password for invalid user root from 51.77.245.237 port 36060 ssh2
Jan 19 03:47:51 host sshd[5249]: Received disconnect from 51.77.245.237 port 36060:11: Bye Bye [preauth]
Jan 19 03:47:51 host sshd[5249]: Disconnected from 51.77.245.237 port 36060 [preauth]
Jan 19 03:48:00 host sshd[5297]: User root from 198.50.235.42 not allowed because not listed in AllowUsers
Jan 19 03:48:00 host sshd[5297]: input_userauth_request: invalid user root [preauth]
Jan 19 03:48:00 host unix_chkpwd[5300]: password check failed for user (root)
Jan 19 03:48:00 host sshd[5297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.50.235.42 user=root
Jan 19 03:48:00 host sshd[5297]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 03:48:02 host sshd[5297]: Failed password for invalid user root from 198.50.235.42 port 60341 ssh2
Jan 19 03:48:02 host sshd[5297]: Received disconnect from 198.50.235.42 port 60341:11: Bye Bye [preauth]
Jan 19 03:48:02 host sshd[5297]: Disconnected from 198.50.235.42 port 60341 [preauth]
Jan 19 03:48:18 host sshd[5353]: Invalid user kafka from 85.62.218.82 port 48958
Jan 19 03:48:18 host sshd[5353]: input_userauth_request: invalid user kafka [preauth]
Jan 19 03:48:18 host sshd[5353]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:48:18 host sshd[5353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.62.218.82
Jan 19 03:48:19 host sshd[5353]: Failed password for invalid user kafka from 85.62.218.82 port 48958 ssh2
Jan 19 03:48:20 host sshd[5353]: Received disconnect from 85.62.218.82 port 48958:11: Bye Bye [preauth]
Jan 19 03:48:20 host sshd[5353]: Disconnected from 85.62.218.82 port 48958 [preauth]
Jan 19 03:48:27 host sshd[5397]: Invalid user redis from 161.35.117.192 port 32938
Jan 19 03:48:27 host sshd[5397]: input_userauth_request: invalid user redis [preauth]
Jan 19 03:48:27 host sshd[5397]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:48:27 host sshd[5397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.117.192
Jan 19 03:48:27 host sshd[5424]: User root from 182.75.139.26 not allowed because not listed in AllowUsers
Jan 19 03:48:27 host sshd[5424]: input_userauth_request: invalid user root [preauth]
Jan 19 03:48:27 host unix_chkpwd[5427]: password check failed for user (root)
Jan 19 03:48:27 host sshd[5424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.139.26 user=root
Jan 19 03:48:27 host sshd[5424]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 03:48:29 host sshd[5397]: Failed password for invalid user redis from 161.35.117.192 port 32938 ssh2
Jan 19 03:48:29 host sshd[5424]: Failed password for invalid user root from 182.75.139.26 port 37458 ssh2
Jan 19 03:48:29 host sshd[5424]: Received disconnect from 182.75.139.26 port 37458:11: Bye Bye [preauth]
Jan 19 03:48:29 host sshd[5424]: Disconnected from 182.75.139.26 port 37458 [preauth]
Jan 19 03:48:29 host sshd[5397]: Received disconnect from 161.35.117.192 port 32938:11: Bye Bye [preauth]
Jan 19 03:48:29 host sshd[5397]: Disconnected from 161.35.117.192 port 32938 [preauth]
Jan 19 03:48:33 host sshd[5447]: Invalid user vagrant from 134.122.23.33 port 54042
Jan 19 03:48:33 host sshd[5447]: input_userauth_request: invalid user vagrant [preauth]
Jan 19 03:48:33 host sshd[5447]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:48:33 host sshd[5447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.23.33
Jan 19 03:48:35 host sshd[5447]: Failed password for invalid user vagrant from 134.122.23.33 port 54042 ssh2
Jan 19 03:48:35 host sshd[5447]: Received disconnect from 134.122.23.33 port 54042:11: Bye Bye [preauth]
Jan 19 03:48:35 host sshd[5447]: Disconnected from 134.122.23.33 port 54042 [preauth]
Jan 19 03:48:37 host sshd[5507]: Invalid user postgres from 187.95.144.110 port 50050
Jan 19 03:48:37 host sshd[5507]: input_userauth_request: invalid user postgres [preauth]
Jan 19 03:48:37 host sshd[5507]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:48:37 host sshd[5507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.95.144.110
Jan 19 03:48:39 host sshd[5507]: Failed password for invalid user postgres from 187.95.144.110 port 50050 ssh2
Jan 19 03:48:40 host sshd[5507]: Received disconnect from 187.95.144.110 port 50050:11: Bye Bye [preauth]
Jan 19 03:48:40 host sshd[5507]: Disconnected from 187.95.144.110 port 50050 [preauth]
Jan 19 03:48:42 host sshd[5520]: Invalid user elasticsearch from 178.128.171.48 port 45002
Jan 19 03:48:42 host sshd[5520]: input_userauth_request: invalid user elasticsearch [preauth]
Jan 19 03:48:42 host sshd[5520]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:48:42 host sshd[5520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.171.48
Jan 19 03:48:44 host sshd[5520]: Failed password for invalid user elasticsearch from 178.128.171.48 port 45002 ssh2
Jan 19 03:48:44 host sshd[5520]: Received disconnect from 178.128.171.48 port 45002:11: Bye Bye [preauth]
Jan 19 03:48:44 host sshd[5520]: Disconnected from 178.128.171.48 port 45002 [preauth]
Jan 19 03:49:02 host sshd[5571]: Invalid user arkserver from 107.172.201.220 port 39958
Jan 19 03:49:02 host sshd[5571]: input_userauth_request: invalid user arkserver [preauth]
Jan 19 03:49:02 host sshd[5571]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:49:02 host sshd[5571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.201.220
Jan 19 03:49:04 host sshd[5571]: Failed password for invalid user arkserver from 107.172.201.220 port 39958 ssh2
Jan 19 03:49:04 host sshd[5571]: Received disconnect from 107.172.201.220 port 39958:11: Bye Bye [preauth]
Jan 19 03:49:04 host sshd[5571]: Disconnected from 107.172.201.220 port 39958 [preauth]
Jan 19 03:49:16 host sshd[5625]: Invalid user system from 35.175.148.93 port 60936
Jan 19 03:49:16 host sshd[5625]: input_userauth_request: invalid user system [preauth]
Jan 19 03:49:16 host sshd[5625]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:49:16 host sshd[5625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.175.148.93
Jan 19 03:49:19 host sshd[5625]: Failed password for invalid user system from 35.175.148.93 port 60936 ssh2
Jan 19 03:49:19 host sshd[5625]: Received disconnect from 35.175.148.93 port 60936:11: Bye Bye [preauth]
Jan 19 03:49:19 host sshd[5625]: Disconnected from 35.175.148.93 port 60936 [preauth]
Jan 19 03:49:21 host sshd[5635]: Invalid user elemental from 137.184.95.238 port 44158
Jan 19 03:49:21 host sshd[5635]: input_userauth_request: invalid user elemental [preauth]
Jan 19 03:49:21 host sshd[5635]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:49:21 host sshd[5635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.95.238
Jan 19 03:49:23 host sshd[5639]: Invalid user oracle from 198.50.235.42 port 46355
Jan 19 03:49:23 host sshd[5639]: input_userauth_request: invalid user oracle [preauth]
Jan 19 03:49:23 host sshd[5639]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:49:23 host sshd[5639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.50.235.42
Jan 19 03:49:24 host sshd[5635]: Failed password for invalid user elemental from 137.184.95.238 port 44158 ssh2
Jan 19 03:49:24 host sshd[5635]: Received disconnect from 137.184.95.238 port 44158:11: Bye Bye [preauth]
Jan 19 03:49:24 host sshd[5635]: Disconnected from 137.184.95.238 port 44158 [preauth]
Jan 19 03:49:25 host sshd[5639]: Failed password for invalid user oracle from 198.50.235.42 port 46355 ssh2
Jan 19 03:49:26 host sshd[5639]: Received disconnect from 198.50.235.42 port 46355:11: Bye Bye [preauth]
Jan 19 03:49:26 host sshd[5639]: Disconnected from 198.50.235.42 port 46355 [preauth]
Jan 19 03:49:36 host sshd[5716]: Invalid user abc from 38.54.30.231 port 34842
Jan 19 03:49:36 host sshd[5716]: input_userauth_request: invalid user abc [preauth]
Jan 19 03:49:36 host sshd[5716]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:49:36 host sshd[5716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.54.30.231
Jan 19 03:49:37 host sshd[5718]: Invalid user a from 186.209.62.109 port 58136
Jan 19 03:49:37 host sshd[5718]: input_userauth_request: invalid user a [preauth]
Jan 19 03:49:37 host sshd[5718]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:49:37 host sshd[5718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.209.62.109
Jan 19 03:49:38 host sshd[5716]: Failed password for invalid user abc from 38.54.30.231 port 34842 ssh2
Jan 19 03:49:38 host sshd[5716]: Received disconnect from 38.54.30.231 port 34842:11: Bye Bye [preauth]
Jan 19 03:49:38 host sshd[5716]: Disconnected from 38.54.30.231 port 34842 [preauth]
Jan 19 03:49:39 host sshd[5718]: Failed password for invalid user a from 186.209.62.109 port 58136 ssh2
Jan 19 03:49:39 host sshd[5718]: Received disconnect from 186.209.62.109 port 58136:11: Bye Bye [preauth]
Jan 19 03:49:39 host sshd[5718]: Disconnected from 186.209.62.109 port 58136 [preauth]
Jan 19 03:49:42 host sshd[5725]: User root from 143.110.168.248 not allowed because not listed in AllowUsers
Jan 19 03:49:42 host sshd[5725]: input_userauth_request: invalid user root [preauth]
Jan 19 03:49:42 host unix_chkpwd[5760]: password check failed for user (root)
Jan 19 03:49:42 host sshd[5725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.168.248 user=root
Jan 19 03:49:43 host sshd[5725]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 03:49:45 host sshd[5725]: Failed password for invalid user root from 143.110.168.248 port 36012 ssh2
Jan 19 03:49:45 host sshd[5725]: Received disconnect from 143.110.168.248 port 36012:11: Bye Bye [preauth]
Jan 19 03:49:45 host sshd[5725]: Disconnected from 143.110.168.248 port 36012 [preauth]
Jan 19 03:49:45 host sshd[5763]: Invalid user test from 167.172.159.73 port 46368
Jan 19 03:49:45 host sshd[5763]: input_userauth_request: invalid user test [preauth]
Jan 19 03:49:45 host sshd[5763]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:49:45 host sshd[5763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.159.73
Jan 19 03:49:46 host sshd[5766]: Invalid user test from 178.128.171.48 port 40628
Jan 19 03:49:46 host sshd[5766]: input_userauth_request: invalid user test [preauth]
Jan 19 03:49:46 host sshd[5766]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:49:46 host sshd[5766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.171.48
Jan 19 03:49:47 host sshd[5763]: Failed password for invalid user test from 167.172.159.73 port 46368 ssh2
Jan 19 03:49:47 host sshd[5772]: Invalid user node from 178.128.150.124 port 41420
Jan 19 03:49:47 host sshd[5772]: input_userauth_request: invalid user node [preauth]
Jan 19 03:49:47 host sshd[5772]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:49:47 host sshd[5772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.150.124
Jan 19 03:49:48 host sshd[5763]: Received disconnect from 167.172.159.73 port 46368:11: Bye Bye [preauth]
Jan 19 03:49:48 host sshd[5763]: Disconnected from 167.172.159.73 port 46368 [preauth]
Jan 19 03:49:48 host sshd[5766]: Failed password for invalid user test from 178.128.171.48 port 40628 ssh2
Jan 19 03:49:49 host sshd[5772]: Failed password for invalid user node from 178.128.150.124 port 41420 ssh2
Jan 19 03:49:50 host sshd[5772]: Received disconnect from 178.128.150.124 port 41420:11: Bye Bye [preauth]
Jan 19 03:49:50 host sshd[5772]: Disconnected from 178.128.150.124 port 41420 [preauth]
Jan 19 03:49:54 host sshd[5850]: Invalid user builder from 134.122.23.33 port 52882
Jan 19 03:49:54 host sshd[5850]: input_userauth_request: invalid user builder [preauth]
Jan 19 03:49:54 host sshd[5850]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:49:54 host sshd[5850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.23.33
Jan 19 03:49:56 host sshd[5855]: Invalid user deploy from 187.95.144.110 port 37010
Jan 19 03:49:56 host sshd[5855]: input_userauth_request: invalid user deploy [preauth]
Jan 19 03:49:56 host sshd[5855]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:49:56 host sshd[5855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.95.144.110
Jan 19 03:49:57 host sshd[5850]: Failed password for invalid user builder from 134.122.23.33 port 52882 ssh2
Jan 19 03:49:57 host sshd[5850]: Received disconnect from 134.122.23.33 port 52882:11: Bye Bye [preauth]
Jan 19 03:49:57 host sshd[5850]: Disconnected from 134.122.23.33 port 52882 [preauth]
Jan 19 03:49:59 host sshd[5855]: Failed password for invalid user deploy from 187.95.144.110 port 37010 ssh2
Jan 19 03:50:09 host sshd[5977]: User root from 164.92.233.93 not allowed because not listed in AllowUsers
Jan 19 03:50:09 host sshd[5977]: input_userauth_request: invalid user root [preauth]
Jan 19 03:50:09 host unix_chkpwd[5980]: password check failed for user (root)
Jan 19 03:50:09 host sshd[5977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.233.93 user=root
Jan 19 03:50:09 host sshd[5977]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 03:50:11 host sshd[5982]: User root from 107.172.201.220 not allowed because not listed in AllowUsers
Jan 19 03:50:11 host sshd[5982]: input_userauth_request: invalid user root [preauth]
Jan 19 03:50:11 host unix_chkpwd[5986]: password check failed for user (root)
Jan 19 03:50:11 host sshd[5982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.201.220 user=root
Jan 19 03:50:11 host sshd[5982]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 03:50:11 host sshd[5977]: Failed password for invalid user root from 164.92.233.93 port 38416 ssh2
Jan 19 03:50:11 host sshd[5977]: Received disconnect from 164.92.233.93 port 38416:11: Bye Bye [preauth]
Jan 19 03:50:11 host sshd[5977]: Disconnected from 164.92.233.93 port 38416 [preauth]
Jan 19 03:50:12 host sshd[5982]: Failed password for invalid user root from 107.172.201.220 port 41432 ssh2
Jan 19 03:50:22 host sshd[6077]: Invalid user vagrant from 122.154.48.30 port 59972
Jan 19 03:50:22 host sshd[6077]: input_userauth_request: invalid user vagrant [preauth]
Jan 19 03:50:22 host sshd[6077]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:50:22 host sshd[6077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.48.30
Jan 19 03:50:25 host sshd[6077]: Failed password for invalid user vagrant from 122.154.48.30 port 59972 ssh2
Jan 19 03:50:25 host sshd[6077]: Received disconnect from 122.154.48.30 port 59972:11: Bye Bye [preauth]
Jan 19 03:50:25 host sshd[6077]: Disconnected from 122.154.48.30 port 59972 [preauth]
Jan 19 03:50:33 host sshd[6121]: Invalid user ansible from 137.184.95.238 port 60394
Jan 19 03:50:33 host sshd[6121]: input_userauth_request: invalid user ansible [preauth]
Jan 19 03:50:33 host sshd[6121]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:50:33 host sshd[6121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.95.238
Jan 19 03:50:35 host sshd[6121]: Failed password for invalid user ansible from 137.184.95.238 port 60394 ssh2
Jan 19 03:50:36 host sshd[6121]: Received disconnect from 137.184.95.238 port 60394:11: Bye Bye [preauth]
Jan 19 03:50:36 host sshd[6121]: Disconnected from 137.184.95.238 port 60394 [preauth]
Jan 19 03:50:48 host sshd[6276]: User root from 167.172.159.73 not allowed because not listed in AllowUsers
Jan 19 03:50:48 host sshd[6276]: input_userauth_request: invalid user root [preauth]
Jan 19 03:50:48 host unix_chkpwd[6281]: password check failed for user (root)
Jan 19 03:50:48 host sshd[6276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.159.73 user=root
Jan 19 03:50:48 host sshd[6276]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 03:50:50 host sshd[6282]: Invalid user debian from 178.128.150.124 port 56614
Jan 19 03:50:50 host sshd[6282]: input_userauth_request: invalid user debian [preauth]
Jan 19 03:50:50 host sshd[6282]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:50:50 host sshd[6282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.150.124
Jan 19 03:50:50 host sshd[6276]: Failed password for invalid user root from 167.172.159.73 port 38354 ssh2
Jan 19 03:50:50 host sshd[6276]: Received disconnect from 167.172.159.73 port 38354:11: Bye Bye [preauth]
Jan 19 03:50:50 host sshd[6276]: Disconnected from 167.172.159.73 port 38354 [preauth]
Jan 19 03:50:51 host sshd[6282]: Failed password for invalid user debian from 178.128.150.124 port 56614 ssh2
Jan 19 03:50:52 host sshd[6282]: Received disconnect from 178.128.150.124 port 56614:11: Bye Bye [preauth]
Jan 19 03:50:52 host sshd[6282]: Disconnected from 178.128.150.124 port 56614 [preauth]
Jan 19 03:51:04 host sshd[6378]: Invalid user controlm from 186.209.62.109 port 43426
Jan 19 03:51:04 host sshd[6378]: input_userauth_request: invalid user controlm [preauth]
Jan 19 03:51:04 host sshd[6378]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:51:04 host sshd[6378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.209.62.109
Jan 19 03:51:06 host sshd[6378]: Failed password for invalid user controlm from 186.209.62.109 port 43426 ssh2
Jan 19 03:51:07 host sshd[6378]: Received disconnect from 186.209.62.109 port 43426:11: Bye Bye [preauth]
Jan 19 03:51:07 host sshd[6378]: Disconnected from 186.209.62.109 port 43426 [preauth]
Jan 19 03:51:44 host sshd[6507]: Invalid user gpadmin from 122.154.48.30 port 54462
Jan 19 03:51:44 host sshd[6507]: input_userauth_request: invalid user gpadmin [preauth]
Jan 19 03:51:44 host sshd[6507]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:51:44 host sshd[6507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.48.30
Jan 19 03:51:46 host sshd[6507]: Failed password for invalid user gpadmin from 122.154.48.30 port 54462 ssh2
Jan 19 03:51:46 host sshd[6507]: Received disconnect from 122.154.48.30 port 54462:11: Bye Bye [preauth]
Jan 19 03:51:46 host sshd[6507]: Disconnected from 122.154.48.30 port 54462 [preauth]
Jan 19 03:52:26 host sshd[6616]: Invalid user frappe from 35.175.148.93 port 48910
Jan 19 03:52:26 host sshd[6616]: input_userauth_request: invalid user frappe [preauth]
Jan 19 03:52:26 host sshd[6616]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 03:52:26 host sshd[6616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.175.148.93
Jan 19 03:52:28 host sshd[6616]: Failed password for invalid user frappe from 35.175.148.93 port 48910 ssh2
Jan 19 04:11:59 host sshd[9803]: Invalid user gf from 194.110.203.109 port 46348
Jan 19 04:11:59 host sshd[9803]: input_userauth_request: invalid user gf [preauth]
Jan 19 04:11:59 host sshd[9803]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:11:59 host sshd[9803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 04:12:00 host sshd[9803]: Failed password for invalid user gf from 194.110.203.109 port 46348 ssh2
Jan 19 04:12:03 host sshd[9803]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:12:05 host sshd[9803]: Failed password for invalid user gf from 194.110.203.109 port 46348 ssh2
Jan 19 04:12:08 host sshd[9803]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:12:10 host sshd[9803]: Failed password for invalid user gf from 194.110.203.109 port 46348 ssh2
Jan 19 04:12:13 host sshd[9803]: Connection closed by 194.110.203.109 port 46348 [preauth]
Jan 19 04:12:13 host sshd[9803]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 04:13:04 host sshd[10052]: Invalid user ec2-user from 172.8.254.188 port 56022
Jan 19 04:13:04 host sshd[10052]: input_userauth_request: invalid user ec2-user [preauth]
Jan 19 04:13:04 host sshd[10052]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:13:04 host sshd[10052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.8.254.188
Jan 19 04:13:05 host sshd[10052]: Failed password for invalid user ec2-user from 172.8.254.188 port 56022 ssh2
Jan 19 04:13:06 host sshd[10052]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:13:08 host sshd[10052]: Failed password for invalid user ec2-user from 172.8.254.188 port 56022 ssh2
Jan 19 04:13:09 host sshd[10052]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:13:11 host sshd[10052]: Failed password for invalid user ec2-user from 172.8.254.188 port 56022 ssh2
Jan 19 04:13:12 host sshd[10052]: Failed password for invalid user ec2-user from 172.8.254.188 port 56022 ssh2
Jan 19 04:13:13 host sshd[10052]: Connection reset by 172.8.254.188 port 56022 [preauth]
Jan 19 04:13:13 host sshd[10052]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.8.254.188
Jan 19 04:16:35 host sshd[10586]: Did not receive identification string from 178.88.161.82 port 51894
Jan 19 04:16:36 host sshd[10587]: Invalid user halo from 178.88.161.82 port 52098
Jan 19 04:16:36 host sshd[10587]: input_userauth_request: invalid user halo [preauth]
Jan 19 04:16:36 host sshd[10588]: Invalid user bot from 178.88.161.82 port 51906
Jan 19 04:16:36 host sshd[10588]: input_userauth_request: invalid user bot [preauth]
Jan 19 04:16:36 host sshd[10589]: Invalid user student from 178.88.161.82 port 51978
Jan 19 04:16:36 host sshd[10589]: input_userauth_request: invalid user student [preauth]
Jan 19 04:16:36 host sshd[10593]: Invalid user postgres from 178.88.161.82 port 52102
Jan 19 04:16:36 host sshd[10593]: input_userauth_request: invalid user postgres [preauth]
Jan 19 04:16:36 host sshd[10602]: User root from 178.88.161.82 not allowed because not listed in AllowUsers
Jan 19 04:16:36 host sshd[10602]: input_userauth_request: invalid user root [preauth]
Jan 19 04:16:36 host sshd[10595]: User root from 178.88.161.82 not allowed because not listed in AllowUsers
Jan 19 04:16:36 host sshd[10595]: input_userauth_request: invalid user root [preauth]
Jan 19 04:16:36 host sshd[10592]: Invalid user ftpuser from 178.88.161.82 port 51964
Jan 19 04:16:36 host sshd[10592]: input_userauth_request: invalid user ftpuser [preauth]
Jan 19 04:16:36 host sshd[10596]: Invalid user pi from 178.88.161.82 port 52282
Jan 19 04:16:36 host sshd[10596]: input_userauth_request: invalid user pi [preauth]
Jan 19 04:16:36 host sshd[10590]: Invalid user ubuntu from 178.88.161.82 port 52094
Jan 19 04:16:36 host sshd[10590]: input_userauth_request: invalid user ubuntu [preauth]
Jan 19 04:16:36 host sshd[10598]: Invalid user postgres from 178.88.161.82 port 52216
Jan 19 04:16:36 host sshd[10598]: input_userauth_request: invalid user postgres [preauth]
Jan 19 04:16:36 host sshd[10594]: Invalid user pi from 178.88.161.82 port 52260
Jan 19 04:16:36 host sshd[10594]: input_userauth_request: invalid user pi [preauth]
Jan 19 04:16:36 host sshd[10597]: Invalid user devops from 178.88.161.82 port 52294
Jan 19 04:16:36 host sshd[10597]: input_userauth_request: invalid user devops [preauth]
Jan 19 04:16:36 host sshd[10611]: Invalid user oracle from 178.88.161.82 port 52236
Jan 19 04:16:36 host sshd[10611]: input_userauth_request: invalid user oracle [preauth]
Jan 19 04:16:36 host sshd[10605]: Invalid user ubuntu from 178.88.161.82 port 51938
Jan 19 04:16:36 host sshd[10605]: input_userauth_request: invalid user ubuntu [preauth]
Jan 19 04:16:36 host sshd[10606]: User root from 178.88.161.82 not allowed because not listed in AllowUsers
Jan 19 04:16:36 host sshd[10606]: input_userauth_request: invalid user root [preauth]
Jan 19 04:16:36 host sshd[10614]: Invalid user test from 178.88.161.82 port 52224
Jan 19 04:16:36 host sshd[10614]: input_userauth_request: invalid user test [preauth]
Jan 19 04:16:36 host sshd[10607]: Invalid user dev from 178.88.161.82 port 52080
Jan 19 04:16:36 host sshd[10616]: Invalid user testuser from 178.88.161.82 port 51944
Jan 19 04:16:36 host sshd[10616]: input_userauth_request: invalid user testuser [preauth]
Jan 19 04:16:36 host sshd[10607]: input_userauth_request: invalid user dev [preauth]
Jan 19 04:16:37 host sshd[10608]: Invalid user oracle from 178.88.161.82 port 51960
Jan 19 04:16:37 host sshd[10608]: input_userauth_request: invalid user oracle [preauth]
Jan 19 04:16:37 host sshd[10601]: Invalid user halo from 178.88.161.82 port 51992
Jan 19 04:16:37 host sshd[10601]: input_userauth_request: invalid user halo [preauth]
Jan 19 04:16:37 host sshd[10591]: User root from 178.88.161.82 not allowed because not listed in AllowUsers
Jan 19 04:16:37 host sshd[10591]: input_userauth_request: invalid user root [preauth]
Jan 19 04:16:37 host sshd[10612]: Invalid user es from 178.88.161.82 port 52194
Jan 19 04:16:37 host sshd[10612]: input_userauth_request: invalid user es [preauth]
Jan 19 04:16:37 host sshd[10603]: Invalid user ftpuser from 178.88.161.82 port 52070
Jan 19 04:16:37 host sshd[10600]: Invalid user ubuntu from 178.88.161.82 port 52142
Jan 19 04:16:37 host sshd[10599]: Invalid user admin from 178.88.161.82 port 52032
Jan 19 04:16:37 host sshd[10604]: Invalid user oracle from 178.88.161.82 port 52150
Jan 19 04:16:37 host sshd[10599]: input_userauth_request: invalid user admin [preauth]
Jan 19 04:16:37 host sshd[10603]: input_userauth_request: invalid user ftpuser [preauth]
Jan 19 04:16:37 host sshd[10600]: input_userauth_request: invalid user ubuntu [preauth]
Jan 19 04:16:37 host sshd[10618]: User root from 178.88.161.82 not allowed because not listed in AllowUsers
Jan 19 04:16:37 host sshd[10615]: Invalid user test from 178.88.161.82 port 52046
Jan 19 04:16:37 host sshd[10618]: input_userauth_request: invalid user root [preauth]
Jan 19 04:16:37 host sshd[10604]: input_userauth_request: invalid user oracle [preauth]
Jan 19 04:16:37 host sshd[10615]: input_userauth_request: invalid user test [preauth]
Jan 19 04:16:37 host sshd[10587]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10613]: Invalid user admin from 178.88.161.82 port 52008
Jan 19 04:16:37 host sshd[10587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10613]: input_userauth_request: invalid user admin [preauth]
Jan 19 04:16:37 host sshd[10589]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10588]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10619]: User root from 178.88.161.82 not allowed because not listed in AllowUsers
Jan 19 04:16:37 host sshd[10619]: input_userauth_request: invalid user root [preauth]
Jan 19 04:16:37 host sshd[10617]: Invalid user ftpuser from 178.88.161.82 port 52020
Jan 19 04:16:37 host sshd[10617]: input_userauth_request: invalid user ftpuser [preauth]
Jan 19 04:16:37 host sshd[10593]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10592]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10596]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10590]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10598]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host unix_chkpwd[10650]: password check failed for user (root)
Jan 19 04:16:37 host sshd[10602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82 user=root
Jan 19 04:16:37 host sshd[10602]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 04:16:37 host unix_chkpwd[10651]: password check failed for user (root)
Jan 19 04:16:37 host sshd[10595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82 user=root
Jan 19 04:16:37 host sshd[10595]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 04:16:37 host sshd[10594]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10597]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10599]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10603]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10615]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10600]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10604]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10611]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10613]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10605]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10601]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10614]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10612]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10608]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10616]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host sshd[10607]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host unix_chkpwd[10652]: password check failed for user (root)
Jan 19 04:16:37 host sshd[10618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82 user=root
Jan 19 04:16:37 host sshd[10618]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 04:16:37 host unix_chkpwd[10654]: password check failed for user (root)
Jan 19 04:16:37 host sshd[10606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82 user=root
Jan 19 04:16:37 host sshd[10606]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 04:16:37 host sshd[10617]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:16:37 host sshd[10617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82
Jan 19 04:16:37 host unix_chkpwd[10653]: password check failed for user (root)
Jan 19 04:16:37 host sshd[10591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82 user=root
Jan 19 04:16:37 host sshd[10591]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 04:16:37 host unix_chkpwd[10655]: password check failed for user (root)
Jan 19 04:16:37 host sshd[10619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.88.161.82 user=root
Jan 19 04:16:37 host sshd[10619]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 04:16:39 host sshd[10587]: Failed password for invalid user halo from 178.88.161.82 port 52098 ssh2
Jan 19 04:16:39 host sshd[10589]: Failed password for invalid user student from 178.88.161.82 port 51978 ssh2
Jan 19 04:16:39 host sshd[10588]: Failed password for invalid user bot from 178.88.161.82 port 51906 ssh2
Jan 19 04:16:39 host sshd[10593]: Failed password for invalid user postgres from 178.88.161.82 port 52102 ssh2
Jan 19 04:16:39 host sshd[10592]: Failed password for invalid user ftpuser from 178.88.161.82 port 51964 ssh2
Jan 19 04:16:39 host sshd[10596]: Failed password for invalid user pi from 178.88.161.82 port 52282 ssh2
Jan 19 04:16:39 host sshd[10590]: Failed password for invalid user ubuntu from 178.88.161.82 port 52094 ssh2
Jan 19 04:16:39 host sshd[10598]: Failed password for invalid user postgres from 178.88.161.82 port 52216 ssh2
Jan 19 04:16:39 host sshd[10602]: Failed password for invalid user root from 178.88.161.82 port 51928 ssh2
Jan 19 04:16:39 host sshd[10595]: Failed password for invalid user root from 178.88.161.82 port 52180 ssh2
Jan 19 04:16:39 host sshd[10594]: Failed password for invalid user pi from 178.88.161.82 port 52260 ssh2
Jan 19 04:16:39 host sshd[10603]: Failed password for invalid user ftpuser from 178.88.161.82 port 52070 ssh2
Jan 19 04:16:39 host sshd[10597]: Failed password for invalid user devops from 178.88.161.82 port 52294 ssh2
Jan 19 04:16:39 host sshd[10599]: Failed password for invalid user admin from 178.88.161.82 port 52032 ssh2
Jan 19 04:16:39 host sshd[10615]: Failed password for invalid user test from 178.88.161.82 port 52046 ssh2
Jan 19 04:16:39 host sshd[10600]: Failed password for invalid user ubuntu from 178.88.161.82 port 52142 ssh2
Jan 19 04:16:39 host sshd[10604]: Failed password for invalid user oracle from 178.88.161.82 port 52150 ssh2
Jan 19 04:16:39 host sshd[10611]: Failed password for invalid user oracle from 178.88.161.82 port 52236 ssh2
Jan 19 04:16:39 host sshd[10613]: Failed password for invalid user admin from 178.88.161.82 port 52008 ssh2
Jan 19 04:16:39 host sshd[10601]: Failed password for invalid user halo from 178.88.161.82 port 51992 ssh2
Jan 19 04:16:39 host sshd[10605]: Failed password for invalid user ubuntu from 178.88.161.82 port 51938 ssh2
Jan 19 04:16:39 host sshd[10614]: Failed password for invalid user test from 178.88.161.82 port 52224 ssh2
Jan 19 04:16:39 host sshd[10616]: Failed password for invalid user testuser from 178.88.161.82 port 51944 ssh2
Jan 19 04:16:39 host sshd[10612]: Failed password for invalid user es from 178.88.161.82 port 52194 ssh2
Jan 19 04:16:39 host sshd[10608]: Failed password for invalid user oracle from 178.88.161.82 port 51960 ssh2
Jan 19 04:16:39 host sshd[10607]: Failed password for invalid user dev from 178.88.161.82 port 52080 ssh2
Jan 19 04:16:39 host sshd[10618]: Failed password for invalid user root from 178.88.161.82 port 52272 ssh2
Jan 19 04:16:39 host sshd[10606]: Failed password for invalid user root from 178.88.161.82 port 52128 ssh2
Jan 19 04:16:39 host sshd[10617]: Failed password for invalid user ftpuser from 178.88.161.82 port 52020 ssh2
Jan 19 04:16:39 host sshd[10591]: Failed password for invalid user root from 178.88.161.82 port 52156 ssh2
Jan 19 04:16:39 host sshd[10619]: Failed password for invalid user root from 178.88.161.82 port 52052 ssh2
Jan 19 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 04:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=ugotscom user-3=wwwrmswll user-4=wwwresourcehunte user-5=keralaholi user-6=travelboniface user-7=cochintaxi user-8=wwwkaretakers user-9=laundryboniface user-10=dartsimp user-11=a2zgroup user-12=wwwletsstalkfood user-13=straightcurve user-14=wwwevmhonda user-15=bonifacegroup user-16=wwwnexidigital user-17=mrsclean user-18=kottayamcalldriv user-19=phmetals user-20=gifterman user-21=palco123 user-22=woodpeck user-23=wwwkapin user-24=disposeat user-25=remysagr user-26=wwwkmaorg user-27=pmcresources user-28=wwwtestugo user-29=shalinijames user-30=vfmassets feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 04:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-3oILw9cMrqdAP4Xe.~
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-3oILw9cMrqdAP4Xe.~'
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-3oILw9cMrqdAP4Xe.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 04:21:12 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 04:21:12 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 04:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 04:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 04:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 04:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 04:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:21:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 04:21:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 04:21:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 04:23:14 host sshd[12113]: Invalid user support from 222.97.126.70 port 63460
Jan 19 04:23:14 host sshd[12113]: input_userauth_request: invalid user support [preauth]
Jan 19 04:23:14 host sshd[12113]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:23:14 host sshd[12113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.97.126.70
Jan 19 04:23:17 host sshd[12113]: Failed password for invalid user support from 222.97.126.70 port 63460 ssh2
Jan 19 04:23:17 host sshd[12113]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:23:19 host sshd[12113]: Failed password for invalid user support from 222.97.126.70 port 63460 ssh2
Jan 19 04:23:20 host sshd[12131]: Invalid user support from 5.75.156.5 port 50606
Jan 19 04:23:20 host sshd[12131]: input_userauth_request: invalid user support [preauth]
Jan 19 04:23:20 host sshd[12131]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:23:20 host sshd[12131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.75.156.5
Jan 19 04:23:22 host sshd[12131]: Failed password for invalid user support from 5.75.156.5 port 50606 ssh2
Jan 19 04:23:22 host sshd[12131]: Received disconnect from 5.75.156.5 port 50606:11: Bye Bye [preauth]
Jan 19 04:23:22 host sshd[12131]: Disconnected from 5.75.156.5 port 50606 [preauth]
Jan 19 04:23:31 host sshd[12274]: Invalid user acs from 46.101.132.159 port 35036
Jan 19 04:23:31 host sshd[12274]: input_userauth_request: invalid user acs [preauth]
Jan 19 04:23:31 host sshd[12274]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:23:31 host sshd[12274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.132.159
Jan 19 04:23:32 host sshd[12274]: Failed password for invalid user acs from 46.101.132.159 port 35036 ssh2
Jan 19 04:23:33 host sshd[12274]: Received disconnect from 46.101.132.159 port 35036:11: Bye Bye [preauth]
Jan 19 04:23:33 host sshd[12274]: Disconnected from 46.101.132.159 port 35036 [preauth]
Jan 19 04:24:48 host sshd[12466]: User root from 188.250.172.49 not allowed because not listed in AllowUsers
Jan 19 04:24:48 host sshd[12466]: input_userauth_request: invalid user root [preauth]
Jan 19 04:24:48 host unix_chkpwd[12470]: password check failed for user (root)
Jan 19 04:24:48 host sshd[12466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.250.172.49 user=root
Jan 19 04:24:48 host sshd[12466]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 04:24:50 host sshd[12466]: Failed password for invalid user root from 188.250.172.49 port 49313 ssh2
Jan 19 04:24:50 host sshd[12466]: Received disconnect from 188.250.172.49 port 49313:11: Bye Bye [preauth]
Jan 19 04:24:50 host sshd[12466]: Disconnected from 188.250.172.49 port 49313 [preauth]
Jan 19 04:25:35 host sshd[12619]: User root from 193.110.100.228 not allowed because not listed in AllowUsers
Jan 19 04:25:35 host sshd[12619]: input_userauth_request: invalid user root [preauth]
Jan 19 04:25:35 host unix_chkpwd[12624]: password check failed for user (root)
Jan 19 04:25:35 host sshd[12619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.110.100.228 user=root
Jan 19 04:25:35 host sshd[12619]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 04:25:37 host sshd[12619]: Failed password for invalid user root from 193.110.100.228 port 23273 ssh2
Jan 19 04:25:37 host sshd[12619]: Received disconnect from 193.110.100.228 port 23273:11: Bye Bye [preauth]
Jan 19 04:25:37 host sshd[12619]: Disconnected from 193.110.100.228 port 23273 [preauth]
Jan 19 04:25:50 host sshd[12645]: Invalid user vbox from 207.154.205.115 port 37768
Jan 19 04:25:50 host sshd[12645]: input_userauth_request: invalid user vbox [preauth]
Jan 19 04:25:50 host sshd[12645]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:25:50 host sshd[12645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.205.115
Jan 19 04:25:52 host sshd[12645]: Failed password for invalid user vbox from 207.154.205.115 port 37768 ssh2
Jan 19 04:25:52 host sshd[12645]: Received disconnect from 207.154.205.115 port 37768:11: Bye Bye [preauth]
Jan 19 04:25:52 host sshd[12645]: Disconnected from 207.154.205.115 port 37768 [preauth]
Jan 19 04:27:33 host sshd[12950]: Invalid user hb from 161.35.24.244 port 37260
Jan 19 04:27:33 host sshd[12950]: input_userauth_request: invalid user hb [preauth]
Jan 19 04:27:33 host sshd[12950]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:27:33 host sshd[12950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.24.244
Jan 19 04:27:35 host sshd[12950]: Failed password for invalid user hb from 161.35.24.244 port 37260 ssh2
Jan 19 04:27:35 host sshd[12950]: Received disconnect from 161.35.24.244 port 37260:11: Bye Bye [preauth]
Jan 19 04:27:35 host sshd[12950]: Disconnected from 161.35.24.244 port 37260 [preauth]
Jan 19 04:27:47 host sshd[12961]: Connection closed by 167.172.148.206 port 34066 [preauth]
Jan 19 04:28:56 host sshd[13143]: Received disconnect from 36.154.50.211 port 53154:11: Bye Bye [preauth]
Jan 19 04:28:56 host sshd[13143]: Disconnected from 36.154.50.211 port 53154 [preauth]
Jan 19 04:29:03 host sshd[13201]: User root from 161.35.217.94 not allowed because not listed in AllowUsers
Jan 19 04:29:03 host sshd[13201]: input_userauth_request: invalid user root [preauth]
Jan 19 04:29:03 host unix_chkpwd[13206]: password check failed for user (root)
Jan 19 04:29:03 host sshd[13201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.217.94 user=root
Jan 19 04:29:03 host sshd[13201]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 04:29:05 host sshd[13201]: Failed password for invalid user root from 161.35.217.94 port 47750 ssh2
Jan 19 04:29:06 host sshd[13201]: Received disconnect from 161.35.217.94 port 47750:11: Bye Bye [preauth]
Jan 19 04:29:06 host sshd[13201]: Disconnected from 161.35.217.94 port 47750 [preauth]
Jan 19 04:29:25 host sshd[13248]: Invalid user ntc from 5.75.156.5 port 50848
Jan 19 04:29:25 host sshd[13248]: input_userauth_request: invalid user ntc [preauth]
Jan 19 04:29:25 host sshd[13248]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:29:25 host sshd[13248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.75.156.5
Jan 19 04:29:27 host sshd[13248]: Failed password for invalid user ntc from 5.75.156.5 port 50848 ssh2
Jan 19 04:29:27 host sshd[13248]: Received disconnect from 5.75.156.5 port 50848:11: Bye Bye [preauth]
Jan 19 04:29:27 host sshd[13248]: Disconnected from 5.75.156.5 port 50848 [preauth]
Jan 19 04:29:33 host sshd[13278]: Invalid user sales1 from 193.110.100.228 port 13524
Jan 19 04:29:33 host sshd[13278]: input_userauth_request: invalid user sales1 [preauth]
Jan 19 04:29:33 host sshd[13278]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:29:33 host sshd[13278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.110.100.228
Jan 19 04:29:34 host sshd[13281]: Invalid user test1 from 188.250.172.49 port 58073
Jan 19 04:29:34 host sshd[13281]: input_userauth_request: invalid user test1 [preauth]
Jan 19 04:29:34 host sshd[13281]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:29:34 host sshd[13281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.250.172.49
Jan 19 04:29:35 host sshd[13278]: Failed password for invalid user sales1 from 193.110.100.228 port 13524 ssh2
Jan 19 04:29:35 host sshd[13278]: Received disconnect from 193.110.100.228 port 13524:11: Bye Bye [preauth]
Jan 19 04:29:35 host sshd[13278]: Disconnected from 193.110.100.228 port 13524 [preauth]
Jan 19 04:29:36 host sshd[13281]: Failed password for invalid user test1 from 188.250.172.49 port 58073 ssh2
Jan 19 04:29:36 host sshd[13281]: Received disconnect from 188.250.172.49 port 58073:11: Bye Bye [preauth]
Jan 19 04:29:36 host sshd[13281]: Disconnected from 188.250.172.49 port 58073 [preauth]
Jan 19 04:29:43 host sshd[13416]: Invalid user bitwarden from 207.154.205.115 port 55840
Jan 19 04:29:43 host sshd[13416]: input_userauth_request: invalid user bitwarden [preauth]
Jan 19 04:29:43 host sshd[13416]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:29:43 host sshd[13416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.205.115
Jan 19 04:29:45 host sshd[13416]: Failed password for invalid user bitwarden from 207.154.205.115 port 55840 ssh2
Jan 19 04:29:46 host sshd[13416]: Received disconnect from 207.154.205.115 port 55840:11: Bye Bye [preauth]
Jan 19 04:29:46 host sshd[13416]: Disconnected from 207.154.205.115 port 55840 [preauth]
Jan 19 04:29:52 host sshd[13483]: User root from 161.35.24.244 not allowed because not listed in AllowUsers
Jan 19 04:29:52 host sshd[13483]: input_userauth_request: invalid user root [preauth]
Jan 19 04:29:52 host unix_chkpwd[13486]: password check failed for user (root)
Jan 19 04:29:52 host sshd[13483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.24.244 user=root
Jan 19 04:29:52 host sshd[13483]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 04:29:55 host sshd[13483]: Failed password for invalid user root from 161.35.24.244 port 43640 ssh2
Jan 19 04:29:55 host sshd[13483]: Received disconnect from 161.35.24.244 port 43640:11: Bye Bye [preauth]
Jan 19 04:29:55 host sshd[13483]: Disconnected from 161.35.24.244 port 43640 [preauth]
Jan 19 04:30:30 host sshd[13654]: User tomcat from 5.75.156.5 not allowed because not listed in AllowUsers
Jan 19 04:30:30 host sshd[13654]: input_userauth_request: invalid user tomcat [preauth]
Jan 19 04:30:30 host unix_chkpwd[13659]: password check failed for user (tomcat)
Jan 19 04:30:30 host sshd[13654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.75.156.5 user=tomcat
Jan 19 04:30:30 host sshd[13654]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "tomcat"
Jan 19 04:30:32 host sshd[13654]: Failed password for invalid user tomcat from 5.75.156.5 port 57938 ssh2
Jan 19 04:30:32 host sshd[13654]: Received disconnect from 5.75.156.5 port 57938:11: Bye Bye [preauth]
Jan 19 04:30:32 host sshd[13654]: Disconnected from 5.75.156.5 port 57938 [preauth]
Jan 19 04:30:44 host sshd[13710]: Invalid user sam from 161.35.217.94 port 42414
Jan 19 04:30:44 host sshd[13710]: input_userauth_request: invalid user sam [preauth]
Jan 19 04:30:44 host sshd[13710]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:30:44 host sshd[13710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.217.94
Jan 19 04:30:46 host sshd[13710]: Failed password for invalid user sam from 161.35.217.94 port 42414 ssh2
Jan 19 04:30:46 host sshd[13710]: Received disconnect from 161.35.217.94 port 42414:11: Bye Bye [preauth]
Jan 19 04:30:46 host sshd[13710]: Disconnected from 161.35.217.94 port 42414 [preauth]
Jan 19 04:30:56 host sshd[13756]: Invalid user elastic from 207.154.205.115 port 39250
Jan 19 04:30:56 host sshd[13756]: input_userauth_request: invalid user elastic [preauth]
Jan 19 04:30:56 host sshd[13756]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:30:56 host sshd[13756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.205.115
Jan 19 04:30:58 host sshd[13756]: Failed password for invalid user elastic from 207.154.205.115 port 39250 ssh2
Jan 19 04:30:58 host sshd[13756]: Received disconnect from 207.154.205.115 port 39250:11: Bye Bye [preauth]
Jan 19 04:30:58 host sshd[13756]: Disconnected from 207.154.205.115 port 39250 [preauth]
Jan 19 04:31:52 host sshd[13953]: Invalid user user2 from 36.154.50.211 port 53078
Jan 19 04:31:52 host sshd[13953]: input_userauth_request: invalid user user2 [preauth]
Jan 19 04:31:52 host sshd[13953]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:31:52 host sshd[13953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.154.50.211
Jan 19 04:31:54 host sshd[13953]: Failed password for invalid user user2 from 36.154.50.211 port 53078 ssh2
Jan 19 04:32:00 host sshd[13953]: Received disconnect from 36.154.50.211 port 53078:11: Bye Bye [preauth]
Jan 19 04:32:00 host sshd[13953]: Disconnected from 36.154.50.211 port 53078 [preauth]
Jan 19 04:33:25 host sshd[14216]: Connection closed by 36.154.50.211 port 64105 [preauth]
Jan 19 04:35:23 host sshd[14627]: Connection closed by 36.154.50.211 port 59598 [preauth]
Jan 19 04:36:58 host sshd[14861]: Connection closed by 36.154.50.211 port 55089 [preauth]
Jan 19 04:38:32 host sshd[15062]: Connection closed by 36.154.50.211 port 50579 [preauth]
Jan 19 04:40:04 host sshd[15409]: Connection closed by 36.154.50.211 port 61605 [preauth]
Jan 19 04:41:35 host sshd[15626]: Connection closed by 36.154.50.211 port 57096 [preauth]
Jan 19 04:43:05 host sshd[15839]: Connection closed by 36.154.50.211 port 52587 [preauth]
Jan 19 04:43:31 host sshd[15907]: Invalid user sFTPUser from 184.56.213.179 port 40983
Jan 19 04:43:31 host sshd[15907]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 19 04:43:31 host sshd[15907]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:43:31 host sshd[15907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=184.56.213.179
Jan 19 04:43:34 host sshd[15907]: Failed password for invalid user sFTPUser from 184.56.213.179 port 40983 ssh2
Jan 19 04:43:34 host sshd[15907]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:43:36 host sshd[15907]: Failed password for invalid user sFTPUser from 184.56.213.179 port 40983 ssh2
Jan 19 04:43:36 host sshd[15907]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:43:38 host sshd[15907]: Failed password for invalid user sFTPUser from 184.56.213.179 port 40983 ssh2
Jan 19 04:43:39 host sshd[15907]: Failed password for invalid user sFTPUser from 184.56.213.179 port 40983 ssh2
Jan 19 04:43:40 host sshd[15907]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:43:41 host sshd[15907]: Failed password for invalid user sFTPUser from 184.56.213.179 port 40983 ssh2
Jan 19 04:43:42 host sshd[15907]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:43:44 host sshd[15907]: Failed password for invalid user sFTPUser from 184.56.213.179 port 40983 ssh2
Jan 19 04:43:44 host sshd[15907]: error: maximum authentication attempts exceeded for invalid user sFTPUser from 184.56.213.179 port 40983 ssh2 [preauth]
Jan 19 04:43:44 host sshd[15907]: Disconnecting: Too many authentication failures [preauth]
Jan 19 04:43:44 host sshd[15907]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=184.56.213.179
Jan 19 04:43:44 host sshd[15907]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 19 04:44:43 host sshd[16076]: Connection closed by 36.154.50.211 port 63612 [preauth]
Jan 19 04:46:14 host sshd[16389]: Connection closed by 36.154.50.211 port 59103 [preauth]
Jan 19 04:46:46 host sshd[16464]: Invalid user vadmin from 201.171.45.136 port 33309
Jan 19 04:46:46 host sshd[16464]: input_userauth_request: invalid user vadmin [preauth]
Jan 19 04:46:46 host sshd[16464]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:46:46 host sshd[16464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.171.45.136
Jan 19 04:46:48 host sshd[16464]: Failed password for invalid user vadmin from 201.171.45.136 port 33309 ssh2
Jan 19 04:46:49 host sshd[16464]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:46:51 host sshd[16464]: Failed password for invalid user vadmin from 201.171.45.136 port 33309 ssh2
Jan 19 04:46:52 host sshd[16464]: Failed password for invalid user vadmin from 201.171.45.136 port 33309 ssh2
Jan 19 04:46:52 host sshd[16464]: Connection closed by 201.171.45.136 port 33309 [preauth]
Jan 19 04:46:52 host sshd[16464]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.171.45.136
Jan 19 04:47:47 host sshd[16605]: User root from 36.154.50.211 not allowed because not listed in AllowUsers
Jan 19 04:47:47 host sshd[16605]: input_userauth_request: invalid user root [preauth]
Jan 19 04:47:47 host unix_chkpwd[16620]: password check failed for user (root)
Jan 19 04:47:47 host sshd[16605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.154.50.211 user=root
Jan 19 04:47:47 host sshd[16605]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 04:47:49 host sshd[16605]: Failed password for invalid user root from 36.154.50.211 port 54594 ssh2
Jan 19 04:48:15 host sshd[16705]: Invalid user albert from 64.227.35.112 port 48694
Jan 19 04:48:15 host sshd[16705]: input_userauth_request: invalid user albert [preauth]
Jan 19 04:48:15 host sshd[16705]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:48:15 host sshd[16705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.35.112
Jan 19 04:48:17 host sshd[16705]: Failed password for invalid user albert from 64.227.35.112 port 48694 ssh2
Jan 19 04:48:17 host sshd[16705]: Received disconnect from 64.227.35.112 port 48694:11: Bye Bye [preauth]
Jan 19 04:48:17 host sshd[16705]: Disconnected from 64.227.35.112 port 48694 [preauth]
Jan 19 04:49:05 host sshd[16818]: User root from 43.157.26.169 not allowed because not listed in AllowUsers
Jan 19 04:49:05 host sshd[16818]: input_userauth_request: invalid user root [preauth]
Jan 19 04:49:05 host unix_chkpwd[16824]: password check failed for user (root)
Jan 19 04:49:05 host sshd[16818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.26.169 user=root
Jan 19 04:49:05 host sshd[16818]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 04:49:07 host sshd[16818]: Failed password for invalid user root from 43.157.26.169 port 40084 ssh2
Jan 19 04:49:07 host sshd[16818]: Received disconnect from 43.157.26.169 port 40084:11: Bye Bye [preauth]
Jan 19 04:49:07 host sshd[16818]: Disconnected from 43.157.26.169 port 40084 [preauth]
Jan 19 04:50:12 host sshd[17012]: Invalid user elastic from 223.197.188.206 port 50084
Jan 19 04:50:12 host sshd[17012]: input_userauth_request: invalid user elastic [preauth]
Jan 19 04:50:12 host sshd[17012]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:50:12 host sshd[17012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.197.188.206
Jan 19 04:50:14 host sshd[17012]: Failed password for invalid user elastic from 223.197.188.206 port 50084 ssh2
Jan 19 04:50:14 host sshd[17012]: Received disconnect from 223.197.188.206 port 50084:11: Bye Bye [preauth]
Jan 19 04:50:14 host sshd[17012]: Disconnected from 223.197.188.206 port 50084 [preauth]
Jan 19 04:50:20 host sshd[17033]: Invalid user zabbix from 123.142.3.142 port 44206
Jan 19 04:50:20 host sshd[17033]: input_userauth_request: invalid user zabbix [preauth]
Jan 19 04:50:20 host sshd[17033]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:50:20 host sshd[17033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.142.3.142
Jan 19 04:50:22 host sshd[17033]: Failed password for invalid user zabbix from 123.142.3.142 port 44206 ssh2
Jan 19 04:50:22 host sshd[17033]: Received disconnect from 123.142.3.142 port 44206:11: Bye Bye [preauth]
Jan 19 04:50:22 host sshd[17033]: Disconnected from 123.142.3.142 port 44206 [preauth]
Jan 19 04:50:23 host sshd[17044]: Invalid user postgres from 182.214.206.239 port 63807
Jan 19 04:50:23 host sshd[17044]: input_userauth_request: invalid user postgres [preauth]
Jan 19 04:50:23 host sshd[17044]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:50:23 host sshd[17044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.214.206.239
Jan 19 04:50:25 host sshd[17044]: Failed password for invalid user postgres from 182.214.206.239 port 63807 ssh2
Jan 19 04:50:26 host sshd[17044]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:50:28 host sshd[17044]: Failed password for invalid user postgres from 182.214.206.239 port 63807 ssh2
Jan 19 04:50:28 host sshd[17044]: Connection reset by 182.214.206.239 port 63807 [preauth]
Jan 19 04:50:28 host sshd[17044]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.214.206.239
Jan 19 04:50:30 host sshd[17077]: Invalid user cperoot from 195.226.194.142 port 25206
Jan 19 04:50:30 host sshd[17077]: input_userauth_request: invalid user cperoot [preauth]
Jan 19 04:50:30 host sshd[17077]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:50:30 host sshd[17077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 19 04:50:31 host sshd[17077]: Failed password for invalid user cperoot from 195.226.194.142 port 25206 ssh2
Jan 19 04:50:31 host sshd[17077]: Received disconnect from 195.226.194.142 port 25206:11: Bye Bye [preauth]
Jan 19 04:50:31 host sshd[17077]: Disconnected from 195.226.194.142 port 25206 [preauth]
Jan 19 04:50:56 host sshd[17118]: Invalid user slave from 186.139.230.98 port 41161
Jan 19 04:50:56 host sshd[17118]: input_userauth_request: invalid user slave [preauth]
Jan 19 04:50:56 host sshd[17118]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:50:56 host sshd[17118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.139.230.98
Jan 19 04:50:58 host sshd[17118]: Failed password for invalid user slave from 186.139.230.98 port 41161 ssh2
Jan 19 04:50:59 host sshd[17118]: Received disconnect from 186.139.230.98 port 41161:11: Bye Bye [preauth]
Jan 19 04:50:59 host sshd[17118]: Disconnected from 186.139.230.98 port 41161 [preauth]
Jan 19 04:53:32 host sshd[17624]: Invalid user wordpress from 64.227.35.112 port 47330
Jan 19 04:53:32 host sshd[17624]: input_userauth_request: invalid user wordpress [preauth]
Jan 19 04:53:32 host sshd[17624]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:53:32 host sshd[17624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.35.112
Jan 19 04:53:33 host sshd[17628]: Invalid user steam from 95.85.125.107 port 36868
Jan 19 04:53:33 host sshd[17628]: input_userauth_request: invalid user steam [preauth]
Jan 19 04:53:33 host sshd[17628]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:53:33 host sshd[17628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.85.125.107
Jan 19 04:53:34 host sshd[17624]: Failed password for invalid user wordpress from 64.227.35.112 port 47330 ssh2
Jan 19 04:53:34 host sshd[17624]: Received disconnect from 64.227.35.112 port 47330:11: Bye Bye [preauth]
Jan 19 04:53:34 host sshd[17624]: Disconnected from 64.227.35.112 port 47330 [preauth]
Jan 19 04:53:35 host sshd[17628]: Failed password for invalid user steam from 95.85.125.107 port 36868 ssh2
Jan 19 04:53:35 host sshd[17628]: Received disconnect from 95.85.125.107 port 36868:11: Bye Bye [preauth]
Jan 19 04:53:35 host sshd[17628]: Disconnected from 95.85.125.107 port 36868 [preauth]
Jan 19 04:54:25 host sshd[17743]: Invalid user kafka from 186.139.230.98 port 36448
Jan 19 04:54:25 host sshd[17743]: input_userauth_request: invalid user kafka [preauth]
Jan 19 04:54:25 host sshd[17743]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:54:25 host sshd[17743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.139.230.98
Jan 19 04:54:27 host sshd[17743]: Failed password for invalid user kafka from 186.139.230.98 port 36448 ssh2
Jan 19 04:54:27 host sshd[17743]: Received disconnect from 186.139.230.98 port 36448:11: Bye Bye [preauth]
Jan 19 04:54:27 host sshd[17743]: Disconnected from 186.139.230.98 port 36448 [preauth]
Jan 19 04:54:33 host sshd[17787]: Invalid user apache from 43.157.26.169 port 35266
Jan 19 04:54:33 host sshd[17787]: input_userauth_request: invalid user apache [preauth]
Jan 19 04:54:33 host sshd[17787]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:54:33 host sshd[17787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.26.169
Jan 19 04:54:36 host sshd[17787]: Failed password for invalid user apache from 43.157.26.169 port 35266 ssh2
Jan 19 04:54:36 host sshd[17787]: Received disconnect from 43.157.26.169 port 35266:11: Bye Bye [preauth]
Jan 19 04:54:36 host sshd[17787]: Disconnected from 43.157.26.169 port 35266 [preauth]
Jan 19 04:54:41 host sshd[17823]: Invalid user ftpuser from 64.227.35.112 port 45612
Jan 19 04:54:41 host sshd[17823]: input_userauth_request: invalid user ftpuser [preauth]
Jan 19 04:54:41 host sshd[17823]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:54:41 host sshd[17823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.35.112
Jan 19 04:54:42 host sshd[17840]: Invalid user sftpuser from 223.197.188.206 port 37620
Jan 19 04:54:42 host sshd[17840]: input_userauth_request: invalid user sftpuser [preauth]
Jan 19 04:54:42 host sshd[17840]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:54:42 host sshd[17840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.197.188.206
Jan 19 04:54:44 host sshd[17823]: Failed password for invalid user ftpuser from 64.227.35.112 port 45612 ssh2
Jan 19 04:54:44 host sshd[17823]: Received disconnect from 64.227.35.112 port 45612:11: Bye Bye [preauth]
Jan 19 04:54:44 host sshd[17823]: Disconnected from 64.227.35.112 port 45612 [preauth]
Jan 19 04:54:44 host sshd[17840]: Failed password for invalid user sftpuser from 223.197.188.206 port 37620 ssh2
Jan 19 04:54:44 host sshd[17840]: Received disconnect from 223.197.188.206 port 37620:11: Bye Bye [preauth]
Jan 19 04:54:44 host sshd[17840]: Disconnected from 223.197.188.206 port 37620 [preauth]
Jan 19 04:54:47 host sshd[17882]: User root from 123.142.3.142 not allowed because not listed in AllowUsers
Jan 19 04:54:47 host sshd[17882]: input_userauth_request: invalid user root [preauth]
Jan 19 04:54:47 host unix_chkpwd[17888]: password check failed for user (root)
Jan 19 04:54:47 host sshd[17882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.142.3.142 user=root
Jan 19 04:54:47 host sshd[17882]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 04:54:48 host sshd[17882]: Failed password for invalid user root from 123.142.3.142 port 60492 ssh2
Jan 19 04:54:49 host sshd[17882]: Received disconnect from 123.142.3.142 port 60492:11: Bye Bye [preauth]
Jan 19 04:54:49 host sshd[17882]: Disconnected from 123.142.3.142 port 60492 [preauth]
Jan 19 04:55:49 host sshd[18103]: Invalid user vadmin from 114.33.114.205 port 45879
Jan 19 04:55:49 host sshd[18103]: input_userauth_request: invalid user vadmin [preauth]
Jan 19 04:55:49 host sshd[18103]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:55:49 host sshd[18103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.114.205
Jan 19 04:55:51 host sshd[18103]: Failed password for invalid user vadmin from 114.33.114.205 port 45879 ssh2
Jan 19 04:55:52 host sshd[18103]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 04:55:53 host sshd[18115]: User root from 223.197.188.206 not allowed because not listed in AllowUsers
Jan 19 04:55:53 host sshd[18115]: input_userauth_request: invalid user root [preauth]
Jan 19 04:55:53 host unix_chkpwd[18118]: password check failed for user (root)
Jan 19 04:55:53 host sshd[18115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.197.188.206 user=root
Jan 19 04:55:53 host sshd[18115]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 04:55:53 host sshd[18103]: Failed password for invalid user vadmin from 114.33.114.205 port 45879 ssh2
Jan 19 04:55:54 host sshd[18103]: Failed password for invalid user vadmin from 114.33.114.205 port 45879 ssh2
Jan 19 04:55:54 host sshd[18103]: Connection closed by 114.33.114.205 port 45879 [preauth]
Jan 19 04:55:54 host sshd[18103]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.114.205
Jan 19 04:55:55 host sshd[18115]: Failed password for invalid user root from 223.197.188.206 port 59784 ssh2
Jan 19 04:55:55 host sshd[18115]: Received disconnect from 223.197.188.206 port 59784:11: Bye Bye [preauth]
Jan 19 04:55:55 host sshd[18115]: Disconnected from 223.197.188.206 port 59784 [preauth]
Jan 19 04:55:55 host sshd[18119]: User mysql from 186.139.230.98 not allowed because not listed in AllowUsers
Jan 19 04:55:55 host sshd[18119]: input_userauth_request: invalid user mysql [preauth]
Jan 19 04:55:55 host unix_chkpwd[18153]: password check failed for user (mysql)
Jan 19 04:55:55 host sshd[18119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.139.230.98 user=mysql
Jan 19 04:55:55 host sshd[18119]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 19 04:55:57 host sshd[18119]: Failed password for invalid user mysql from 186.139.230.98 port 35543 ssh2
Jan 19 04:55:57 host sshd[18119]: Received disconnect from 186.139.230.98 port 35543:11: Bye Bye [preauth]
Jan 19 04:55:57 host sshd[18119]: Disconnected from 186.139.230.98 port 35543 [preauth]
Jan 19 05:08:02 host sshd[20007]: Connection closed by 192.241.213.57 port 35990 [preauth]
Jan 19 05:11:15 host sshd[20515]: Invalid user david from 181.23.68.64 port 51241
Jan 19 05:11:15 host sshd[20515]: input_userauth_request: invalid user david [preauth]
Jan 19 05:11:15 host sshd[20515]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:11:15 host sshd[20515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.23.68.64
Jan 19 05:11:17 host sshd[20515]: Failed password for invalid user david from 181.23.68.64 port 51241 ssh2
Jan 19 05:11:17 host sshd[20515]: Received disconnect from 181.23.68.64 port 51241:11: Bye Bye [preauth]
Jan 19 05:11:17 host sshd[20515]: Disconnected from 181.23.68.64 port 51241 [preauth]
Jan 19 05:13:25 host sshd[20786]: Invalid user admin from 115.76.246.140 port 46163
Jan 19 05:13:25 host sshd[20786]: input_userauth_request: invalid user admin [preauth]
Jan 19 05:13:25 host sshd[20786]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:13:25 host sshd[20786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.76.246.140
Jan 19 05:13:27 host sshd[20786]: Failed password for invalid user admin from 115.76.246.140 port 46163 ssh2
Jan 19 05:13:27 host sshd[20786]: Failed password for invalid user admin from 115.76.246.140 port 46163 ssh2
Jan 19 05:13:29 host sshd[20786]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:13:30 host sshd[20786]: Failed password for invalid user admin from 115.76.246.140 port 46163 ssh2
Jan 19 05:13:31 host sshd[20786]: Connection reset by 115.76.246.140 port 46163 [preauth]
Jan 19 05:13:31 host sshd[20786]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.76.246.140
Jan 19 05:20:40 host sshd[21932]: Invalid user master from 195.226.194.142 port 52634
Jan 19 05:20:40 host sshd[21932]: input_userauth_request: invalid user master [preauth]
Jan 19 05:20:41 host sshd[21932]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:20:41 host sshd[21932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 19 05:20:42 host sshd[21932]: Failed password for invalid user master from 195.226.194.142 port 52634 ssh2
Jan 19 05:20:43 host sshd[21932]: Received disconnect from 195.226.194.142 port 52634:11: Bye Bye [preauth]
Jan 19 05:20:43 host sshd[21932]: Disconnected from 195.226.194.142 port 52634 [preauth]
Jan 19 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 05:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 05:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=mrsclean user-2=wwwnexidigital user-3=gifterman user-4=palco123 user-5=kottayamcalldriv user-6=phmetals user-7=wwwletsstalkfood user-8=straightcurve user-9=bonifacegroup user-10=wwwevmhonda user-11=pmcresources user-12=vfmassets user-13=wwwtestugo user-14=shalinijames user-15=wwwkapin user-16=woodpeck user-17=disposeat user-18=wwwkmaorg user-19=remysagr user-20=wwwrmswll user-21=wwwresourcehunte user-22=keralaholi user-23=ugotscom user-24=travelboniface user-25=wwwpmcresource user-26=laundryboniface user-27=dartsimp user-28=a2zgroup user-29=cochintaxi user-30=wwwkaretakers feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 05:21:10 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=evmhonda.com --output=json
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/test -e /home/wwwevmhonda/wordpress-backups
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 19 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=letsstalkfood.com --output=json
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/test -e /home/wwwletsstalkfood/wordpress-backups
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 19 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=mrsclean.co.in --output=json
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/test -e /home/mrsclean/wordpress-backups
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 19 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/test -e /home/mrsclean/wordpress-backups
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 19 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=shalinijames.com --output=json
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/test -e /home/shalinijames/wordpress-backups
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 19 05:21:10 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 19 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=testugo.in --output=json
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 19 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 19 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 19 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=ugotechnologies.com --output=json
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=woodpeckerindia.com --output=json
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/test -e /home/woodpeck/wordpress-backups
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 19 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=panlys.com --output=json
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/test -e /home/palco123/wordpress-backups
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 19 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=resourcehunters.com --output=json
Jan 19 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/test -e /home/wwwresourcehunte/wordpress-backups
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /var/cpanel/licenseid_credentials.json
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/cat /home/mrsclean/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwnexidigital ; COMMAND=/bin/cat /home/wwwnexidigital/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user wwwnexidigital by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user wwwnexidigital
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=gifterman ; COMMAND=/bin/cat /home/gifterman/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user gifterman by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user gifterman
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/cat /home/palco123/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=kottayamcalldriv ; COMMAND=/bin/cat /home/kottayamcalldriv/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user kottayamcalldriv by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user kottayamcalldriv
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=phmetals ; COMMAND=/bin/cat /home/phmetals/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user phmetals by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user phmetals
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/cat /home/wwwletsstalkfood/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=straightcurve ; COMMAND=/bin/cat /home/straightcurve/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user straightcurve by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user straightcurve
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=bonifacegroup ; COMMAND=/bin/cat /home/bonifacegroup/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user bonifacegroup by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user bonifacegroup
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/cat /home/wwwevmhonda/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=pmcresources ; COMMAND=/bin/cat /home/pmcresources/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user pmcresources by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user pmcresources
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=vfmassets ; COMMAND=/bin/cat /home/vfmassets/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user vfmassets by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user vfmassets
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/cat /home/wwwtestugo/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/cat /home/shalinijames/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkapin ; COMMAND=/bin/cat /home/wwwkapin/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user wwwkapin by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user wwwkapin
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/cat /home/woodpeck/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=disposeat ; COMMAND=/bin/cat /home/disposeat/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user disposeat by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user disposeat
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkmaorg ; COMMAND=/bin/cat /home/wwwkmaorg/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user wwwkmaorg by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user wwwkmaorg
Jan 19 05:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=remysagr ; COMMAND=/bin/cat /home/remysagr/.wp-toolkit-identifier
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session opened for user remysagr by (uid=0)
Jan 19 05:21:12 host sudo: pam_unix(sudo:session): session closed for user remysagr
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwrmswll ; COMMAND=/bin/cat /home/wwwrmswll/.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user wwwrmswll by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user wwwrmswll
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/cat /home/wwwresourcehunte/.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/cat /home/keralaholi/.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -f /home/keralaholi/.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -e /home/keralaholi/-wpt-tmp-sc881BVK4PvxhlAN.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/sh -c cat > /home/keralaholi/-wpt-tmp-sc881BVK4PvxhlAN.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=travelboniface ; COMMAND=/bin/cat /home/travelboniface/.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user travelboniface by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user travelboniface
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwpmcresource ; COMMAND=/bin/cat /home/wwwpmcresource/.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user wwwpmcresource by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user wwwpmcresource
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=laundryboniface ; COMMAND=/bin/cat /home/laundryboniface/.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user laundryboniface by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user laundryboniface
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=dartsimp ; COMMAND=/bin/cat /home/dartsimp/.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user dartsimp by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user dartsimp
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=a2zgroup ; COMMAND=/bin/cat /home/a2zgroup/.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user a2zgroup by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user a2zgroup
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=cochintaxi ; COMMAND=/bin/cat /home/cochintaxi/.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user cochintaxi by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user cochintaxi
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkaretakers ; COMMAND=/bin/cat /home/wwwkaretakers/.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user wwwkaretakers by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user wwwkaretakers
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/cat /home/keralaholi/.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -f /home/keralaholi/.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -e /home/keralaholi/-wpt-tmp-EPrvlZpkUalRSC6a.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/sh -c cat > /home/keralaholi/-wpt-tmp-EPrvlZpkUalRSC6a.wp-toolkit-identifier
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_shared_ip --output=json
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_public_ip ip=167.71.234.10 --output=json
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 05:21:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-doC548S7FA0aYpOH.~
Jan 19 05:21:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-doC548S7FA0aYpOH.~'
Jan 19 05:21:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-doC548S7FA0aYpOH.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 05:21:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 05:21:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:20 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 05:21:20 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:20 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:20 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 05:21:20 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:20 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:20 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 05:21:20 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:20 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:20 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 05:21:20 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:21 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:21:21 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 05:21:21 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 05:21:21 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 05:24:14 host sshd[23042]: Connection reset by 119.196.240.71 port 63998 [preauth]
Jan 19 05:30:44 host sshd[24087]: Invalid user dlxuser from 114.33.143.27 port 37905
Jan 19 05:30:44 host sshd[24087]: input_userauth_request: invalid user dlxuser [preauth]
Jan 19 05:30:44 host sshd[24087]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:30:44 host sshd[24087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.143.27
Jan 19 05:30:46 host sshd[24087]: Failed password for invalid user dlxuser from 114.33.143.27 port 37905 ssh2
Jan 19 05:30:47 host sshd[24087]: Connection reset by 114.33.143.27 port 37905 [preauth]
Jan 19 05:50:21 host sshd[27085]: Invalid user media from 195.226.194.142 port 48172
Jan 19 05:50:21 host sshd[27085]: input_userauth_request: invalid user media [preauth]
Jan 19 05:50:21 host sshd[27085]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:50:21 host sshd[27085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 19 05:50:23 host sshd[27085]: Failed password for invalid user media from 195.226.194.142 port 48172 ssh2
Jan 19 05:50:33 host sshd[27160]: Invalid user trojanuser from 64.227.122.198 port 51850
Jan 19 05:50:33 host sshd[27160]: input_userauth_request: invalid user trojanuser [preauth]
Jan 19 05:50:33 host sshd[27160]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:50:33 host sshd[27160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.122.198
Jan 19 05:50:35 host sshd[27160]: Failed password for invalid user trojanuser from 64.227.122.198 port 51850 ssh2
Jan 19 05:50:35 host sshd[27160]: Received disconnect from 64.227.122.198 port 51850:11: Bye Bye [preauth]
Jan 19 05:50:35 host sshd[27160]: Disconnected from 64.227.122.198 port 51850 [preauth]
Jan 19 05:52:22 host sshd[27564]: Invalid user sftpuser from 89.97.180.241 port 55153
Jan 19 05:52:22 host sshd[27564]: input_userauth_request: invalid user sftpuser [preauth]
Jan 19 05:52:22 host sshd[27564]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:52:22 host sshd[27564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.97.180.241
Jan 19 05:52:25 host sshd[27564]: Failed password for invalid user sftpuser from 89.97.180.241 port 55153 ssh2
Jan 19 05:52:25 host sshd[27564]: Received disconnect from 89.97.180.241 port 55153:11: Bye Bye [preauth]
Jan 19 05:52:25 host sshd[27564]: Disconnected from 89.97.180.241 port 55153 [preauth]
Jan 19 05:52:28 host sshd[27599]: Invalid user elemental from 101.32.76.9 port 40204
Jan 19 05:52:28 host sshd[27599]: input_userauth_request: invalid user elemental [preauth]
Jan 19 05:52:28 host sshd[27599]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:52:28 host sshd[27599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.32.76.9
Jan 19 05:52:30 host sshd[27599]: Failed password for invalid user elemental from 101.32.76.9 port 40204 ssh2
Jan 19 05:52:30 host sshd[27599]: Received disconnect from 101.32.76.9 port 40204:11: Bye Bye [preauth]
Jan 19 05:52:30 host sshd[27599]: Disconnected from 101.32.76.9 port 40204 [preauth]
Jan 19 05:52:38 host sshd[27619]: Invalid user cat from 38.65.156.234 port 57928
Jan 19 05:52:38 host sshd[27619]: input_userauth_request: invalid user cat [preauth]
Jan 19 05:52:38 host sshd[27619]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:52:38 host sshd[27619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.65.156.234
Jan 19 05:52:39 host sshd[27619]: Failed password for invalid user cat from 38.65.156.234 port 57928 ssh2
Jan 19 05:52:40 host sshd[27619]: Received disconnect from 38.65.156.234 port 57928:11: Bye Bye [preauth]
Jan 19 05:52:40 host sshd[27619]: Disconnected from 38.65.156.234 port 57928 [preauth]
Jan 19 05:52:50 host sshd[27652]: Invalid user informix from 43.156.39.31 port 58900
Jan 19 05:52:50 host sshd[27652]: input_userauth_request: invalid user informix [preauth]
Jan 19 05:52:50 host sshd[27652]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:52:50 host sshd[27652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.39.31
Jan 19 05:52:52 host sshd[27652]: Failed password for invalid user informix from 43.156.39.31 port 58900 ssh2
Jan 19 05:52:52 host sshd[27652]: Received disconnect from 43.156.39.31 port 58900:11: Bye Bye [preauth]
Jan 19 05:52:52 host sshd[27652]: Disconnected from 43.156.39.31 port 58900 [preauth]
Jan 19 05:53:03 host sshd[27670]: User root from 190.129.60.125 not allowed because not listed in AllowUsers
Jan 19 05:53:03 host sshd[27670]: input_userauth_request: invalid user root [preauth]
Jan 19 05:53:03 host unix_chkpwd[27683]: password check failed for user (root)
Jan 19 05:53:03 host sshd[27670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.60.125 user=root
Jan 19 05:53:03 host sshd[27670]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 05:53:05 host sshd[27670]: Failed password for invalid user root from 190.129.60.125 port 45680 ssh2
Jan 19 05:53:06 host sshd[27670]: Received disconnect from 190.129.60.125 port 45680:11: Bye Bye [preauth]
Jan 19 05:53:06 host sshd[27670]: Disconnected from 190.129.60.125 port 45680 [preauth]
Jan 19 05:53:24 host sshd[27734]: Invalid user afa from 188.166.217.179 port 45174
Jan 19 05:53:24 host sshd[27734]: input_userauth_request: invalid user afa [preauth]
Jan 19 05:53:24 host sshd[27734]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:53:24 host sshd[27734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.179
Jan 19 05:53:26 host sshd[27734]: Failed password for invalid user afa from 188.166.217.179 port 45174 ssh2
Jan 19 05:53:26 host sshd[27734]: Received disconnect from 188.166.217.179 port 45174:11: Bye Bye [preauth]
Jan 19 05:53:26 host sshd[27734]: Disconnected from 188.166.217.179 port 45174 [preauth]
Jan 19 05:53:36 host sshd[27778]: Invalid user ntc from 207.249.96.168 port 38732
Jan 19 05:53:36 host sshd[27778]: input_userauth_request: invalid user ntc [preauth]
Jan 19 05:53:36 host sshd[27778]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:53:36 host sshd[27778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.249.96.168
Jan 19 05:53:38 host sshd[27778]: Failed password for invalid user ntc from 207.249.96.168 port 38732 ssh2
Jan 19 05:53:38 host sshd[27778]: Received disconnect from 207.249.96.168 port 38732:11: Bye Bye [preauth]
Jan 19 05:53:38 host sshd[27778]: Disconnected from 207.249.96.168 port 38732 [preauth]
Jan 19 05:53:41 host sshd[27793]: Did not receive identification string from 104.168.83.36 port 49154
Jan 19 05:53:42 host sshd[27794]: User mysql from 104.168.83.36 not allowed because not listed in AllowUsers
Jan 19 05:53:42 host sshd[27795]: Invalid user user from 104.168.83.36 port 49526
Jan 19 05:53:42 host sshd[27794]: input_userauth_request: invalid user mysql [preauth]
Jan 19 05:53:42 host sshd[27795]: input_userauth_request: invalid user user [preauth]
Jan 19 05:53:42 host sshd[27795]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:53:42 host sshd[27795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.168.83.36
Jan 19 05:53:43 host unix_chkpwd[27800]: password check failed for user (mysql)
Jan 19 05:53:43 host sshd[27794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.168.83.36 user=mysql
Jan 19 05:53:43 host sshd[27794]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 19 05:53:45 host sshd[27795]: Failed password for invalid user user from 104.168.83.36 port 49526 ssh2
Jan 19 05:53:45 host sshd[27794]: Failed password for invalid user mysql from 104.168.83.36 port 49524 ssh2
Jan 19 05:53:45 host sshd[27795]: Connection closed by 104.168.83.36 port 49526 [preauth]
Jan 19 05:53:45 host sshd[27794]: Connection closed by 104.168.83.36 port 49524 [preauth]
Jan 19 05:53:45 host sshd[27805]: Invalid user deploy from 202.125.94.212 port 34530
Jan 19 05:53:45 host sshd[27805]: input_userauth_request: invalid user deploy [preauth]
Jan 19 05:53:45 host sshd[27805]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:53:45 host sshd[27805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.212
Jan 19 05:53:48 host sshd[27805]: Failed password for invalid user deploy from 202.125.94.212 port 34530 ssh2
Jan 19 05:53:48 host sshd[27805]: Received disconnect from 202.125.94.212 port 34530:11: Bye Bye [preauth]
Jan 19 05:53:48 host sshd[27805]: Disconnected from 202.125.94.212 port 34530 [preauth]
Jan 19 05:54:41 host sshd[28017]: Invalid user afa from 128.199.227.45 port 53508
Jan 19 05:54:41 host sshd[28017]: input_userauth_request: invalid user afa [preauth]
Jan 19 05:54:41 host sshd[28017]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:54:41 host sshd[28017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.227.45
Jan 19 05:54:43 host sshd[28017]: Failed password for invalid user afa from 128.199.227.45 port 53508 ssh2
Jan 19 05:54:43 host sshd[28017]: Received disconnect from 128.199.227.45 port 53508:11: Bye Bye [preauth]
Jan 19 05:54:43 host sshd[28017]: Disconnected from 128.199.227.45 port 53508 [preauth]
Jan 19 05:55:27 host sshd[28181]: Invalid user dev from 164.92.156.120 port 49444
Jan 19 05:55:27 host sshd[28181]: input_userauth_request: invalid user dev [preauth]
Jan 19 05:55:27 host sshd[28181]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:55:27 host sshd[28181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.156.120
Jan 19 05:55:29 host sshd[28181]: Failed password for invalid user dev from 164.92.156.120 port 49444 ssh2
Jan 19 05:55:29 host sshd[28181]: Received disconnect from 164.92.156.120 port 49444:11: Bye Bye [preauth]
Jan 19 05:55:29 host sshd[28181]: Disconnected from 164.92.156.120 port 49444 [preauth]
Jan 19 05:56:01 host sshd[28275]: Invalid user sftpuser from 87.103.15.162 port 55934
Jan 19 05:56:01 host sshd[28275]: input_userauth_request: invalid user sftpuser [preauth]
Jan 19 05:56:01 host sshd[28275]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:56:01 host sshd[28275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.103.15.162
Jan 19 05:56:03 host sshd[28275]: Failed password for invalid user sftpuser from 87.103.15.162 port 55934 ssh2
Jan 19 05:56:03 host sshd[28275]: Received disconnect from 87.103.15.162 port 55934:11: Bye Bye [preauth]
Jan 19 05:56:03 host sshd[28275]: Disconnected from 87.103.15.162 port 55934 [preauth]
Jan 19 05:56:15 host sshd[28315]: User root from 64.227.122.198 not allowed because not listed in AllowUsers
Jan 19 05:56:15 host sshd[28315]: input_userauth_request: invalid user root [preauth]
Jan 19 05:56:15 host unix_chkpwd[28320]: password check failed for user (root)
Jan 19 05:56:15 host sshd[28315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.122.198 user=root
Jan 19 05:56:15 host sshd[28315]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 05:56:17 host sshd[28315]: Failed password for invalid user root from 64.227.122.198 port 34960 ssh2
Jan 19 05:56:17 host sshd[28315]: Received disconnect from 64.227.122.198 port 34960:11: Bye Bye [preauth]
Jan 19 05:56:17 host sshd[28315]: Disconnected from 64.227.122.198 port 34960 [preauth]
Jan 19 05:56:36 host sshd[28526]: User root from 89.97.180.241 not allowed because not listed in AllowUsers
Jan 19 05:56:36 host sshd[28526]: input_userauth_request: invalid user root [preauth]
Jan 19 05:56:36 host unix_chkpwd[28531]: password check failed for user (root)
Jan 19 05:56:36 host sshd[28526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.97.180.241 user=root
Jan 19 05:56:36 host sshd[28526]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 05:56:37 host sshd[28526]: Failed password for invalid user root from 89.97.180.241 port 46784 ssh2
Jan 19 05:56:38 host sshd[28526]: Received disconnect from 89.97.180.241 port 46784:11: Bye Bye [preauth]
Jan 19 05:56:38 host sshd[28526]: Disconnected from 89.97.180.241 port 46784 [preauth]
Jan 19 05:56:49 host sshd[28585]: Invalid user admin123 from 43.156.39.31 port 47284
Jan 19 05:56:49 host sshd[28585]: input_userauth_request: invalid user admin123 [preauth]
Jan 19 05:56:49 host sshd[28585]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:56:49 host sshd[28585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.39.31
Jan 19 05:56:51 host sshd[28585]: Failed password for invalid user admin123 from 43.156.39.31 port 47284 ssh2
Jan 19 05:56:51 host sshd[28585]: Received disconnect from 43.156.39.31 port 47284:11: Bye Bye [preauth]
Jan 19 05:56:51 host sshd[28585]: Disconnected from 43.156.39.31 port 47284 [preauth]
Jan 19 05:57:08 host sshd[28650]: User root from 202.125.94.212 not allowed because not listed in AllowUsers
Jan 19 05:57:08 host sshd[28650]: input_userauth_request: invalid user root [preauth]
Jan 19 05:57:08 host unix_chkpwd[28653]: password check failed for user (root)
Jan 19 05:57:08 host sshd[28650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.212 user=root
Jan 19 05:57:08 host sshd[28650]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 05:57:11 host sshd[28650]: Failed password for invalid user root from 202.125.94.212 port 54652 ssh2
Jan 19 05:57:11 host sshd[28650]: Received disconnect from 202.125.94.212 port 54652:11: Bye Bye [preauth]
Jan 19 05:57:11 host sshd[28650]: Disconnected from 202.125.94.212 port 54652 [preauth]
Jan 19 05:57:11 host sshd[28661]: Invalid user trojanuser from 128.199.227.45 port 58538
Jan 19 05:57:11 host sshd[28661]: input_userauth_request: invalid user trojanuser [preauth]
Jan 19 05:57:11 host sshd[28661]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:57:11 host sshd[28661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.227.45
Jan 19 05:57:14 host sshd[28661]: Failed password for invalid user trojanuser from 128.199.227.45 port 58538 ssh2
Jan 19 05:57:14 host sshd[28661]: Received disconnect from 128.199.227.45 port 58538:11: Bye Bye [preauth]
Jan 19 05:57:14 host sshd[28661]: Disconnected from 128.199.227.45 port 58538 [preauth]
Jan 19 05:57:14 host sshd[28696]: Invalid user temp from 144.34.173.67 port 42528
Jan 19 05:57:14 host sshd[28696]: input_userauth_request: invalid user temp [preauth]
Jan 19 05:57:14 host sshd[28696]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:57:14 host sshd[28696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.34.173.67
Jan 19 05:57:16 host sshd[28696]: Failed password for invalid user temp from 144.34.173.67 port 42528 ssh2
Jan 19 05:57:17 host sshd[28696]: Received disconnect from 144.34.173.67 port 42528:11: Bye Bye [preauth]
Jan 19 05:57:17 host sshd[28696]: Disconnected from 144.34.173.67 port 42528 [preauth]
Jan 19 05:57:17 host sshd[28712]: Invalid user cat from 188.166.217.179 port 39322
Jan 19 05:57:17 host sshd[28712]: input_userauth_request: invalid user cat [preauth]
Jan 19 05:57:17 host sshd[28712]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:57:17 host sshd[28712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.179
Jan 19 05:57:20 host sshd[28712]: Failed password for invalid user cat from 188.166.217.179 port 39322 ssh2
Jan 19 05:57:20 host sshd[28712]: Received disconnect from 188.166.217.179 port 39322:11: Bye Bye [preauth]
Jan 19 05:57:20 host sshd[28712]: Disconnected from 188.166.217.179 port 39322 [preauth]
Jan 19 05:57:24 host sshd[28646]: Connection closed by 101.32.76.9 port 59324 [preauth]
Jan 19 05:57:28 host sshd[28754]: User root from 117.18.13.119 not allowed because not listed in AllowUsers
Jan 19 05:57:28 host sshd[28754]: input_userauth_request: invalid user root [preauth]
Jan 19 05:57:28 host unix_chkpwd[28758]: password check failed for user (root)
Jan 19 05:57:28 host sshd[28754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.18.13.119 user=root
Jan 19 05:57:28 host sshd[28754]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 05:57:31 host sshd[28754]: Failed password for invalid user root from 117.18.13.119 port 57706 ssh2
Jan 19 05:57:31 host sshd[28754]: Received disconnect from 117.18.13.119 port 57706:11: Bye Bye [preauth]
Jan 19 05:57:31 host sshd[28754]: Disconnected from 117.18.13.119 port 57706 [preauth]
Jan 19 05:57:37 host sshd[28774]: Invalid user temp from 87.103.15.162 port 37454
Jan 19 05:57:37 host sshd[28774]: input_userauth_request: invalid user temp [preauth]
Jan 19 05:57:37 host sshd[28774]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:57:37 host sshd[28774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.103.15.162
Jan 19 05:57:39 host sshd[28774]: Failed password for invalid user temp from 87.103.15.162 port 37454 ssh2
Jan 19 05:57:39 host sshd[28779]: User root from 207.249.96.168 not allowed because not listed in AllowUsers
Jan 19 05:57:39 host sshd[28779]: input_userauth_request: invalid user root [preauth]
Jan 19 05:57:39 host unix_chkpwd[28784]: password check failed for user (root)
Jan 19 05:57:39 host sshd[28779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.249.96.168 user=root
Jan 19 05:57:39 host sshd[28779]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 05:57:39 host sshd[28774]: Received disconnect from 87.103.15.162 port 37454:11: Bye Bye [preauth]
Jan 19 05:57:39 host sshd[28774]: Disconnected from 87.103.15.162 port 37454 [preauth]
Jan 19 05:57:42 host sshd[28779]: Failed password for invalid user root from 207.249.96.168 port 51398 ssh2
Jan 19 05:57:42 host sshd[28779]: Received disconnect from 207.249.96.168 port 51398:11: Bye Bye [preauth]
Jan 19 05:57:42 host sshd[28779]: Disconnected from 207.249.96.168 port 51398 [preauth]
Jan 19 05:57:44 host sshd[28805]: User root from 164.92.156.120 not allowed because not listed in AllowUsers
Jan 19 05:57:44 host sshd[28805]: input_userauth_request: invalid user root [preauth]
Jan 19 05:57:44 host unix_chkpwd[28828]: password check failed for user (root)
Jan 19 05:57:44 host sshd[28805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.156.120 user=root
Jan 19 05:57:44 host sshd[28805]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 05:57:46 host sshd[28805]: Failed password for invalid user root from 164.92.156.120 port 51304 ssh2
Jan 19 05:57:46 host sshd[28805]: Received disconnect from 164.92.156.120 port 51304:11: Bye Bye [preauth]
Jan 19 05:57:46 host sshd[28805]: Disconnected from 164.92.156.120 port 51304 [preauth]
Jan 19 05:58:02 host sshd[28896]: User root from 190.129.60.125 not allowed because not listed in AllowUsers
Jan 19 05:58:02 host sshd[28896]: input_userauth_request: invalid user root [preauth]
Jan 19 05:58:02 host unix_chkpwd[28915]: password check failed for user (root)
Jan 19 05:58:02 host sshd[28896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.60.125 user=root
Jan 19 05:58:02 host sshd[28896]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 05:58:04 host sshd[28896]: Failed password for invalid user root from 190.129.60.125 port 36654 ssh2
Jan 19 05:58:05 host sshd[28896]: Received disconnect from 190.129.60.125 port 36654:11: Bye Bye [preauth]
Jan 19 05:58:05 host sshd[28896]: Disconnected from 190.129.60.125 port 36654 [preauth]
Jan 19 05:58:09 host sshd[28960]: Invalid user plex from 43.156.39.31 port 45800
Jan 19 05:58:09 host sshd[28960]: input_userauth_request: invalid user plex [preauth]
Jan 19 05:58:09 host sshd[28960]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:58:09 host sshd[28960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.39.31
Jan 19 05:58:11 host sshd[28960]: Failed password for invalid user plex from 43.156.39.31 port 45800 ssh2
Jan 19 05:58:11 host sshd[28960]: Received disconnect from 43.156.39.31 port 45800:11: Bye Bye [preauth]
Jan 19 05:58:11 host sshd[28960]: Disconnected from 43.156.39.31 port 45800 [preauth]
Jan 19 05:58:32 host sshd[29065]: Invalid user techuser from 128.199.227.45 port 41860
Jan 19 05:58:32 host sshd[29065]: input_userauth_request: invalid user techuser [preauth]
Jan 19 05:58:32 host sshd[29065]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:58:32 host sshd[29065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.227.45
Jan 19 05:58:33 host sshd[29065]: Failed password for invalid user techuser from 128.199.227.45 port 41860 ssh2
Jan 19 05:58:33 host sshd[29065]: Received disconnect from 128.199.227.45 port 41860:11: Bye Bye [preauth]
Jan 19 05:58:33 host sshd[29065]: Disconnected from 128.199.227.45 port 41860 [preauth]
Jan 19 05:58:37 host sshd[29073]: Invalid user user01 from 38.65.156.234 port 56734
Jan 19 05:58:37 host sshd[29073]: input_userauth_request: invalid user user01 [preauth]
Jan 19 05:58:37 host sshd[29073]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:58:37 host sshd[29073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.65.156.234
Jan 19 05:58:39 host sshd[29111]: Invalid user django from 188.166.217.179 port 34034
Jan 19 05:58:39 host sshd[29111]: input_userauth_request: invalid user django [preauth]
Jan 19 05:58:39 host sshd[29111]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:58:39 host sshd[29111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.179
Jan 19 05:58:40 host sshd[29073]: Failed password for invalid user user01 from 38.65.156.234 port 56734 ssh2
Jan 19 05:58:40 host sshd[29073]: Received disconnect from 38.65.156.234 port 56734:11: Bye Bye [preauth]
Jan 19 05:58:40 host sshd[29073]: Disconnected from 38.65.156.234 port 56734 [preauth]
Jan 19 05:58:41 host sshd[29111]: Failed password for invalid user django from 188.166.217.179 port 34034 ssh2
Jan 19 05:58:41 host sshd[29111]: Received disconnect from 188.166.217.179 port 34034:11: Bye Bye [preauth]
Jan 19 05:58:41 host sshd[29111]: Disconnected from 188.166.217.179 port 34034 [preauth]
Jan 19 05:58:52 host sshd[29174]: Invalid user frappe from 117.18.13.119 port 51284
Jan 19 05:58:52 host sshd[29174]: input_userauth_request: invalid user frappe [preauth]
Jan 19 05:58:52 host sshd[29174]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 05:58:52 host sshd[29174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.18.13.119
Jan 19 05:58:53 host sshd[29178]: User root from 87.103.15.162 not allowed because not listed in AllowUsers
Jan 19 05:58:53 host sshd[29178]: input_userauth_request: invalid user root [preauth]
Jan 19 05:58:53 host unix_chkpwd[29181]: password check failed for user (root)
Jan 19 05:58:53 host sshd[29178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.103.15.162 user=root
Jan 19 05:58:53 host sshd[29178]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 05:58:54 host sshd[29174]: Failed password for invalid user frappe from 117.18.13.119 port 51284 ssh2
Jan 19 05:58:54 host sshd[29174]: Received disconnect from 117.18.13.119 port 51284:11: Bye Bye [preauth]
Jan 19 05:58:54 host sshd[29174]: Disconnected from 117.18.13.119 port 51284 [preauth]
Jan 19 05:58:55 host sshd[29178]: Failed password for invalid user root from 87.103.15.162 port 33412 ssh2
Jan 19 05:58:55 host sshd[29178]: Received disconnect from 87.103.15.162 port 33412:11: Bye Bye [preauth]
Jan 19 05:58:55 host sshd[29178]: Disconnected from 87.103.15.162 port 33412 [preauth]
Jan 19 06:00:08 host sshd[29481]: User root from 38.65.156.234 not allowed because not listed in AllowUsers
Jan 19 06:00:08 host sshd[29481]: input_userauth_request: invalid user root [preauth]
Jan 19 06:00:08 host unix_chkpwd[29487]: password check failed for user (root)
Jan 19 06:00:08 host sshd[29481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.65.156.234 user=root
Jan 19 06:00:08 host sshd[29481]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 06:00:10 host sshd[29481]: Failed password for invalid user root from 38.65.156.234 port 39927 ssh2
Jan 19 06:00:10 host sshd[29481]: Received disconnect from 38.65.156.234 port 39927:11: Bye Bye [preauth]
Jan 19 06:00:10 host sshd[29481]: Disconnected from 38.65.156.234 port 39927 [preauth]
Jan 19 06:00:34 host sshd[29483]: Connection closed by 101.32.76.9 port 58532 [preauth]
Jan 19 06:00:42 host sshd[29620]: Invalid user trojanuser from 144.34.173.67 port 55434
Jan 19 06:00:42 host sshd[29620]: input_userauth_request: invalid user trojanuser [preauth]
Jan 19 06:00:42 host sshd[29620]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:00:42 host sshd[29620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.34.173.67
Jan 19 06:00:44 host sshd[29620]: Failed password for invalid user trojanuser from 144.34.173.67 port 55434 ssh2
Jan 19 06:00:44 host sshd[29620]: Received disconnect from 144.34.173.67 port 55434:11: Bye Bye [preauth]
Jan 19 06:00:44 host sshd[29620]: Disconnected from 144.34.173.67 port 55434 [preauth]
Jan 19 06:01:58 host sshd[29857]: User root from 144.34.173.67 not allowed because not listed in AllowUsers
Jan 19 06:01:58 host sshd[29857]: input_userauth_request: invalid user root [preauth]
Jan 19 06:01:58 host unix_chkpwd[29864]: password check failed for user (root)
Jan 19 06:01:58 host sshd[29857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.34.173.67 user=root
Jan 19 06:01:58 host sshd[29857]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 06:02:00 host sshd[29857]: Failed password for invalid user root from 144.34.173.67 port 53922 ssh2
Jan 19 06:02:01 host sshd[29857]: Received disconnect from 144.34.173.67 port 53922:11: Bye Bye [preauth]
Jan 19 06:02:01 host sshd[29857]: Disconnected from 144.34.173.67 port 53922 [preauth]
Jan 19 06:03:33 host sshd[30302]: Did not receive identification string from 46.101.97.107 port 61000
Jan 19 06:04:32 host sshd[30496]: Invalid user gg from 194.110.203.109 port 57244
Jan 19 06:04:32 host sshd[30496]: input_userauth_request: invalid user gg [preauth]
Jan 19 06:04:32 host sshd[30496]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:04:32 host sshd[30496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 06:04:34 host sshd[30496]: Failed password for invalid user gg from 194.110.203.109 port 57244 ssh2
Jan 19 06:04:38 host sshd[30496]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:04:40 host sshd[30496]: Failed password for invalid user gg from 194.110.203.109 port 57244 ssh2
Jan 19 06:04:43 host sshd[30496]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:04:46 host sshd[30496]: Failed password for invalid user gg from 194.110.203.109 port 57244 ssh2
Jan 19 06:04:49 host sshd[30496]: Connection closed by 194.110.203.109 port 57244 [preauth]
Jan 19 06:04:49 host sshd[30496]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 06:05:59 host sshd[30879]: Invalid user frappe from 101.32.76.9 port 56940
Jan 19 06:05:59 host sshd[30879]: input_userauth_request: invalid user frappe [preauth]
Jan 19 06:05:59 host sshd[30879]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:05:59 host sshd[30879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.32.76.9
Jan 19 06:06:02 host sshd[30879]: Failed password for invalid user frappe from 101.32.76.9 port 56940 ssh2
Jan 19 06:06:02 host sshd[30879]: Received disconnect from 101.32.76.9 port 56940:11: Bye Bye [preauth]
Jan 19 06:06:02 host sshd[30879]: Disconnected from 101.32.76.9 port 56940 [preauth]
Jan 19 06:09:13 host sshd[31506]: Connection closed by 101.32.76.9 port 56148 [preauth]
Jan 19 06:11:15 host sshd[31878]: Invalid user ONTUSER from 125.228.27.75 port 44446
Jan 19 06:11:15 host sshd[31878]: input_userauth_request: invalid user ONTUSER [preauth]
Jan 19 06:11:15 host sshd[31878]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:11:15 host sshd[31878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.27.75
Jan 19 06:11:18 host sshd[31878]: Failed password for invalid user ONTUSER from 125.228.27.75 port 44446 ssh2
Jan 19 06:11:18 host sshd[31878]: Connection reset by 125.228.27.75 port 44446 [preauth]
Jan 19 06:12:05 host sshd[31985]: User root from 101.32.76.9 not allowed because not listed in AllowUsers
Jan 19 06:12:05 host sshd[31985]: input_userauth_request: invalid user root [preauth]
Jan 19 06:12:05 host unix_chkpwd[32003]: password check failed for user (root)
Jan 19 06:12:05 host sshd[31985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.32.76.9 user=root
Jan 19 06:12:05 host sshd[31985]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 06:12:07 host sshd[31985]: Failed password for invalid user root from 101.32.76.9 port 55356 ssh2
Jan 19 06:12:07 host sshd[31985]: Received disconnect from 101.32.76.9 port 55356:11: Bye Bye [preauth]
Jan 19 06:12:07 host sshd[31985]: Disconnected from 101.32.76.9 port 55356 [preauth]
Jan 19 06:15:40 host sshd[32745]: Connection closed by 174.138.61.44 port 38906 [preauth]
Jan 19 06:20:37 host sshd[1365]: Invalid user test from 195.226.194.242 port 61732
Jan 19 06:20:37 host sshd[1365]: input_userauth_request: invalid user test [preauth]
Jan 19 06:20:37 host sshd[1365]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:20:37 host sshd[1365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 19 06:20:39 host sshd[1365]: Failed password for invalid user test from 195.226.194.242 port 61732 ssh2
Jan 19 06:20:39 host sshd[1365]: Received disconnect from 195.226.194.242 port 61732:11: Bye Bye [preauth]
Jan 19 06:20:39 host sshd[1365]: Disconnected from 195.226.194.242 port 61732 [preauth]
Jan 19 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:21 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 06:21:21 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:21 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:21 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 06:21:21 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=pmcresources user-2=shalinijames user-3=wwwtestugo user-4=vfmassets user-5=wwwkapin user-6=woodpeck user-7=disposeat user-8=wwwkmaorg user-9=remysagr user-10=mrsclean user-11=wwwnexidigital user-12=phmetals user-13=kottayamcalldriv user-14=palco123 user-15=gifterman user-16=wwwletsstalkfood user-17=straightcurve user-18=wwwevmhonda user-19=bonifacegroup user-20=laundryboniface user-21=a2zgroup user-22=dartsimp user-23=cochintaxi user-24=wwwkaretakers user-25=ugotscom user-26=keralaholi user-27=wwwresourcehunte user-28=wwwrmswll user-29=travelboniface user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 06:21:22 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-UsCBlHgJMnp3VjCf.~
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-UsCBlHgJMnp3VjCf.~'
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-UsCBlHgJMnp3VjCf.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 06:21:22 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 06:21:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 06:21:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 06:21:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 06:21:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 06:21:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:21:24 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 06:21:24 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 06:21:24 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 06:25:10 host sshd[2357]: Did not receive identification string from 192.155.90.220 port 57764
Jan 19 06:25:11 host sshd[2367]: Did not receive identification string from 192.155.90.220 port 57776
Jan 19 06:25:12 host sshd[2369]: Did not receive identification string from 192.155.90.220 port 15042
Jan 19 06:28:29 host sshd[2892]: Invalid user uno85 from 113.160.244.144 port 52932
Jan 19 06:28:29 host sshd[2892]: input_userauth_request: invalid user uno85 [preauth]
Jan 19 06:28:29 host sshd[2892]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:28:29 host sshd[2892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.160.244.144
Jan 19 06:28:31 host sshd[2892]: Failed password for invalid user uno85 from 113.160.244.144 port 52932 ssh2
Jan 19 06:28:31 host sshd[2892]: Received disconnect from 113.160.244.144 port 52932:11: Bye Bye [preauth]
Jan 19 06:28:31 host sshd[2892]: Disconnected from 113.160.244.144 port 52932 [preauth]
Jan 19 06:28:33 host sshd[2901]: Invalid user nexus from 5.255.106.239 port 25594
Jan 19 06:28:33 host sshd[2901]: input_userauth_request: invalid user nexus [preauth]
Jan 19 06:28:33 host sshd[2901]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:28:33 host sshd[2901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.255.106.239
Jan 19 06:28:35 host sshd[2901]: Failed password for invalid user nexus from 5.255.106.239 port 25594 ssh2
Jan 19 06:28:35 host sshd[2901]: Received disconnect from 5.255.106.239 port 25594:11: Bye Bye [preauth]
Jan 19 06:28:35 host sshd[2901]: Disconnected from 5.255.106.239 port 25594 [preauth]
Jan 19 06:28:57 host sshd[2947]: Invalid user jboss from 184.69.160.230 port 39426
Jan 19 06:28:57 host sshd[2947]: input_userauth_request: invalid user jboss [preauth]
Jan 19 06:28:57 host sshd[2947]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:28:57 host sshd[2947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=184.69.160.230
Jan 19 06:28:59 host sshd[2947]: Failed password for invalid user jboss from 184.69.160.230 port 39426 ssh2
Jan 19 06:28:59 host sshd[2947]: Received disconnect from 184.69.160.230 port 39426:11: Bye Bye [preauth]
Jan 19 06:28:59 host sshd[2947]: Disconnected from 184.69.160.230 port 39426 [preauth]
Jan 19 06:30:18 host sshd[3243]: User root from 51.79.65.236 not allowed because not listed in AllowUsers
Jan 19 06:30:18 host sshd[3243]: input_userauth_request: invalid user root [preauth]
Jan 19 06:30:18 host unix_chkpwd[3246]: password check failed for user (root)
Jan 19 06:30:18 host sshd[3243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.65.236 user=root
Jan 19 06:30:18 host sshd[3243]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 06:30:19 host sshd[3243]: Failed password for invalid user root from 51.79.65.236 port 45010 ssh2
Jan 19 06:30:20 host sshd[3243]: Received disconnect from 51.79.65.236 port 45010:11: Bye Bye [preauth]
Jan 19 06:30:20 host sshd[3243]: Disconnected from 51.79.65.236 port 45010 [preauth]
Jan 19 06:33:10 host sshd[3601]: Invalid user oracle from 103.172.205.114 port 46782
Jan 19 06:33:10 host sshd[3601]: input_userauth_request: invalid user oracle [preauth]
Jan 19 06:33:10 host sshd[3601]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:33:10 host sshd[3601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.205.114
Jan 19 06:33:12 host sshd[3601]: Failed password for invalid user oracle from 103.172.205.114 port 46782 ssh2
Jan 19 06:33:13 host sshd[3601]: Received disconnect from 103.172.205.114 port 46782:11: Bye Bye [preauth]
Jan 19 06:33:13 host sshd[3601]: Disconnected from 103.172.205.114 port 46782 [preauth]
Jan 19 06:33:47 host sshd[3695]: Invalid user erpnext from 5.255.106.239 port 3172
Jan 19 06:33:47 host sshd[3695]: input_userauth_request: invalid user erpnext [preauth]
Jan 19 06:33:47 host sshd[3695]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:33:47 host sshd[3695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.255.106.239
Jan 19 06:33:49 host sshd[3695]: Failed password for invalid user erpnext from 5.255.106.239 port 3172 ssh2
Jan 19 06:33:49 host sshd[3695]: Received disconnect from 5.255.106.239 port 3172:11: Bye Bye [preauth]
Jan 19 06:33:49 host sshd[3695]: Disconnected from 5.255.106.239 port 3172 [preauth]
Jan 19 06:33:49 host sshd[3698]: User root from 184.69.160.230 not allowed because not listed in AllowUsers
Jan 19 06:33:49 host sshd[3698]: input_userauth_request: invalid user root [preauth]
Jan 19 06:33:49 host unix_chkpwd[3707]: password check failed for user (root)
Jan 19 06:33:49 host sshd[3698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=184.69.160.230 user=root
Jan 19 06:33:49 host sshd[3698]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 06:33:51 host sshd[3698]: Failed password for invalid user root from 184.69.160.230 port 35374 ssh2
Jan 19 06:33:51 host sshd[3698]: Received disconnect from 184.69.160.230 port 35374:11: Bye Bye [preauth]
Jan 19 06:33:51 host sshd[3698]: Disconnected from 184.69.160.230 port 35374 [preauth]
Jan 19 06:33:56 host sshd[3747]: Invalid user jack from 128.199.177.90 port 59868
Jan 19 06:33:56 host sshd[3747]: input_userauth_request: invalid user jack [preauth]
Jan 19 06:33:56 host sshd[3747]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:33:56 host sshd[3747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.177.90
Jan 19 06:33:58 host sshd[3747]: Failed password for invalid user jack from 128.199.177.90 port 59868 ssh2
Jan 19 06:33:58 host sshd[3747]: Received disconnect from 128.199.177.90 port 59868:11: Bye Bye [preauth]
Jan 19 06:33:58 host sshd[3747]: Disconnected from 128.199.177.90 port 59868 [preauth]
Jan 19 06:34:16 host sshd[3783]: Invalid user super from 182.213.35.86 port 37139
Jan 19 06:34:16 host sshd[3783]: input_userauth_request: invalid user super [preauth]
Jan 19 06:34:16 host sshd[3783]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:34:16 host sshd[3783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.213.35.86
Jan 19 06:34:18 host sshd[3783]: Failed password for invalid user super from 182.213.35.86 port 37139 ssh2
Jan 19 06:34:19 host sshd[3783]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:34:21 host sshd[3783]: Failed password for invalid user super from 182.213.35.86 port 37139 ssh2
Jan 19 06:34:22 host sshd[3783]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:34:25 host sshd[3783]: Failed password for invalid user super from 182.213.35.86 port 37139 ssh2
Jan 19 06:34:25 host sshd[3783]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:34:27 host sshd[3783]: Failed password for invalid user super from 182.213.35.86 port 37139 ssh2
Jan 19 06:34:28 host sshd[3783]: Failed password for invalid user super from 182.213.35.86 port 37139 ssh2
Jan 19 06:34:28 host sshd[3783]: Connection closed by 182.213.35.86 port 37139 [preauth]
Jan 19 06:34:28 host sshd[3783]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.213.35.86
Jan 19 06:34:28 host sshd[3783]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 19 06:34:52 host sshd[3998]: User root from 5.255.106.239 not allowed because not listed in AllowUsers
Jan 19 06:34:52 host sshd[3998]: input_userauth_request: invalid user root [preauth]
Jan 19 06:34:52 host unix_chkpwd[4000]: password check failed for user (root)
Jan 19 06:34:52 host sshd[3998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.255.106.239 user=root
Jan 19 06:34:52 host sshd[3998]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 06:34:54 host sshd[3998]: Failed password for invalid user root from 5.255.106.239 port 12846 ssh2
Jan 19 06:34:54 host sshd[3998]: Received disconnect from 5.255.106.239 port 12846:11: Bye Bye [preauth]
Jan 19 06:34:54 host sshd[3998]: Disconnected from 5.255.106.239 port 12846 [preauth]
Jan 19 06:35:16 host sshd[4094]: User root from 165.22.101.75 not allowed because not listed in AllowUsers
Jan 19 06:35:16 host sshd[4094]: input_userauth_request: invalid user root [preauth]
Jan 19 06:35:16 host unix_chkpwd[4096]: password check failed for user (root)
Jan 19 06:35:16 host sshd[4094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.101.75 user=root
Jan 19 06:35:16 host sshd[4094]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 06:35:18 host sshd[4094]: Failed password for invalid user root from 165.22.101.75 port 38618 ssh2
Jan 19 06:35:18 host sshd[4094]: Received disconnect from 165.22.101.75 port 38618:11: Bye Bye [preauth]
Jan 19 06:35:18 host sshd[4094]: Disconnected from 165.22.101.75 port 38618 [preauth]
Jan 19 06:35:22 host sshd[4115]: Invalid user informix from 103.172.205.114 port 34252
Jan 19 06:35:22 host sshd[4115]: input_userauth_request: invalid user informix [preauth]
Jan 19 06:35:22 host sshd[4115]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:35:22 host sshd[4115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.205.114
Jan 19 06:35:24 host sshd[4115]: Failed password for invalid user informix from 103.172.205.114 port 34252 ssh2
Jan 19 06:35:24 host sshd[4115]: Received disconnect from 103.172.205.114 port 34252:11: Bye Bye [preauth]
Jan 19 06:35:24 host sshd[4115]: Disconnected from 103.172.205.114 port 34252 [preauth]
Jan 19 06:35:40 host sshd[4159]: Invalid user nexus from 51.79.65.236 port 42478
Jan 19 06:35:40 host sshd[4159]: input_userauth_request: invalid user nexus [preauth]
Jan 19 06:35:40 host sshd[4159]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:35:40 host sshd[4159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.65.236
Jan 19 06:35:42 host sshd[4159]: Failed password for invalid user nexus from 51.79.65.236 port 42478 ssh2
Jan 19 06:35:43 host sshd[4159]: Received disconnect from 51.79.65.236 port 42478:11: Bye Bye [preauth]
Jan 19 06:35:43 host sshd[4159]: Disconnected from 51.79.65.236 port 42478 [preauth]
Jan 19 06:35:47 host sshd[4202]: Invalid user oracle from 113.160.244.144 port 51646
Jan 19 06:35:47 host sshd[4202]: input_userauth_request: invalid user oracle [preauth]
Jan 19 06:35:47 host sshd[4202]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:35:47 host sshd[4202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.160.244.144
Jan 19 06:35:49 host sshd[4202]: Failed password for invalid user oracle from 113.160.244.144 port 51646 ssh2
Jan 19 06:35:49 host sshd[4202]: Received disconnect from 113.160.244.144 port 51646:11: Bye Bye [preauth]
Jan 19 06:35:49 host sshd[4202]: Disconnected from 113.160.244.144 port 51646 [preauth]
Jan 19 06:36:08 host sshd[4240]: Invalid user dmdba from 128.199.177.90 port 35268
Jan 19 06:36:08 host sshd[4240]: input_userauth_request: invalid user dmdba [preauth]
Jan 19 06:36:08 host sshd[4240]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:36:08 host sshd[4240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.177.90
Jan 19 06:36:10 host sshd[4240]: Failed password for invalid user dmdba from 128.199.177.90 port 35268 ssh2
Jan 19 06:36:10 host sshd[4240]: Received disconnect from 128.199.177.90 port 35268:11: Bye Bye [preauth]
Jan 19 06:36:10 host sshd[4240]: Disconnected from 128.199.177.90 port 35268 [preauth]
Jan 19 06:36:50 host sshd[4324]: Invalid user jack from 103.172.205.114 port 51510
Jan 19 06:36:50 host sshd[4324]: input_userauth_request: invalid user jack [preauth]
Jan 19 06:36:50 host sshd[4324]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:36:50 host sshd[4324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.172.205.114
Jan 19 06:36:52 host sshd[4324]: Failed password for invalid user jack from 103.172.205.114 port 51510 ssh2
Jan 19 06:36:52 host sshd[4324]: Received disconnect from 103.172.205.114 port 51510:11: Bye Bye [preauth]
Jan 19 06:36:52 host sshd[4324]: Disconnected from 103.172.205.114 port 51510 [preauth]
Jan 19 06:37:23 host sshd[4441]: User root from 113.160.244.144 not allowed because not listed in AllowUsers
Jan 19 06:37:23 host sshd[4441]: input_userauth_request: invalid user root [preauth]
Jan 19 06:37:23 host unix_chkpwd[4445]: password check failed for user (root)
Jan 19 06:37:23 host sshd[4441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.160.244.144 user=root
Jan 19 06:37:23 host sshd[4441]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 06:37:26 host sshd[4441]: Failed password for invalid user root from 113.160.244.144 port 45553 ssh2
Jan 19 06:37:38 host sshd[4521]: Invalid user ravi from 128.199.177.90 port 49732
Jan 19 06:37:38 host sshd[4521]: input_userauth_request: invalid user ravi [preauth]
Jan 19 06:37:38 host sshd[4521]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:37:38 host sshd[4521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.177.90
Jan 19 06:37:40 host sshd[4521]: Failed password for invalid user ravi from 128.199.177.90 port 49732 ssh2
Jan 19 06:37:50 host sshd[4613]: Invalid user dmdba from 165.22.101.75 port 59488
Jan 19 06:37:50 host sshd[4613]: input_userauth_request: invalid user dmdba [preauth]
Jan 19 06:37:50 host sshd[4613]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:37:50 host sshd[4613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.101.75
Jan 19 06:37:52 host sshd[4613]: Failed password for invalid user dmdba from 165.22.101.75 port 59488 ssh2
Jan 19 06:37:52 host sshd[4613]: Received disconnect from 165.22.101.75 port 59488:11: Bye Bye [preauth]
Jan 19 06:37:52 host sshd[4613]: Disconnected from 165.22.101.75 port 59488 [preauth]
Jan 19 06:52:34 host sshd[7543]: Invalid user 02 from 195.226.194.242 port 51852
Jan 19 06:52:34 host sshd[7543]: input_userauth_request: invalid user 02 [preauth]
Jan 19 06:52:34 host sshd[7543]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:52:34 host sshd[7543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 19 06:52:36 host sshd[7543]: Failed password for invalid user 02 from 195.226.194.242 port 51852 ssh2
Jan 19 06:52:36 host sshd[7543]: Received disconnect from 195.226.194.242 port 51852:11: Bye Bye [preauth]
Jan 19 06:52:36 host sshd[7543]: Disconnected from 195.226.194.242 port 51852 [preauth]
Jan 19 06:52:56 host sshd[7584]: Invalid user pi from 94.14.128.125 port 43480
Jan 19 06:52:56 host sshd[7584]: input_userauth_request: invalid user pi [preauth]
Jan 19 06:52:56 host sshd[7583]: Invalid user pi from 94.14.128.125 port 43476
Jan 19 06:52:56 host sshd[7583]: input_userauth_request: invalid user pi [preauth]
Jan 19 06:52:56 host sshd[7584]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:52:56 host sshd[7584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.14.128.125
Jan 19 06:52:56 host sshd[7583]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 06:52:56 host sshd[7583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.14.128.125
Jan 19 06:52:58 host sshd[7584]: Failed password for invalid user pi from 94.14.128.125 port 43480 ssh2
Jan 19 06:52:58 host sshd[7583]: Failed password for invalid user pi from 94.14.128.125 port 43476 ssh2
Jan 19 06:52:59 host sshd[7584]: Connection closed by 94.14.128.125 port 43480 [preauth]
Jan 19 06:52:59 host sshd[7583]: Connection closed by 94.14.128.125 port 43476 [preauth]
Jan 19 07:09:54 host sshd[10532]: Invalid user vadmin from 119.203.5.77 port 62621
Jan 19 07:09:54 host sshd[10532]: input_userauth_request: invalid user vadmin [preauth]
Jan 19 07:09:54 host sshd[10532]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:09:54 host sshd[10532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.203.5.77
Jan 19 07:09:55 host sshd[10532]: Failed password for invalid user vadmin from 119.203.5.77 port 62621 ssh2
Jan 19 07:09:56 host sshd[10532]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:09:57 host sshd[10532]: Failed password for invalid user vadmin from 119.203.5.77 port 62621 ssh2
Jan 19 07:09:58 host sshd[10532]: Failed password for invalid user vadmin from 119.203.5.77 port 62621 ssh2
Jan 19 07:09:58 host sshd[10532]: Connection closed by 119.203.5.77 port 62621 [preauth]
Jan 19 07:09:58 host sshd[10532]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.203.5.77
Jan 19 07:12:29 host sshd[10954]: Connection reset by 59.126.149.76 port 35717 [preauth]
Jan 19 07:13:19 host sshd[11085]: Invalid user lexar from 205.185.113.129 port 56956
Jan 19 07:13:19 host sshd[11085]: input_userauth_request: invalid user lexar [preauth]
Jan 19 07:13:19 host sshd[11085]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:13:19 host sshd[11085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 19 07:13:21 host sshd[11085]: Failed password for invalid user lexar from 205.185.113.129 port 56956 ssh2
Jan 19 07:13:22 host sshd[11085]: Connection closed by 205.185.113.129 port 56956 [preauth]
Jan 19 07:13:30 host sshd[11132]: Invalid user kali from 165.227.202.89 port 38660
Jan 19 07:13:30 host sshd[11132]: input_userauth_request: invalid user kali [preauth]
Jan 19 07:13:30 host sshd[11132]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:13:30 host sshd[11132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.202.89
Jan 19 07:13:32 host sshd[11132]: Failed password for invalid user kali from 165.227.202.89 port 38660 ssh2
Jan 19 07:13:32 host sshd[11132]: Received disconnect from 165.227.202.89 port 38660:11: Bye Bye [preauth]
Jan 19 07:13:32 host sshd[11132]: Disconnected from 165.227.202.89 port 38660 [preauth]
Jan 19 07:13:57 host sshd[11194]: Invalid user alex from 118.212.146.42 port 36264
Jan 19 07:13:57 host sshd[11194]: input_userauth_request: invalid user alex [preauth]
Jan 19 07:13:57 host sshd[11194]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:13:57 host sshd[11194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.212.146.42
Jan 19 07:14:00 host sshd[11194]: Failed password for invalid user alex from 118.212.146.42 port 36264 ssh2
Jan 19 07:14:00 host sshd[11194]: Received disconnect from 118.212.146.42 port 36264:11: Bye Bye [preauth]
Jan 19 07:14:00 host sshd[11194]: Disconnected from 118.212.146.42 port 36264 [preauth]
Jan 19 07:14:36 host sshd[11280]: Did not receive identification string from 43.246.208.2 port 43368
Jan 19 07:15:48 host sshd[11428]: Invalid user es from 110.35.173.2 port 22750
Jan 19 07:15:48 host sshd[11428]: input_userauth_request: invalid user es [preauth]
Jan 19 07:15:48 host sshd[11428]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:15:48 host sshd[11428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.35.173.2
Jan 19 07:15:50 host sshd[11428]: Failed password for invalid user es from 110.35.173.2 port 22750 ssh2
Jan 19 07:15:50 host sshd[11428]: Received disconnect from 110.35.173.2 port 22750:11: Bye Bye [preauth]
Jan 19 07:15:50 host sshd[11428]: Disconnected from 110.35.173.2 port 22750 [preauth]
Jan 19 07:16:36 host sshd[11526]: Invalid user ntc from 207.154.229.107 port 56308
Jan 19 07:16:36 host sshd[11526]: input_userauth_request: invalid user ntc [preauth]
Jan 19 07:16:36 host sshd[11526]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:16:36 host sshd[11526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.229.107
Jan 19 07:16:38 host sshd[11526]: Failed password for invalid user ntc from 207.154.229.107 port 56308 ssh2
Jan 19 07:16:38 host sshd[11526]: Received disconnect from 207.154.229.107 port 56308:11: Bye Bye [preauth]
Jan 19 07:16:38 host sshd[11526]: Disconnected from 207.154.229.107 port 56308 [preauth]
Jan 19 07:16:44 host sshd[11539]: Invalid user builder from 41.223.99.89 port 37852
Jan 19 07:16:44 host sshd[11539]: input_userauth_request: invalid user builder [preauth]
Jan 19 07:16:44 host sshd[11539]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:16:44 host sshd[11539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.99.89
Jan 19 07:16:46 host sshd[11539]: Failed password for invalid user builder from 41.223.99.89 port 37852 ssh2
Jan 19 07:16:46 host sshd[11539]: Received disconnect from 41.223.99.89 port 37852:11: Bye Bye [preauth]
Jan 19 07:16:46 host sshd[11539]: Disconnected from 41.223.99.89 port 37852 [preauth]
Jan 19 07:17:02 host sshd[11595]: Invalid user minikube from 123.30.187.208 port 42278
Jan 19 07:17:02 host sshd[11595]: input_userauth_request: invalid user minikube [preauth]
Jan 19 07:17:02 host sshd[11595]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:17:02 host sshd[11595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.187.208
Jan 19 07:17:04 host sshd[11595]: Failed password for invalid user minikube from 123.30.187.208 port 42278 ssh2
Jan 19 07:17:04 host sshd[11595]: Received disconnect from 123.30.187.208 port 42278:11: Bye Bye [preauth]
Jan 19 07:17:04 host sshd[11595]: Disconnected from 123.30.187.208 port 42278 [preauth]
Jan 19 07:17:09 host sshd[11725]: Invalid user builder from 40.84.217.8 port 33056
Jan 19 07:17:09 host sshd[11725]: input_userauth_request: invalid user builder [preauth]
Jan 19 07:17:09 host sshd[11725]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:17:09 host sshd[11725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.84.217.8
Jan 19 07:17:11 host sshd[11725]: Failed password for invalid user builder from 40.84.217.8 port 33056 ssh2
Jan 19 07:17:11 host sshd[11725]: Received disconnect from 40.84.217.8 port 33056:11: Bye Bye [preauth]
Jan 19 07:17:11 host sshd[11725]: Disconnected from 40.84.217.8 port 33056 [preauth]
Jan 19 07:17:23 host sshd[11756]: Invalid user halo from 203.23.199.88 port 19685
Jan 19 07:17:23 host sshd[11756]: input_userauth_request: invalid user halo [preauth]
Jan 19 07:17:23 host sshd[11756]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:17:23 host sshd[11756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.23.199.88
Jan 19 07:17:25 host sshd[11756]: Failed password for invalid user halo from 203.23.199.88 port 19685 ssh2
Jan 19 07:17:26 host sshd[11756]: Received disconnect from 203.23.199.88 port 19685:11: Bye Bye [preauth]
Jan 19 07:17:26 host sshd[11756]: Disconnected from 203.23.199.88 port 19685 [preauth]
Jan 19 07:17:37 host sshd[11794]: User root from 58.27.134.52 not allowed because not listed in AllowUsers
Jan 19 07:17:37 host sshd[11794]: input_userauth_request: invalid user root [preauth]
Jan 19 07:17:37 host unix_chkpwd[11797]: password check failed for user (root)
Jan 19 07:17:37 host sshd[11794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.27.134.52 user=root
Jan 19 07:17:37 host sshd[11794]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 07:17:39 host sshd[11794]: Failed password for invalid user root from 58.27.134.52 port 52192 ssh2
Jan 19 07:17:39 host sshd[11794]: Received disconnect from 58.27.134.52 port 52192:11: Bye Bye [preauth]
Jan 19 07:17:39 host sshd[11794]: Disconnected from 58.27.134.52 port 52192 [preauth]
Jan 19 07:18:56 host sshd[11921]: Invalid user manager from 165.227.202.89 port 33216
Jan 19 07:18:56 host sshd[11921]: input_userauth_request: invalid user manager [preauth]
Jan 19 07:18:56 host sshd[11921]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:18:56 host sshd[11921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.202.89
Jan 19 07:18:58 host sshd[11921]: Failed password for invalid user manager from 165.227.202.89 port 33216 ssh2
Jan 19 07:18:58 host sshd[11921]: Received disconnect from 165.227.202.89 port 33216:11: Bye Bye [preauth]
Jan 19 07:18:58 host sshd[11921]: Disconnected from 165.227.202.89 port 33216 [preauth]
Jan 19 07:20:00 host sshd[12043]: Invalid user kira from 165.227.202.89 port 53096
Jan 19 07:20:00 host sshd[12043]: input_userauth_request: invalid user kira [preauth]
Jan 19 07:20:00 host sshd[12043]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:20:00 host sshd[12043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.202.89
Jan 19 07:20:02 host sshd[12043]: Failed password for invalid user kira from 165.227.202.89 port 53096 ssh2
Jan 19 07:20:17 host sshd[12123]: Invalid user ali from 207.154.229.107 port 39246
Jan 19 07:20:17 host sshd[12123]: input_userauth_request: invalid user ali [preauth]
Jan 19 07:20:17 host sshd[12123]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:20:17 host sshd[12123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.229.107
Jan 19 07:20:19 host sshd[12123]: Failed password for invalid user ali from 207.154.229.107 port 39246 ssh2
Jan 19 07:20:19 host sshd[12123]: Received disconnect from 207.154.229.107 port 39246:11: Bye Bye [preauth]
Jan 19 07:20:19 host sshd[12123]: Disconnected from 207.154.229.107 port 39246 [preauth]
Jan 19 07:20:32 host sshd[12182]: User root from 41.223.99.89 not allowed because not listed in AllowUsers
Jan 19 07:20:32 host sshd[12182]: input_userauth_request: invalid user root [preauth]
Jan 19 07:20:32 host unix_chkpwd[12184]: password check failed for user (root)
Jan 19 07:20:32 host sshd[12182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.99.89 user=root
Jan 19 07:20:32 host sshd[12182]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 07:20:34 host sshd[12182]: Failed password for invalid user root from 41.223.99.89 port 49036 ssh2
Jan 19 07:20:34 host sshd[12182]: Received disconnect from 41.223.99.89 port 49036:11: Bye Bye [preauth]
Jan 19 07:20:34 host sshd[12182]: Disconnected from 41.223.99.89 port 49036 [preauth]
Jan 19 07:20:35 host sshd[12191]: Invalid user student from 203.23.199.88 port 39255
Jan 19 07:20:35 host sshd[12191]: input_userauth_request: invalid user student [preauth]
Jan 19 07:20:35 host sshd[12191]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:20:35 host sshd[12191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.23.199.88
Jan 19 07:20:38 host sshd[12191]: Failed password for invalid user student from 203.23.199.88 port 39255 ssh2
Jan 19 07:20:38 host sshd[12191]: Received disconnect from 203.23.199.88 port 39255:11: Bye Bye [preauth]
Jan 19 07:20:38 host sshd[12191]: Disconnected from 203.23.199.88 port 39255 [preauth]
Jan 19 07:20:44 host sshd[12235]: User root from 123.30.187.208 not allowed because not listed in AllowUsers
Jan 19 07:20:44 host sshd[12235]: input_userauth_request: invalid user root [preauth]
Jan 19 07:20:44 host unix_chkpwd[12237]: password check failed for user (root)
Jan 19 07:20:44 host sshd[12235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.187.208 user=root
Jan 19 07:20:44 host sshd[12235]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 07:20:46 host sshd[12235]: Failed password for invalid user root from 123.30.187.208 port 55654 ssh2
Jan 19 07:20:46 host sshd[12235]: Received disconnect from 123.30.187.208 port 55654:11: Bye Bye [preauth]
Jan 19 07:20:46 host sshd[12235]: Disconnected from 123.30.187.208 port 55654 [preauth]
Jan 19 07:20:47 host sshd[12240]: Invalid user prueba from 110.35.173.2 port 12456
Jan 19 07:20:47 host sshd[12240]: input_userauth_request: invalid user prueba [preauth]
Jan 19 07:20:47 host sshd[12240]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:20:47 host sshd[12240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.35.173.2
Jan 19 07:20:49 host sshd[12240]: Failed password for invalid user prueba from 110.35.173.2 port 12456 ssh2
Jan 19 07:20:50 host sshd[12240]: Received disconnect from 110.35.173.2 port 12456:11: Bye Bye [preauth]
Jan 19 07:20:50 host sshd[12240]: Disconnected from 110.35.173.2 port 12456 [preauth]
Jan 19 07:20:58 host sshd[12284]: Invalid user zookeeper from 58.27.134.52 port 59698
Jan 19 07:20:58 host sshd[12284]: input_userauth_request: invalid user zookeeper [preauth]
Jan 19 07:20:58 host sshd[12284]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:20:58 host sshd[12284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.27.134.52
Jan 19 07:21:00 host sshd[12284]: Failed password for invalid user zookeeper from 58.27.134.52 port 59698 ssh2
Jan 19 07:21:00 host sshd[12284]: Received disconnect from 58.27.134.52 port 59698:11: Bye Bye [preauth]
Jan 19 07:21:00 host sshd[12284]: Disconnected from 58.27.134.52 port 59698 [preauth]
Jan 19 07:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=disposeat user-2=wwwkmaorg user-3=remysagr user-4=wwwkapin user-5=woodpeck user-6=shalinijames user-7=wwwtestugo user-8=vfmassets user-9=pmcresources user-10=wwwevmhonda user-11=bonifacegroup user-12=straightcurve user-13=wwwletsstalkfood user-14=kottayamcalldriv user-15=phmetals user-16=palco123 user-17=gifterman user-18=mrsclean user-19=wwwnexidigital user-20=cochintaxi user-21=wwwkaretakers user-22=a2zgroup user-23=dartsimp user-24=laundryboniface user-25=wwwpmcresource user-26=travelboniface user-27=ugotscom user-28=wwwresourcehunte user-29=keralaholi user-30=wwwrmswll feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 07:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-FBw8H6ZtWl3lmU2C.~
Jan 19 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-FBw8H6ZtWl3lmU2C.~'
Jan 19 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-FBw8H6ZtWl3lmU2C.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 07:21:09 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 07:21:09 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 07:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 07:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 07:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 07:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 07:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 07:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 07:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 07:21:17 host sshd[12477]: Invalid user john from 207.154.229.107 port 33272
Jan 19 07:21:17 host sshd[12477]: input_userauth_request: invalid user john [preauth]
Jan 19 07:21:17 host sshd[12477]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:21:17 host sshd[12477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.229.107
Jan 19 07:21:19 host sshd[12477]: Failed password for invalid user john from 207.154.229.107 port 33272 ssh2
Jan 19 07:21:20 host sshd[12477]: Received disconnect from 207.154.229.107 port 33272:11: Bye Bye [preauth]
Jan 19 07:21:20 host sshd[12477]: Disconnected from 207.154.229.107 port 33272 [preauth]
Jan 19 07:21:23 host sshd[12562]: Invalid user maint from 40.84.217.8 port 46554
Jan 19 07:21:23 host sshd[12562]: input_userauth_request: invalid user maint [preauth]
Jan 19 07:21:23 host sshd[12562]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:21:23 host sshd[12562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.84.217.8
Jan 19 07:21:25 host sshd[12562]: Failed password for invalid user maint from 40.84.217.8 port 46554 ssh2
Jan 19 07:21:25 host sshd[12562]: Received disconnect from 40.84.217.8 port 46554:11: Bye Bye [preauth]
Jan 19 07:21:25 host sshd[12562]: Disconnected from 40.84.217.8 port 46554 [preauth]
Jan 19 07:22:03 host sshd[12661]: User root from 203.23.199.88 not allowed because not listed in AllowUsers
Jan 19 07:22:03 host sshd[12661]: input_userauth_request: invalid user root [preauth]
Jan 19 07:22:03 host unix_chkpwd[12663]: password check failed for user (root)
Jan 19 07:22:03 host sshd[12661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.23.199.88 user=root
Jan 19 07:22:03 host sshd[12661]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 07:22:05 host sshd[12661]: Failed password for invalid user root from 203.23.199.88 port 53098 ssh2
Jan 19 07:22:05 host sshd[12661]: Received disconnect from 203.23.199.88 port 53098:11: Bye Bye [preauth]
Jan 19 07:22:05 host sshd[12661]: Disconnected from 203.23.199.88 port 53098 [preauth]
Jan 19 07:22:08 host sshd[12727]: Invalid user alex from 110.35.173.2 port 27394
Jan 19 07:22:08 host sshd[12727]: input_userauth_request: invalid user alex [preauth]
Jan 19 07:22:08 host sshd[12727]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:22:08 host sshd[12727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.35.173.2
Jan 19 07:22:10 host sshd[12727]: Failed password for invalid user alex from 110.35.173.2 port 27394 ssh2
Jan 19 07:22:10 host sshd[12727]: Received disconnect from 110.35.173.2 port 27394:11: Bye Bye [preauth]
Jan 19 07:22:10 host sshd[12727]: Disconnected from 110.35.173.2 port 27394 [preauth]
Jan 19 07:22:34 host sshd[12894]: Invalid user ntc from 40.84.217.8 port 43810
Jan 19 07:22:34 host sshd[12894]: input_userauth_request: invalid user ntc [preauth]
Jan 19 07:22:34 host sshd[12894]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:22:34 host sshd[12894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.84.217.8
Jan 19 07:22:35 host sshd[12894]: Failed password for invalid user ntc from 40.84.217.8 port 43810 ssh2
Jan 19 07:22:36 host sshd[12894]: Received disconnect from 40.84.217.8 port 43810:11: Bye Bye [preauth]
Jan 19 07:22:36 host sshd[12894]: Disconnected from 40.84.217.8 port 43810 [preauth]
Jan 19 07:26:37 host sshd[13280]: Connection closed by 118.212.146.42 port 49430 [preauth]
Jan 19 07:27:15 host sshd[13657]: Invalid user mcserver from 118.212.146.42 port 43842
Jan 19 07:27:15 host sshd[13657]: input_userauth_request: invalid user mcserver [preauth]
Jan 19 07:27:15 host sshd[13657]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:27:15 host sshd[13657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.212.146.42
Jan 19 07:27:16 host sshd[13657]: Failed password for invalid user mcserver from 118.212.146.42 port 43842 ssh2
Jan 19 07:27:17 host sshd[13657]: Received disconnect from 118.212.146.42 port 43842:11: Bye Bye [preauth]
Jan 19 07:27:17 host sshd[13657]: Disconnected from 118.212.146.42 port 43842 [preauth]
Jan 19 07:28:04 host sshd[13767]: Invalid user nexus from 118.212.146.42 port 55166
Jan 19 07:28:04 host sshd[13767]: input_userauth_request: invalid user nexus [preauth]
Jan 19 07:28:04 host sshd[13767]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:28:04 host sshd[13767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.212.146.42
Jan 19 07:28:06 host sshd[13767]: Failed password for invalid user nexus from 118.212.146.42 port 55166 ssh2
Jan 19 07:38:36 host sshd[15467]: User root from 171.228.21.84 not allowed because not listed in AllowUsers
Jan 19 07:38:36 host sshd[15467]: input_userauth_request: invalid user root [preauth]
Jan 19 07:38:36 host unix_chkpwd[15474]: password check failed for user (root)
Jan 19 07:38:36 host sshd[15467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.228.21.84 user=root
Jan 19 07:38:36 host sshd[15467]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 07:38:38 host sshd[15467]: Failed password for invalid user root from 171.228.21.84 port 59625 ssh2
Jan 19 07:38:40 host unix_chkpwd[15480]: password check failed for user (root)
Jan 19 07:38:40 host sshd[15467]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 07:38:42 host sshd[15467]: Failed password for invalid user root from 171.228.21.84 port 59625 ssh2
Jan 19 07:38:42 host sshd[15467]: Connection reset by 171.228.21.84 port 59625 [preauth]
Jan 19 07:38:42 host sshd[15467]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.228.21.84 user=root
Jan 19 07:50:23 host sshd[17953]: Invalid user informix from 104.244.74.6 port 48434
Jan 19 07:50:23 host sshd[17953]: input_userauth_request: invalid user informix [preauth]
Jan 19 07:50:23 host sshd[17953]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:50:23 host sshd[17953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 19 07:50:24 host sshd[17953]: Failed password for invalid user informix from 104.244.74.6 port 48434 ssh2
Jan 19 07:50:25 host sshd[17953]: Connection closed by 104.244.74.6 port 48434 [preauth]
Jan 19 07:50:56 host sshd[18023]: Invalid user informix from 104.244.74.6 port 39938
Jan 19 07:50:56 host sshd[18023]: input_userauth_request: invalid user informix [preauth]
Jan 19 07:50:56 host sshd[18023]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:50:56 host sshd[18023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 19 07:50:58 host sshd[18023]: Failed password for invalid user informix from 104.244.74.6 port 39938 ssh2
Jan 19 07:50:58 host sshd[18023]: Connection closed by 104.244.74.6 port 39938 [preauth]
Jan 19 07:55:46 host sshd[18743]: Invalid user gh from 194.110.203.109 port 54958
Jan 19 07:55:46 host sshd[18743]: input_userauth_request: invalid user gh [preauth]
Jan 19 07:55:46 host sshd[18743]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:55:46 host sshd[18743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 07:55:48 host sshd[18743]: Failed password for invalid user gh from 194.110.203.109 port 54958 ssh2
Jan 19 07:55:51 host sshd[18743]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:55:53 host sshd[18743]: Failed password for invalid user gh from 194.110.203.109 port 54958 ssh2
Jan 19 07:55:56 host sshd[18743]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 07:55:58 host sshd[18743]: Failed password for invalid user gh from 194.110.203.109 port 54958 ssh2
Jan 19 07:56:01 host sshd[18743]: Connection closed by 194.110.203.109 port 54958 [preauth]
Jan 19 07:56:01 host sshd[18743]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 08:05:19 host sshd[20215]: Invalid user user from 114.32.156.230 port 46048
Jan 19 08:05:19 host sshd[20215]: input_userauth_request: invalid user user [preauth]
Jan 19 08:05:19 host sshd[20215]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:05:19 host sshd[20215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.156.230
Jan 19 08:05:20 host sshd[20215]: Failed password for invalid user user from 114.32.156.230 port 46048 ssh2
Jan 19 08:05:21 host sshd[20215]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:05:23 host sshd[20215]: Failed password for invalid user user from 114.32.156.230 port 46048 ssh2
Jan 19 08:05:24 host sshd[20215]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:05:26 host sshd[20215]: Failed password for invalid user user from 114.32.156.230 port 46048 ssh2
Jan 19 08:05:28 host sshd[20215]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:05:30 host sshd[20215]: Failed password for invalid user user from 114.32.156.230 port 46048 ssh2
Jan 19 08:05:32 host sshd[20215]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:05:34 host sshd[20215]: Failed password for invalid user user from 114.32.156.230 port 46048 ssh2
Jan 19 08:05:50 host sshd[20313]: User sshd from 194.169.175.102 not allowed because not listed in AllowUsers
Jan 19 08:05:50 host sshd[20313]: input_userauth_request: invalid user sshd [preauth]
Jan 19 08:05:50 host unix_chkpwd[20318]: password check failed for user (sshd)
Jan 19 08:05:50 host sshd[20313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 user=sshd
Jan 19 08:05:50 host sshd[20313]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd"
Jan 19 08:05:52 host sshd[20313]: Failed password for invalid user sshd from 194.169.175.102 port 59718 ssh2
Jan 19 08:05:52 host sshd[20313]: Received disconnect from 194.169.175.102 port 59718:11: Client disconnecting normally [preauth]
Jan 19 08:05:52 host sshd[20313]: Disconnected from 194.169.175.102 port 59718 [preauth]
Jan 19 08:11:11 host sshd[21114]: User root from 60.53.93.60 not allowed because not listed in AllowUsers
Jan 19 08:11:11 host sshd[21114]: input_userauth_request: invalid user root [preauth]
Jan 19 08:11:11 host unix_chkpwd[21117]: password check failed for user (root)
Jan 19 08:11:11 host sshd[21114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.53.93.60 user=root
Jan 19 08:11:11 host sshd[21114]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:11:13 host sshd[21114]: Failed password for invalid user root from 60.53.93.60 port 50194 ssh2
Jan 19 08:11:14 host unix_chkpwd[21121]: password check failed for user (root)
Jan 19 08:11:14 host sshd[21114]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:11:16 host sshd[21114]: Failed password for invalid user root from 60.53.93.60 port 50194 ssh2
Jan 19 08:11:16 host unix_chkpwd[21128]: password check failed for user (root)
Jan 19 08:11:16 host sshd[21114]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:11:18 host sshd[21114]: Failed password for invalid user root from 60.53.93.60 port 50194 ssh2
Jan 19 08:11:19 host unix_chkpwd[21134]: password check failed for user (root)
Jan 19 08:11:19 host sshd[21114]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:11:21 host sshd[21114]: Failed password for invalid user root from 60.53.93.60 port 50194 ssh2
Jan 19 08:11:21 host unix_chkpwd[21141]: password check failed for user (root)
Jan 19 08:11:21 host sshd[21114]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:11:23 host sshd[21114]: Failed password for invalid user root from 60.53.93.60 port 50194 ssh2
Jan 19 08:16:09 host sshd[21858]: Invalid user informix from 104.244.74.6 port 39094
Jan 19 08:16:09 host sshd[21858]: input_userauth_request: invalid user informix [preauth]
Jan 19 08:16:09 host sshd[21858]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:16:09 host sshd[21858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 19 08:16:12 host sshd[21858]: Failed password for invalid user informix from 104.244.74.6 port 39094 ssh2
Jan 19 08:16:12 host sshd[21858]: Connection closed by 104.244.74.6 port 39094 [preauth]
Jan 19 08:16:17 host sshd[21895]: Invalid user jeff from 107.189.30.59 port 59928
Jan 19 08:16:17 host sshd[21895]: input_userauth_request: invalid user jeff [preauth]
Jan 19 08:16:17 host sshd[21895]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:16:17 host sshd[21895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 19 08:16:19 host sshd[21895]: Failed password for invalid user jeff from 107.189.30.59 port 59928 ssh2
Jan 19 08:16:20 host sshd[21895]: Connection closed by 107.189.30.59 port 59928 [preauth]
Jan 19 08:18:47 host sshd[22198]: Bad protocol version identification 'MGLNDD_167.71.234.10_22' from 104.131.128.17 port 48750
Jan 19 08:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 08:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 08:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 08:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 08:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 08:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 08:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 08:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 08:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 08:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=disposeat user-2=remysagr user-3=wwwkmaorg user-4=woodpeck user-5=wwwkapin user-6=vfmassets user-7=shalinijames user-8=wwwtestugo user-9=pmcresources user-10=bonifacegroup user-11=wwwevmhonda user-12=straightcurve user-13=wwwletsstalkfood user-14=palco123 user-15=gifterman user-16=phmetals user-17=kottayamcalldriv user-18=wwwnexidigital user-19=mrsclean user-20=wwwkaretakers user-21=cochintaxi user-22=a2zgroup user-23=dartsimp user-24=laundryboniface user-25=wwwpmcresource user-26=travelboniface user-27=keralaholi user-28=wwwresourcehunte user-29=wwwrmswll user-30=ugotscom feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 08:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-4I9AymAPNeGfmcmm.~
Jan 19 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-4I9AymAPNeGfmcmm.~'
Jan 19 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-4I9AymAPNeGfmcmm.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 08:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 08:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 08:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 08:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 08:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 08:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 08:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 08:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 08:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 08:26:40 host sshd[23622]: Invalid user daniel from 148.206.53.236 port 39938
Jan 19 08:26:40 host sshd[23622]: input_userauth_request: invalid user daniel [preauth]
Jan 19 08:26:40 host sshd[23622]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:26:40 host sshd[23622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.206.53.236
Jan 19 08:26:42 host sshd[23622]: Failed password for invalid user daniel from 148.206.53.236 port 39938 ssh2
Jan 19 08:26:43 host sshd[23622]: Received disconnect from 148.206.53.236 port 39938:11: Bye Bye [preauth]
Jan 19 08:26:43 host sshd[23622]: Disconnected from 148.206.53.236 port 39938 [preauth]
Jan 19 08:30:40 host sshd[24182]: Invalid user gns3 from 148.206.53.236 port 46203
Jan 19 08:30:40 host sshd[24182]: input_userauth_request: invalid user gns3 [preauth]
Jan 19 08:30:40 host sshd[24182]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:30:40 host sshd[24182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.206.53.236
Jan 19 08:30:42 host sshd[24182]: Failed password for invalid user gns3 from 148.206.53.236 port 46203 ssh2
Jan 19 08:30:42 host sshd[24182]: Received disconnect from 148.206.53.236 port 46203:11: Bye Bye [preauth]
Jan 19 08:30:42 host sshd[24182]: Disconnected from 148.206.53.236 port 46203 [preauth]
Jan 19 08:31:55 host sshd[24451]: Invalid user smart from 148.206.53.236 port 42617
Jan 19 08:31:55 host sshd[24451]: input_userauth_request: invalid user smart [preauth]
Jan 19 08:31:55 host sshd[24451]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:31:55 host sshd[24451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.206.53.236
Jan 19 08:31:58 host sshd[24451]: Failed password for invalid user smart from 148.206.53.236 port 42617 ssh2
Jan 19 08:31:58 host sshd[24451]: Received disconnect from 148.206.53.236 port 42617:11: Bye Bye [preauth]
Jan 19 08:31:58 host sshd[24451]: Disconnected from 148.206.53.236 port 42617 [preauth]
Jan 19 08:34:47 host sshd[24824]: User root from 59.126.51.49 not allowed because not listed in AllowUsers
Jan 19 08:34:47 host sshd[24824]: input_userauth_request: invalid user root [preauth]
Jan 19 08:34:47 host unix_chkpwd[24827]: password check failed for user (root)
Jan 19 08:34:47 host sshd[24824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.51.49 user=root
Jan 19 08:34:47 host sshd[24824]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:34:49 host sshd[24824]: Failed password for invalid user root from 59.126.51.49 port 53280 ssh2
Jan 19 08:34:50 host unix_chkpwd[24833]: password check failed for user (root)
Jan 19 08:34:50 host sshd[24824]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:34:51 host sshd[24824]: Failed password for invalid user root from 59.126.51.49 port 53280 ssh2
Jan 19 08:34:52 host unix_chkpwd[24840]: password check failed for user (root)
Jan 19 08:34:52 host sshd[24824]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:34:54 host sshd[24824]: Failed password for invalid user root from 59.126.51.49 port 53280 ssh2
Jan 19 08:34:55 host unix_chkpwd[24845]: password check failed for user (root)
Jan 19 08:34:55 host sshd[24824]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:34:57 host sshd[24824]: Failed password for invalid user root from 59.126.51.49 port 53280 ssh2
Jan 19 08:34:58 host unix_chkpwd[24855]: password check failed for user (root)
Jan 19 08:34:58 host sshd[24824]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:35:00 host sshd[24824]: Failed password for invalid user root from 59.126.51.49 port 53280 ssh2
Jan 19 08:35:18 host sshd[24954]: Did not receive identification string from 92.255.85.115 port 64007
Jan 19 08:38:13 host sshd[25457]: Invalid user ONTUSER from 222.105.97.76 port 40316
Jan 19 08:38:13 host sshd[25457]: input_userauth_request: invalid user ONTUSER [preauth]
Jan 19 08:38:13 host sshd[25457]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:38:13 host sshd[25457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.105.97.76
Jan 19 08:38:15 host sshd[25457]: Failed password for invalid user ONTUSER from 222.105.97.76 port 40316 ssh2
Jan 19 08:38:15 host sshd[25457]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:38:17 host sshd[25457]: Failed password for invalid user ONTUSER from 222.105.97.76 port 40316 ssh2
Jan 19 08:38:17 host sshd[25457]: Failed password for invalid user ONTUSER from 222.105.97.76 port 40316 ssh2
Jan 19 08:38:17 host sshd[25457]: Connection closed by 222.105.97.76 port 40316 [preauth]
Jan 19 08:38:17 host sshd[25457]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.105.97.76
Jan 19 08:38:41 host sshd[25523]: Did not receive identification string from 68.183.93.30 port 42772
Jan 19 08:39:09 host sshd[25590]: Invalid user sys from 68.183.93.30 port 58066
Jan 19 08:39:09 host sshd[25590]: input_userauth_request: invalid user sys [preauth]
Jan 19 08:39:09 host sshd[25590]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:39:09 host sshd[25590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.93.30
Jan 19 08:39:11 host sshd[25590]: Failed password for invalid user sys from 68.183.93.30 port 58066 ssh2
Jan 19 08:39:11 host sshd[25590]: Connection closed by 68.183.93.30 port 58066 [preauth]
Jan 19 08:39:46 host sshd[25734]: User root from 68.183.93.30 not allowed because not listed in AllowUsers
Jan 19 08:39:46 host sshd[25734]: input_userauth_request: invalid user root [preauth]
Jan 19 08:39:46 host unix_chkpwd[25737]: password check failed for user (root)
Jan 19 08:39:46 host sshd[25734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.93.30 user=root
Jan 19 08:39:46 host sshd[25734]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:39:48 host sshd[25734]: Failed password for invalid user root from 68.183.93.30 port 34726 ssh2
Jan 19 08:39:48 host sshd[25734]: Connection closed by 68.183.93.30 port 34726 [preauth]
Jan 19 08:47:32 host sshd[27237]: Invalid user admin from 92.255.85.115 port 3943
Jan 19 08:47:32 host sshd[27237]: input_userauth_request: invalid user admin [preauth]
Jan 19 08:47:32 host sshd[27237]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:32 host sshd[27237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.255.85.115
Jan 19 08:47:34 host sshd[27237]: Failed password for invalid user admin from 92.255.85.115 port 3943 ssh2
Jan 19 08:47:34 host sshd[27237]: Connection reset by 92.255.85.115 port 3943 [preauth]
Jan 19 08:47:43 host sshd[27256]: Did not receive identification string from 203.76.241.10 port 59248
Jan 19 08:47:44 host sshd[27257]: Invalid user student from 203.76.241.10 port 40640
Jan 19 08:47:44 host sshd[27257]: input_userauth_request: invalid user student [preauth]
Jan 19 08:47:44 host sshd[27258]: Invalid user ubuntu from 203.76.241.10 port 40609
Jan 19 08:47:44 host sshd[27258]: input_userauth_request: invalid user ubuntu [preauth]
Jan 19 08:47:44 host sshd[27259]: Invalid user steam from 203.76.241.10 port 40582
Jan 19 08:47:44 host sshd[27259]: input_userauth_request: invalid user steam [preauth]
Jan 19 08:47:44 host sshd[27261]: Invalid user steam from 203.76.241.10 port 40608
Jan 19 08:47:44 host sshd[27265]: Invalid user ubuntu from 203.76.241.10 port 40634
Jan 19 08:47:44 host sshd[27265]: input_userauth_request: invalid user ubuntu [preauth]
Jan 19 08:47:44 host sshd[27261]: input_userauth_request: invalid user steam [preauth]
Jan 19 08:47:44 host sshd[27262]: Invalid user dev from 203.76.241.10 port 40590
Jan 19 08:47:44 host sshd[27262]: input_userauth_request: invalid user dev [preauth]
Jan 19 08:47:44 host sshd[27260]: Invalid user ubuntu from 203.76.241.10 port 40652
Jan 19 08:47:44 host sshd[27260]: input_userauth_request: invalid user ubuntu [preauth]
Jan 19 08:47:44 host sshd[27263]: Invalid user student from 203.76.241.10 port 40626
Jan 19 08:47:44 host sshd[27263]: input_userauth_request: invalid user student [preauth]
Jan 19 08:47:44 host sshd[27266]: Invalid user test from 203.76.241.10 port 40658
Jan 19 08:47:44 host sshd[27266]: input_userauth_request: invalid user test [preauth]
Jan 19 08:47:44 host sshd[27269]: Invalid user admin from 203.76.241.10 port 40598
Jan 19 08:47:44 host sshd[27269]: input_userauth_request: invalid user admin [preauth]
Jan 19 08:47:44 host sshd[27264]: Invalid user zjw from 203.76.241.10 port 40580
Jan 19 08:47:44 host sshd[27264]: input_userauth_request: invalid user zjw [preauth]
Jan 19 08:47:44 host sshd[27270]: User root from 203.76.241.10 not allowed because not listed in AllowUsers
Jan 19 08:47:44 host sshd[27270]: input_userauth_request: invalid user root [preauth]
Jan 19 08:47:44 host sshd[27271]: Invalid user vagrant from 203.76.241.10 port 40588
Jan 19 08:47:44 host sshd[27271]: input_userauth_request: invalid user vagrant [preauth]
Jan 19 08:47:44 host sshd[27277]: Invalid user tester from 203.76.241.10 port 40644
Jan 19 08:47:44 host sshd[27277]: input_userauth_request: invalid user tester [preauth]
Jan 19 08:47:44 host sshd[27267]: Invalid user admin from 203.76.241.10 port 40612
Jan 19 08:47:44 host sshd[27267]: input_userauth_request: invalid user admin [preauth]
Jan 19 08:47:44 host sshd[27284]: User root from 203.76.241.10 not allowed because not listed in AllowUsers
Jan 19 08:47:44 host sshd[27284]: input_userauth_request: invalid user root [preauth]
Jan 19 08:47:44 host sshd[27280]: Invalid user devops from 203.76.241.10 port 40614
Jan 19 08:47:44 host sshd[27280]: input_userauth_request: invalid user devops [preauth]
Jan 19 08:47:44 host sshd[27285]: Invalid user esuser from 203.76.241.10 port 40606
Jan 19 08:47:44 host sshd[27285]: input_userauth_request: invalid user esuser [preauth]
Jan 19 08:47:44 host sshd[27278]: Invalid user user from 203.76.241.10 port 40594
Jan 19 08:47:44 host sshd[27278]: input_userauth_request: invalid user user [preauth]
Jan 19 08:47:44 host sshd[27283]: Invalid user test from 203.76.241.10 port 40656
Jan 19 08:47:44 host sshd[27283]: input_userauth_request: invalid user test [preauth]
Jan 19 08:47:44 host sshd[27286]: Invalid user halo from 203.76.241.10 port 40602
Jan 19 08:47:44 host sshd[27282]: Invalid user admin from 203.76.241.10 port 40622
Jan 19 08:47:44 host sshd[27286]: input_userauth_request: invalid user halo [preauth]
Jan 19 08:47:44 host sshd[27282]: input_userauth_request: invalid user admin [preauth]
Jan 19 08:47:44 host sshd[27287]: User root from 203.76.241.10 not allowed because not listed in AllowUsers
Jan 19 08:47:44 host sshd[27287]: input_userauth_request: invalid user root [preauth]
Jan 19 08:47:44 host sshd[27288]: Invalid user steam from 203.76.241.10 port 40603
Jan 19 08:47:44 host sshd[27288]: input_userauth_request: invalid user steam [preauth]
Jan 19 08:47:44 host sshd[27289]: Invalid user steam from 203.76.241.10 port 40620
Jan 19 08:47:44 host sshd[27289]: input_userauth_request: invalid user steam [preauth]
Jan 19 08:47:44 host sshd[27281]: Invalid user user from 203.76.241.10 port 40618
Jan 19 08:47:44 host sshd[27290]: Invalid user user from 203.76.241.10 port 40638
Jan 19 08:47:44 host sshd[27281]: input_userauth_request: invalid user user [preauth]
Jan 19 08:47:44 host sshd[27290]: input_userauth_request: invalid user user [preauth]
Jan 19 08:47:44 host sshd[27293]: Invalid user admin from 203.76.241.10 port 40654
Jan 19 08:47:44 host sshd[27293]: input_userauth_request: invalid user admin [preauth]
Jan 19 08:47:45 host sshd[27257]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27258]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27259]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27265]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27261]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27260]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27262]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27266]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27263]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27269]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27264]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27271]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host unix_chkpwd[27316]: password check failed for user (root)
Jan 19 08:47:45 host sshd[27270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10 user=root
Jan 19 08:47:45 host sshd[27270]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:47:45 host sshd[27277]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27267]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27280]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27285]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27278]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27283]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host unix_chkpwd[27317]: password check failed for user (root)
Jan 19 08:47:45 host sshd[27284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10 user=root
Jan 19 08:47:45 host sshd[27284]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:47:45 host sshd[27286]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27282]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27289]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27281]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27288]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host sshd[27290]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:45 host sshd[27290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:45 host unix_chkpwd[27318]: password check failed for user (root)
Jan 19 08:47:45 host sshd[27287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10 user=root
Jan 19 08:47:45 host sshd[27287]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:47:47 host sshd[27293]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:47:47 host sshd[27293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.76.241.10
Jan 19 08:47:47 host sshd[27257]: Failed password for invalid user student from 203.76.241.10 port 40640 ssh2
Jan 19 08:47:47 host sshd[27258]: Failed password for invalid user ubuntu from 203.76.241.10 port 40609 ssh2
Jan 19 08:47:47 host sshd[27259]: Failed password for invalid user steam from 203.76.241.10 port 40582 ssh2
Jan 19 08:47:47 host sshd[27265]: Failed password for invalid user ubuntu from 203.76.241.10 port 40634 ssh2
Jan 19 08:47:47 host sshd[27261]: Failed password for invalid user steam from 203.76.241.10 port 40608 ssh2
Jan 19 08:47:47 host sshd[27260]: Failed password for invalid user ubuntu from 203.76.241.10 port 40652 ssh2
Jan 19 08:47:47 host sshd[27262]: Failed password for invalid user dev from 203.76.241.10 port 40590 ssh2
Jan 19 08:47:47 host sshd[27263]: Failed password for invalid user student from 203.76.241.10 port 40626 ssh2
Jan 19 08:47:47 host sshd[27266]: Failed password for invalid user test from 203.76.241.10 port 40658 ssh2
Jan 19 08:47:47 host sshd[27269]: Failed password for invalid user admin from 203.76.241.10 port 40598 ssh2
Jan 19 08:47:47 host sshd[27264]: Failed password for invalid user zjw from 203.76.241.10 port 40580 ssh2
Jan 19 08:47:47 host sshd[27271]: Failed password for invalid user vagrant from 203.76.241.10 port 40588 ssh2
Jan 19 08:47:47 host sshd[27270]: Failed password for invalid user root from 203.76.241.10 port 40636 ssh2
Jan 19 08:47:47 host sshd[27277]: Failed password for invalid user tester from 203.76.241.10 port 40644 ssh2
Jan 19 08:47:47 host sshd[27267]: Failed password for invalid user admin from 203.76.241.10 port 40612 ssh2
Jan 19 08:47:47 host sshd[27280]: Failed password for invalid user devops from 203.76.241.10 port 40614 ssh2
Jan 19 08:47:47 host sshd[27285]: Failed password for invalid user esuser from 203.76.241.10 port 40606 ssh2
Jan 19 08:47:47 host sshd[27278]: Failed password for invalid user user from 203.76.241.10 port 40594 ssh2
Jan 19 08:47:47 host sshd[27283]: Failed password for invalid user test from 203.76.241.10 port 40656 ssh2
Jan 19 08:47:47 host sshd[27284]: Failed password for invalid user root from 203.76.241.10 port 40648 ssh2
Jan 19 08:47:47 host sshd[27286]: Failed password for invalid user halo from 203.76.241.10 port 40602 ssh2
Jan 19 08:47:47 host sshd[27282]: Failed password for invalid user admin from 203.76.241.10 port 40622 ssh2
Jan 19 08:47:47 host sshd[27289]: Failed password for invalid user steam from 203.76.241.10 port 40620 ssh2
Jan 19 08:47:47 host sshd[27281]: Failed password for invalid user user from 203.76.241.10 port 40618 ssh2
Jan 19 08:47:47 host sshd[27288]: Failed password for invalid user steam from 203.76.241.10 port 40603 ssh2
Jan 19 08:47:47 host sshd[27290]: Failed password for invalid user user from 203.76.241.10 port 40638 ssh2
Jan 19 08:47:47 host sshd[27287]: Failed password for invalid user root from 203.76.241.10 port 40625 ssh2
Jan 19 08:47:47 host sshd[27257]: Connection closed by 203.76.241.10 port 40640 [preauth]
Jan 19 08:47:47 host sshd[27258]: Connection closed by 203.76.241.10 port 40609 [preauth]
Jan 19 08:47:47 host sshd[27259]: Connection closed by 203.76.241.10 port 40582 [preauth]
Jan 19 08:47:47 host sshd[27261]: Connection closed by 203.76.241.10 port 40608 [preauth]
Jan 19 08:47:47 host sshd[27260]: Connection closed by 203.76.241.10 port 40652 [preauth]
Jan 19 08:47:47 host sshd[27265]: Connection closed by 203.76.241.10 port 40634 [preauth]
Jan 19 08:47:47 host sshd[27262]: Connection closed by 203.76.241.10 port 40590 [preauth]
Jan 19 08:47:47 host sshd[27266]: Connection closed by 203.76.241.10 port 40658 [preauth]
Jan 19 08:47:47 host sshd[27263]: Connection closed by 203.76.241.10 port 40626 [preauth]
Jan 19 08:47:47 host sshd[27269]: Connection closed by 203.76.241.10 port 40598 [preauth]
Jan 19 08:47:47 host sshd[27264]: Connection closed by 203.76.241.10 port 40580 [preauth]
Jan 19 08:47:47 host sshd[27270]: Connection closed by 203.76.241.10 port 40636 [preauth]
Jan 19 08:47:47 host sshd[27271]: Connection closed by 203.76.241.10 port 40588 [preauth]
Jan 19 08:47:47 host sshd[27277]: Connection closed by 203.76.241.10 port 40644 [preauth]
Jan 19 08:47:47 host sshd[27267]: Connection closed by 203.76.241.10 port 40612 [preauth]
Jan 19 08:47:47 host sshd[27280]: Connection closed by 203.76.241.10 port 40614 [preauth]
Jan 19 08:47:47 host sshd[27285]: Connection closed by 203.76.241.10 port 40606 [preauth]
Jan 19 08:47:47 host sshd[27278]: Connection closed by 203.76.241.10 port 40594 [preauth]
Jan 19 08:47:48 host sshd[27283]: Connection closed by 203.76.241.10 port 40656 [preauth]
Jan 19 08:47:48 host sshd[27284]: Connection closed by 203.76.241.10 port 40648 [preauth]
Jan 19 08:47:48 host sshd[27282]: Connection closed by 203.76.241.10 port 40622 [preauth]
Jan 19 08:47:48 host sshd[27286]: Connection closed by 203.76.241.10 port 40602 [preauth]
Jan 19 08:47:48 host sshd[27289]: Connection closed by 203.76.241.10 port 40620 [preauth]
Jan 19 08:47:48 host sshd[27281]: Connection closed by 203.76.241.10 port 40618 [preauth]
Jan 19 08:47:48 host sshd[27288]: Connection closed by 203.76.241.10 port 40603 [preauth]
Jan 19 08:47:48 host sshd[27290]: Connection closed by 203.76.241.10 port 40638 [preauth]
Jan 19 08:47:48 host sshd[27287]: Connection closed by 203.76.241.10 port 40625 [preauth]
Jan 19 08:47:49 host sshd[27293]: Failed password for invalid user admin from 203.76.241.10 port 40654 ssh2
Jan 19 08:47:49 host sshd[27293]: Connection closed by 203.76.241.10 port 40654 [preauth]
Jan 19 08:51:47 host sshd[27997]: Invalid user admin from 195.226.194.242 port 15536
Jan 19 08:51:47 host sshd[27997]: input_userauth_request: invalid user admin [preauth]
Jan 19 08:51:47 host sshd[27997]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:51:47 host sshd[27997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 19 08:51:50 host sshd[27997]: Failed password for invalid user admin from 195.226.194.242 port 15536 ssh2
Jan 19 08:51:50 host sshd[27997]: Received disconnect from 195.226.194.242 port 15536:11: Bye Bye [preauth]
Jan 19 08:51:50 host sshd[27997]: Disconnected from 195.226.194.242 port 15536 [preauth]
Jan 19 08:54:20 host sshd[28282]: Invalid user support from 92.255.85.115 port 7624
Jan 19 08:54:20 host sshd[28282]: input_userauth_request: invalid user support [preauth]
Jan 19 08:54:20 host sshd[28282]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 08:54:20 host sshd[28282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.255.85.115
Jan 19 08:54:22 host sshd[28282]: Failed password for invalid user support from 92.255.85.115 port 7624 ssh2
Jan 19 08:54:22 host sshd[28282]: Connection reset by 92.255.85.115 port 7624 [preauth]
Jan 19 08:54:43 host sshd[28373]: User root from 125.229.113.32 not allowed because not listed in AllowUsers
Jan 19 08:54:43 host sshd[28373]: input_userauth_request: invalid user root [preauth]
Jan 19 08:54:43 host unix_chkpwd[28381]: password check failed for user (root)
Jan 19 08:54:43 host sshd[28373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.113.32 user=root
Jan 19 08:54:43 host sshd[28373]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:54:45 host sshd[28373]: Failed password for invalid user root from 125.229.113.32 port 51132 ssh2
Jan 19 08:54:45 host unix_chkpwd[28385]: password check failed for user (root)
Jan 19 08:54:45 host sshd[28373]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:54:47 host sshd[28373]: Failed password for invalid user root from 125.229.113.32 port 51132 ssh2
Jan 19 08:54:48 host unix_chkpwd[28388]: password check failed for user (root)
Jan 19 08:54:48 host sshd[28373]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:54:51 host sshd[28373]: Failed password for invalid user root from 125.229.113.32 port 51132 ssh2
Jan 19 08:54:51 host unix_chkpwd[28394]: password check failed for user (root)
Jan 19 08:54:51 host sshd[28373]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:54:53 host sshd[28373]: Failed password for invalid user root from 125.229.113.32 port 51132 ssh2
Jan 19 08:54:54 host unix_chkpwd[28405]: password check failed for user (root)
Jan 19 08:54:54 host sshd[28373]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 08:54:56 host sshd[28373]: Failed password for invalid user root from 125.229.113.32 port 51132 ssh2
Jan 19 09:07:33 host sshd[31103]: Did not receive identification string from 206.189.23.129 port 61000
Jan 19 09:12:44 host sshd[32374]: Did not receive identification string from 87.236.176.243 port 32831
Jan 19 09:12:45 host sshd[32420]: Connection closed by 87.236.176.243 port 58999 [preauth]
Jan 19 09:13:41 host sshd[32640]: Invalid user admin from 114.33.107.149 port 44492
Jan 19 09:13:41 host sshd[32640]: input_userauth_request: invalid user admin [preauth]
Jan 19 09:13:41 host sshd[32640]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 09:13:41 host sshd[32640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.107.149
Jan 19 09:13:43 host sshd[32640]: Failed password for invalid user admin from 114.33.107.149 port 44492 ssh2
Jan 19 09:13:44 host sshd[32640]: Failed password for invalid user admin from 114.33.107.149 port 44492 ssh2
Jan 19 09:13:46 host sshd[32640]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 09:13:47 host sshd[32640]: Failed password for invalid user admin from 114.33.107.149 port 44492 ssh2
Jan 19 09:13:49 host sshd[32640]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 09:13:50 host sshd[32640]: Failed password for invalid user admin from 114.33.107.149 port 44492 ssh2
Jan 19 09:13:51 host sshd[32640]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 09:13:54 host sshd[32640]: Failed password for invalid user admin from 114.33.107.149 port 44492 ssh2
Jan 19 09:13:54 host sshd[32640]: Connection reset by 114.33.107.149 port 44492 [preauth]
Jan 19 09:13:54 host sshd[32640]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.107.149
Jan 19 09:13:54 host sshd[32640]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 19 09:16:03 host sshd[733]: Invalid user sFTPUser from 117.2.230.119 port 49341
Jan 19 09:16:03 host sshd[733]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 19 09:16:03 host sshd[733]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 09:16:03 host sshd[733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.2.230.119
Jan 19 09:16:04 host sshd[733]: Failed password for invalid user sFTPUser from 117.2.230.119 port 49341 ssh2
Jan 19 09:17:37 host sshd[1012]: User root from 37.252.66.56 not allowed because not listed in AllowUsers
Jan 19 09:17:37 host sshd[1012]: input_userauth_request: invalid user root [preauth]
Jan 19 09:17:37 host unix_chkpwd[1017]: password check failed for user (root)
Jan 19 09:17:37 host sshd[1012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.252.66.56 user=root
Jan 19 09:17:37 host sshd[1012]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 09:17:39 host sshd[1012]: Failed password for invalid user root from 37.252.66.56 port 59711 ssh2
Jan 19 09:17:40 host unix_chkpwd[1026]: password check failed for user (root)
Jan 19 09:17:40 host sshd[1012]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 09:17:42 host sshd[1012]: Failed password for invalid user root from 37.252.66.56 port 59711 ssh2
Jan 19 09:17:42 host unix_chkpwd[1030]: password check failed for user (root)
Jan 19 09:17:42 host sshd[1012]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 09:17:43 host sshd[1012]: Failed password for invalid user root from 37.252.66.56 port 59711 ssh2
Jan 19 09:17:44 host sshd[1012]: Connection reset by 37.252.66.56 port 59711 [preauth]
Jan 19 09:17:44 host sshd[1012]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.252.66.56 user=root
Jan 19 09:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 09:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 09:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 09:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 09:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 09:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 09:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=a2zgroup user-2=dartsimp user-3=laundryboniface user-4=wwwkaretakers user-5=cochintaxi user-6=travelboniface user-7=keralaholi user-8=wwwresourcehunte user-9=wwwrmswll user-10=ugotscom user-11=wwwpmcresource user-12=vfmassets user-13=shalinijames user-14=wwwtestugo user-15=pmcresources user-16=remysagr user-17=disposeat user-18=wwwkmaorg user-19=wwwkapin user-20=woodpeck user-21=palco123 user-22=gifterman user-23=kottayamcalldriv user-24=phmetals user-25=wwwnexidigital user-26=mrsclean user-27=bonifacegroup user-28=wwwevmhonda user-29=wwwletsstalkfood user-30=straightcurve feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 09:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-J2Cnulol3DbDNBlO.~
Jan 19 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-J2Cnulol3DbDNBlO.~'
Jan 19 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-J2Cnulol3DbDNBlO.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 09:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 09:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 09:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 09:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 09:27:49 host sshd[3120]: Invalid user ubuntu from 118.34.67.27 port 49485
Jan 19 09:27:49 host sshd[3120]: input_userauth_request: invalid user ubuntu [preauth]
Jan 19 09:27:49 host sshd[3120]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 09:27:49 host sshd[3120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.34.67.27
Jan 19 09:27:51 host sshd[3120]: Failed password for invalid user ubuntu from 118.34.67.27 port 49485 ssh2
Jan 19 09:27:52 host sshd[3120]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 09:27:55 host sshd[3120]: Failed password for invalid user ubuntu from 118.34.67.27 port 49485 ssh2
Jan 19 09:27:56 host sshd[3120]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 09:27:58 host sshd[3120]: Failed password for invalid user ubuntu from 118.34.67.27 port 49485 ssh2
Jan 19 09:28:01 host sshd[3120]: Failed password for invalid user ubuntu from 118.34.67.27 port 49485 ssh2
Jan 19 09:40:50 host sshd[5696]: User root from 14.45.158.2 not allowed because not listed in AllowUsers
Jan 19 09:40:50 host sshd[5696]: input_userauth_request: invalid user root [preauth]
Jan 19 09:40:50 host unix_chkpwd[5705]: password check failed for user (root)
Jan 19 09:40:50 host sshd[5696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.45.158.2 user=root
Jan 19 09:40:50 host sshd[5696]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 09:40:52 host sshd[5696]: Failed password for invalid user root from 14.45.158.2 port 56813 ssh2
Jan 19 09:40:53 host unix_chkpwd[5708]: password check failed for user (root)
Jan 19 09:40:53 host sshd[5696]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 09:40:55 host sshd[5696]: Failed password for invalid user root from 14.45.158.2 port 56813 ssh2
Jan 19 09:40:56 host unix_chkpwd[5715]: password check failed for user (root)
Jan 19 09:40:56 host sshd[5696]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 09:40:59 host sshd[5696]: Failed password for invalid user root from 14.45.158.2 port 56813 ssh2
Jan 19 09:41:00 host unix_chkpwd[5721]: password check failed for user (root)
Jan 19 09:41:00 host sshd[5696]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 09:41:02 host sshd[5696]: Failed password for invalid user root from 14.45.158.2 port 56813 ssh2
Jan 19 09:41:37 host sshd[5863]: Invalid user gi from 194.110.203.109 port 33576
Jan 19 09:41:37 host sshd[5863]: input_userauth_request: invalid user gi [preauth]
Jan 19 09:41:37 host sshd[5863]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 09:41:37 host sshd[5863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 09:41:38 host sshd[5863]: Failed password for invalid user gi from 194.110.203.109 port 33576 ssh2
Jan 19 09:41:42 host sshd[5863]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 09:41:44 host sshd[5863]: Failed password for invalid user gi from 194.110.203.109 port 33576 ssh2
Jan 19 09:41:47 host sshd[5863]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 09:41:48 host sshd[5863]: Failed password for invalid user gi from 194.110.203.109 port 33576 ssh2
Jan 19 09:41:52 host sshd[5863]: Connection closed by 194.110.203.109 port 33576 [preauth]
Jan 19 09:41:52 host sshd[5863]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 09:46:14 host sshd[6708]: User root from 59.25.150.78 not allowed because not listed in AllowUsers
Jan 19 09:46:14 host sshd[6708]: input_userauth_request: invalid user root [preauth]
Jan 19 09:46:14 host unix_chkpwd[6713]: password check failed for user (root)
Jan 19 09:46:14 host sshd[6708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.25.150.78 user=root
Jan 19 09:46:14 host sshd[6708]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 09:46:17 host sshd[6708]: Failed password for invalid user root from 59.25.150.78 port 60522 ssh2
Jan 19 09:46:18 host unix_chkpwd[6721]: password check failed for user (root)
Jan 19 09:46:18 host sshd[6708]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 09:46:20 host sshd[6708]: Failed password for invalid user root from 59.25.150.78 port 60522 ssh2
Jan 19 09:46:20 host unix_chkpwd[6725]: password check failed for user (root)
Jan 19 09:46:20 host sshd[6708]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 09:46:22 host sshd[6708]: Failed password for invalid user root from 59.25.150.78 port 60522 ssh2
Jan 19 09:46:23 host unix_chkpwd[6729]: password check failed for user (root)
Jan 19 09:46:23 host sshd[6708]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 09:46:25 host sshd[6708]: Failed password for invalid user root from 59.25.150.78 port 60522 ssh2
Jan 19 09:52:40 host sshd[8036]: Did not receive identification string from 128.1.131.197 port 39778
Jan 19 09:52:55 host sshd[8037]: Connection closed by 128.1.131.197 port 39832 [preauth]
Jan 19 09:54:19 host sshd[8263]: Invalid user bigipuser3 from 172.10.136.172 port 59525
Jan 19 09:54:19 host sshd[8263]: input_userauth_request: invalid user bigipuser3 [preauth]
Jan 19 09:54:19 host sshd[8263]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 09:54:19 host sshd[8263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.10.136.172
Jan 19 09:54:21 host sshd[8263]: Failed password for invalid user bigipuser3 from 172.10.136.172 port 59525 ssh2
Jan 19 09:54:21 host sshd[8263]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 09:54:24 host sshd[8263]: Failed password for invalid user bigipuser3 from 172.10.136.172 port 59525 ssh2
Jan 19 09:54:25 host sshd[8263]: Connection reset by 172.10.136.172 port 59525 [preauth]
Jan 19 09:54:25 host sshd[8263]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.10.136.172
Jan 19 10:02:39 host sshd[9892]: User root from 137.184.216.0 not allowed because not listed in AllowUsers
Jan 19 10:02:39 host sshd[9892]: input_userauth_request: invalid user root [preauth]
Jan 19 10:02:39 host unix_chkpwd[9896]: password check failed for user (root)
Jan 19 10:02:39 host sshd[9892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.216.0 user=root
Jan 19 10:02:39 host sshd[9892]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:02:41 host sshd[9892]: Failed password for invalid user root from 137.184.216.0 port 40380 ssh2
Jan 19 10:02:41 host sshd[9892]: Received disconnect from 137.184.216.0 port 40380:11: Bye Bye [preauth]
Jan 19 10:02:41 host sshd[9892]: Disconnected from 137.184.216.0 port 40380 [preauth]
Jan 19 10:02:47 host sshd[9909]: Invalid user elemental from 51.250.6.222 port 34226
Jan 19 10:02:47 host sshd[9909]: input_userauth_request: invalid user elemental [preauth]
Jan 19 10:02:47 host sshd[9909]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:02:47 host sshd[9909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.6.222
Jan 19 10:02:49 host sshd[9909]: Failed password for invalid user elemental from 51.250.6.222 port 34226 ssh2
Jan 19 10:02:49 host sshd[9909]: Received disconnect from 51.250.6.222 port 34226:11: Bye Bye [preauth]
Jan 19 10:02:49 host sshd[9909]: Disconnected from 51.250.6.222 port 34226 [preauth]
Jan 19 10:03:01 host sshd[9940]: User root from 143.110.190.26 not allowed because not listed in AllowUsers
Jan 19 10:03:01 host sshd[9940]: input_userauth_request: invalid user root [preauth]
Jan 19 10:03:01 host unix_chkpwd[9949]: password check failed for user (root)
Jan 19 10:03:01 host sshd[9940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.190.26 user=root
Jan 19 10:03:01 host sshd[9940]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:03:02 host sshd[9940]: Failed password for invalid user root from 143.110.190.26 port 50098 ssh2
Jan 19 10:03:02 host sshd[9940]: Received disconnect from 143.110.190.26 port 50098:11: Bye Bye [preauth]
Jan 19 10:03:02 host sshd[9940]: Disconnected from 143.110.190.26 port 50098 [preauth]
Jan 19 10:03:24 host sshd[10001]: Invalid user media from 165.154.226.249 port 46552
Jan 19 10:03:24 host sshd[10001]: input_userauth_request: invalid user media [preauth]
Jan 19 10:03:24 host sshd[10001]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:03:24 host sshd[10001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.226.249
Jan 19 10:03:26 host sshd[10001]: Failed password for invalid user media from 165.154.226.249 port 46552 ssh2
Jan 19 10:03:26 host sshd[10001]: Received disconnect from 165.154.226.249 port 46552:11: Bye Bye [preauth]
Jan 19 10:03:26 host sshd[10001]: Disconnected from 165.154.226.249 port 46552 [preauth]
Jan 19 10:05:10 host sshd[10367]: Invalid user teste from 182.176.94.191 port 50196
Jan 19 10:05:10 host sshd[10367]: input_userauth_request: invalid user teste [preauth]
Jan 19 10:05:10 host sshd[10367]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:05:10 host sshd[10367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.176.94.191
Jan 19 10:05:12 host sshd[10367]: Failed password for invalid user teste from 182.176.94.191 port 50196 ssh2
Jan 19 10:05:12 host sshd[10367]: Received disconnect from 182.176.94.191 port 50196:11: Bye Bye [preauth]
Jan 19 10:05:12 host sshd[10367]: Disconnected from 182.176.94.191 port 50196 [preauth]
Jan 19 10:05:25 host sshd[10392]: Invalid user nginx from 121.149.58.243 port 34619
Jan 19 10:05:25 host sshd[10392]: input_userauth_request: invalid user nginx [preauth]
Jan 19 10:05:25 host sshd[10392]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:05:25 host sshd[10392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.149.58.243
Jan 19 10:05:27 host sshd[10392]: Failed password for invalid user nginx from 121.149.58.243 port 34619 ssh2
Jan 19 10:05:28 host sshd[10392]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:05:30 host sshd[10392]: Failed password for invalid user nginx from 121.149.58.243 port 34619 ssh2
Jan 19 10:05:32 host sshd[10392]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:05:34 host sshd[10392]: Failed password for invalid user nginx from 121.149.58.243 port 34619 ssh2
Jan 19 10:05:35 host sshd[10392]: Failed password for invalid user nginx from 121.149.58.243 port 34619 ssh2
Jan 19 10:05:36 host sshd[10453]: Invalid user ansadmin from 122.168.125.226 port 41696
Jan 19 10:05:36 host sshd[10453]: input_userauth_request: invalid user ansadmin [preauth]
Jan 19 10:05:36 host sshd[10453]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:05:36 host sshd[10453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.168.125.226
Jan 19 10:05:36 host sshd[10392]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:05:38 host sshd[10453]: Failed password for invalid user ansadmin from 122.168.125.226 port 41696 ssh2
Jan 19 10:05:38 host sshd[10453]: Received disconnect from 122.168.125.226 port 41696:11: Bye Bye [preauth]
Jan 19 10:05:38 host sshd[10453]: Disconnected from 122.168.125.226 port 41696 [preauth]
Jan 19 10:05:39 host sshd[10392]: Failed password for invalid user nginx from 121.149.58.243 port 34619 ssh2
Jan 19 10:08:11 host sshd[10866]: Invalid user ftptest from 137.184.216.0 port 41258
Jan 19 10:08:11 host sshd[10866]: input_userauth_request: invalid user ftptest [preauth]
Jan 19 10:08:11 host sshd[10866]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:08:11 host sshd[10866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.216.0
Jan 19 10:08:13 host sshd[10866]: Failed password for invalid user ftptest from 137.184.216.0 port 41258 ssh2
Jan 19 10:08:13 host sshd[10866]: Received disconnect from 137.184.216.0 port 41258:11: Bye Bye [preauth]
Jan 19 10:08:13 host sshd[10866]: Disconnected from 137.184.216.0 port 41258 [preauth]
Jan 19 10:08:36 host sshd[10966]: Invalid user terraria from 182.176.94.191 port 56698
Jan 19 10:08:36 host sshd[10966]: input_userauth_request: invalid user terraria [preauth]
Jan 19 10:08:36 host sshd[10966]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:08:36 host sshd[10966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.176.94.191
Jan 19 10:08:39 host sshd[10966]: Failed password for invalid user terraria from 182.176.94.191 port 56698 ssh2
Jan 19 10:08:39 host sshd[10966]: Received disconnect from 182.176.94.191 port 56698:11: Bye Bye [preauth]
Jan 19 10:08:39 host sshd[10966]: Disconnected from 182.176.94.191 port 56698 [preauth]
Jan 19 10:08:56 host sshd[10998]: Invalid user dockeradmin from 165.154.226.249 port 47414
Jan 19 10:08:56 host sshd[10998]: input_userauth_request: invalid user dockeradmin [preauth]
Jan 19 10:08:56 host sshd[10998]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:08:56 host sshd[10998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.226.249
Jan 19 10:08:57 host sshd[10998]: Failed password for invalid user dockeradmin from 165.154.226.249 port 47414 ssh2
Jan 19 10:08:57 host sshd[10998]: Received disconnect from 165.154.226.249 port 47414:11: Bye Bye [preauth]
Jan 19 10:08:57 host sshd[10998]: Disconnected from 165.154.226.249 port 47414 [preauth]
Jan 19 10:09:02 host sshd[11027]: User root from 122.168.125.226 not allowed because not listed in AllowUsers
Jan 19 10:09:02 host sshd[11027]: input_userauth_request: invalid user root [preauth]
Jan 19 10:09:02 host unix_chkpwd[11030]: password check failed for user (root)
Jan 19 10:09:02 host sshd[11027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.168.125.226 user=root
Jan 19 10:09:02 host sshd[11027]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:09:04 host sshd[11027]: Failed password for invalid user root from 122.168.125.226 port 40026 ssh2
Jan 19 10:09:04 host sshd[11027]: Received disconnect from 122.168.125.226 port 40026:11: Bye Bye [preauth]
Jan 19 10:09:04 host sshd[11027]: Disconnected from 122.168.125.226 port 40026 [preauth]
Jan 19 10:09:35 host sshd[11163]: User root from 51.250.6.222 not allowed because not listed in AllowUsers
Jan 19 10:09:35 host sshd[11163]: input_userauth_request: invalid user root [preauth]
Jan 19 10:09:35 host unix_chkpwd[11167]: password check failed for user (root)
Jan 19 10:09:35 host sshd[11163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.6.222 user=root
Jan 19 10:09:35 host sshd[11163]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:09:37 host sshd[11163]: Failed password for invalid user root from 51.250.6.222 port 40408 ssh2
Jan 19 10:09:38 host sshd[11163]: Received disconnect from 51.250.6.222 port 40408:11: Bye Bye [preauth]
Jan 19 10:09:38 host sshd[11163]: Disconnected from 51.250.6.222 port 40408 [preauth]
Jan 19 10:09:41 host sshd[11176]: Invalid user ark from 143.110.190.26 port 51256
Jan 19 10:09:41 host sshd[11176]: input_userauth_request: invalid user ark [preauth]
Jan 19 10:09:41 host sshd[11176]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:09:41 host sshd[11176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.190.26
Jan 19 10:09:43 host sshd[11176]: Failed password for invalid user ark from 143.110.190.26 port 51256 ssh2
Jan 19 10:09:43 host sshd[11176]: Received disconnect from 143.110.190.26 port 51256:11: Bye Bye [preauth]
Jan 19 10:09:43 host sshd[11176]: Disconnected from 143.110.190.26 port 51256 [preauth]
Jan 19 10:09:50 host sshd[11346]: User centos from 182.176.94.191 not allowed because not listed in AllowUsers
Jan 19 10:09:50 host sshd[11346]: input_userauth_request: invalid user centos [preauth]
Jan 19 10:09:50 host unix_chkpwd[11350]: password check failed for user (centos)
Jan 19 10:09:50 host sshd[11346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.176.94.191 user=centos
Jan 19 10:09:52 host sshd[11346]: Failed password for invalid user centos from 182.176.94.191 port 43622 ssh2
Jan 19 10:09:52 host sshd[11346]: Received disconnect from 182.176.94.191 port 43622:11: Bye Bye [preauth]
Jan 19 10:09:52 host sshd[11346]: Disconnected from 182.176.94.191 port 43622 [preauth]
Jan 19 10:09:59 host sshd[11389]: User root from 114.35.179.111 not allowed because not listed in AllowUsers
Jan 19 10:09:59 host sshd[11389]: input_userauth_request: invalid user root [preauth]
Jan 19 10:09:59 host unix_chkpwd[11398]: password check failed for user (root)
Jan 19 10:09:59 host sshd[11389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.179.111 user=root
Jan 19 10:09:59 host sshd[11389]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:10:01 host sshd[11389]: Failed password for invalid user root from 114.35.179.111 port 47673 ssh2
Jan 19 10:10:02 host unix_chkpwd[11426]: password check failed for user (root)
Jan 19 10:10:02 host sshd[11389]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:10:03 host sshd[11389]: Failed password for invalid user root from 114.35.179.111 port 47673 ssh2
Jan 19 10:10:05 host unix_chkpwd[11439]: password check failed for user (root)
Jan 19 10:10:05 host sshd[11389]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:10:07 host sshd[11389]: Failed password for invalid user root from 114.35.179.111 port 47673 ssh2
Jan 19 10:10:08 host unix_chkpwd[11476]: password check failed for user (root)
Jan 19 10:10:08 host sshd[11389]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:10:10 host sshd[11389]: Failed password for invalid user root from 114.35.179.111 port 47673 ssh2
Jan 19 10:10:17 host sshd[11522]: Invalid user bitrix from 165.154.226.249 port 19506
Jan 19 10:10:17 host sshd[11522]: input_userauth_request: invalid user bitrix [preauth]
Jan 19 10:10:17 host sshd[11522]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:10:17 host sshd[11522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.226.249
Jan 19 10:10:19 host sshd[11522]: Failed password for invalid user bitrix from 165.154.226.249 port 19506 ssh2
Jan 19 10:10:20 host sshd[11522]: Received disconnect from 165.154.226.249 port 19506:11: Bye Bye [preauth]
Jan 19 10:10:20 host sshd[11522]: Disconnected from 165.154.226.249 port 19506 [preauth]
Jan 19 10:10:56 host sshd[11640]: Invalid user panda from 129.154.210.113 port 43820
Jan 19 10:10:56 host sshd[11640]: input_userauth_request: invalid user panda [preauth]
Jan 19 10:10:56 host sshd[11640]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:10:56 host sshd[11640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.154.210.113
Jan 19 10:10:58 host sshd[11640]: Failed password for invalid user panda from 129.154.210.113 port 43820 ssh2
Jan 19 10:10:58 host sshd[11640]: Received disconnect from 129.154.210.113 port 43820:11: Bye Bye [preauth]
Jan 19 10:10:58 host sshd[11640]: Disconnected from 129.154.210.113 port 43820 [preauth]
Jan 19 10:16:58 host sshd[12643]: User root from 203.251.92.99 not allowed because not listed in AllowUsers
Jan 19 10:16:58 host sshd[12643]: input_userauth_request: invalid user root [preauth]
Jan 19 10:16:58 host unix_chkpwd[12650]: password check failed for user (root)
Jan 19 10:16:58 host sshd[12643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.251.92.99 user=root
Jan 19 10:16:58 host sshd[12643]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:17:00 host sshd[12643]: Failed password for invalid user root from 203.251.92.99 port 63300 ssh2
Jan 19 10:17:01 host unix_chkpwd[12656]: password check failed for user (root)
Jan 19 10:17:01 host sshd[12643]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:17:03 host sshd[12643]: Failed password for invalid user root from 203.251.92.99 port 63300 ssh2
Jan 19 10:17:04 host unix_chkpwd[12674]: password check failed for user (root)
Jan 19 10:17:04 host sshd[12643]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:17:06 host sshd[12643]: Failed password for invalid user root from 203.251.92.99 port 63300 ssh2
Jan 19 10:17:07 host unix_chkpwd[12680]: password check failed for user (root)
Jan 19 10:17:07 host sshd[12643]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:17:09 host sshd[12643]: Failed password for invalid user root from 203.251.92.99 port 63300 ssh2
Jan 19 10:19:26 host sshd[13030]: Invalid user user1 from 129.154.210.113 port 38582
Jan 19 10:19:26 host sshd[13030]: input_userauth_request: invalid user user1 [preauth]
Jan 19 10:19:26 host sshd[13030]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:19:26 host sshd[13030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.154.210.113
Jan 19 10:19:27 host sshd[13030]: Failed password for invalid user user1 from 129.154.210.113 port 38582 ssh2
Jan 19 10:19:28 host sshd[13030]: Received disconnect from 129.154.210.113 port 38582:11: Bye Bye [preauth]
Jan 19 10:19:28 host sshd[13030]: Disconnected from 129.154.210.113 port 38582 [preauth]
Jan 19 10:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 10:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 10:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwletsstalkfood user-2=straightcurve user-3=bonifacegroup user-4=wwwevmhonda user-5=mrsclean user-6=wwwnexidigital user-7=gifterman user-8=palco123 user-9=phmetals user-10=kottayamcalldriv user-11=wwwkapin user-12=woodpeck user-13=disposeat user-14=remysagr user-15=wwwkmaorg user-16=pmcresources user-17=vfmassets user-18=wwwtestugo user-19=shalinijames user-20=wwwpmcresource user-21=wwwrmswll user-22=wwwresourcehunte user-23=keralaholi user-24=ugotscom user-25=travelboniface user-26=cochintaxi user-27=wwwkaretakers user-28=laundryboniface user-29=dartsimp user-30=a2zgroup feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 10:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 10:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-CfvXc0Ag06cGcF3I.~
Jan 19 10:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-CfvXc0Ag06cGcF3I.~'
Jan 19 10:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-CfvXc0Ag06cGcF3I.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 10:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 10:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 10:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 10:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 10:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 10:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 10:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 10:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 10:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 10:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 10:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 10:21:23 host sshd[13716]: Invalid user ali from 129.154.210.113 port 47112
Jan 19 10:21:23 host sshd[13716]: input_userauth_request: invalid user ali [preauth]
Jan 19 10:21:23 host sshd[13716]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:21:23 host sshd[13716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.154.210.113
Jan 19 10:21:25 host sshd[13716]: Failed password for invalid user ali from 129.154.210.113 port 47112 ssh2
Jan 19 10:21:25 host sshd[13716]: Received disconnect from 129.154.210.113 port 47112:11: Bye Bye [preauth]
Jan 19 10:21:25 host sshd[13716]: Disconnected from 129.154.210.113 port 47112 [preauth]
Jan 19 10:23:40 host sshd[14100]: User root from 195.226.194.242 not allowed because not listed in AllowUsers
Jan 19 10:23:40 host sshd[14100]: input_userauth_request: invalid user root [preauth]
Jan 19 10:23:41 host unix_chkpwd[14104]: password check failed for user (root)
Jan 19 10:23:41 host sshd[14100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242 user=root
Jan 19 10:23:41 host sshd[14100]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:23:43 host sshd[14100]: Failed password for invalid user root from 195.226.194.242 port 28878 ssh2
Jan 19 10:23:43 host sshd[14100]: Received disconnect from 195.226.194.242 port 28878:11: Bye Bye [preauth]
Jan 19 10:23:43 host sshd[14100]: Disconnected from 195.226.194.242 port 28878 [preauth]
Jan 19 10:25:07 host sshd[14407]: Invalid user teamspeak from 45.224.235.24 port 58920
Jan 19 10:25:07 host sshd[14407]: input_userauth_request: invalid user teamspeak [preauth]
Jan 19 10:25:07 host sshd[14407]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:25:07 host sshd[14407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.224.235.24
Jan 19 10:25:09 host sshd[14407]: Failed password for invalid user teamspeak from 45.224.235.24 port 58920 ssh2
Jan 19 10:25:09 host sshd[14407]: Received disconnect from 45.224.235.24 port 58920:11: Bye Bye [preauth]
Jan 19 10:25:09 host sshd[14407]: Disconnected from 45.224.235.24 port 58920 [preauth]
Jan 19 10:25:10 host sshd[14424]: User root from 64.227.182.117 not allowed because not listed in AllowUsers
Jan 19 10:25:10 host sshd[14424]: input_userauth_request: invalid user root [preauth]
Jan 19 10:25:10 host unix_chkpwd[14426]: password check failed for user (root)
Jan 19 10:25:10 host sshd[14424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.182.117 user=root
Jan 19 10:25:10 host sshd[14424]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:25:13 host sshd[14424]: Failed password for invalid user root from 64.227.182.117 port 52312 ssh2
Jan 19 10:25:13 host sshd[14424]: Received disconnect from 64.227.182.117 port 52312:11: Bye Bye [preauth]
Jan 19 10:25:13 host sshd[14424]: Disconnected from 64.227.182.117 port 52312 [preauth]
Jan 19 10:25:44 host sshd[14659]: User root from 223.204.203.181 not allowed because not listed in AllowUsers
Jan 19 10:25:44 host sshd[14659]: input_userauth_request: invalid user root [preauth]
Jan 19 10:25:44 host unix_chkpwd[14664]: password check failed for user (root)
Jan 19 10:25:44 host sshd[14659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.204.203.181 user=root
Jan 19 10:25:44 host sshd[14659]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:25:46 host sshd[14659]: Failed password for invalid user root from 223.204.203.181 port 43864 ssh2
Jan 19 10:25:47 host unix_chkpwd[14670]: password check failed for user (root)
Jan 19 10:25:47 host sshd[14659]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:25:49 host sshd[14659]: Failed password for invalid user root from 223.204.203.181 port 43864 ssh2
Jan 19 10:25:49 host unix_chkpwd[14674]: password check failed for user (root)
Jan 19 10:25:49 host sshd[14659]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:25:51 host sshd[14659]: Failed password for invalid user root from 223.204.203.181 port 43864 ssh2
Jan 19 10:25:52 host sshd[14659]: Connection reset by 223.204.203.181 port 43864 [preauth]
Jan 19 10:25:52 host sshd[14659]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.204.203.181 user=root
Jan 19 10:26:24 host sshd[14819]: User root from 35.226.126.79 not allowed because not listed in AllowUsers
Jan 19 10:26:24 host sshd[14819]: input_userauth_request: invalid user root [preauth]
Jan 19 10:26:24 host unix_chkpwd[14825]: password check failed for user (root)
Jan 19 10:26:24 host sshd[14819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.226.126.79 user=root
Jan 19 10:26:24 host sshd[14819]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:26:26 host sshd[14819]: Failed password for invalid user root from 35.226.126.79 port 45364 ssh2
Jan 19 10:26:26 host sshd[14819]: Received disconnect from 35.226.126.79 port 45364:11: Bye Bye [preauth]
Jan 19 10:26:26 host sshd[14819]: Disconnected from 35.226.126.79 port 45364 [preauth]
Jan 19 10:26:31 host sshd[14860]: Invalid user installer from 159.89.85.209 port 45190
Jan 19 10:26:31 host sshd[14860]: input_userauth_request: invalid user installer [preauth]
Jan 19 10:26:31 host sshd[14860]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:26:31 host sshd[14860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.85.209
Jan 19 10:26:33 host sshd[14860]: Failed password for invalid user installer from 159.89.85.209 port 45190 ssh2
Jan 19 10:26:33 host sshd[14860]: Received disconnect from 159.89.85.209 port 45190:11: Bye Bye [preauth]
Jan 19 10:26:33 host sshd[14860]: Disconnected from 159.89.85.209 port 45190 [preauth]
Jan 19 10:26:36 host sshd[14876]: Invalid user www from 201.48.115.235 port 52826
Jan 19 10:26:36 host sshd[14876]: input_userauth_request: invalid user www [preauth]
Jan 19 10:26:36 host sshd[14876]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:26:36 host sshd[14876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.115.235
Jan 19 10:26:38 host sshd[14876]: Failed password for invalid user www from 201.48.115.235 port 52826 ssh2
Jan 19 10:26:38 host sshd[14876]: Received disconnect from 201.48.115.235 port 52826:11: Bye Bye [preauth]
Jan 19 10:26:38 host sshd[14876]: Disconnected from 201.48.115.235 port 52826 [preauth]
Jan 19 10:26:45 host sshd[14899]: Invalid user newuser from 174.138.95.43 port 41576
Jan 19 10:26:45 host sshd[14899]: input_userauth_request: invalid user newuser [preauth]
Jan 19 10:26:45 host sshd[14899]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:26:45 host sshd[14899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.95.43
Jan 19 10:26:48 host sshd[14899]: Failed password for invalid user newuser from 174.138.95.43 port 41576 ssh2
Jan 19 10:26:48 host sshd[14899]: Received disconnect from 174.138.95.43 port 41576:11: Bye Bye [preauth]
Jan 19 10:26:48 host sshd[14899]: Disconnected from 174.138.95.43 port 41576 [preauth]
Jan 19 10:28:10 host sshd[15125]: User root from 165.232.168.216 not allowed because not listed in AllowUsers
Jan 19 10:28:10 host sshd[15125]: input_userauth_request: invalid user root [preauth]
Jan 19 10:28:10 host unix_chkpwd[15128]: password check failed for user (root)
Jan 19 10:28:10 host sshd[15125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.232.168.216 user=root
Jan 19 10:28:10 host sshd[15125]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:28:12 host sshd[15125]: Failed password for invalid user root from 165.232.168.216 port 43336 ssh2
Jan 19 10:28:12 host sshd[15125]: Received disconnect from 165.232.168.216 port 43336:11: Bye Bye [preauth]
Jan 19 10:28:12 host sshd[15125]: Disconnected from 165.232.168.216 port 43336 [preauth]
Jan 19 10:29:11 host sshd[15345]: Invalid user bitrix from 103.166.103.50 port 49444
Jan 19 10:29:11 host sshd[15345]: input_userauth_request: invalid user bitrix [preauth]
Jan 19 10:29:11 host sshd[15345]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:29:11 host sshd[15345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.166.103.50
Jan 19 10:29:13 host sshd[15345]: Failed password for invalid user bitrix from 103.166.103.50 port 49444 ssh2
Jan 19 10:29:13 host sshd[15345]: Received disconnect from 103.166.103.50 port 49444:11: Bye Bye [preauth]
Jan 19 10:29:13 host sshd[15345]: Disconnected from 103.166.103.50 port 49444 [preauth]
Jan 19 10:29:15 host sshd[15359]: Invalid user ansadmin from 43.134.186.44 port 36866
Jan 19 10:29:15 host sshd[15359]: input_userauth_request: invalid user ansadmin [preauth]
Jan 19 10:29:15 host sshd[15359]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:29:15 host sshd[15359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.186.44
Jan 19 10:29:17 host sshd[15359]: Failed password for invalid user ansadmin from 43.134.186.44 port 36866 ssh2
Jan 19 10:29:17 host sshd[15359]: Received disconnect from 43.134.186.44 port 36866:11: Bye Bye [preauth]
Jan 19 10:29:17 host sshd[15359]: Disconnected from 43.134.186.44 port 36866 [preauth]
Jan 19 10:29:54 host sshd[15495]: User root from 174.138.95.43 not allowed because not listed in AllowUsers
Jan 19 10:29:54 host sshd[15495]: input_userauth_request: invalid user root [preauth]
Jan 19 10:29:54 host unix_chkpwd[15501]: password check failed for user (root)
Jan 19 10:29:54 host sshd[15495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.95.43 user=root
Jan 19 10:29:54 host sshd[15495]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:29:56 host sshd[15495]: Failed password for invalid user root from 174.138.95.43 port 53172 ssh2
Jan 19 10:29:56 host sshd[15495]: Received disconnect from 174.138.95.43 port 53172:11: Bye Bye [preauth]
Jan 19 10:29:56 host sshd[15495]: Disconnected from 174.138.95.43 port 53172 [preauth]
Jan 19 10:30:10 host sshd[15584]: Invalid user magento from 35.226.126.79 port 48306
Jan 19 10:30:10 host sshd[15584]: input_userauth_request: invalid user magento [preauth]
Jan 19 10:30:10 host sshd[15584]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:30:10 host sshd[15584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.226.126.79
Jan 19 10:30:12 host sshd[15584]: Failed password for invalid user magento from 35.226.126.79 port 48306 ssh2
Jan 19 10:30:12 host sshd[15584]: Received disconnect from 35.226.126.79 port 48306:11: Bye Bye [preauth]
Jan 19 10:30:12 host sshd[15584]: Disconnected from 35.226.126.79 port 48306 [preauth]
Jan 19 10:30:52 host sshd[15862]: User root from 201.48.115.235 not allowed because not listed in AllowUsers
Jan 19 10:30:52 host sshd[15862]: input_userauth_request: invalid user root [preauth]
Jan 19 10:30:52 host unix_chkpwd[15870]: password check failed for user (root)
Jan 19 10:30:52 host sshd[15862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.115.235 user=root
Jan 19 10:30:52 host sshd[15862]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:30:54 host sshd[15862]: Failed password for invalid user root from 201.48.115.235 port 56892 ssh2
Jan 19 10:30:55 host sshd[15862]: Received disconnect from 201.48.115.235 port 56892:11: Bye Bye [preauth]
Jan 19 10:30:55 host sshd[15862]: Disconnected from 201.48.115.235 port 56892 [preauth]
Jan 19 10:30:57 host sshd[15880]: Invalid user user2 from 159.89.85.209 port 41424
Jan 19 10:30:57 host sshd[15880]: input_userauth_request: invalid user user2 [preauth]
Jan 19 10:30:57 host sshd[15880]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:30:57 host sshd[15880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.85.209
Jan 19 10:30:59 host sshd[15880]: Failed password for invalid user user2 from 159.89.85.209 port 41424 ssh2
Jan 19 10:30:59 host sshd[15880]: Received disconnect from 159.89.85.209 port 41424:11: Bye Bye [preauth]
Jan 19 10:30:59 host sshd[15880]: Disconnected from 159.89.85.209 port 41424 [preauth]
Jan 19 10:31:01 host sshd[15929]: Invalid user usuario from 43.134.186.44 port 47008
Jan 19 10:31:01 host sshd[15929]: input_userauth_request: invalid user usuario [preauth]
Jan 19 10:31:01 host sshd[15929]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:31:01 host sshd[15929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.186.44
Jan 19 10:31:04 host sshd[15929]: Failed password for invalid user usuario from 43.134.186.44 port 47008 ssh2
Jan 19 10:31:04 host sshd[15929]: Received disconnect from 43.134.186.44 port 47008:11: Bye Bye [preauth]
Jan 19 10:31:04 host sshd[15929]: Disconnected from 43.134.186.44 port 47008 [preauth]
Jan 19 10:31:21 host sshd[16011]: Invalid user www from 45.224.235.24 port 55442
Jan 19 10:31:21 host sshd[16011]: input_userauth_request: invalid user www [preauth]
Jan 19 10:31:21 host sshd[16011]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:31:21 host sshd[16011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.224.235.24
Jan 19 10:31:23 host sshd[16011]: Failed password for invalid user www from 45.224.235.24 port 55442 ssh2
Jan 19 10:31:23 host sshd[16011]: Received disconnect from 45.224.235.24 port 55442:11: Bye Bye [preauth]
Jan 19 10:31:23 host sshd[16011]: Disconnected from 45.224.235.24 port 55442 [preauth]
Jan 19 10:31:35 host sshd[16086]: User root from 64.227.182.117 not allowed because not listed in AllowUsers
Jan 19 10:31:35 host sshd[16086]: input_userauth_request: invalid user root [preauth]
Jan 19 10:31:35 host unix_chkpwd[16088]: password check failed for user (root)
Jan 19 10:31:35 host sshd[16086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.182.117 user=root
Jan 19 10:31:35 host sshd[16086]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:31:37 host sshd[16086]: Failed password for invalid user root from 64.227.182.117 port 52084 ssh2
Jan 19 10:31:37 host sshd[16086]: Received disconnect from 64.227.182.117 port 52084:11: Bye Bye [preauth]
Jan 19 10:31:37 host sshd[16086]: Disconnected from 64.227.182.117 port 52084 [preauth]
Jan 19 10:31:44 host sshd[16152]: Invalid user radio from 165.232.168.216 port 58190
Jan 19 10:31:44 host sshd[16152]: input_userauth_request: invalid user radio [preauth]
Jan 19 10:31:44 host sshd[16152]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:31:44 host sshd[16152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.232.168.216
Jan 19 10:31:46 host sshd[16152]: Failed password for invalid user radio from 165.232.168.216 port 58190 ssh2
Jan 19 10:31:46 host sshd[16152]: Received disconnect from 165.232.168.216 port 58190:11: Bye Bye [preauth]
Jan 19 10:31:46 host sshd[16152]: Disconnected from 165.232.168.216 port 58190 [preauth]
Jan 19 10:32:01 host sshd[16241]: User root from 159.89.85.209 not allowed because not listed in AllowUsers
Jan 19 10:32:01 host sshd[16241]: input_userauth_request: invalid user root [preauth]
Jan 19 10:32:01 host unix_chkpwd[16248]: password check failed for user (root)
Jan 19 10:32:01 host sshd[16241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.85.209 user=root
Jan 19 10:32:01 host sshd[16241]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:32:03 host sshd[16241]: Failed password for invalid user root from 159.89.85.209 port 60550 ssh2
Jan 19 10:32:22 host sshd[16381]: User root from 43.134.186.44 not allowed because not listed in AllowUsers
Jan 19 10:32:22 host sshd[16381]: input_userauth_request: invalid user root [preauth]
Jan 19 10:32:22 host unix_chkpwd[16383]: password check failed for user (root)
Jan 19 10:32:22 host sshd[16381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.186.44 user=root
Jan 19 10:32:22 host sshd[16381]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:32:25 host sshd[16381]: Failed password for invalid user root from 43.134.186.44 port 34162 ssh2
Jan 19 10:32:27 host sshd[16426]: Invalid user osboxes from 103.166.103.50 port 53658
Jan 19 10:32:27 host sshd[16426]: input_userauth_request: invalid user osboxes [preauth]
Jan 19 10:32:27 host sshd[16426]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:32:27 host sshd[16426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.166.103.50
Jan 19 10:32:29 host sshd[16426]: Failed password for invalid user osboxes from 103.166.103.50 port 53658 ssh2
Jan 19 10:32:30 host sshd[16426]: Received disconnect from 103.166.103.50 port 53658:11: Bye Bye [preauth]
Jan 19 10:32:30 host sshd[16426]: Disconnected from 103.166.103.50 port 53658 [preauth]
Jan 19 10:32:45 host sshd[16505]: User root from 45.224.235.24 not allowed because not listed in AllowUsers
Jan 19 10:32:45 host sshd[16505]: input_userauth_request: invalid user root [preauth]
Jan 19 10:32:45 host unix_chkpwd[16518]: password check failed for user (root)
Jan 19 10:32:45 host sshd[16505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.224.235.24 user=root
Jan 19 10:32:45 host sshd[16505]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:32:47 host sshd[16505]: Failed password for invalid user root from 45.224.235.24 port 53940 ssh2
Jan 19 10:32:47 host sshd[16505]: Received disconnect from 45.224.235.24 port 53940:11: Bye Bye [preauth]
Jan 19 10:32:47 host sshd[16505]: Disconnected from 45.224.235.24 port 53940 [preauth]
Jan 19 10:33:05 host sshd[16601]: Invalid user telnet from 36.37.181.181 port 34680
Jan 19 10:33:05 host sshd[16601]: input_userauth_request: invalid user telnet [preauth]
Jan 19 10:33:05 host sshd[16601]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:33:05 host sshd[16601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.37.181.181
Jan 19 10:33:07 host sshd[16601]: Failed password for invalid user telnet from 36.37.181.181 port 34680 ssh2
Jan 19 10:33:07 host sshd[16601]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:33:08 host sshd[16601]: Failed password for invalid user telnet from 36.37.181.181 port 34680 ssh2
Jan 19 10:33:12 host sshd[16601]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:33:14 host sshd[16601]: Failed password for invalid user telnet from 36.37.181.181 port 34680 ssh2
Jan 19 10:33:16 host sshd[16601]: Failed password for invalid user telnet from 36.37.181.181 port 34680 ssh2
Jan 19 10:33:17 host sshd[16601]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:33:19 host sshd[16601]: Failed password for invalid user telnet from 36.37.181.181 port 34680 ssh2
Jan 19 10:33:53 host sshd[16801]: Invalid user usuario from 103.166.103.50 port 48600
Jan 19 10:33:53 host sshd[16801]: input_userauth_request: invalid user usuario [preauth]
Jan 19 10:33:53 host sshd[16801]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:33:53 host sshd[16801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.166.103.50
Jan 19 10:33:55 host sshd[16801]: Failed password for invalid user usuario from 103.166.103.50 port 48600 ssh2
Jan 19 10:33:55 host sshd[16801]: Received disconnect from 103.166.103.50 port 48600:11: Bye Bye [preauth]
Jan 19 10:33:55 host sshd[16801]: Disconnected from 103.166.103.50 port 48600 [preauth]
Jan 19 10:42:24 host sshd[18828]: Connection reset by 112.167.200.181 port 60067 [preauth]
Jan 19 10:44:19 host sshd[19212]: Invalid user es from 175.126.232.120 port 44864
Jan 19 10:44:19 host sshd[19212]: input_userauth_request: invalid user es [preauth]
Jan 19 10:44:19 host sshd[19212]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:44:19 host sshd[19212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.126.232.120
Jan 19 10:44:21 host sshd[19212]: Failed password for invalid user es from 175.126.232.120 port 44864 ssh2
Jan 19 10:44:21 host sshd[19212]: Received disconnect from 175.126.232.120 port 44864:11: Bye Bye [preauth]
Jan 19 10:44:21 host sshd[19212]: Disconnected from 175.126.232.120 port 44864 [preauth]
Jan 19 10:45:25 host sshd[19365]: User root from 188.80.228.9 not allowed because not listed in AllowUsers
Jan 19 10:45:25 host sshd[19365]: input_userauth_request: invalid user root [preauth]
Jan 19 10:45:25 host unix_chkpwd[19368]: password check failed for user (root)
Jan 19 10:45:25 host sshd[19365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.80.228.9 user=root
Jan 19 10:45:25 host sshd[19365]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:45:26 host sshd[19365]: Failed password for invalid user root from 188.80.228.9 port 59875 ssh2
Jan 19 10:45:26 host sshd[19365]: Received disconnect from 188.80.228.9 port 59875:11: Bye Bye [preauth]
Jan 19 10:45:26 host sshd[19365]: Disconnected from 188.80.228.9 port 59875 [preauth]
Jan 19 10:47:50 host sshd[19928]: Invalid user amssys from 89.134.172.107 port 44148
Jan 19 10:47:50 host sshd[19928]: input_userauth_request: invalid user amssys [preauth]
Jan 19 10:47:50 host sshd[19928]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:47:50 host sshd[19928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.134.172.107
Jan 19 10:47:52 host sshd[19928]: Failed password for invalid user amssys from 89.134.172.107 port 44148 ssh2
Jan 19 10:47:52 host sshd[19928]: Received disconnect from 89.134.172.107 port 44148:11: Bye Bye [preauth]
Jan 19 10:47:52 host sshd[19928]: Disconnected from 89.134.172.107 port 44148 [preauth]
Jan 19 10:50:46 host sshd[20432]: User root from 175.126.232.120 not allowed because not listed in AllowUsers
Jan 19 10:50:46 host sshd[20432]: input_userauth_request: invalid user root [preauth]
Jan 19 10:50:46 host unix_chkpwd[20436]: password check failed for user (root)
Jan 19 10:50:46 host sshd[20432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.126.232.120 user=root
Jan 19 10:50:46 host sshd[20432]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 10:50:48 host sshd[20432]: Failed password for invalid user root from 175.126.232.120 port 42872 ssh2
Jan 19 10:50:48 host sshd[20432]: Received disconnect from 175.126.232.120 port 42872:11: Bye Bye [preauth]
Jan 19 10:50:48 host sshd[20432]: Disconnected from 175.126.232.120 port 42872 [preauth]
Jan 19 10:50:52 host sshd[20459]: Invalid user radio from 89.134.172.107 port 50272
Jan 19 10:50:52 host sshd[20459]: input_userauth_request: invalid user radio [preauth]
Jan 19 10:50:52 host sshd[20459]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:50:52 host sshd[20459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.134.172.107
Jan 19 10:50:54 host sshd[20459]: Failed password for invalid user radio from 89.134.172.107 port 50272 ssh2
Jan 19 10:50:54 host sshd[20459]: Received disconnect from 89.134.172.107 port 50272:11: Bye Bye [preauth]
Jan 19 10:50:54 host sshd[20459]: Disconnected from 89.134.172.107 port 50272 [preauth]
Jan 19 10:51:18 host sshd[20595]: User mysql from 188.80.228.9 not allowed because not listed in AllowUsers
Jan 19 10:51:18 host sshd[20595]: input_userauth_request: invalid user mysql [preauth]
Jan 19 10:51:18 host unix_chkpwd[20600]: password check failed for user (mysql)
Jan 19 10:51:18 host sshd[20595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.80.228.9 user=mysql
Jan 19 10:51:18 host sshd[20595]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 19 10:51:20 host sshd[20595]: Failed password for invalid user mysql from 188.80.228.9 port 64818 ssh2
Jan 19 10:52:01 host sshd[20812]: Invalid user trojanuser from 89.134.172.107 port 33350
Jan 19 10:52:01 host sshd[20812]: input_userauth_request: invalid user trojanuser [preauth]
Jan 19 10:52:01 host sshd[20812]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:52:01 host sshd[20812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.134.172.107
Jan 19 10:52:03 host sshd[20812]: Failed password for invalid user trojanuser from 89.134.172.107 port 33350 ssh2
Jan 19 10:52:03 host sshd[20812]: Received disconnect from 89.134.172.107 port 33350:11: Bye Bye [preauth]
Jan 19 10:52:03 host sshd[20812]: Disconnected from 89.134.172.107 port 33350 [preauth]
Jan 19 10:52:16 host sshd[20899]: Connection reset by 59.125.184.176 port 43952 [preauth]
Jan 19 10:59:05 host sshd[22134]: Invalid user admin from 112.158.159.107 port 40573
Jan 19 10:59:05 host sshd[22134]: input_userauth_request: invalid user admin [preauth]
Jan 19 10:59:05 host sshd[22134]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:59:05 host sshd[22134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.158.159.107
Jan 19 10:59:08 host sshd[22134]: Failed password for invalid user admin from 112.158.159.107 port 40573 ssh2
Jan 19 10:59:09 host sshd[22134]: Failed password for invalid user admin from 112.158.159.107 port 40573 ssh2
Jan 19 10:59:09 host sshd[22134]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:59:11 host sshd[22134]: Failed password for invalid user admin from 112.158.159.107 port 40573 ssh2
Jan 19 10:59:12 host sshd[22134]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:59:14 host sshd[22134]: Failed password for invalid user admin from 112.158.159.107 port 40573 ssh2
Jan 19 10:59:15 host sshd[22134]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:59:16 host sshd[22134]: Failed password for invalid user admin from 112.158.159.107 port 40573 ssh2
Jan 19 10:59:17 host sshd[22134]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 10:59:19 host sshd[22134]: Failed password for invalid user admin from 112.158.159.107 port 40573 ssh2
Jan 19 10:59:19 host sshd[22134]: error: maximum authentication attempts exceeded for invalid user admin from 112.158.159.107 port 40573 ssh2 [preauth]
Jan 19 10:59:19 host sshd[22134]: Disconnecting: Too many authentication failures [preauth]
Jan 19 10:59:19 host sshd[22134]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.158.159.107
Jan 19 10:59:19 host sshd[22134]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 19 11:03:48 host sshd[23034]: Invalid user pi from 181.89.204.96 port 54260
Jan 19 11:03:48 host sshd[23034]: input_userauth_request: invalid user pi [preauth]
Jan 19 11:03:48 host sshd[23035]: Invalid user pi from 181.89.204.96 port 54264
Jan 19 11:03:48 host sshd[23035]: input_userauth_request: invalid user pi [preauth]
Jan 19 11:03:48 host sshd[23034]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:03:48 host sshd[23034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.89.204.96
Jan 19 11:03:48 host sshd[23035]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:03:48 host sshd[23035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.89.204.96
Jan 19 11:03:51 host sshd[23034]: Failed password for invalid user pi from 181.89.204.96 port 54260 ssh2
Jan 19 11:03:51 host sshd[23035]: Failed password for invalid user pi from 181.89.204.96 port 54264 ssh2
Jan 19 11:03:51 host sshd[23034]: Connection closed by 181.89.204.96 port 54260 [preauth]
Jan 19 11:03:51 host sshd[23035]: Connection closed by 181.89.204.96 port 54264 [preauth]
Jan 19 11:04:02 host sshd[23067]: Invalid user amssys from 181.206.14.42 port 36994
Jan 19 11:04:02 host sshd[23067]: input_userauth_request: invalid user amssys [preauth]
Jan 19 11:04:02 host sshd[23067]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:04:02 host sshd[23067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.206.14.42
Jan 19 11:04:04 host sshd[23067]: Failed password for invalid user amssys from 181.206.14.42 port 36994 ssh2
Jan 19 11:04:04 host sshd[23067]: Received disconnect from 181.206.14.42 port 36994:11: Bye Bye [preauth]
Jan 19 11:04:04 host sshd[23067]: Disconnected from 181.206.14.42 port 36994 [preauth]
Jan 19 11:04:05 host sshd[23084]: User root from 216.137.185.18 not allowed because not listed in AllowUsers
Jan 19 11:04:05 host sshd[23084]: input_userauth_request: invalid user root [preauth]
Jan 19 11:04:05 host unix_chkpwd[23086]: password check failed for user (root)
Jan 19 11:04:05 host sshd[23084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.137.185.18 user=root
Jan 19 11:04:05 host sshd[23084]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 11:04:07 host sshd[23084]: Failed password for invalid user root from 216.137.185.18 port 49236 ssh2
Jan 19 11:04:07 host sshd[23084]: Received disconnect from 216.137.185.18 port 49236:11: Bye Bye [preauth]
Jan 19 11:04:07 host sshd[23084]: Disconnected from 216.137.185.18 port 49236 [preauth]
Jan 19 11:04:24 host sshd[23116]: Invalid user temp from 43.129.186.111 port 41902
Jan 19 11:04:24 host sshd[23116]: input_userauth_request: invalid user temp [preauth]
Jan 19 11:04:24 host sshd[23116]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:04:24 host sshd[23116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.129.186.111
Jan 19 11:04:26 host sshd[23116]: Failed password for invalid user temp from 43.129.186.111 port 41902 ssh2
Jan 19 11:04:27 host sshd[23116]: Received disconnect from 43.129.186.111 port 41902:11: Bye Bye [preauth]
Jan 19 11:04:27 host sshd[23116]: Disconnected from 43.129.186.111 port 41902 [preauth]
Jan 19 11:04:35 host sshd[23167]: Invalid user azureuser from 46.101.249.11 port 56496
Jan 19 11:04:35 host sshd[23167]: input_userauth_request: invalid user azureuser [preauth]
Jan 19 11:04:35 host sshd[23167]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:04:35 host sshd[23167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.249.11
Jan 19 11:04:38 host sshd[23167]: Failed password for invalid user azureuser from 46.101.249.11 port 56496 ssh2
Jan 19 11:04:38 host sshd[23167]: Received disconnect from 46.101.249.11 port 56496:11: Bye Bye [preauth]
Jan 19 11:04:38 host sshd[23167]: Disconnected from 46.101.249.11 port 56496 [preauth]
Jan 19 11:05:12 host sshd[23381]: Invalid user demo from 43.240.103.140 port 58900
Jan 19 11:05:12 host sshd[23381]: input_userauth_request: invalid user demo [preauth]
Jan 19 11:05:12 host sshd[23381]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:05:12 host sshd[23381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.240.103.140
Jan 19 11:05:14 host sshd[23381]: Failed password for invalid user demo from 43.240.103.140 port 58900 ssh2
Jan 19 11:05:14 host sshd[23381]: Received disconnect from 43.240.103.140 port 58900:11: Bye Bye [preauth]
Jan 19 11:05:14 host sshd[23381]: Disconnected from 43.240.103.140 port 58900 [preauth]
Jan 19 11:05:15 host sshd[23389]: Invalid user mcserver from 130.61.228.129 port 34008
Jan 19 11:05:15 host sshd[23389]: input_userauth_request: invalid user mcserver [preauth]
Jan 19 11:05:15 host sshd[23389]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:05:15 host sshd[23389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.228.129
Jan 19 11:05:17 host sshd[23389]: Failed password for invalid user mcserver from 130.61.228.129 port 34008 ssh2
Jan 19 11:05:17 host sshd[23389]: Received disconnect from 130.61.228.129 port 34008:11: Bye Bye [preauth]
Jan 19 11:05:17 host sshd[23389]: Disconnected from 130.61.228.129 port 34008 [preauth]
Jan 19 11:05:54 host sshd[23536]: Invalid user vagrant from 213.6.118.170 port 54816
Jan 19 11:05:54 host sshd[23536]: input_userauth_request: invalid user vagrant [preauth]
Jan 19 11:05:54 host sshd[23536]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:05:54 host sshd[23536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.6.118.170
Jan 19 11:05:55 host sshd[23536]: Failed password for invalid user vagrant from 213.6.118.170 port 54816 ssh2
Jan 19 11:05:56 host sshd[23536]: Received disconnect from 213.6.118.170 port 54816:11: Bye Bye [preauth]
Jan 19 11:05:56 host sshd[23536]: Disconnected from 213.6.118.170 port 54816 [preauth]
Jan 19 11:06:13 host sshd[23575]: Invalid user int from 84.201.173.228 port 53788
Jan 19 11:06:13 host sshd[23575]: input_userauth_request: invalid user int [preauth]
Jan 19 11:06:13 host sshd[23575]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:06:13 host sshd[23575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.201.173.228
Jan 19 11:06:15 host sshd[23575]: Failed password for invalid user int from 84.201.173.228 port 53788 ssh2
Jan 19 11:06:15 host sshd[23575]: Received disconnect from 84.201.173.228 port 53788:11: Bye Bye [preauth]
Jan 19 11:06:15 host sshd[23575]: Disconnected from 84.201.173.228 port 53788 [preauth]
Jan 19 11:06:39 host sshd[23644]: Connection reset by 114.151.127.4 port 56594 [preauth]
Jan 19 11:07:09 host sshd[23711]: Invalid user gitlab from 46.101.32.38 port 35290
Jan 19 11:07:09 host sshd[23711]: input_userauth_request: invalid user gitlab [preauth]
Jan 19 11:07:09 host sshd[23711]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:07:09 host sshd[23711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.32.38
Jan 19 11:07:11 host sshd[23711]: Failed password for invalid user gitlab from 46.101.32.38 port 35290 ssh2
Jan 19 11:07:11 host sshd[23711]: Received disconnect from 46.101.32.38 port 35290:11: Bye Bye [preauth]
Jan 19 11:07:11 host sshd[23711]: Disconnected from 46.101.32.38 port 35290 [preauth]
Jan 19 11:08:00 host sshd[23875]: Invalid user gns3 from 178.128.16.206 port 45406
Jan 19 11:08:00 host sshd[23875]: input_userauth_request: invalid user gns3 [preauth]
Jan 19 11:08:00 host sshd[23875]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:08:00 host sshd[23875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.16.206
Jan 19 11:08:02 host sshd[23875]: Failed password for invalid user gns3 from 178.128.16.206 port 45406 ssh2
Jan 19 11:08:02 host sshd[23875]: Received disconnect from 178.128.16.206 port 45406:11: Bye Bye [preauth]
Jan 19 11:08:02 host sshd[23875]: Disconnected from 178.128.16.206 port 45406 [preauth]
Jan 19 11:08:28 host sshd[23962]: Invalid user sammy from 103.150.60.6 port 34996
Jan 19 11:08:28 host sshd[23962]: input_userauth_request: invalid user sammy [preauth]
Jan 19 11:08:28 host sshd[23962]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:08:28 host sshd[23962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.150.60.6
Jan 19 11:08:30 host sshd[23962]: Failed password for invalid user sammy from 103.150.60.6 port 34996 ssh2
Jan 19 11:08:30 host sshd[23962]: Received disconnect from 103.150.60.6 port 34996:11: Bye Bye [preauth]
Jan 19 11:08:30 host sshd[23962]: Disconnected from 103.150.60.6 port 34996 [preauth]
Jan 19 11:08:58 host sshd[24060]: User root from 125.137.209.111 not allowed because not listed in AllowUsers
Jan 19 11:08:58 host sshd[24060]: input_userauth_request: invalid user root [preauth]
Jan 19 11:08:58 host unix_chkpwd[24065]: password check failed for user (root)
Jan 19 11:08:58 host sshd[24060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.137.209.111 user=root
Jan 19 11:08:58 host sshd[24060]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 11:09:01 host sshd[24082]: User root from 103.146.203.217 not allowed because not listed in AllowUsers
Jan 19 11:09:01 host sshd[24082]: input_userauth_request: invalid user root [preauth]
Jan 19 11:09:01 host unix_chkpwd[24084]: password check failed for user (root)
Jan 19 11:09:01 host sshd[24060]: Failed password for invalid user root from 125.137.209.111 port 63442 ssh2
Jan 19 11:09:01 host sshd[24082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.146.203.217 user=root
Jan 19 11:09:01 host sshd[24082]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 11:09:01 host unix_chkpwd[24098]: password check failed for user (root)
Jan 19 11:09:01 host sshd[24060]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 11:09:03 host sshd[24082]: Failed password for invalid user root from 103.146.203.217 port 51884 ssh2
Jan 19 11:09:03 host sshd[24082]: Received disconnect from 103.146.203.217 port 51884:11: Bye Bye [preauth]
Jan 19 11:09:03 host sshd[24082]: Disconnected from 103.146.203.217 port 51884 [preauth]
Jan 19 11:09:03 host sshd[24060]: Failed password for invalid user root from 125.137.209.111 port 63442 ssh2
Jan 19 11:09:04 host unix_chkpwd[24109]: password check failed for user (root)
Jan 19 11:09:04 host sshd[24060]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 11:09:07 host sshd[24060]: Failed password for invalid user root from 125.137.209.111 port 63442 ssh2
Jan 19 11:10:15 host sshd[24358]: Invalid user solr from 213.6.118.170 port 56468
Jan 19 11:10:15 host sshd[24358]: input_userauth_request: invalid user solr [preauth]
Jan 19 11:10:15 host sshd[24358]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:10:15 host sshd[24358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.6.118.170
Jan 19 11:10:17 host sshd[24358]: Failed password for invalid user solr from 213.6.118.170 port 56468 ssh2
Jan 19 11:10:17 host sshd[24358]: Received disconnect from 213.6.118.170 port 56468:11: Bye Bye [preauth]
Jan 19 11:10:17 host sshd[24358]: Disconnected from 213.6.118.170 port 56468 [preauth]
Jan 19 11:10:35 host sshd[24542]: Invalid user vagrant from 84.201.173.228 port 44672
Jan 19 11:10:35 host sshd[24542]: input_userauth_request: invalid user vagrant [preauth]
Jan 19 11:10:35 host sshd[24542]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:10:35 host sshd[24542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.201.173.228
Jan 19 11:10:38 host sshd[24542]: Failed password for invalid user vagrant from 84.201.173.228 port 44672 ssh2
Jan 19 11:10:38 host sshd[24542]: Received disconnect from 84.201.173.228 port 44672:11: Bye Bye [preauth]
Jan 19 11:10:38 host sshd[24542]: Disconnected from 84.201.173.228 port 44672 [preauth]
Jan 19 11:10:54 host sshd[24568]: Invalid user john from 46.101.249.11 port 55780
Jan 19 11:10:54 host sshd[24568]: input_userauth_request: invalid user john [preauth]
Jan 19 11:10:54 host sshd[24568]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:10:54 host sshd[24568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.249.11
Jan 19 11:10:55 host sshd[24573]: User root from 190.147.33.242 not allowed because not listed in AllowUsers
Jan 19 11:10:55 host sshd[24573]: input_userauth_request: invalid user root [preauth]
Jan 19 11:10:55 host unix_chkpwd[24579]: password check failed for user (root)
Jan 19 11:10:55 host sshd[24573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.147.33.242 user=root
Jan 19 11:10:55 host sshd[24573]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 11:10:55 host sshd[24580]: Invalid user radio from 216.137.185.18 port 35260
Jan 19 11:10:55 host sshd[24580]: input_userauth_request: invalid user radio [preauth]
Jan 19 11:10:55 host sshd[24580]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:10:55 host sshd[24580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.137.185.18
Jan 19 11:10:55 host sshd[24568]: Failed password for invalid user john from 46.101.249.11 port 55780 ssh2
Jan 19 11:10:55 host sshd[24568]: Received disconnect from 46.101.249.11 port 55780:11: Bye Bye [preauth]
Jan 19 11:10:55 host sshd[24568]: Disconnected from 46.101.249.11 port 55780 [preauth]
Jan 19 11:10:56 host sshd[24573]: Failed password for invalid user root from 190.147.33.242 port 41568 ssh2
Jan 19 11:10:56 host sshd[24573]: Received disconnect from 190.147.33.242 port 41568:11: Bye Bye [preauth]
Jan 19 11:10:56 host sshd[24573]: Disconnected from 190.147.33.242 port 41568 [preauth]
Jan 19 11:10:56 host sshd[24580]: Failed password for invalid user radio from 216.137.185.18 port 35260 ssh2
Jan 19 11:10:56 host sshd[24580]: Received disconnect from 216.137.185.18 port 35260:11: Bye Bye [preauth]
Jan 19 11:10:56 host sshd[24580]: Disconnected from 216.137.185.18 port 35260 [preauth]
Jan 19 11:10:57 host sshd[24583]: Invalid user manager from 46.101.32.38 port 39866
Jan 19 11:10:57 host sshd[24583]: input_userauth_request: invalid user manager [preauth]
Jan 19 11:10:57 host sshd[24583]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:10:57 host sshd[24583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.32.38
Jan 19 11:10:59 host sshd[24583]: Failed password for invalid user manager from 46.101.32.38 port 39866 ssh2
Jan 19 11:10:59 host sshd[24583]: Received disconnect from 46.101.32.38 port 39866:11: Bye Bye [preauth]
Jan 19 11:10:59 host sshd[24583]: Disconnected from 46.101.32.38 port 39866 [preauth]
Jan 19 11:11:00 host sshd[24598]: Invalid user azureuser from 43.129.186.111 port 43500
Jan 19 11:11:00 host sshd[24598]: input_userauth_request: invalid user azureuser [preauth]
Jan 19 11:11:00 host sshd[24598]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:11:00 host sshd[24598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.129.186.111
Jan 19 11:11:01 host sshd[24629]: User root from 121.130.111.133 not allowed because not listed in AllowUsers
Jan 19 11:11:01 host sshd[24629]: input_userauth_request: invalid user root [preauth]
Jan 19 11:11:01 host unix_chkpwd[24646]: password check failed for user (root)
Jan 19 11:11:01 host sshd[24629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.130.111.133 user=root
Jan 19 11:11:01 host sshd[24629]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 11:11:02 host sshd[24598]: Failed password for invalid user azureuser from 43.129.186.111 port 43500 ssh2
Jan 19 11:11:02 host sshd[24598]: Received disconnect from 43.129.186.111 port 43500:11: Bye Bye [preauth]
Jan 19 11:11:02 host sshd[24598]: Disconnected from 43.129.186.111 port 43500 [preauth]
Jan 19 11:11:04 host sshd[24629]: Failed password for invalid user root from 121.130.111.133 port 53794 ssh2
Jan 19 11:11:04 host sshd[24629]: Received disconnect from 121.130.111.133 port 53794:11: Bye Bye [preauth]
Jan 19 11:11:04 host sshd[24629]: Disconnected from 121.130.111.133 port 53794 [preauth]
Jan 19 11:11:11 host sshd[24681]: Invalid user prueba from 103.146.203.217 port 55784
Jan 19 11:11:11 host sshd[24681]: input_userauth_request: invalid user prueba [preauth]
Jan 19 11:11:11 host sshd[24681]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:11:11 host sshd[24681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.146.203.217
Jan 19 11:11:14 host sshd[24681]: Failed password for invalid user prueba from 103.146.203.217 port 55784 ssh2
Jan 19 11:11:14 host sshd[24681]: Received disconnect from 103.146.203.217 port 55784:11: Bye Bye [preauth]
Jan 19 11:11:14 host sshd[24681]: Disconnected from 103.146.203.217 port 55784 [preauth]
Jan 19 11:11:28 host sshd[24774]: User root from 43.240.103.140 not allowed because not listed in AllowUsers
Jan 19 11:11:28 host sshd[24774]: input_userauth_request: invalid user root [preauth]
Jan 19 11:11:28 host unix_chkpwd[24777]: password check failed for user (root)
Jan 19 11:11:28 host sshd[24774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.240.103.140 user=root
Jan 19 11:11:28 host sshd[24774]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 11:11:29 host sshd[24773]: Invalid user support from 213.6.118.170 port 40848
Jan 19 11:11:29 host sshd[24773]: input_userauth_request: invalid user support [preauth]
Jan 19 11:11:29 host sshd[24773]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:11:29 host sshd[24773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.6.118.170
Jan 19 11:11:30 host sshd[24774]: Failed password for invalid user root from 43.240.103.140 port 56590 ssh2
Jan 19 11:11:30 host sshd[24774]: Received disconnect from 43.240.103.140 port 56590:11: Bye Bye [preauth]
Jan 19 11:11:30 host sshd[24774]: Disconnected from 43.240.103.140 port 56590 [preauth]
Jan 19 11:11:31 host sshd[24773]: Failed password for invalid user support from 213.6.118.170 port 40848 ssh2
Jan 19 11:11:43 host sshd[24868]: Invalid user sammy from 178.128.16.206 port 55398
Jan 19 11:11:43 host sshd[24868]: input_userauth_request: invalid user sammy [preauth]
Jan 19 11:11:43 host sshd[24868]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:11:43 host sshd[24868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.16.206
Jan 19 11:11:45 host sshd[24868]: Failed password for invalid user sammy from 178.128.16.206 port 55398 ssh2
Jan 19 11:11:45 host sshd[24868]: Received disconnect from 178.128.16.206 port 55398:11: Bye Bye [preauth]
Jan 19 11:11:45 host sshd[24868]: Disconnected from 178.128.16.206 port 55398 [preauth]
Jan 19 11:11:46 host sshd[24877]: User root from 103.150.60.6 not allowed because not listed in AllowUsers
Jan 19 11:11:46 host sshd[24877]: input_userauth_request: invalid user root [preauth]
Jan 19 11:11:46 host unix_chkpwd[24880]: password check failed for user (root)
Jan 19 11:11:46 host sshd[24877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.150.60.6 user=root
Jan 19 11:11:46 host sshd[24877]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 11:11:49 host sshd[24877]: Failed password for invalid user root from 103.150.60.6 port 43314 ssh2
Jan 19 11:11:49 host sshd[24877]: Received disconnect from 103.150.60.6 port 43314:11: Bye Bye [preauth]
Jan 19 11:11:49 host sshd[24877]: Disconnected from 103.150.60.6 port 43314 [preauth]
Jan 19 11:11:55 host sshd[24891]: Invalid user temp from 84.201.173.228 port 43430
Jan 19 11:11:55 host sshd[24891]: input_userauth_request: invalid user temp [preauth]
Jan 19 11:11:55 host sshd[24891]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:11:55 host sshd[24891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.201.173.228
Jan 19 11:11:56 host sshd[24891]: Failed password for invalid user temp from 84.201.173.228 port 43430 ssh2
Jan 19 11:11:57 host sshd[24891]: Received disconnect from 84.201.173.228 port 43430:11: Bye Bye [preauth]
Jan 19 11:11:57 host sshd[24891]: Disconnected from 84.201.173.228 port 43430 [preauth]
Jan 19 11:12:12 host sshd[24993]: Invalid user solr from 190.147.33.242 port 36104
Jan 19 11:12:12 host sshd[24993]: input_userauth_request: invalid user solr [preauth]
Jan 19 11:12:12 host sshd[24993]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:12:12 host sshd[24993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.147.33.242
Jan 19 11:12:14 host sshd[24993]: Failed password for invalid user solr from 190.147.33.242 port 36104 ssh2
Jan 19 11:12:15 host sshd[24993]: Received disconnect from 190.147.33.242 port 36104:11: Bye Bye [preauth]
Jan 19 11:12:15 host sshd[24993]: Disconnected from 190.147.33.242 port 36104 [preauth]
Jan 19 11:12:16 host sshd[25009]: Invalid user zjw from 43.129.186.111 port 38106
Jan 19 11:12:16 host sshd[25009]: input_userauth_request: invalid user zjw [preauth]
Jan 19 11:12:16 host sshd[25009]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:12:16 host sshd[25009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.129.186.111
Jan 19 11:12:18 host sshd[25009]: Failed password for invalid user zjw from 43.129.186.111 port 38106 ssh2
Jan 19 11:12:18 host sshd[25009]: Received disconnect from 43.129.186.111 port 38106:11: Bye Bye [preauth]
Jan 19 11:12:18 host sshd[25009]: Disconnected from 43.129.186.111 port 38106 [preauth]
Jan 19 11:12:20 host sshd[25015]: Invalid user manager from 46.101.249.11 port 49774
Jan 19 11:12:20 host sshd[25015]: input_userauth_request: invalid user manager [preauth]
Jan 19 11:12:20 host sshd[25015]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:12:20 host sshd[25015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.249.11
Jan 19 11:12:21 host sshd[25015]: Failed password for invalid user manager from 46.101.249.11 port 49774 ssh2
Jan 19 11:12:21 host sshd[25015]: Received disconnect from 46.101.249.11 port 49774:11: Bye Bye [preauth]
Jan 19 11:12:21 host sshd[25015]: Disconnected from 46.101.249.11 port 49774 [preauth]
Jan 19 11:12:33 host sshd[25163]: Invalid user sam from 121.130.111.133 port 39134
Jan 19 11:12:33 host sshd[25163]: input_userauth_request: invalid user sam [preauth]
Jan 19 11:12:33 host sshd[25163]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:12:33 host sshd[25163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.130.111.133
Jan 19 11:12:36 host sshd[25163]: Failed password for invalid user sam from 121.130.111.133 port 39134 ssh2
Jan 19 11:12:36 host sshd[25163]: Received disconnect from 121.130.111.133 port 39134:11: Bye Bye [preauth]
Jan 19 11:12:36 host sshd[25163]: Disconnected from 121.130.111.133 port 39134 [preauth]
Jan 19 11:12:55 host sshd[25243]: Invalid user server from 46.101.32.38 port 51770
Jan 19 11:12:55 host sshd[25243]: input_userauth_request: invalid user server [preauth]
Jan 19 11:12:55 host sshd[25243]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:12:55 host sshd[25243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.32.38
Jan 19 11:12:57 host sshd[25243]: Failed password for invalid user server from 46.101.32.38 port 51770 ssh2
Jan 19 11:12:57 host sshd[25243]: Received disconnect from 46.101.32.38 port 51770:11: Bye Bye [preauth]
Jan 19 11:12:57 host sshd[25243]: Disconnected from 46.101.32.38 port 51770 [preauth]
Jan 19 11:12:58 host sshd[25250]: Invalid user kira from 178.128.16.206 port 49772
Jan 19 11:12:58 host sshd[25250]: input_userauth_request: invalid user kira [preauth]
Jan 19 11:12:58 host sshd[25250]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:12:58 host sshd[25250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.16.206
Jan 19 11:13:00 host sshd[25250]: Failed password for invalid user kira from 178.128.16.206 port 49772 ssh2
Jan 19 11:13:00 host sshd[25250]: Received disconnect from 178.128.16.206 port 49772:11: Bye Bye [preauth]
Jan 19 11:13:00 host sshd[25250]: Disconnected from 178.128.16.206 port 49772 [preauth]
Jan 19 11:16:04 host sshd[26021]: Did not receive identification string from 167.71.166.243 port 53436
Jan 19 11:16:48 host sshd[26113]: Invalid user rapport from 205.185.113.129 port 43416
Jan 19 11:16:48 host sshd[26113]: input_userauth_request: invalid user rapport [preauth]
Jan 19 11:16:48 host sshd[26113]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:16:48 host sshd[26113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 19 11:16:49 host sshd[26113]: Failed password for invalid user rapport from 205.185.113.129 port 43416 ssh2
Jan 19 11:16:50 host sshd[26113]: Connection closed by 205.185.113.129 port 43416 [preauth]
Jan 19 11:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 11:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 11:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 11:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 11:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 11:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 11:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=kottayamcalldriv user-2=phmetals user-3=gifterman user-4=palco123 user-5=mrsclean user-6=wwwnexidigital user-7=wwwevmhonda user-8=bonifacegroup user-9=wwwletsstalkfood user-10=straightcurve user-11=wwwtestugo user-12=shalinijames user-13=vfmassets user-14=pmcresources user-15=remysagr user-16=disposeat user-17=wwwkmaorg user-18=wwwkapin user-19=woodpeck user-20=travelboniface user-21=ugotscom user-22=wwwrmswll user-23=keralaholi user-24=wwwresourcehunte user-25=wwwpmcresource user-26=dartsimp user-27=a2zgroup user-28=laundryboniface user-29=wwwkaretakers user-30=cochintaxi feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 11:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-kRLk75hwOGw8YNM9.~
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-kRLk75hwOGw8YNM9.~'
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-kRLk75hwOGw8YNM9.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 11:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 11:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 11:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 11:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 11:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 11:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 11:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 11:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 11:24:45 host sshd[27983]: User root from 121.138.91.29 not allowed because not listed in AllowUsers
Jan 19 11:24:45 host sshd[27983]: input_userauth_request: invalid user root [preauth]
Jan 19 11:24:45 host unix_chkpwd[27986]: password check failed for user (root)
Jan 19 11:24:45 host sshd[27983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.138.91.29 user=root
Jan 19 11:24:45 host sshd[27983]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 11:24:47 host sshd[27983]: Failed password for invalid user root from 121.138.91.29 port 63014 ssh2
Jan 19 11:24:48 host unix_chkpwd[27996]: password check failed for user (root)
Jan 19 11:24:48 host sshd[27983]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 11:24:50 host sshd[27983]: Failed password for invalid user root from 121.138.91.29 port 63014 ssh2
Jan 19 11:24:50 host unix_chkpwd[28002]: password check failed for user (root)
Jan 19 11:24:50 host sshd[27983]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 11:24:53 host sshd[27983]: Failed password for invalid user root from 121.138.91.29 port 63014 ssh2
Jan 19 11:25:11 host sshd[28107]: Invalid user init from 195.226.194.242 port 59258
Jan 19 11:25:11 host sshd[28107]: input_userauth_request: invalid user init [preauth]
Jan 19 11:25:11 host sshd[28107]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:25:11 host sshd[28107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 19 11:25:13 host sshd[28107]: Failed password for invalid user init from 195.226.194.242 port 59258 ssh2
Jan 19 11:25:13 host sshd[28107]: Received disconnect from 195.226.194.242 port 59258:11: Bye Bye [preauth]
Jan 19 11:25:13 host sshd[28107]: Disconnected from 195.226.194.242 port 59258 [preauth]
Jan 19 11:25:22 host sshd[28153]: Connection closed by 167.71.166.243 port 35424 [preauth]
Jan 19 11:29:27 host sshd[28996]: Invalid user amssys from 117.186.96.54 port 64474
Jan 19 11:29:27 host sshd[28996]: input_userauth_request: invalid user amssys [preauth]
Jan 19 11:29:27 host sshd[28996]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:29:27 host sshd[28996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.186.96.54
Jan 19 11:29:29 host sshd[28996]: Failed password for invalid user amssys from 117.186.96.54 port 64474 ssh2
Jan 19 11:29:29 host sshd[28996]: Received disconnect from 117.186.96.54 port 64474:11: Bye Bye [preauth]
Jan 19 11:29:29 host sshd[28996]: Disconnected from 117.186.96.54 port 64474 [preauth]
Jan 19 11:33:38 host sshd[29736]: Invalid user gj from 194.110.203.109 port 58316
Jan 19 11:33:38 host sshd[29736]: input_userauth_request: invalid user gj [preauth]
Jan 19 11:33:38 host sshd[29736]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:33:38 host sshd[29736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 11:33:40 host sshd[29736]: Failed password for invalid user gj from 194.110.203.109 port 58316 ssh2
Jan 19 11:33:43 host sshd[29736]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:33:45 host sshd[29736]: Failed password for invalid user gj from 194.110.203.109 port 58316 ssh2
Jan 19 11:33:48 host sshd[29736]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:33:51 host sshd[29736]: Failed password for invalid user gj from 194.110.203.109 port 58316 ssh2
Jan 19 11:33:54 host sshd[29736]: Connection closed by 194.110.203.109 port 58316 [preauth]
Jan 19 11:33:54 host sshd[29736]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 11:43:56 host sshd[31534]: User root from 122.117.90.144 not allowed because not listed in AllowUsers
Jan 19 11:43:56 host sshd[31534]: input_userauth_request: invalid user root [preauth]
Jan 19 11:43:56 host unix_chkpwd[31539]: password check failed for user (root)
Jan 19 11:43:56 host sshd[31534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.90.144 user=root
Jan 19 11:43:56 host sshd[31534]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 11:43:59 host sshd[31534]: Failed password for invalid user root from 122.117.90.144 port 34817 ssh2
Jan 19 11:43:59 host sshd[31534]: Connection reset by 122.117.90.144 port 34817 [preauth]
Jan 19 11:45:10 host sshd[31740]: Invalid user admin from 14.53.134.163 port 40350
Jan 19 11:45:10 host sshd[31740]: input_userauth_request: invalid user admin [preauth]
Jan 19 11:45:10 host sshd[31740]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:45:10 host sshd[31740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.53.134.163
Jan 19 11:45:12 host sshd[31740]: Failed password for invalid user admin from 14.53.134.163 port 40350 ssh2
Jan 19 11:45:13 host sshd[31740]: Failed password for invalid user admin from 14.53.134.163 port 40350 ssh2
Jan 19 11:45:13 host sshd[31740]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:45:15 host sshd[31740]: Failed password for invalid user admin from 14.53.134.163 port 40350 ssh2
Jan 19 11:45:16 host sshd[31740]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:45:18 host sshd[31740]: Failed password for invalid user admin from 14.53.134.163 port 40350 ssh2
Jan 19 11:45:19 host sshd[31740]: Connection reset by 14.53.134.163 port 40350 [preauth]
Jan 19 11:45:19 host sshd[31740]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.53.134.163
Jan 19 11:45:37 host sshd[31893]: Connection reset by 183.104.215.10 port 41276 [preauth]
Jan 19 11:47:39 host sshd[32313]: Did not receive identification string from 178.62.238.239 port 59935
Jan 19 11:47:40 host sshd[32315]: Invalid user steam from 178.62.238.239 port 60709
Jan 19 11:47:40 host sshd[32315]: input_userauth_request: invalid user steam [preauth]
Jan 19 11:47:40 host sshd[32315]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:47:40 host sshd[32315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.238.239
Jan 19 11:47:42 host sshd[32315]: Failed password for invalid user steam from 178.62.238.239 port 60709 ssh2
Jan 19 11:47:43 host sshd[32315]: Connection closed by 178.62.238.239 port 60709 [preauth]
Jan 19 11:48:12 host sshd[32391]: Invalid user solr from 117.186.96.54 port 58376
Jan 19 11:48:12 host sshd[32391]: input_userauth_request: invalid user solr [preauth]
Jan 19 11:48:12 host sshd[32391]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 11:48:12 host sshd[32391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.186.96.54
Jan 19 11:48:14 host sshd[32391]: Failed password for invalid user solr from 117.186.96.54 port 58376 ssh2
Jan 19 11:48:15 host sshd[32391]: Received disconnect from 117.186.96.54 port 58376:11: Bye Bye [preauth]
Jan 19 11:48:15 host sshd[32391]: Disconnected from 117.186.96.54 port 58376 [preauth]
Jan 19 11:52:09 host sshd[812]: Did not receive identification string from 8.219.76.192 port 61000
Jan 19 12:00:02 host sshd[2092]: User root from 117.186.96.54 not allowed because not listed in AllowUsers
Jan 19 12:00:02 host sshd[2092]: input_userauth_request: invalid user root [preauth]
Jan 19 12:00:02 host unix_chkpwd[2108]: password check failed for user (root)
Jan 19 12:00:02 host sshd[2092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.186.96.54 user=root
Jan 19 12:00:02 host sshd[2092]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 12:00:04 host sshd[2092]: Failed password for invalid user root from 117.186.96.54 port 21353 ssh2
Jan 19 12:00:05 host sshd[2092]: Received disconnect from 117.186.96.54 port 21353:11: Bye Bye [preauth]
Jan 19 12:00:05 host sshd[2092]: Disconnected from 117.186.96.54 port 21353 [preauth]
Jan 19 12:10:26 host sshd[4833]: Invalid user zyfwp from 221.165.200.53 port 62403
Jan 19 12:10:26 host sshd[4833]: input_userauth_request: invalid user zyfwp [preauth]
Jan 19 12:10:26 host sshd[4833]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:10:26 host sshd[4833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.165.200.53
Jan 19 12:10:28 host sshd[4833]: Failed password for invalid user zyfwp from 221.165.200.53 port 62403 ssh2
Jan 19 12:10:29 host sshd[4833]: Connection reset by 221.165.200.53 port 62403 [preauth]
Jan 19 12:10:30 host sshd[4862]: Invalid user admin from 59.28.194.230 port 62608
Jan 19 12:10:30 host sshd[4862]: input_userauth_request: invalid user admin [preauth]
Jan 19 12:10:30 host sshd[4862]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:10:30 host sshd[4862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.28.194.230
Jan 19 12:10:33 host sshd[4862]: Failed password for invalid user admin from 59.28.194.230 port 62608 ssh2
Jan 19 12:10:33 host sshd[4862]: Failed password for invalid user admin from 59.28.194.230 port 62608 ssh2
Jan 19 12:10:34 host sshd[4862]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:10:36 host sshd[4862]: Failed password for invalid user admin from 59.28.194.230 port 62608 ssh2
Jan 19 12:10:38 host sshd[4862]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:10:40 host sshd[4862]: Failed password for invalid user admin from 59.28.194.230 port 62608 ssh2
Jan 19 12:10:41 host sshd[4862]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:10:43 host sshd[4862]: Failed password for invalid user admin from 59.28.194.230 port 62608 ssh2
Jan 19 12:11:03 host sshd[4970]: Invalid user admin from 59.126.87.108 port 48843
Jan 19 12:11:03 host sshd[4970]: input_userauth_request: invalid user admin [preauth]
Jan 19 12:11:03 host sshd[4970]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:11:03 host sshd[4970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.87.108
Jan 19 12:11:05 host sshd[4970]: Failed password for invalid user admin from 59.126.87.108 port 48843 ssh2
Jan 19 12:11:06 host sshd[4970]: Failed password for invalid user admin from 59.126.87.108 port 48843 ssh2
Jan 19 12:11:06 host sshd[4970]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:11:09 host sshd[4970]: Failed password for invalid user admin from 59.126.87.108 port 48843 ssh2
Jan 19 12:11:10 host sshd[4970]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:11:12 host sshd[4970]: Failed password for invalid user admin from 59.126.87.108 port 48843 ssh2
Jan 19 12:11:14 host sshd[4970]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:11:15 host sshd[4970]: Failed password for invalid user admin from 59.126.87.108 port 48843 ssh2
Jan 19 12:11:17 host sshd[4970]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:11:19 host sshd[4970]: Failed password for invalid user admin from 59.126.87.108 port 48843 ssh2
Jan 19 12:11:19 host sshd[4970]: error: maximum authentication attempts exceeded for invalid user admin from 59.126.87.108 port 48843 ssh2 [preauth]
Jan 19 12:11:19 host sshd[4970]: Disconnecting: Too many authentication failures [preauth]
Jan 19 12:11:19 host sshd[4970]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.87.108
Jan 19 12:11:19 host sshd[4970]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 19 12:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 12:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 12:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 12:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=laundryboniface user-2=a2zgroup user-3=dartsimp user-4=wwwkaretakers user-5=cochintaxi user-6=ugotscom user-7=wwwresourcehunte user-8=keralaholi user-9=wwwrmswll user-10=travelboniface user-11=wwwpmcresource user-12=pmcresources user-13=shalinijames user-14=wwwtestugo user-15=vfmassets user-16=woodpeck user-17=wwwkapin user-18=disposeat user-19=wwwkmaorg user-20=remysagr user-21=wwwnexidigital user-22=mrsclean user-23=phmetals user-24=kottayamcalldriv user-25=palco123 user-26=gifterman user-27=wwwletsstalkfood user-28=straightcurve user-29=wwwevmhonda user-30=bonifacegroup feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 12:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-sbl4Cg2COJWjdcc8.~
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-sbl4Cg2COJWjdcc8.~'
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-sbl4Cg2COJWjdcc8.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 12:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 12:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 12:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 12:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 12:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 12:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 12:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 12:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 12:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 12:26:38 host sshd[7365]: Connection closed by 45.79.181.223 port 24104 [preauth]
Jan 19 12:26:40 host sshd[7371]: Connection closed by 45.79.181.223 port 37082 [preauth]
Jan 19 12:26:43 host sshd[7380]: Connection closed by 45.79.181.223 port 37096 [preauth]
Jan 19 12:27:47 host sshd[7518]: Invalid user prueba from 195.226.194.242 port 61194
Jan 19 12:27:47 host sshd[7518]: input_userauth_request: invalid user prueba [preauth]
Jan 19 12:27:47 host sshd[7518]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:27:47 host sshd[7518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 19 12:27:48 host sshd[7518]: Failed password for invalid user prueba from 195.226.194.242 port 61194 ssh2
Jan 19 12:27:48 host sshd[7518]: Received disconnect from 195.226.194.242 port 61194:11: Bye Bye [preauth]
Jan 19 12:27:48 host sshd[7518]: Disconnected from 195.226.194.242 port 61194 [preauth]
Jan 19 12:28:30 host sshd[7630]: Invalid user sFTPUser from 220.135.198.206 port 33366
Jan 19 12:28:30 host sshd[7630]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 19 12:28:30 host sshd[7630]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:28:30 host sshd[7630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.198.206
Jan 19 12:28:32 host sshd[7630]: Failed password for invalid user sFTPUser from 220.135.198.206 port 33366 ssh2
Jan 19 12:28:33 host sshd[7630]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:28:34 host sshd[7630]: Failed password for invalid user sFTPUser from 220.135.198.206 port 33366 ssh2
Jan 19 12:28:35 host sshd[7630]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:28:36 host sshd[7630]: Failed password for invalid user sFTPUser from 220.135.198.206 port 33366 ssh2
Jan 19 12:28:37 host sshd[7630]: Failed password for invalid user sFTPUser from 220.135.198.206 port 33366 ssh2
Jan 19 12:28:38 host sshd[7630]: Connection reset by 220.135.198.206 port 33366 [preauth]
Jan 19 12:28:38 host sshd[7630]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.198.206
Jan 19 12:37:09 host sshd[8893]: User root from 222.114.116.228 not allowed because not listed in AllowUsers
Jan 19 12:37:09 host sshd[8893]: input_userauth_request: invalid user root [preauth]
Jan 19 12:37:09 host unix_chkpwd[8896]: password check failed for user (root)
Jan 19 12:37:09 host sshd[8893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.114.116.228 user=root
Jan 19 12:37:09 host sshd[8893]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 12:37:11 host sshd[8893]: Failed password for invalid user root from 222.114.116.228 port 63479 ssh2
Jan 19 12:37:11 host unix_chkpwd[8899]: password check failed for user (root)
Jan 19 12:37:11 host sshd[8893]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 12:37:14 host sshd[8893]: Failed password for invalid user root from 222.114.116.228 port 63479 ssh2
Jan 19 12:39:46 host sshd[9195]: Invalid user usr from 171.250.47.132 port 57239
Jan 19 12:39:46 host sshd[9195]: input_userauth_request: invalid user usr [preauth]
Jan 19 12:39:46 host sshd[9195]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:39:46 host sshd[9195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.250.47.132
Jan 19 12:39:48 host sshd[9195]: Failed password for invalid user usr from 171.250.47.132 port 57239 ssh2
Jan 19 12:39:50 host sshd[9195]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 12:39:51 host sshd[9195]: Failed password for invalid user usr from 171.250.47.132 port 57239 ssh2
Jan 19 12:39:52 host sshd[9195]: Connection reset by 171.250.47.132 port 57239 [preauth]
Jan 19 12:39:52 host sshd[9195]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.250.47.132
Jan 19 12:58:34 host sshd[11739]: Connection closed by 188.255.125.201 port 33034 [preauth]
Jan 19 13:00:11 host sshd[12128]: Connection reset by 122.117.72.55 port 52753 [preauth]
Jan 19 13:01:01 host sshd[12235]: Invalid user pi from 125.228.183.102 port 51779
Jan 19 13:01:01 host sshd[12235]: input_userauth_request: invalid user pi [preauth]
Jan 19 13:01:01 host sshd[12235]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:01:01 host sshd[12235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.183.102
Jan 19 13:01:04 host sshd[12235]: Failed password for invalid user pi from 125.228.183.102 port 51779 ssh2
Jan 19 13:01:04 host sshd[12235]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:01:06 host sshd[12235]: Failed password for invalid user pi from 125.228.183.102 port 51779 ssh2
Jan 19 13:01:07 host sshd[12235]: Connection reset by 125.228.183.102 port 51779 [preauth]
Jan 19 13:01:07 host sshd[12235]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.183.102
Jan 19 13:02:04 host sshd[12394]: Invalid user dlxuser from 112.165.36.115 port 34586
Jan 19 13:02:04 host sshd[12394]: input_userauth_request: invalid user dlxuser [preauth]
Jan 19 13:02:04 host sshd[12394]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:02:04 host sshd[12394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.165.36.115
Jan 19 13:02:06 host sshd[12394]: Failed password for invalid user dlxuser from 112.165.36.115 port 34586 ssh2
Jan 19 13:02:08 host sshd[12394]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:02:09 host sshd[12394]: Failed password for invalid user dlxuser from 112.165.36.115 port 34586 ssh2
Jan 19 13:02:10 host sshd[12394]: Failed password for invalid user dlxuser from 112.165.36.115 port 34586 ssh2
Jan 19 13:02:11 host sshd[12394]: Connection closed by 112.165.36.115 port 34586 [preauth]
Jan 19 13:02:11 host sshd[12394]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.165.36.115
Jan 19 13:04:46 host sshd[12892]: Invalid user gitlab-runner from 112.185.172.12 port 63822
Jan 19 13:04:46 host sshd[12892]: input_userauth_request: invalid user gitlab-runner [preauth]
Jan 19 13:04:46 host sshd[12892]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:04:46 host sshd[12892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.185.172.12
Jan 19 13:04:48 host sshd[12892]: Failed password for invalid user gitlab-runner from 112.185.172.12 port 63822 ssh2
Jan 19 13:04:49 host sshd[12892]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:04:51 host sshd[12892]: Failed password for invalid user gitlab-runner from 112.185.172.12 port 63822 ssh2
Jan 19 13:04:51 host sshd[12892]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:04:53 host sshd[12892]: Failed password for invalid user gitlab-runner from 112.185.172.12 port 63822 ssh2
Jan 19 13:04:53 host sshd[12892]: Failed password for invalid user gitlab-runner from 112.185.172.12 port 63822 ssh2
Jan 19 13:04:54 host sshd[12892]: Connection closed by 112.185.172.12 port 63822 [preauth]
Jan 19 13:04:54 host sshd[12892]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.185.172.12
Jan 19 13:12:26 host sshd[13997]: Invalid user chad from 107.189.30.59 port 46388
Jan 19 13:12:26 host sshd[13997]: input_userauth_request: invalid user chad [preauth]
Jan 19 13:12:26 host sshd[13997]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:12:26 host sshd[13997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 19 13:12:28 host sshd[13997]: Failed password for invalid user chad from 107.189.30.59 port 46388 ssh2
Jan 19 13:12:29 host sshd[13997]: Connection closed by 107.189.30.59 port 46388 [preauth]
Jan 19 13:15:02 host sshd[14301]: Did not receive identification string from 180.76.135.104 port 42678
Jan 19 13:15:04 host sshd[14311]: User root from 180.76.135.104 not allowed because not listed in AllowUsers
Jan 19 13:15:04 host sshd[14311]: input_userauth_request: invalid user root [preauth]
Jan 19 13:15:05 host unix_chkpwd[14359]: password check failed for user (root)
Jan 19 13:15:05 host sshd[14311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.135.104 user=root
Jan 19 13:15:05 host sshd[14311]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 13:15:05 host sshd[14314]: Invalid user admin from 180.76.135.104 port 45008
Jan 19 13:15:05 host sshd[14314]: input_userauth_request: invalid user admin [preauth]
Jan 19 13:15:05 host sshd[14320]: Invalid user steam from 180.76.135.104 port 44976
Jan 19 13:15:05 host sshd[14320]: input_userauth_request: invalid user steam [preauth]
Jan 19 13:15:05 host sshd[14351]: Invalid user test from 180.76.135.104 port 45046
Jan 19 13:15:05 host sshd[14351]: input_userauth_request: invalid user test [preauth]
Jan 19 13:15:05 host sshd[14314]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:15:05 host sshd[14314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.135.104
Jan 19 13:15:05 host sshd[14321]: Invalid user ubuntu from 180.76.135.104 port 45044
Jan 19 13:15:05 host sshd[14321]: input_userauth_request: invalid user ubuntu [preauth]
Jan 19 13:15:05 host sshd[14320]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:15:05 host sshd[14320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.135.104
Jan 19 13:15:05 host sshd[14315]: User root from 180.76.135.104 not allowed because not listed in AllowUsers
Jan 19 13:15:05 host sshd[14315]: input_userauth_request: invalid user root [preauth]
Jan 19 13:15:06 host sshd[14321]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:15:06 host sshd[14321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.135.104
Jan 19 13:15:06 host unix_chkpwd[14361]: password check failed for user (root)
Jan 19 13:15:06 host sshd[14315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.135.104 user=root
Jan 19 13:15:06 host sshd[14315]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 13:15:06 host sshd[14309]: Invalid user oracle from 180.76.135.104 port 45048
Jan 19 13:15:06 host sshd[14309]: input_userauth_request: invalid user oracle [preauth]
Jan 19 13:15:06 host sshd[14309]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:15:06 host sshd[14309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.135.104
Jan 19 13:15:06 host sshd[14351]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:15:06 host sshd[14351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.135.104
Jan 19 13:15:06 host sshd[14312]: User root from 180.76.135.104 not allowed because not listed in AllowUsers
Jan 19 13:15:06 host sshd[14312]: input_userauth_request: invalid user root [preauth]
Jan 19 13:15:07 host unix_chkpwd[14362]: password check failed for user (root)
Jan 19 13:15:07 host sshd[14312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.135.104 user=root
Jan 19 13:15:07 host sshd[14312]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 13:15:07 host sshd[14311]: Failed password for invalid user root from 180.76.135.104 port 44994 ssh2
Jan 19 13:15:07 host sshd[14311]: Connection closed by 180.76.135.104 port 44994 [preauth]
Jan 19 13:15:07 host sshd[14314]: Failed password for invalid user admin from 180.76.135.104 port 45008 ssh2
Jan 19 13:15:07 host sshd[14320]: Failed password for invalid user steam from 180.76.135.104 port 44976 ssh2
Jan 19 13:15:08 host sshd[14314]: Connection closed by 180.76.135.104 port 45008 [preauth]
Jan 19 13:15:08 host sshd[14320]: Connection closed by 180.76.135.104 port 44976 [preauth]
Jan 19 13:15:08 host sshd[14321]: Failed password for invalid user ubuntu from 180.76.135.104 port 45044 ssh2
Jan 19 13:15:08 host sshd[14315]: Failed password for invalid user root from 180.76.135.104 port 45004 ssh2
Jan 19 13:15:08 host sshd[14346]: Invalid user ubuntu from 180.76.135.104 port 45050
Jan 19 13:15:08 host sshd[14346]: input_userauth_request: invalid user ubuntu [preauth]
Jan 19 13:15:08 host sshd[14321]: Connection closed by 180.76.135.104 port 45044 [preauth]
Jan 19 13:15:08 host sshd[14315]: Connection closed by 180.76.135.104 port 45004 [preauth]
Jan 19 13:15:08 host sshd[14346]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:15:08 host sshd[14346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.135.104
Jan 19 13:15:09 host sshd[14309]: Failed password for invalid user oracle from 180.76.135.104 port 45048 ssh2
Jan 19 13:15:09 host sshd[14351]: Failed password for invalid user test from 180.76.135.104 port 45046 ssh2
Jan 19 13:15:09 host sshd[14344]: Invalid user ubuntu from 180.76.135.104 port 45030
Jan 19 13:15:09 host sshd[14344]: input_userauth_request: invalid user ubuntu [preauth]
Jan 19 13:15:09 host sshd[14347]: Invalid user test from 180.76.135.104 port 45010
Jan 19 13:15:09 host sshd[14347]: input_userauth_request: invalid user test [preauth]
Jan 19 13:15:09 host sshd[14308]: Invalid user dmdba from 180.76.135.104 port 45032
Jan 19 13:15:09 host sshd[14308]: input_userauth_request: invalid user dmdba [preauth]
Jan 19 13:15:09 host sshd[14309]: Connection closed by 180.76.135.104 port 45048 [preauth]
Jan 19 13:15:09 host sshd[14351]: Connection closed by 180.76.135.104 port 45046 [preauth]
Jan 19 13:15:09 host sshd[14344]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:15:09 host sshd[14344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.135.104
Jan 19 13:15:09 host sshd[14347]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:15:09 host sshd[14347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.135.104
Jan 19 13:15:09 host sshd[14308]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:15:09 host sshd[14308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.135.104
Jan 19 13:15:09 host sshd[14312]: Failed password for invalid user root from 180.76.135.104 port 44978 ssh2
Jan 19 13:15:09 host sshd[14350]: Invalid user ansible from 180.76.135.104 port 45038
Jan 19 13:15:09 host sshd[14350]: input_userauth_request: invalid user ansible [preauth]
Jan 19 13:15:10 host sshd[14312]: Connection closed by 180.76.135.104 port 44978 [preauth]
Jan 19 13:15:10 host sshd[14350]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:15:10 host sshd[14350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.135.104
Jan 19 13:15:11 host sshd[14346]: Failed password for invalid user ubuntu from 180.76.135.104 port 45050 ssh2
Jan 19 13:15:11 host sshd[14344]: Failed password for invalid user ubuntu from 180.76.135.104 port 45030 ssh2
Jan 19 13:15:11 host sshd[14347]: Failed password for invalid user test from 180.76.135.104 port 45010 ssh2
Jan 19 13:15:11 host sshd[14308]: Failed password for invalid user dmdba from 180.76.135.104 port 45032 ssh2
Jan 19 13:15:12 host sshd[14350]: Failed password for invalid user ansible from 180.76.135.104 port 45038 ssh2
Jan 19 13:16:06 host sshd[14612]: Invalid user steam from 211.185.212.124 port 36496
Jan 19 13:16:06 host sshd[14612]: input_userauth_request: invalid user steam [preauth]
Jan 19 13:16:06 host sshd[14612]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:16:06 host sshd[14612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.185.212.124
Jan 19 13:16:08 host sshd[14612]: Failed password for invalid user steam from 211.185.212.124 port 36496 ssh2
Jan 19 13:16:09 host sshd[14612]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:16:10 host sshd[14612]: Failed password for invalid user steam from 211.185.212.124 port 36496 ssh2
Jan 19 13:16:12 host sshd[14612]: Failed password for invalid user steam from 211.185.212.124 port 36496 ssh2
Jan 19 13:16:12 host sshd[14612]: Connection closed by 211.185.212.124 port 36496 [preauth]
Jan 19 13:16:12 host sshd[14612]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.185.212.124
Jan 19 13:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 13:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 13:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkapin user-2=woodpeck user-3=wwwkmaorg user-4=disposeat user-5=remysagr user-6=pmcresources user-7=wwwtestugo user-8=shalinijames user-9=vfmassets user-10=straightcurve user-11=wwwletsstalkfood user-12=wwwevmhonda user-13=bonifacegroup user-14=wwwnexidigital user-15=mrsclean user-16=phmetals user-17=kottayamcalldriv user-18=gifterman user-19=palco123 user-20=cochintaxi user-21=wwwkaretakers user-22=laundryboniface user-23=dartsimp user-24=a2zgroup user-25=wwwpmcresource user-26=ugotscom user-27=wwwrmswll user-28=wwwresourcehunte user-29=keralaholi user-30=travelboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 13:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-DYaDMNRxsWCPs7f5.~
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-DYaDMNRxsWCPs7f5.~'
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-DYaDMNRxsWCPs7f5.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 13:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 13:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 13:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 13:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 13:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 13:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 13:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 13:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 13:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 13:25:22 host sshd[15993]: Invalid user gk from 194.110.203.109 port 52340
Jan 19 13:25:22 host sshd[15993]: input_userauth_request: invalid user gk [preauth]
Jan 19 13:25:22 host sshd[15993]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:25:22 host sshd[15993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 13:25:24 host sshd[15993]: Failed password for invalid user gk from 194.110.203.109 port 52340 ssh2
Jan 19 13:25:28 host sshd[15993]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:25:30 host sshd[15993]: Failed password for invalid user gk from 194.110.203.109 port 52340 ssh2
Jan 19 13:25:33 host sshd[15993]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:25:35 host sshd[15993]: Failed password for invalid user gk from 194.110.203.109 port 52340 ssh2
Jan 19 13:25:38 host sshd[15993]: Connection closed by 194.110.203.109 port 52340 [preauth]
Jan 19 13:25:38 host sshd[15993]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 13:28:54 host sshd[16577]: User root from 195.226.194.242 not allowed because not listed in AllowUsers
Jan 19 13:28:54 host sshd[16577]: input_userauth_request: invalid user root [preauth]
Jan 19 13:28:54 host unix_chkpwd[16580]: password check failed for user (root)
Jan 19 13:28:54 host sshd[16577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242 user=root
Jan 19 13:28:54 host sshd[16577]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 13:28:57 host sshd[16577]: Failed password for invalid user root from 195.226.194.242 port 23192 ssh2
Jan 19 13:28:57 host sshd[16577]: Received disconnect from 195.226.194.242 port 23192:11: Bye Bye [preauth]
Jan 19 13:28:57 host sshd[16577]: Disconnected from 195.226.194.242 port 23192 [preauth]
Jan 19 13:30:10 host sshd[16741]: Invalid user pi from 49.213.237.225 port 52796
Jan 19 13:30:10 host sshd[16741]: input_userauth_request: invalid user pi [preauth]
Jan 19 13:30:10 host sshd[16741]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:30:10 host sshd[16741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.237.225
Jan 19 13:30:12 host sshd[16741]: Failed password for invalid user pi from 49.213.237.225 port 52796 ssh2
Jan 19 13:30:14 host sshd[16741]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:30:16 host sshd[16741]: Failed password for invalid user pi from 49.213.237.225 port 52796 ssh2
Jan 19 13:30:17 host sshd[16741]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:30:19 host sshd[16741]: Failed password for invalid user pi from 49.213.237.225 port 52796 ssh2
Jan 19 13:30:20 host sshd[16741]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:30:22 host sshd[16741]: Failed password for invalid user pi from 49.213.237.225 port 52796 ssh2
Jan 19 13:30:23 host sshd[16741]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:30:25 host sshd[16741]: Failed password for invalid user pi from 49.213.237.225 port 52796 ssh2
Jan 19 13:42:39 host sshd[18596]: Invalid user keith from 209.141.56.48 port 35550
Jan 19 13:42:39 host sshd[18596]: input_userauth_request: invalid user keith [preauth]
Jan 19 13:42:39 host sshd[18596]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:42:39 host sshd[18596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 19 13:42:40 host sshd[18596]: Failed password for invalid user keith from 209.141.56.48 port 35550 ssh2
Jan 19 13:42:41 host sshd[18596]: Connection closed by 209.141.56.48 port 35550 [preauth]
Jan 19 13:43:12 host sshd[18655]: Invalid user keith from 209.141.56.48 port 55284
Jan 19 13:43:12 host sshd[18655]: input_userauth_request: invalid user keith [preauth]
Jan 19 13:43:12 host sshd[18655]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:12 host sshd[18655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 19 13:43:14 host sshd[18655]: Failed password for invalid user keith from 209.141.56.48 port 55284 ssh2
Jan 19 13:43:14 host sshd[18655]: Connection closed by 209.141.56.48 port 55284 [preauth]
Jan 19 13:43:29 host sshd[18712]: Did not receive identification string from 59.120.155.106 port 33262
Jan 19 13:43:30 host sshd[18716]: Invalid user linaro from 59.120.155.106 port 33456
Jan 19 13:43:30 host sshd[18716]: input_userauth_request: invalid user linaro [preauth]
Jan 19 13:43:30 host sshd[18714]: Invalid user guest from 59.120.155.106 port 33282
Jan 19 13:43:30 host sshd[18714]: input_userauth_request: invalid user guest [preauth]
Jan 19 13:43:30 host sshd[18718]: Invalid user posiflex from 59.120.155.106 port 33296
Jan 19 13:43:30 host sshd[18718]: input_userauth_request: invalid user posiflex [preauth]
Jan 19 13:43:30 host sshd[18719]: Invalid user git from 59.120.155.106 port 33478
Jan 19 13:43:30 host sshd[18719]: input_userauth_request: invalid user git [preauth]
Jan 19 13:43:30 host sshd[18732]: Invalid user admin from 59.120.155.106 port 33468
Jan 19 13:43:30 host sshd[18732]: input_userauth_request: invalid user admin [preauth]
Jan 19 13:43:30 host sshd[18730]: Invalid user es from 59.120.155.106 port 33560
Jan 19 13:43:30 host sshd[18730]: input_userauth_request: invalid user es [preauth]
Jan 19 13:43:30 host sshd[18722]: Invalid user test from 59.120.155.106 port 33382
Jan 19 13:43:30 host sshd[18722]: input_userauth_request: invalid user test [preauth]
Jan 19 13:43:30 host sshd[18720]: Invalid user elastic from 59.120.155.106 port 33352
Jan 19 13:43:30 host sshd[18720]: input_userauth_request: invalid user elastic [preauth]
Jan 19 13:43:30 host sshd[18737]: User mysql from 59.120.155.106 not allowed because not listed in AllowUsers
Jan 19 13:43:30 host sshd[18737]: input_userauth_request: invalid user mysql [preauth]
Jan 19 13:43:30 host sshd[18715]: Invalid user admin from 59.120.155.106 port 33534
Jan 19 13:43:30 host sshd[18715]: input_userauth_request: invalid user admin [preauth]
Jan 19 13:43:30 host sshd[18721]: Invalid user tester from 59.120.155.106 port 33418
Jan 19 13:43:30 host sshd[18721]: input_userauth_request: invalid user tester [preauth]
Jan 19 13:43:30 host sshd[18725]: Invalid user guest from 59.120.155.106 port 33576
Jan 19 13:43:30 host sshd[18725]: input_userauth_request: invalid user guest [preauth]
Jan 19 13:43:30 host sshd[18741]: Invalid user testuser from 59.120.155.106 port 33442
Jan 19 13:43:30 host sshd[18741]: input_userauth_request: invalid user testuser [preauth]
Jan 19 13:43:30 host sshd[18738]: User centos from 59.120.155.106 not allowed because not listed in AllowUsers
Jan 19 13:43:30 host sshd[18738]: input_userauth_request: invalid user centos [preauth]
Jan 19 13:43:30 host sshd[18727]: Invalid user ec2-user from 59.120.155.106 port 33264
Jan 19 13:43:30 host sshd[18734]: Invalid user dmdba from 59.120.155.106 port 33438
Jan 19 13:43:30 host sshd[18734]: input_userauth_request: invalid user dmdba [preauth]
Jan 19 13:43:30 host sshd[18727]: input_userauth_request: invalid user ec2-user [preauth]
Jan 19 13:43:30 host sshd[18713]: Invalid user steam from 59.120.155.106 port 33342
Jan 19 13:43:30 host sshd[18713]: input_userauth_request: invalid user steam [preauth]
Jan 19 13:43:30 host sshd[18740]: Invalid user user from 59.120.155.106 port 33310
Jan 19 13:43:30 host sshd[18742]: Invalid user dmdba from 59.120.155.106 port 33572
Jan 19 13:43:30 host sshd[18736]: Invalid user dockeradmin from 59.120.155.106 port 33374
Jan 19 13:43:30 host sshd[18742]: input_userauth_request: invalid user dmdba [preauth]
Jan 19 13:43:30 host sshd[18740]: input_userauth_request: invalid user user [preauth]
Jan 19 13:43:30 host sshd[18714]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18718]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18736]: input_userauth_request: invalid user dockeradmin [preauth]
Jan 19 13:43:30 host sshd[18718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18726]: Invalid user user from 59.120.155.106 port 33270
Jan 19 13:43:30 host sshd[18726]: input_userauth_request: invalid user user [preauth]
Jan 19 13:43:30 host sshd[18739]: Invalid user esuser from 59.120.155.106 port 33548
Jan 19 13:43:30 host sshd[18731]: Invalid user user from 59.120.155.106 port 33420
Jan 19 13:43:30 host sshd[18739]: input_userauth_request: invalid user esuser [preauth]
Jan 19 13:43:30 host sshd[18731]: input_userauth_request: invalid user user [preauth]
Jan 19 13:43:30 host sshd[18743]: Invalid user user from 59.120.155.106 port 33486
Jan 19 13:43:30 host sshd[18743]: input_userauth_request: invalid user user [preauth]
Jan 19 13:43:30 host sshd[18732]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18719]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18716]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18722]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18724]: Invalid user mcserver from 59.120.155.106 port 33436
Jan 19 13:43:30 host sshd[18724]: input_userauth_request: invalid user mcserver [preauth]
Jan 19 13:43:30 host sshd[18728]: Invalid user ansadmin from 59.120.155.106 port 33510
Jan 19 13:43:30 host sshd[18728]: input_userauth_request: invalid user ansadmin [preauth]
Jan 19 13:43:30 host sshd[18735]: Invalid user ftpuser from 59.120.155.106 port 33322
Jan 19 13:43:30 host sshd[18735]: input_userauth_request: invalid user ftpuser [preauth]
Jan 19 13:43:30 host sshd[18733]: Invalid user ansadmin from 59.120.155.106 port 33366
Jan 19 13:43:30 host sshd[18733]: input_userauth_request: invalid user ansadmin [preauth]
Jan 19 13:43:30 host sshd[18723]: Invalid user ubuntu from 59.120.155.106 port 33526
Jan 19 13:43:30 host sshd[18723]: input_userauth_request: invalid user ubuntu [preauth]
Jan 19 13:43:30 host sshd[18730]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18720]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host unix_chkpwd[18776]: password check failed for user (mysql)
Jan 19 13:43:30 host sshd[18737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106 user=mysql
Jan 19 13:43:30 host sshd[18737]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 19 13:43:30 host sshd[18721]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18725]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18715]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18741]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18734]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18727]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host unix_chkpwd[18780]: password check failed for user (centos)
Jan 19 13:43:30 host sshd[18738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106 user=centos
Jan 19 13:43:30 host sshd[18740]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18731]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18713]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18726]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18743]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18742]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18736]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18739]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18724]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18723]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18735]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18728]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:30 host sshd[18733]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:30 host sshd[18733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.155.106
Jan 19 13:43:32 host sshd[18714]: Failed password for invalid user guest from 59.120.155.106 port 33282 ssh2
Jan 19 13:43:32 host sshd[18718]: Failed password for invalid user posiflex from 59.120.155.106 port 33296 ssh2
Jan 19 13:43:32 host sshd[18732]: Failed password for invalid user admin from 59.120.155.106 port 33468 ssh2
Jan 19 13:43:32 host sshd[18719]: Failed password for invalid user git from 59.120.155.106 port 33478 ssh2
Jan 19 13:43:32 host sshd[18716]: Failed password for invalid user linaro from 59.120.155.106 port 33456 ssh2
Jan 19 13:43:32 host sshd[18722]: Failed password for invalid user test from 59.120.155.106 port 33382 ssh2
Jan 19 13:43:32 host sshd[18730]: Failed password for invalid user es from 59.120.155.106 port 33560 ssh2
Jan 19 13:43:32 host sshd[18720]: Failed password for invalid user elastic from 59.120.155.106 port 33352 ssh2
Jan 19 13:43:32 host sshd[18737]: Failed password for invalid user mysql from 59.120.155.106 port 33502 ssh2
Jan 19 13:43:32 host sshd[18721]: Failed password for invalid user tester from 59.120.155.106 port 33418 ssh2
Jan 19 13:43:32 host sshd[18725]: Failed password for invalid user guest from 59.120.155.106 port 33576 ssh2
Jan 19 13:43:32 host sshd[18715]: Failed password for invalid user admin from 59.120.155.106 port 33534 ssh2
Jan 19 13:43:33 host sshd[18741]: Failed password for invalid user testuser from 59.120.155.106 port 33442 ssh2
Jan 19 13:43:33 host sshd[18734]: Failed password for invalid user dmdba from 59.120.155.106 port 33438 ssh2
Jan 19 13:43:33 host sshd[18727]: Failed password for invalid user ec2-user from 59.120.155.106 port 33264 ssh2
Jan 19 13:43:33 host sshd[18738]: Failed password for invalid user centos from 59.120.155.106 port 33364 ssh2
Jan 19 13:43:33 host sshd[18740]: Failed password for invalid user user from 59.120.155.106 port 33310 ssh2
Jan 19 13:43:33 host sshd[18731]: Failed password for invalid user user from 59.120.155.106 port 33420 ssh2
Jan 19 13:43:33 host sshd[18713]: Failed password for invalid user steam from 59.120.155.106 port 33342 ssh2
Jan 19 13:43:33 host sshd[18726]: Failed password for invalid user user from 59.120.155.106 port 33270 ssh2
Jan 19 13:43:33 host sshd[18743]: Failed password for invalid user user from 59.120.155.106 port 33486 ssh2
Jan 19 13:43:33 host sshd[18742]: Failed password for invalid user dmdba from 59.120.155.106 port 33572 ssh2
Jan 19 13:43:33 host sshd[18736]: Failed password for invalid user dockeradmin from 59.120.155.106 port 33374 ssh2
Jan 19 13:43:33 host sshd[18739]: Failed password for invalid user esuser from 59.120.155.106 port 33548 ssh2
Jan 19 13:43:33 host sshd[18724]: Failed password for invalid user mcserver from 59.120.155.106 port 33436 ssh2
Jan 19 13:43:33 host sshd[18723]: Failed password for invalid user ubuntu from 59.120.155.106 port 33526 ssh2
Jan 19 13:43:33 host sshd[18735]: Failed password for invalid user ftpuser from 59.120.155.106 port 33322 ssh2
Jan 19 13:43:33 host sshd[18728]: Failed password for invalid user ansadmin from 59.120.155.106 port 33510 ssh2
Jan 19 13:43:33 host sshd[18733]: Failed password for invalid user ansadmin from 59.120.155.106 port 33366 ssh2
Jan 19 13:43:43 host sshd[18810]: Invalid user zyfwp from 152.250.50.179 port 40090
Jan 19 13:43:43 host sshd[18810]: input_userauth_request: invalid user zyfwp [preauth]
Jan 19 13:43:43 host sshd[18810]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:43 host sshd[18810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.50.179
Jan 19 13:43:46 host sshd[18810]: Failed password for invalid user zyfwp from 152.250.50.179 port 40090 ssh2
Jan 19 13:43:47 host sshd[18810]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:48 host sshd[18810]: Failed password for invalid user zyfwp from 152.250.50.179 port 40090 ssh2
Jan 19 13:43:49 host sshd[18810]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:43:51 host sshd[18810]: Failed password for invalid user zyfwp from 152.250.50.179 port 40090 ssh2
Jan 19 13:43:52 host sshd[18810]: Connection closed by 152.250.50.179 port 40090 [preauth]
Jan 19 13:43:52 host sshd[18810]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.250.50.179
Jan 19 13:50:36 host sshd[19903]: User root from 59.19.54.199 not allowed because not listed in AllowUsers
Jan 19 13:50:36 host sshd[19903]: input_userauth_request: invalid user root [preauth]
Jan 19 13:50:36 host unix_chkpwd[19922]: password check failed for user (root)
Jan 19 13:50:36 host sshd[19903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.54.199 user=root
Jan 19 13:50:36 host sshd[19903]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 13:50:37 host sshd[19919]: Invalid user admin from 138.68.176.196 port 45756
Jan 19 13:50:37 host sshd[19919]: input_userauth_request: invalid user admin [preauth]
Jan 19 13:50:37 host sshd[19919]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:50:37 host sshd[19919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.176.196
Jan 19 13:50:38 host sshd[19903]: Failed password for invalid user root from 59.19.54.199 port 41482 ssh2
Jan 19 13:50:39 host sshd[19919]: Failed password for invalid user admin from 138.68.176.196 port 45756 ssh2
Jan 19 13:50:39 host sshd[19919]: Connection closed by 138.68.176.196 port 45756 [preauth]
Jan 19 13:50:40 host unix_chkpwd[19927]: password check failed for user (root)
Jan 19 13:50:40 host sshd[19903]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 13:50:42 host sshd[19903]: Failed password for invalid user root from 59.19.54.199 port 41482 ssh2
Jan 19 13:50:42 host sshd[19903]: Connection reset by 59.19.54.199 port 41482 [preauth]
Jan 19 13:50:42 host sshd[19903]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.54.199 user=root
Jan 19 13:52:34 host sshd[20120]: Invalid user admin from 125.228.158.220 port 43089
Jan 19 13:52:34 host sshd[20120]: input_userauth_request: invalid user admin [preauth]
Jan 19 13:52:34 host sshd[20120]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:52:34 host sshd[20120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.158.220
Jan 19 13:52:36 host sshd[20120]: Failed password for invalid user admin from 125.228.158.220 port 43089 ssh2
Jan 19 13:52:37 host sshd[20120]: Failed password for invalid user admin from 125.228.158.220 port 43089 ssh2
Jan 19 13:52:38 host sshd[20120]: Connection reset by 125.228.158.220 port 43089 [preauth]
Jan 19 13:59:08 host sshd[20965]: Invalid user ubnt from 121.186.6.200 port 59128
Jan 19 13:59:08 host sshd[20965]: input_userauth_request: invalid user ubnt [preauth]
Jan 19 13:59:08 host sshd[20965]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:59:08 host sshd[20965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.6.200
Jan 19 13:59:10 host sshd[20965]: Failed password for invalid user ubnt from 121.186.6.200 port 59128 ssh2
Jan 19 13:59:15 host sshd[20972]: Invalid user bigipuser3 from 122.117.193.130 port 44141
Jan 19 13:59:15 host sshd[20972]: input_userauth_request: invalid user bigipuser3 [preauth]
Jan 19 13:59:15 host sshd[20972]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:59:15 host sshd[20972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.193.130
Jan 19 13:59:17 host sshd[20972]: Failed password for invalid user bigipuser3 from 122.117.193.130 port 44141 ssh2
Jan 19 13:59:18 host sshd[20972]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:59:20 host sshd[20972]: Failed password for invalid user bigipuser3 from 122.117.193.130 port 44141 ssh2
Jan 19 13:59:21 host sshd[20972]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 13:59:23 host sshd[20972]: Failed password for invalid user bigipuser3 from 122.117.193.130 port 44141 ssh2
Jan 19 13:59:24 host sshd[20972]: Failed password for invalid user bigipuser3 from 122.117.193.130 port 44141 ssh2
Jan 19 13:59:24 host sshd[20972]: Connection reset by 122.117.193.130 port 44141 [preauth]
Jan 19 13:59:24 host sshd[20972]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.193.130
Jan 19 14:00:19 host sshd[21226]: Invalid user sFTPUser from 114.34.150.178 port 52334
Jan 19 14:00:19 host sshd[21226]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 19 14:00:19 host sshd[21226]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:00:19 host sshd[21226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.150.178
Jan 19 14:00:21 host sshd[21226]: Failed password for invalid user sFTPUser from 114.34.150.178 port 52334 ssh2
Jan 19 14:00:22 host sshd[21226]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:00:24 host sshd[21226]: Failed password for invalid user sFTPUser from 114.34.150.178 port 52334 ssh2
Jan 19 14:00:26 host sshd[21226]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:00:28 host sshd[21226]: Failed password for invalid user sFTPUser from 114.34.150.178 port 52334 ssh2
Jan 19 14:00:29 host sshd[21226]: Failed password for invalid user sFTPUser from 114.34.150.178 port 52334 ssh2
Jan 19 14:00:30 host sshd[21226]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:00:33 host sshd[21226]: Failed password for invalid user sFTPUser from 114.34.150.178 port 52334 ssh2
Jan 19 14:08:40 host sshd[22344]: User root from 138.68.176.196 not allowed because not listed in AllowUsers
Jan 19 14:08:40 host sshd[22344]: input_userauth_request: invalid user root [preauth]
Jan 19 14:08:40 host unix_chkpwd[22347]: password check failed for user (root)
Jan 19 14:08:40 host sshd[22344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.176.196 user=root
Jan 19 14:08:40 host sshd[22344]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 14:08:43 host sshd[22344]: Failed password for invalid user root from 138.68.176.196 port 39174 ssh2
Jan 19 14:08:43 host sshd[22344]: Connection closed by 138.68.176.196 port 39174 [preauth]
Jan 19 14:08:44 host sshd[22350]: User root from 138.68.176.196 not allowed because not listed in AllowUsers
Jan 19 14:08:44 host sshd[22350]: input_userauth_request: invalid user root [preauth]
Jan 19 14:08:45 host unix_chkpwd[22353]: password check failed for user (root)
Jan 19 14:08:45 host sshd[22350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.176.196 user=root
Jan 19 14:08:45 host sshd[22350]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 14:08:46 host sshd[22350]: Failed password for invalid user root from 138.68.176.196 port 39178 ssh2
Jan 19 14:11:04 host sshd[22774]: Invalid user keith from 209.141.56.48 port 58082
Jan 19 14:11:04 host sshd[22774]: input_userauth_request: invalid user keith [preauth]
Jan 19 14:11:04 host sshd[22774]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:11:04 host sshd[22774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 19 14:11:06 host sshd[22774]: Failed password for invalid user keith from 209.141.56.48 port 58082 ssh2
Jan 19 14:11:06 host sshd[22774]: Connection closed by 209.141.56.48 port 58082 [preauth]
Jan 19 14:15:34 host sshd[23327]: Did not receive identification string from 143.198.128.123 port 49600
Jan 19 14:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 14:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 14:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 14:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 14:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 14:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=pmcresources user-2=shalinijames user-3=wwwtestugo user-4=vfmassets user-5=woodpeck user-6=wwwkapin user-7=wwwkmaorg user-8=disposeat user-9=remysagr user-10=wwwnexidigital user-11=mrsclean user-12=phmetals user-13=kottayamcalldriv user-14=palco123 user-15=gifterman user-16=straightcurve user-17=wwwletsstalkfood user-18=wwwevmhonda user-19=bonifacegroup user-20=laundryboniface user-21=a2zgroup user-22=dartsimp user-23=cochintaxi user-24=wwwkaretakers user-25=ugotscom user-26=keralaholi user-27=wwwresourcehunte user-28=wwwrmswll user-29=travelboniface user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 14:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 14:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-VxTkrVAb9b3AWFAR.~
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-VxTkrVAb9b3AWFAR.~'
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-VxTkrVAb9b3AWFAR.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 14:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 14:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 14:22:43 host sshd[24615]: Connection reset by 78.193.208.86 port 43542 [preauth]
Jan 19 14:23:35 host sshd[24709]: Invalid user hikvision from 210.186.189.33 port 47079
Jan 19 14:23:35 host sshd[24709]: input_userauth_request: invalid user hikvision [preauth]
Jan 19 14:23:35 host sshd[24709]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:23:35 host sshd[24709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.186.189.33
Jan 19 14:23:37 host sshd[24709]: Failed password for invalid user hikvision from 210.186.189.33 port 47079 ssh2
Jan 19 14:23:37 host sshd[24709]: Connection reset by 210.186.189.33 port 47079 [preauth]
Jan 19 14:30:08 host sshd[25541]: Invalid user oracle from 218.32.152.212 port 37630
Jan 19 14:30:08 host sshd[25541]: input_userauth_request: invalid user oracle [preauth]
Jan 19 14:30:08 host sshd[25541]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:30:08 host sshd[25541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.32.152.212
Jan 19 14:30:10 host sshd[25541]: Failed password for invalid user oracle from 218.32.152.212 port 37630 ssh2
Jan 19 14:30:11 host sshd[25541]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:30:14 host sshd[25541]: Failed password for invalid user oracle from 218.32.152.212 port 37630 ssh2
Jan 19 14:30:14 host sshd[25541]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:30:16 host sshd[25541]: Failed password for invalid user oracle from 218.32.152.212 port 37630 ssh2
Jan 19 14:30:17 host sshd[25541]: Failed password for invalid user oracle from 218.32.152.212 port 37630 ssh2
Jan 19 14:30:18 host sshd[25541]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:30:20 host sshd[25541]: Failed password for invalid user oracle from 218.32.152.212 port 37630 ssh2
Jan 19 14:30:21 host sshd[25541]: Connection reset by 218.32.152.212 port 37630 [preauth]
Jan 19 14:30:21 host sshd[25541]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.32.152.212
Jan 19 14:30:21 host sshd[25541]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 19 14:34:43 host sshd[26178]: Connection reset by 59.126.240.2 port 53203 [preauth]
Jan 19 14:34:55 host sshd[26196]: Invalid user from 64.62.197.49 port 40839
Jan 19 14:34:55 host sshd[26196]: input_userauth_request: invalid user [preauth]
Jan 19 14:34:59 host sshd[26196]: Connection closed by 64.62.197.49 port 40839 [preauth]
Jan 19 14:38:59 host sshd[26795]: Invalid user cpd from 116.236.41.248 port 44106
Jan 19 14:38:59 host sshd[26795]: input_userauth_request: invalid user cpd [preauth]
Jan 19 14:38:59 host sshd[26795]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:38:59 host sshd[26795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.236.41.248
Jan 19 14:39:01 host sshd[26795]: Failed password for invalid user cpd from 116.236.41.248 port 44106 ssh2
Jan 19 14:39:01 host sshd[26795]: Received disconnect from 116.236.41.248 port 44106:11: Bye Bye [preauth]
Jan 19 14:39:01 host sshd[26795]: Disconnected from 116.236.41.248 port 44106 [preauth]
Jan 19 14:40:07 host sshd[26946]: Invalid user newadmin from 59.111.231.241 port 56116
Jan 19 14:40:07 host sshd[26946]: input_userauth_request: invalid user newadmin [preauth]
Jan 19 14:40:07 host sshd[26946]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:40:07 host sshd[26946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.111.231.241
Jan 19 14:40:09 host sshd[26946]: Failed password for invalid user newadmin from 59.111.231.241 port 56116 ssh2
Jan 19 14:40:10 host sshd[26946]: Received disconnect from 59.111.231.241 port 56116:11: Bye Bye [preauth]
Jan 19 14:40:10 host sshd[26946]: Disconnected from 59.111.231.241 port 56116 [preauth]
Jan 19 14:41:24 host sshd[27196]: Invalid user cloud from 95.0.15.234 port 13807
Jan 19 14:41:24 host sshd[27196]: input_userauth_request: invalid user cloud [preauth]
Jan 19 14:41:24 host sshd[27196]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:41:24 host sshd[27196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.0.15.234
Jan 19 14:41:25 host sshd[27198]: Invalid user kafka from 190.191.23.210 port 51287
Jan 19 14:41:25 host sshd[27198]: input_userauth_request: invalid user kafka [preauth]
Jan 19 14:41:25 host sshd[27198]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:41:25 host sshd[27198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.191.23.210
Jan 19 14:41:26 host sshd[27196]: Failed password for invalid user cloud from 95.0.15.234 port 13807 ssh2
Jan 19 14:41:27 host sshd[27196]: Received disconnect from 95.0.15.234 port 13807:11: Bye Bye [preauth]
Jan 19 14:41:27 host sshd[27196]: Disconnected from 95.0.15.234 port 13807 [preauth]
Jan 19 14:41:27 host sshd[27198]: Failed password for invalid user kafka from 190.191.23.210 port 51287 ssh2
Jan 19 14:41:27 host sshd[27198]: Received disconnect from 190.191.23.210 port 51287:11: Bye Bye [preauth]
Jan 19 14:41:27 host sshd[27198]: Disconnected from 190.191.23.210 port 51287 [preauth]
Jan 19 14:41:32 host sshd[27242]: Invalid user vbird4 from 92.46.108.20 port 43898
Jan 19 14:41:32 host sshd[27242]: input_userauth_request: invalid user vbird4 [preauth]
Jan 19 14:41:32 host sshd[27242]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:41:32 host sshd[27242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.46.108.20
Jan 19 14:41:34 host sshd[27242]: Failed password for invalid user vbird4 from 92.46.108.20 port 43898 ssh2
Jan 19 14:41:34 host sshd[27242]: Connection closed by 92.46.108.20 port 43898 [preauth]
Jan 19 14:41:35 host sshd[27253]: Invalid user vagrant from 208.109.15.199 port 57404
Jan 19 14:41:35 host sshd[27253]: input_userauth_request: invalid user vagrant [preauth]
Jan 19 14:41:35 host sshd[27253]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:41:35 host sshd[27253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.109.15.199
Jan 19 14:41:37 host sshd[27253]: Failed password for invalid user vagrant from 208.109.15.199 port 57404 ssh2
Jan 19 14:41:37 host sshd[27253]: Received disconnect from 208.109.15.199 port 57404:11: Bye Bye [preauth]
Jan 19 14:41:37 host sshd[27253]: Disconnected from 208.109.15.199 port 57404 [preauth]
Jan 19 14:43:51 host sshd[27818]: Invalid user test from 43.155.140.221 port 55958
Jan 19 14:43:51 host sshd[27818]: input_userauth_request: invalid user test [preauth]
Jan 19 14:43:51 host sshd[27818]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:43:51 host sshd[27818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.155.140.221
Jan 19 14:43:53 host sshd[27818]: Failed password for invalid user test from 43.155.140.221 port 55958 ssh2
Jan 19 14:43:53 host sshd[27818]: Received disconnect from 43.155.140.221 port 55958:11: Bye Bye [preauth]
Jan 19 14:43:53 host sshd[27818]: Disconnected from 43.155.140.221 port 55958 [preauth]
Jan 19 14:45:15 host sshd[28121]: Invalid user max from 95.0.15.234 port 23403
Jan 19 14:45:15 host sshd[28121]: input_userauth_request: invalid user max [preauth]
Jan 19 14:45:15 host sshd[28121]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:45:15 host sshd[28121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.0.15.234
Jan 19 14:45:17 host sshd[28121]: Failed password for invalid user max from 95.0.15.234 port 23403 ssh2
Jan 19 14:45:17 host sshd[28121]: Received disconnect from 95.0.15.234 port 23403:11: Bye Bye [preauth]
Jan 19 14:45:17 host sshd[28121]: Disconnected from 95.0.15.234 port 23403 [preauth]
Jan 19 14:45:23 host sshd[28149]: Invalid user arkserver from 208.109.15.199 port 40014
Jan 19 14:45:23 host sshd[28149]: input_userauth_request: invalid user arkserver [preauth]
Jan 19 14:45:23 host sshd[28149]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:45:23 host sshd[28149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.109.15.199
Jan 19 14:45:25 host sshd[28149]: Failed password for invalid user arkserver from 208.109.15.199 port 40014 ssh2
Jan 19 14:45:25 host sshd[28149]: Received disconnect from 208.109.15.199 port 40014:11: Bye Bye [preauth]
Jan 19 14:45:25 host sshd[28149]: Disconnected from 208.109.15.199 port 40014 [preauth]
Jan 19 14:45:38 host sshd[28224]: Invalid user adsl from 43.155.140.221 port 42764
Jan 19 14:45:38 host sshd[28224]: input_userauth_request: invalid user adsl [preauth]
Jan 19 14:45:38 host sshd[28224]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:45:38 host sshd[28224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.155.140.221
Jan 19 14:45:40 host sshd[28224]: Failed password for invalid user adsl from 43.155.140.221 port 42764 ssh2
Jan 19 14:45:40 host sshd[28224]: Received disconnect from 43.155.140.221 port 42764:11: Bye Bye [preauth]
Jan 19 14:45:40 host sshd[28224]: Disconnected from 43.155.140.221 port 42764 [preauth]
Jan 19 14:46:00 host sshd[28284]: Invalid user jboss from 190.191.23.210 port 50407
Jan 19 14:46:00 host sshd[28284]: input_userauth_request: invalid user jboss [preauth]
Jan 19 14:46:00 host sshd[28284]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:46:00 host sshd[28284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.191.23.210
Jan 19 14:46:02 host sshd[28284]: Failed password for invalid user jboss from 190.191.23.210 port 50407 ssh2
Jan 19 14:46:03 host sshd[28284]: Received disconnect from 190.191.23.210 port 50407:11: Bye Bye [preauth]
Jan 19 14:46:03 host sshd[28284]: Disconnected from 190.191.23.210 port 50407 [preauth]
Jan 19 14:46:03 host sshd[28306]: Invalid user super from 220.135.89.182 port 33823
Jan 19 14:46:03 host sshd[28306]: input_userauth_request: invalid user super [preauth]
Jan 19 14:46:04 host sshd[28306]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:46:04 host sshd[28306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.89.182
Jan 19 14:46:05 host sshd[28306]: Failed password for invalid user super from 220.135.89.182 port 33823 ssh2
Jan 19 14:46:06 host sshd[28306]: Connection reset by 220.135.89.182 port 33823 [preauth]
Jan 19 14:46:13 host sshd[28348]: Invalid user smart from 116.236.41.248 port 44364
Jan 19 14:46:13 host sshd[28348]: input_userauth_request: invalid user smart [preauth]
Jan 19 14:46:13 host sshd[28348]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:46:13 host sshd[28348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.236.41.248
Jan 19 14:46:15 host sshd[28348]: Failed password for invalid user smart from 116.236.41.248 port 44364 ssh2
Jan 19 14:46:15 host sshd[28348]: Received disconnect from 116.236.41.248 port 44364:11: Bye Bye [preauth]
Jan 19 14:46:15 host sshd[28348]: Disconnected from 116.236.41.248 port 44364 [preauth]
Jan 19 14:46:35 host sshd[28453]: Invalid user magento from 95.0.15.234 port 16364
Jan 19 14:46:35 host sshd[28453]: input_userauth_request: invalid user magento [preauth]
Jan 19 14:46:35 host sshd[28453]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:46:35 host sshd[28453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.0.15.234
Jan 19 14:46:38 host sshd[28453]: Failed password for invalid user magento from 95.0.15.234 port 16364 ssh2
Jan 19 14:46:38 host sshd[28453]: Received disconnect from 95.0.15.234 port 16364:11: Bye Bye [preauth]
Jan 19 14:46:38 host sshd[28453]: Disconnected from 95.0.15.234 port 16364 [preauth]
Jan 19 14:46:42 host sshd[28508]: Invalid user teamspeak3 from 208.109.15.199 port 34600
Jan 19 14:46:42 host sshd[28508]: input_userauth_request: invalid user teamspeak3 [preauth]
Jan 19 14:46:42 host sshd[28508]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:46:42 host sshd[28508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.109.15.199
Jan 19 14:46:45 host sshd[28508]: Failed password for invalid user teamspeak3 from 208.109.15.199 port 34600 ssh2
Jan 19 14:47:01 host sshd[28595]: Invalid user ts2 from 43.155.140.221 port 49960
Jan 19 14:47:01 host sshd[28595]: input_userauth_request: invalid user ts2 [preauth]
Jan 19 14:47:01 host sshd[28595]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:47:01 host sshd[28595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.155.140.221
Jan 19 14:47:03 host sshd[28595]: Failed password for invalid user ts2 from 43.155.140.221 port 49960 ssh2
Jan 19 14:47:03 host sshd[28595]: Received disconnect from 43.155.140.221 port 49960:11: Bye Bye [preauth]
Jan 19 14:47:03 host sshd[28595]: Disconnected from 43.155.140.221 port 49960 [preauth]
Jan 19 14:47:10 host sshd[28762]: Invalid user remote from 116.236.41.248 port 32924
Jan 19 14:47:10 host sshd[28762]: input_userauth_request: invalid user remote [preauth]
Jan 19 14:47:10 host sshd[28762]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:47:10 host sshd[28762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.236.41.248
Jan 19 14:47:12 host sshd[28762]: Failed password for invalid user remote from 116.236.41.248 port 32924 ssh2
Jan 19 14:47:12 host sshd[28762]: Received disconnect from 116.236.41.248 port 32924:11: Bye Bye [preauth]
Jan 19 14:47:12 host sshd[28762]: Disconnected from 116.236.41.248 port 32924 [preauth]
Jan 19 14:48:15 host sshd[29005]: Invalid user ts3server from 190.191.23.210 port 48968
Jan 19 14:48:15 host sshd[29005]: input_userauth_request: invalid user ts3server [preauth]
Jan 19 14:48:15 host sshd[29005]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:48:15 host sshd[29005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.191.23.210
Jan 19 14:48:17 host sshd[29005]: Failed password for invalid user ts3server from 190.191.23.210 port 48968 ssh2
Jan 19 14:48:17 host sshd[29005]: Received disconnect from 190.191.23.210 port 48968:11: Bye Bye [preauth]
Jan 19 14:48:17 host sshd[29005]: Disconnected from 190.191.23.210 port 48968 [preauth]
Jan 19 14:48:59 host sshd[29198]: Invalid user tmax from 59.111.231.241 port 51012
Jan 19 14:48:59 host sshd[29198]: input_userauth_request: invalid user tmax [preauth]
Jan 19 14:48:59 host sshd[29198]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:48:59 host sshd[29198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.111.231.241
Jan 19 14:49:01 host sshd[29198]: Failed password for invalid user tmax from 59.111.231.241 port 51012 ssh2
Jan 19 14:49:01 host sshd[29198]: Received disconnect from 59.111.231.241 port 51012:11: Bye Bye [preauth]
Jan 19 14:49:01 host sshd[29198]: Disconnected from 59.111.231.241 port 51012 [preauth]
Jan 19 14:49:34 host sshd[29315]: Invalid user jboss from 59.111.231.241 port 59796
Jan 19 14:49:34 host sshd[29315]: input_userauth_request: invalid user jboss [preauth]
Jan 19 14:49:34 host sshd[29315]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 14:49:34 host sshd[29315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.111.231.241
Jan 19 14:49:37 host sshd[29315]: Failed password for invalid user jboss from 59.111.231.241 port 59796 ssh2
Jan 19 14:49:37 host sshd[29315]: Received disconnect from 59.111.231.241 port 59796:11: Bye Bye [preauth]
Jan 19 14:49:37 host sshd[29315]: Disconnected from 59.111.231.241 port 59796 [preauth]
Jan 19 14:49:45 host sshd[29367]: Did not receive identification string from 206.189.23.129 port 61000
Jan 19 15:02:41 host sshd[31528]: User root from 195.226.194.242 not allowed because not listed in AllowUsers
Jan 19 15:02:41 host sshd[31528]: input_userauth_request: invalid user root [preauth]
Jan 19 15:02:42 host unix_chkpwd[31531]: password check failed for user (root)
Jan 19 15:02:42 host sshd[31528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242 user=root
Jan 19 15:02:42 host sshd[31528]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 15:02:43 host sshd[31528]: Failed password for invalid user root from 195.226.194.242 port 18132 ssh2
Jan 19 15:02:44 host sshd[31528]: Received disconnect from 195.226.194.242 port 18132:11: Bye Bye [preauth]
Jan 19 15:02:44 host sshd[31528]: Disconnected from 195.226.194.242 port 18132 [preauth]
Jan 19 15:09:06 host sshd[32599]: Invalid user celery from 139.59.23.154 port 45296
Jan 19 15:09:06 host sshd[32599]: input_userauth_request: invalid user celery [preauth]
Jan 19 15:09:06 host sshd[32599]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:09:06 host sshd[32599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.23.154
Jan 19 15:09:08 host sshd[32599]: Failed password for invalid user celery from 139.59.23.154 port 45296 ssh2
Jan 19 15:09:08 host sshd[32599]: Received disconnect from 139.59.23.154 port 45296:11: Bye Bye [preauth]
Jan 19 15:09:08 host sshd[32599]: Disconnected from 139.59.23.154 port 45296 [preauth]
Jan 19 15:09:22 host sshd[32618]: Invalid user admin from 73.248.213.94 port 55422
Jan 19 15:09:22 host sshd[32618]: input_userauth_request: invalid user admin [preauth]
Jan 19 15:09:22 host sshd[32618]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:09:22 host sshd[32618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=73.248.213.94
Jan 19 15:09:23 host sshd[32618]: Failed password for invalid user admin from 73.248.213.94 port 55422 ssh2
Jan 19 15:09:24 host sshd[32618]: Failed password for invalid user admin from 73.248.213.94 port 55422 ssh2
Jan 19 15:09:24 host sshd[32618]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:09:27 host sshd[32618]: Failed password for invalid user admin from 73.248.213.94 port 55422 ssh2
Jan 19 15:09:27 host sshd[32618]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:09:29 host sshd[32618]: Failed password for invalid user admin from 73.248.213.94 port 55422 ssh2
Jan 19 15:09:32 host sshd[32618]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:09:34 host sshd[32618]: Failed password for invalid user admin from 73.248.213.94 port 55422 ssh2
Jan 19 15:09:44 host sshd[32706]: Invalid user soporte from 46.105.29.159 port 58222
Jan 19 15:09:44 host sshd[32706]: input_userauth_request: invalid user soporte [preauth]
Jan 19 15:09:44 host sshd[32706]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:09:44 host sshd[32706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.105.29.159
Jan 19 15:09:46 host sshd[32706]: Failed password for invalid user soporte from 46.105.29.159 port 58222 ssh2
Jan 19 15:09:46 host sshd[32706]: Received disconnect from 46.105.29.159 port 58222:11: Bye Bye [preauth]
Jan 19 15:09:46 host sshd[32706]: Disconnected from 46.105.29.159 port 58222 [preauth]
Jan 19 15:09:47 host sshd[32710]: Connection reset by 125.229.130.156 port 41352 [preauth]
Jan 19 15:10:20 host sshd[355]: Invalid user jason from 176.10.207.140 port 36628
Jan 19 15:10:20 host sshd[355]: input_userauth_request: invalid user jason [preauth]
Jan 19 15:10:20 host sshd[355]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:10:20 host sshd[355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.10.207.140
Jan 19 15:10:23 host sshd[355]: Failed password for invalid user jason from 176.10.207.140 port 36628 ssh2
Jan 19 15:10:23 host sshd[355]: Received disconnect from 176.10.207.140 port 36628:11: Bye Bye [preauth]
Jan 19 15:10:23 host sshd[355]: Disconnected from 176.10.207.140 port 36628 [preauth]
Jan 19 15:11:06 host sshd[472]: Invalid user celery from 50.193.220.21 port 40660
Jan 19 15:11:06 host sshd[472]: input_userauth_request: invalid user celery [preauth]
Jan 19 15:11:06 host sshd[472]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:11:06 host sshd[472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.193.220.21
Jan 19 15:11:08 host sshd[472]: Failed password for invalid user celery from 50.193.220.21 port 40660 ssh2
Jan 19 15:11:08 host sshd[472]: Received disconnect from 50.193.220.21 port 40660:11: Bye Bye [preauth]
Jan 19 15:11:08 host sshd[472]: Disconnected from 50.193.220.21 port 40660 [preauth]
Jan 19 15:13:03 host sshd[745]: Invalid user elastic from 165.227.140.53 port 54546
Jan 19 15:13:03 host sshd[745]: input_userauth_request: invalid user elastic [preauth]
Jan 19 15:13:03 host sshd[745]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:13:03 host sshd[745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.140.53
Jan 19 15:13:05 host sshd[745]: Failed password for invalid user elastic from 165.227.140.53 port 54546 ssh2
Jan 19 15:13:06 host sshd[745]: Received disconnect from 165.227.140.53 port 54546:11: Bye Bye [preauth]
Jan 19 15:13:06 host sshd[745]: Disconnected from 165.227.140.53 port 54546 [preauth]
Jan 19 15:13:46 host sshd[940]: Invalid user jupyter from 165.154.224.80 port 39360
Jan 19 15:13:46 host sshd[940]: input_userauth_request: invalid user jupyter [preauth]
Jan 19 15:13:46 host sshd[940]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:13:46 host sshd[940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.224.80
Jan 19 15:13:48 host sshd[940]: Failed password for invalid user jupyter from 165.154.224.80 port 39360 ssh2
Jan 19 15:13:48 host sshd[940]: Received disconnect from 165.154.224.80 port 39360:11: Bye Bye [preauth]
Jan 19 15:13:48 host sshd[940]: Disconnected from 165.154.224.80 port 39360 [preauth]
Jan 19 15:13:59 host sshd[965]: Invalid user sam from 122.168.194.41 port 54870
Jan 19 15:13:59 host sshd[965]: input_userauth_request: invalid user sam [preauth]
Jan 19 15:13:59 host sshd[965]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:13:59 host sshd[965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.168.194.41
Jan 19 15:14:02 host sshd[965]: Failed password for invalid user sam from 122.168.194.41 port 54870 ssh2
Jan 19 15:14:02 host sshd[965]: Received disconnect from 122.168.194.41 port 54870:11: Bye Bye [preauth]
Jan 19 15:14:02 host sshd[965]: Disconnected from 122.168.194.41 port 54870 [preauth]
Jan 19 15:14:13 host sshd[993]: Invalid user sinusbot from 176.10.207.140 port 33068
Jan 19 15:14:13 host sshd[993]: input_userauth_request: invalid user sinusbot [preauth]
Jan 19 15:14:13 host sshd[993]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:14:13 host sshd[993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.10.207.140
Jan 19 15:14:16 host sshd[993]: Failed password for invalid user sinusbot from 176.10.207.140 port 33068 ssh2
Jan 19 15:14:16 host sshd[993]: Received disconnect from 176.10.207.140 port 33068:11: Bye Bye [preauth]
Jan 19 15:14:16 host sshd[993]: Disconnected from 176.10.207.140 port 33068 [preauth]
Jan 19 15:14:35 host sshd[1044]: Invalid user virl from 46.105.29.159 port 44974
Jan 19 15:14:35 host sshd[1044]: input_userauth_request: invalid user virl [preauth]
Jan 19 15:14:35 host sshd[1044]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:14:35 host sshd[1044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.105.29.159
Jan 19 15:14:37 host sshd[1044]: Failed password for invalid user virl from 46.105.29.159 port 44974 ssh2
Jan 19 15:14:38 host sshd[1044]: Received disconnect from 46.105.29.159 port 44974:11: Bye Bye [preauth]
Jan 19 15:14:38 host sshd[1044]: Disconnected from 46.105.29.159 port 44974 [preauth]
Jan 19 15:14:43 host sshd[1061]: Invalid user redis from 187.243.248.114 port 48720
Jan 19 15:14:43 host sshd[1061]: input_userauth_request: invalid user redis [preauth]
Jan 19 15:14:43 host sshd[1061]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:14:43 host sshd[1061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.243.248.114
Jan 19 15:14:45 host sshd[1061]: Failed password for invalid user redis from 187.243.248.114 port 48720 ssh2
Jan 19 15:14:46 host sshd[1061]: Received disconnect from 187.243.248.114 port 48720:11: Bye Bye [preauth]
Jan 19 15:14:46 host sshd[1061]: Disconnected from 187.243.248.114 port 48720 [preauth]
Jan 19 15:14:47 host sshd[1067]: Invalid user tom from 50.193.220.21 port 55948
Jan 19 15:14:47 host sshd[1067]: input_userauth_request: invalid user tom [preauth]
Jan 19 15:14:47 host sshd[1067]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:14:47 host sshd[1067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.193.220.21
Jan 19 15:14:49 host sshd[1067]: Failed password for invalid user tom from 50.193.220.21 port 55948 ssh2
Jan 19 15:14:49 host sshd[1067]: Received disconnect from 50.193.220.21 port 55948:11: Bye Bye [preauth]
Jan 19 15:14:49 host sshd[1067]: Disconnected from 50.193.220.21 port 55948 [preauth]
Jan 19 15:15:25 host sshd[1156]: Invalid user alice from 176.10.207.140 port 57498
Jan 19 15:15:25 host sshd[1156]: input_userauth_request: invalid user alice [preauth]
Jan 19 15:15:25 host sshd[1156]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:15:25 host sshd[1156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.10.207.140
Jan 19 15:15:27 host sshd[1156]: Failed password for invalid user alice from 176.10.207.140 port 57498 ssh2
Jan 19 15:15:27 host sshd[1156]: Received disconnect from 176.10.207.140 port 57498:11: Bye Bye [preauth]
Jan 19 15:15:27 host sshd[1156]: Disconnected from 176.10.207.140 port 57498 [preauth]
Jan 19 15:15:42 host sshd[1252]: Invalid user jason from 122.168.194.41 port 33626
Jan 19 15:15:42 host sshd[1252]: input_userauth_request: invalid user jason [preauth]
Jan 19 15:15:42 host sshd[1252]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:15:42 host sshd[1252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.168.194.41
Jan 19 15:15:44 host sshd[1252]: Failed password for invalid user jason from 122.168.194.41 port 33626 ssh2
Jan 19 15:15:44 host sshd[1252]: Received disconnect from 122.168.194.41 port 33626:11: Bye Bye [preauth]
Jan 19 15:15:44 host sshd[1252]: Disconnected from 122.168.194.41 port 33626 [preauth]
Jan 19 15:15:45 host sshd[1259]: Invalid user demo from 46.105.29.159 port 40432
Jan 19 15:15:45 host sshd[1259]: input_userauth_request: invalid user demo [preauth]
Jan 19 15:15:45 host sshd[1259]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:15:45 host sshd[1259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.105.29.159
Jan 19 15:15:47 host sshd[1259]: Failed password for invalid user demo from 46.105.29.159 port 40432 ssh2
Jan 19 15:15:47 host sshd[1259]: Received disconnect from 46.105.29.159 port 40432:11: Bye Bye [preauth]
Jan 19 15:15:47 host sshd[1259]: Disconnected from 46.105.29.159 port 40432 [preauth]
Jan 19 15:15:47 host sshd[1265]: Invalid user cashier from 165.154.224.80 port 14850
Jan 19 15:15:47 host sshd[1265]: input_userauth_request: invalid user cashier [preauth]
Jan 19 15:15:47 host sshd[1265]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:15:47 host sshd[1265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.224.80
Jan 19 15:15:49 host sshd[1265]: Failed password for invalid user cashier from 165.154.224.80 port 14850 ssh2
Jan 19 15:15:49 host sshd[1265]: Received disconnect from 165.154.224.80 port 14850:11: Bye Bye [preauth]
Jan 19 15:15:49 host sshd[1265]: Disconnected from 165.154.224.80 port 14850 [preauth]
Jan 19 15:15:58 host sshd[1316]: Invalid user vss from 50.193.220.21 port 54738
Jan 19 15:15:58 host sshd[1316]: input_userauth_request: invalid user vss [preauth]
Jan 19 15:15:58 host sshd[1316]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:15:58 host sshd[1316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.193.220.21
Jan 19 15:15:59 host sshd[1316]: Failed password for invalid user vss from 50.193.220.21 port 54738 ssh2
Jan 19 15:16:15 host sshd[1395]: Invalid user gl from 194.110.203.109 port 51446
Jan 19 15:16:15 host sshd[1395]: input_userauth_request: invalid user gl [preauth]
Jan 19 15:16:15 host sshd[1395]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:16:15 host sshd[1395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 15:16:16 host sshd[1395]: Failed password for invalid user gl from 194.110.203.109 port 51446 ssh2
Jan 19 15:16:20 host sshd[1395]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:16:22 host sshd[1395]: Failed password for invalid user gl from 194.110.203.109 port 51446 ssh2
Jan 19 15:16:25 host sshd[1395]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:16:25 host sshd[1414]: Invalid user admin1 from 187.243.248.114 port 55124
Jan 19 15:16:25 host sshd[1414]: input_userauth_request: invalid user admin1 [preauth]
Jan 19 15:16:25 host sshd[1414]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:16:25 host sshd[1414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.243.248.114
Jan 19 15:16:28 host sshd[1395]: Failed password for invalid user gl from 194.110.203.109 port 51446 ssh2
Jan 19 15:16:28 host sshd[1414]: Failed password for invalid user admin1 from 187.243.248.114 port 55124 ssh2
Jan 19 15:16:28 host sshd[1414]: Received disconnect from 187.243.248.114 port 55124:11: Bye Bye [preauth]
Jan 19 15:16:28 host sshd[1414]: Disconnected from 187.243.248.114 port 55124 [preauth]
Jan 19 15:16:31 host sshd[1395]: Connection closed by 194.110.203.109 port 51446 [preauth]
Jan 19 15:16:31 host sshd[1395]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 15:16:39 host sshd[1468]: Invalid user jeremy from 139.59.23.154 port 48442
Jan 19 15:16:39 host sshd[1468]: input_userauth_request: invalid user jeremy [preauth]
Jan 19 15:16:39 host sshd[1468]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:16:39 host sshd[1468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.23.154
Jan 19 15:16:40 host sshd[1460]: Invalid user kali from 165.227.140.53 port 51720
Jan 19 15:16:40 host sshd[1460]: input_userauth_request: invalid user kali [preauth]
Jan 19 15:16:40 host sshd[1460]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:16:40 host sshd[1460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.140.53
Jan 19 15:16:41 host sshd[1460]: Failed password for invalid user kali from 165.227.140.53 port 51720 ssh2
Jan 19 15:16:42 host sshd[1460]: Received disconnect from 165.227.140.53 port 51720:11: Bye Bye [preauth]
Jan 19 15:16:42 host sshd[1460]: Disconnected from 165.227.140.53 port 51720 [preauth]
Jan 19 15:16:42 host sshd[1468]: Failed password for invalid user jeremy from 139.59.23.154 port 48442 ssh2
Jan 19 15:16:42 host sshd[1468]: Received disconnect from 139.59.23.154 port 48442:11: Bye Bye [preauth]
Jan 19 15:16:42 host sshd[1468]: Disconnected from 139.59.23.154 port 48442 [preauth]
Jan 19 15:17:08 host sshd[1526]: Invalid user web from 122.168.194.41 port 50846
Jan 19 15:17:08 host sshd[1526]: input_userauth_request: invalid user web [preauth]
Jan 19 15:17:08 host sshd[1526]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:17:08 host sshd[1526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.168.194.41
Jan 19 15:17:11 host sshd[1526]: Failed password for invalid user web from 122.168.194.41 port 50846 ssh2
Jan 19 15:17:23 host sshd[1593]: Invalid user tech from 165.154.224.80 port 41862
Jan 19 15:17:23 host sshd[1593]: input_userauth_request: invalid user tech [preauth]
Jan 19 15:17:23 host sshd[1593]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:17:23 host sshd[1593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.224.80
Jan 19 15:17:25 host sshd[1593]: Failed password for invalid user tech from 165.154.224.80 port 41862 ssh2
Jan 19 15:18:04 host sshd[1732]: Invalid user info from 187.243.248.114 port 36234
Jan 19 15:18:04 host sshd[1732]: input_userauth_request: invalid user info [preauth]
Jan 19 15:18:04 host sshd[1732]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:18:04 host sshd[1732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.243.248.114
Jan 19 15:18:06 host sshd[1732]: Failed password for invalid user info from 187.243.248.114 port 36234 ssh2
Jan 19 15:18:07 host sshd[1732]: Received disconnect from 187.243.248.114 port 36234:11: Bye Bye [preauth]
Jan 19 15:18:07 host sshd[1732]: Disconnected from 187.243.248.114 port 36234 [preauth]
Jan 19 15:18:08 host sshd[1740]: User tomcat from 165.227.140.53 not allowed because not listed in AllowUsers
Jan 19 15:18:08 host sshd[1740]: input_userauth_request: invalid user tomcat [preauth]
Jan 19 15:18:08 host unix_chkpwd[1745]: password check failed for user (tomcat)
Jan 19 15:18:08 host sshd[1740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.140.53 user=tomcat
Jan 19 15:18:08 host sshd[1740]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "tomcat"
Jan 19 15:18:10 host sshd[1740]: Failed password for invalid user tomcat from 165.227.140.53 port 58472 ssh2
Jan 19 15:18:24 host sshd[1873]: Invalid user esuser from 139.59.23.154 port 46504
Jan 19 15:18:24 host sshd[1873]: input_userauth_request: invalid user esuser [preauth]
Jan 19 15:18:24 host sshd[1873]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:18:24 host sshd[1873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.23.154
Jan 19 15:18:26 host sshd[1873]: Failed password for invalid user esuser from 139.59.23.154 port 46504 ssh2
Jan 19 15:18:26 host sshd[1873]: Received disconnect from 139.59.23.154 port 46504:11: Bye Bye [preauth]
Jan 19 15:18:26 host sshd[1873]: Disconnected from 139.59.23.154 port 46504 [preauth]
Jan 19 15:18:53 host sshd[2125]: Invalid user qsrv from 205.185.113.129 port 58108
Jan 19 15:18:53 host sshd[2125]: input_userauth_request: invalid user qsrv [preauth]
Jan 19 15:18:53 host sshd[2125]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:18:53 host sshd[2125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 19 15:18:55 host sshd[2125]: Failed password for invalid user qsrv from 205.185.113.129 port 58108 ssh2
Jan 19 15:18:56 host sshd[2125]: Connection closed by 205.185.113.129 port 58108 [preauth]
Jan 19 15:20:47 host sshd[2416]: Invalid user admin1 from 41.170.14.90 port 57537
Jan 19 15:20:47 host sshd[2416]: input_userauth_request: invalid user admin1 [preauth]
Jan 19 15:20:47 host sshd[2416]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:20:47 host sshd[2416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.170.14.90
Jan 19 15:20:49 host sshd[2416]: Failed password for invalid user admin1 from 41.170.14.90 port 57537 ssh2
Jan 19 15:20:50 host sshd[2416]: Received disconnect from 41.170.14.90 port 57537:11: Bye Bye [preauth]
Jan 19 15:20:50 host sshd[2416]: Disconnected from 41.170.14.90 port 57537 [preauth]
Jan 19 15:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 15:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 15:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=gifterman user-2=palco123 user-3=phmetals user-4=kottayamcalldriv user-5=mrsclean user-6=wwwnexidigital user-7=bonifacegroup user-8=wwwevmhonda user-9=wwwletsstalkfood user-10=straightcurve user-11=vfmassets user-12=wwwtestugo user-13=shalinijames user-14=pmcresources user-15=remysagr user-16=disposeat user-17=wwwkmaorg user-18=woodpeck user-19=wwwkapin user-20=travelboniface user-21=wwwrmswll user-22=wwwresourcehunte user-23=keralaholi user-24=ugotscom user-25=wwwpmcresource user-26=dartsimp user-27=a2zgroup user-28=laundryboniface user-29=cochintaxi user-30=wwwkaretakers feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 15:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ldVEzhdLjgANAuD3.~
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ldVEzhdLjgANAuD3.~'
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ldVEzhdLjgANAuD3.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 15:21:11 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 15:21:11 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 15:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 15:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 15:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 15:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 15:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 15:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 15:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 15:22:08 host sshd[2831]: User root from 220.121.65.85 not allowed because not listed in AllowUsers
Jan 19 15:22:08 host sshd[2831]: input_userauth_request: invalid user root [preauth]
Jan 19 15:22:08 host unix_chkpwd[2837]: password check failed for user (root)
Jan 19 15:22:08 host sshd[2831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.121.65.85 user=root
Jan 19 15:22:08 host sshd[2831]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 15:22:10 host sshd[2831]: Failed password for invalid user root from 220.121.65.85 port 49206 ssh2
Jan 19 15:22:11 host unix_chkpwd[2842]: password check failed for user (root)
Jan 19 15:22:11 host sshd[2831]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 15:22:13 host sshd[2831]: Failed password for invalid user root from 220.121.65.85 port 49206 ssh2
Jan 19 15:22:14 host unix_chkpwd[2848]: password check failed for user (root)
Jan 19 15:22:14 host sshd[2831]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 15:22:16 host sshd[2831]: Failed password for invalid user root from 220.121.65.85 port 49206 ssh2
Jan 19 15:24:40 host sshd[3247]: Invalid user admin from 61.63.228.122 port 58017
Jan 19 15:24:40 host sshd[3247]: input_userauth_request: invalid user admin [preauth]
Jan 19 15:24:40 host sshd[3247]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:24:40 host sshd[3247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.63.228.122
Jan 19 15:24:41 host sshd[3247]: Failed password for invalid user admin from 61.63.228.122 port 58017 ssh2
Jan 19 15:24:42 host sshd[3247]: Failed password for invalid user admin from 61.63.228.122 port 58017 ssh2
Jan 19 15:24:42 host sshd[3247]: Connection reset by 61.63.228.122 port 58017 [preauth]
Jan 19 15:25:53 host sshd[3459]: Invalid user ts2 from 41.170.14.90 port 50271
Jan 19 15:25:53 host sshd[3459]: input_userauth_request: invalid user ts2 [preauth]
Jan 19 15:25:53 host sshd[3459]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:25:53 host sshd[3459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.170.14.90
Jan 19 15:25:55 host sshd[3459]: Failed password for invalid user ts2 from 41.170.14.90 port 50271 ssh2
Jan 19 15:25:55 host sshd[3459]: Received disconnect from 41.170.14.90 port 50271:11: Bye Bye [preauth]
Jan 19 15:25:55 host sshd[3459]: Disconnected from 41.170.14.90 port 50271 [preauth]
Jan 19 15:28:19 host sshd[3728]: Invalid user info from 41.170.14.90 port 44696
Jan 19 15:28:19 host sshd[3728]: input_userauth_request: invalid user info [preauth]
Jan 19 15:28:19 host sshd[3728]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:28:19 host sshd[3728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.170.14.90
Jan 19 15:28:20 host sshd[3728]: Failed password for invalid user info from 41.170.14.90 port 44696 ssh2
Jan 19 15:32:37 host sshd[4368]: Invalid user admin from 195.226.194.242 port 53974
Jan 19 15:32:37 host sshd[4368]: input_userauth_request: invalid user admin [preauth]
Jan 19 15:32:37 host sshd[4368]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 15:32:37 host sshd[4368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 19 15:32:39 host sshd[4368]: Failed password for invalid user admin from 195.226.194.242 port 53974 ssh2
Jan 19 15:32:39 host sshd[4368]: Received disconnect from 195.226.194.242 port 53974:11: Bye Bye [preauth]
Jan 19 15:32:39 host sshd[4368]: Disconnected from 195.226.194.242 port 53974 [preauth]
Jan 19 15:44:44 host sshd[6002]: Connection reset by 96.66.141.130 port 62727 [preauth]
Jan 19 16:02:23 host sshd[8626]: Invalid user super from 121.149.93.24 port 33718
Jan 19 16:02:23 host sshd[8626]: input_userauth_request: invalid user super [preauth]
Jan 19 16:02:23 host sshd[8626]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:02:23 host sshd[8626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.149.93.24
Jan 19 16:02:25 host sshd[8626]: Failed password for invalid user super from 121.149.93.24 port 33718 ssh2
Jan 19 16:02:26 host sshd[8626]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:02:28 host sshd[8626]: Failed password for invalid user super from 121.149.93.24 port 33718 ssh2
Jan 19 16:02:30 host sshd[8626]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:02:32 host sshd[8626]: Failed password for invalid user super from 121.149.93.24 port 33718 ssh2
Jan 19 16:02:33 host sshd[8626]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:02:36 host sshd[8626]: Failed password for invalid user super from 121.149.93.24 port 33718 ssh2
Jan 19 16:02:37 host sshd[8626]: Failed password for invalid user super from 121.149.93.24 port 33718 ssh2
Jan 19 16:02:37 host sshd[8626]: Connection closed by 121.149.93.24 port 33718 [preauth]
Jan 19 16:02:37 host sshd[8626]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.149.93.24
Jan 19 16:02:37 host sshd[8626]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 19 16:04:44 host sshd[8919]: Connection reset by 50.78.5.142 port 50179 [preauth]
Jan 19 16:15:09 host sshd[10733]: Connection reset by 114.33.7.225 port 35308 [preauth]
Jan 19 16:19:12 host sshd[11329]: Invalid user angelica from 111.238.174.6 port 47028
Jan 19 16:19:12 host sshd[11329]: input_userauth_request: invalid user angelica [preauth]
Jan 19 16:19:12 host sshd[11329]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:19:12 host sshd[11329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6
Jan 19 16:19:13 host sshd[11329]: Failed password for invalid user angelica from 111.238.174.6 port 47028 ssh2
Jan 19 16:19:13 host sshd[11329]: Received disconnect from 111.238.174.6 port 47028:11: Bye Bye [preauth]
Jan 19 16:19:13 host sshd[11329]: Disconnected from 111.238.174.6 port 47028 [preauth]
Jan 19 16:20:10 host sshd[11508]: Invalid user training from 211.45.162.52 port 43300
Jan 19 16:20:10 host sshd[11508]: input_userauth_request: invalid user training [preauth]
Jan 19 16:20:10 host sshd[11508]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:20:10 host sshd[11508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.45.162.52
Jan 19 16:20:12 host sshd[11508]: Failed password for invalid user training from 211.45.162.52 port 43300 ssh2
Jan 19 16:20:12 host sshd[11508]: Received disconnect from 211.45.162.52 port 43300:11: Bye Bye [preauth]
Jan 19 16:20:12 host sshd[11508]: Disconnected from 211.45.162.52 port 43300 [preauth]
Jan 19 16:20:40 host sshd[11578]: Invalid user user5 from 206.189.84.58 port 36504
Jan 19 16:20:40 host sshd[11578]: input_userauth_request: invalid user user5 [preauth]
Jan 19 16:20:40 host sshd[11578]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:20:40 host sshd[11578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.84.58
Jan 19 16:20:42 host sshd[11578]: Failed password for invalid user user5 from 206.189.84.58 port 36504 ssh2
Jan 19 16:20:42 host sshd[11578]: Received disconnect from 206.189.84.58 port 36504:11: Bye Bye [preauth]
Jan 19 16:20:42 host sshd[11578]: Disconnected from 206.189.84.58 port 36504 [preauth]
Jan 19 16:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 16:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 16:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=wwwrmswll user-3=keralaholi user-4=wwwresourcehunte user-5=ugotscom user-6=travelboniface user-7=cochintaxi user-8=wwwkaretakers user-9=laundryboniface user-10=dartsimp user-11=a2zgroup user-12=wwwletsstalkfood user-13=straightcurve user-14=bonifacegroup user-15=wwwevmhonda user-16=wwwnexidigital user-17=mrsclean user-18=gifterman user-19=palco123 user-20=phmetals user-21=kottayamcalldriv user-22=wwwkapin user-23=woodpeck user-24=wwwkmaorg user-25=disposeat user-26=remysagr user-27=pmcresources user-28=vfmassets user-29=wwwtestugo user-30=shalinijames feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 16:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 16:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-46b6GasVMpUi3Rsy.~
Jan 19 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-46b6GasVMpUi3Rsy.~'
Jan 19 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-46b6GasVMpUi3Rsy.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 16:21:09 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 16:21:09 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 16:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 16:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 16:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 16:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 16:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 16:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 16:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 16:21:39 host sshd[12028]: Invalid user packer from 200.16.132.42 port 47820
Jan 19 16:21:39 host sshd[12028]: input_userauth_request: invalid user packer [preauth]
Jan 19 16:21:39 host sshd[12028]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:21:39 host sshd[12028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.16.132.42
Jan 19 16:21:41 host sshd[12028]: Failed password for invalid user packer from 200.16.132.42 port 47820 ssh2
Jan 19 16:21:42 host sshd[12028]: Received disconnect from 200.16.132.42 port 47820:11: Bye Bye [preauth]
Jan 19 16:21:42 host sshd[12028]: Disconnected from 200.16.132.42 port 47820 [preauth]
Jan 19 16:25:01 host sshd[12414]: Invalid user shiny from 211.45.162.52 port 60264
Jan 19 16:25:01 host sshd[12414]: input_userauth_request: invalid user shiny [preauth]
Jan 19 16:25:01 host sshd[12414]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:25:01 host sshd[12414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.45.162.52
Jan 19 16:25:03 host sshd[12414]: Failed password for invalid user shiny from 211.45.162.52 port 60264 ssh2
Jan 19 16:25:03 host sshd[12414]: Received disconnect from 211.45.162.52 port 60264:11: Bye Bye [preauth]
Jan 19 16:25:03 host sshd[12414]: Disconnected from 211.45.162.52 port 60264 [preauth]
Jan 19 16:25:24 host sshd[12471]: Invalid user gerrit from 206.189.84.58 port 51094
Jan 19 16:25:24 host sshd[12471]: input_userauth_request: invalid user gerrit [preauth]
Jan 19 16:25:24 host sshd[12471]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:25:24 host sshd[12471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.84.58
Jan 19 16:25:26 host sshd[12471]: Failed password for invalid user gerrit from 206.189.84.58 port 51094 ssh2
Jan 19 16:25:26 host sshd[12471]: Received disconnect from 206.189.84.58 port 51094:11: Bye Bye [preauth]
Jan 19 16:25:26 host sshd[12471]: Disconnected from 206.189.84.58 port 51094 [preauth]
Jan 19 16:25:57 host sshd[12538]: Invalid user gmodserver from 200.16.132.42 port 42479
Jan 19 16:25:57 host sshd[12538]: input_userauth_request: invalid user gmodserver [preauth]
Jan 19 16:25:57 host sshd[12538]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:25:57 host sshd[12538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.16.132.42
Jan 19 16:25:59 host sshd[12538]: Failed password for invalid user gmodserver from 200.16.132.42 port 42479 ssh2
Jan 19 16:25:59 host sshd[12538]: Received disconnect from 200.16.132.42 port 42479:11: Bye Bye [preauth]
Jan 19 16:25:59 host sshd[12538]: Disconnected from 200.16.132.42 port 42479 [preauth]
Jan 19 16:26:22 host sshd[12591]: Invalid user support from 211.45.162.52 port 46710
Jan 19 16:26:22 host sshd[12591]: input_userauth_request: invalid user support [preauth]
Jan 19 16:26:22 host sshd[12591]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:26:22 host sshd[12591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.45.162.52
Jan 19 16:26:24 host sshd[12591]: Failed password for invalid user support from 211.45.162.52 port 46710 ssh2
Jan 19 16:26:24 host sshd[12591]: Received disconnect from 211.45.162.52 port 46710:11: Bye Bye [preauth]
Jan 19 16:26:24 host sshd[12591]: Disconnected from 211.45.162.52 port 46710 [preauth]
Jan 19 16:26:48 host sshd[12832]: Invalid user system from 206.189.84.58 port 42572
Jan 19 16:26:48 host sshd[12832]: input_userauth_request: invalid user system [preauth]
Jan 19 16:26:48 host sshd[12832]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:26:48 host sshd[12832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.84.58
Jan 19 16:26:50 host sshd[12832]: Failed password for invalid user system from 206.189.84.58 port 42572 ssh2
Jan 19 16:26:50 host sshd[12832]: Received disconnect from 206.189.84.58 port 42572:11: Bye Bye [preauth]
Jan 19 16:26:50 host sshd[12832]: Disconnected from 206.189.84.58 port 42572 [preauth]
Jan 19 16:27:31 host sshd[12940]: Invalid user test1 from 200.69.196.27 port 56075
Jan 19 16:27:31 host sshd[12940]: input_userauth_request: invalid user test1 [preauth]
Jan 19 16:27:31 host sshd[12940]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:27:31 host sshd[12940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.69.196.27
Jan 19 16:27:33 host sshd[12940]: Failed password for invalid user test1 from 200.69.196.27 port 56075 ssh2
Jan 19 16:27:34 host sshd[12940]: Received disconnect from 200.69.196.27 port 56075:11: Bye Bye [preauth]
Jan 19 16:27:34 host sshd[12940]: Disconnected from 200.69.196.27 port 56075 [preauth]
Jan 19 16:29:05 host sshd[13133]: Invalid user hb from 200.16.132.42 port 41437
Jan 19 16:29:05 host sshd[13133]: input_userauth_request: invalid user hb [preauth]
Jan 19 16:29:05 host sshd[13133]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:29:05 host sshd[13133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.16.132.42
Jan 19 16:29:07 host sshd[13133]: Failed password for invalid user hb from 200.16.132.42 port 41437 ssh2
Jan 19 16:33:30 host sshd[13819]: User root from 141.98.11.151 not allowed because not listed in AllowUsers
Jan 19 16:33:30 host sshd[13819]: input_userauth_request: invalid user root [preauth]
Jan 19 16:33:30 host unix_chkpwd[13823]: password check failed for user (root)
Jan 19 16:33:30 host sshd[13819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.11.151 user=root
Jan 19 16:33:30 host sshd[13819]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:33:31 host sshd[13819]: Failed password for invalid user root from 141.98.11.151 port 51782 ssh2
Jan 19 16:33:32 host sshd[13819]: Received disconnect from 141.98.11.151 port 51782:11: Normal Shutdown, Thank you for playing [preauth]
Jan 19 16:33:32 host sshd[13819]: Disconnected from 141.98.11.151 port 51782 [preauth]
Jan 19 16:37:59 host sshd[14400]: Invalid user Hayami from 106.10.122.53 port 43542
Jan 19 16:37:59 host sshd[14400]: input_userauth_request: invalid user Hayami [preauth]
Jan 19 16:37:59 host sshd[14400]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:37:59 host sshd[14400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 19 16:38:01 host sshd[14400]: Failed password for invalid user Hayami from 106.10.122.53 port 43542 ssh2
Jan 19 16:38:01 host sshd[14400]: Connection closed by 106.10.122.53 port 43542 [preauth]
Jan 19 16:38:09 host sshd[14419]: Invalid user bitnami from 200.69.196.27 port 38309
Jan 19 16:38:09 host sshd[14419]: input_userauth_request: invalid user bitnami [preauth]
Jan 19 16:38:09 host sshd[14419]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:38:09 host sshd[14419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.69.196.27
Jan 19 16:38:11 host sshd[14419]: Failed password for invalid user bitnami from 200.69.196.27 port 38309 ssh2
Jan 19 16:38:11 host sshd[14419]: Received disconnect from 200.69.196.27 port 38309:11: Bye Bye [preauth]
Jan 19 16:38:11 host sshd[14419]: Disconnected from 200.69.196.27 port 38309 [preauth]
Jan 19 16:39:56 host sshd[14640]: User root from 141.98.11.151 not allowed because not listed in AllowUsers
Jan 19 16:39:56 host sshd[14640]: input_userauth_request: invalid user root [preauth]
Jan 19 16:39:56 host unix_chkpwd[14643]: password check failed for user (root)
Jan 19 16:39:56 host sshd[14640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.11.151 user=root
Jan 19 16:39:56 host sshd[14640]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:39:58 host sshd[14640]: Failed password for invalid user root from 141.98.11.151 port 49428 ssh2
Jan 19 16:39:58 host sshd[14640]: Received disconnect from 141.98.11.151 port 49428:11: Normal Shutdown, Thank you for playing [preauth]
Jan 19 16:39:58 host sshd[14640]: Disconnected from 141.98.11.151 port 49428 [preauth]
Jan 19 16:41:18 host sshd[14874]: Invalid user user8 from 200.69.196.27 port 37267
Jan 19 16:41:18 host sshd[14874]: input_userauth_request: invalid user user8 [preauth]
Jan 19 16:41:18 host sshd[14874]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:41:18 host sshd[14874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.69.196.27
Jan 19 16:41:20 host sshd[14874]: Failed password for invalid user user8 from 200.69.196.27 port 37267 ssh2
Jan 19 16:41:20 host sshd[14874]: Received disconnect from 200.69.196.27 port 37267:11: Bye Bye [preauth]
Jan 19 16:41:20 host sshd[14874]: Disconnected from 200.69.196.27 port 37267 [preauth]
Jan 19 16:42:56 host sshd[15068]: Invalid user docker from 190.104.220.42 port 50863
Jan 19 16:42:56 host sshd[15068]: input_userauth_request: invalid user docker [preauth]
Jan 19 16:42:56 host sshd[15068]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 16:42:56 host sshd[15068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.104.220.42
Jan 19 16:42:58 host sshd[15068]: Failed password for invalid user docker from 190.104.220.42 port 50863 ssh2
Jan 19 16:42:58 host sshd[15068]: Received disconnect from 190.104.220.42 port 50863:11: Bye Bye [preauth]
Jan 19 16:42:58 host sshd[15068]: Disconnected from 190.104.220.42 port 50863 [preauth]
Jan 19 16:56:13 host sshd[16996]: User root from 183.108.122.61 not allowed because not listed in AllowUsers
Jan 19 16:56:13 host sshd[16996]: input_userauth_request: invalid user root [preauth]
Jan 19 16:56:13 host unix_chkpwd[17001]: password check failed for user (root)
Jan 19 16:56:13 host sshd[16996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.108.122.61 user=root
Jan 19 16:56:13 host sshd[16996]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:56:15 host sshd[16996]: Failed password for invalid user root from 183.108.122.61 port 57521 ssh2
Jan 19 16:56:16 host sshd[16996]: Connection reset by 183.108.122.61 port 57521 [preauth]
Jan 19 16:56:28 host sshd[17012]: User root from 45.129.56.207 not allowed because not listed in AllowUsers
Jan 19 16:56:28 host sshd[17012]: input_userauth_request: invalid user root [preauth]
Jan 19 16:56:29 host sshd[17012]: Connection closed by 45.129.56.207 port 36724 [preauth]
Jan 19 16:56:32 host sshd[17043]: User root from 162.247.74.216 not allowed because not listed in AllowUsers
Jan 19 16:56:32 host sshd[17043]: input_userauth_request: invalid user root [preauth]
Jan 19 16:56:32 host unix_chkpwd[17048]: password check failed for user (root)
Jan 19 16:56:32 host sshd[17043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.247.74.216 user=root
Jan 19 16:56:32 host sshd[17043]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:56:33 host sshd[17043]: Failed password for invalid user root from 162.247.74.216 port 35490 ssh2
Jan 19 16:56:34 host unix_chkpwd[17051]: password check failed for user (root)
Jan 19 16:56:34 host sshd[17043]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:56:36 host sshd[17043]: Failed password for invalid user root from 162.247.74.216 port 35490 ssh2
Jan 19 16:56:37 host unix_chkpwd[17057]: password check failed for user (root)
Jan 19 16:56:37 host sshd[17043]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:56:39 host sshd[17043]: Failed password for invalid user root from 162.247.74.216 port 35490 ssh2
Jan 19 16:56:39 host unix_chkpwd[17062]: password check failed for user (root)
Jan 19 16:56:39 host sshd[17043]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:56:41 host sshd[17043]: Failed password for invalid user root from 162.247.74.216 port 35490 ssh2
Jan 19 16:56:41 host unix_chkpwd[17065]: password check failed for user (root)
Jan 19 16:56:41 host sshd[17043]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:56:43 host sshd[17043]: Failed password for invalid user root from 162.247.74.216 port 35490 ssh2
Jan 19 16:57:16 host sshd[17153]: User root from 66.115.189.149 not allowed because not listed in AllowUsers
Jan 19 16:57:16 host sshd[17153]: input_userauth_request: invalid user root [preauth]
Jan 19 16:57:16 host unix_chkpwd[17161]: password check failed for user (root)
Jan 19 16:57:16 host sshd[17153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.115.189.149 user=root
Jan 19 16:57:16 host sshd[17153]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:57:18 host sshd[17153]: Failed password for invalid user root from 66.115.189.149 port 7875 ssh2
Jan 19 16:57:19 host unix_chkpwd[17165]: password check failed for user (root)
Jan 19 16:57:19 host sshd[17153]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:57:21 host sshd[17153]: Failed password for invalid user root from 66.115.189.149 port 7875 ssh2
Jan 19 16:57:22 host unix_chkpwd[17171]: password check failed for user (root)
Jan 19 16:57:22 host sshd[17153]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:57:24 host sshd[17153]: Failed password for invalid user root from 66.115.189.149 port 7875 ssh2
Jan 19 16:57:25 host unix_chkpwd[17175]: password check failed for user (root)
Jan 19 16:57:25 host sshd[17153]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:57:27 host sshd[17153]: Failed password for invalid user root from 66.115.189.149 port 7875 ssh2
Jan 19 16:58:11 host sshd[17343]: User root from 185.220.102.247 not allowed because not listed in AllowUsers
Jan 19 16:58:11 host sshd[17343]: input_userauth_request: invalid user root [preauth]
Jan 19 16:58:11 host unix_chkpwd[17347]: password check failed for user (root)
Jan 19 16:58:11 host sshd[17343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.247 user=root
Jan 19 16:58:11 host sshd[17343]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:58:14 host sshd[17343]: Failed password for invalid user root from 185.220.102.247 port 30351 ssh2
Jan 19 16:58:14 host unix_chkpwd[17351]: password check failed for user (root)
Jan 19 16:58:14 host sshd[17343]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:58:16 host sshd[17343]: Failed password for invalid user root from 185.220.102.247 port 30351 ssh2
Jan 19 16:58:20 host unix_chkpwd[17360]: password check failed for user (root)
Jan 19 16:58:20 host sshd[17343]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:58:21 host sshd[17343]: Failed password for invalid user root from 185.220.102.247 port 30351 ssh2
Jan 19 16:58:22 host unix_chkpwd[17363]: password check failed for user (root)
Jan 19 16:58:22 host sshd[17343]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:58:24 host sshd[17343]: Failed password for invalid user root from 185.220.102.247 port 30351 ssh2
Jan 19 16:58:55 host sshd[17448]: User root from 23.129.64.223 not allowed because not listed in AllowUsers
Jan 19 16:58:55 host sshd[17448]: input_userauth_request: invalid user root [preauth]
Jan 19 16:58:55 host unix_chkpwd[17453]: password check failed for user (root)
Jan 19 16:58:55 host sshd[17448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.129.64.223 user=root
Jan 19 16:58:55 host sshd[17448]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:58:58 host sshd[17448]: Failed password for invalid user root from 23.129.64.223 port 42150 ssh2
Jan 19 16:58:58 host unix_chkpwd[17456]: password check failed for user (root)
Jan 19 16:58:58 host sshd[17448]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:59:00 host sshd[17448]: Failed password for invalid user root from 23.129.64.223 port 42150 ssh2
Jan 19 16:59:01 host unix_chkpwd[17459]: password check failed for user (root)
Jan 19 16:59:01 host sshd[17448]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:59:03 host sshd[17448]: Failed password for invalid user root from 23.129.64.223 port 42150 ssh2
Jan 19 16:59:04 host unix_chkpwd[17473]: password check failed for user (root)
Jan 19 16:59:04 host sshd[17448]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:59:06 host sshd[17448]: Failed password for invalid user root from 23.129.64.223 port 42150 ssh2
Jan 19 16:59:06 host unix_chkpwd[17476]: password check failed for user (root)
Jan 19 16:59:06 host sshd[17448]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:59:08 host sshd[17448]: Failed password for invalid user root from 23.129.64.223 port 42150 ssh2
Jan 19 16:59:43 host sshd[17658]: User root from 209.141.51.30 not allowed because not listed in AllowUsers
Jan 19 16:59:43 host sshd[17658]: input_userauth_request: invalid user root [preauth]
Jan 19 16:59:43 host unix_chkpwd[17671]: password check failed for user (root)
Jan 19 16:59:43 host sshd[17658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.51.30 user=root
Jan 19 16:59:43 host sshd[17658]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:59:45 host sshd[17658]: Failed password for invalid user root from 209.141.51.30 port 35248 ssh2
Jan 19 16:59:46 host unix_chkpwd[17677]: password check failed for user (root)
Jan 19 16:59:46 host sshd[17658]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:59:49 host sshd[17658]: Failed password for invalid user root from 209.141.51.30 port 35248 ssh2
Jan 19 16:59:49 host unix_chkpwd[17685]: password check failed for user (root)
Jan 19 16:59:49 host sshd[17658]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:59:51 host sshd[17658]: Failed password for invalid user root from 209.141.51.30 port 35248 ssh2
Jan 19 16:59:52 host unix_chkpwd[17689]: password check failed for user (root)
Jan 19 16:59:52 host sshd[17658]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 16:59:54 host sshd[17658]: Failed password for invalid user root from 209.141.51.30 port 35248 ssh2
Jan 19 17:00:23 host sshd[17779]: User root from 185.220.102.252 not allowed because not listed in AllowUsers
Jan 19 17:00:23 host sshd[17779]: input_userauth_request: invalid user root [preauth]
Jan 19 17:00:23 host unix_chkpwd[17781]: password check failed for user (root)
Jan 19 17:00:23 host sshd[17779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.252 user=root
Jan 19 17:00:23 host sshd[17779]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:00:25 host sshd[17779]: Failed password for invalid user root from 185.220.102.252 port 28577 ssh2
Jan 19 17:00:25 host unix_chkpwd[17784]: password check failed for user (root)
Jan 19 17:00:25 host sshd[17779]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:00:27 host sshd[17779]: Failed password for invalid user root from 185.220.102.252 port 28577 ssh2
Jan 19 17:00:28 host unix_chkpwd[17813]: password check failed for user (root)
Jan 19 17:00:28 host sshd[17779]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:00:30 host sshd[17779]: Failed password for invalid user root from 185.220.102.252 port 28577 ssh2
Jan 19 17:01:55 host sshd[17995]: User root from 45.8.146.213 not allowed because not listed in AllowUsers
Jan 19 17:01:55 host sshd[17995]: input_userauth_request: invalid user root [preauth]
Jan 19 17:01:55 host unix_chkpwd[18003]: password check failed for user (root)
Jan 19 17:01:55 host sshd[17995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.8.146.213 user=root
Jan 19 17:01:55 host sshd[17995]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:01:57 host sshd[17995]: Failed password for invalid user root from 45.8.146.213 port 35420 ssh2
Jan 19 17:02:00 host unix_chkpwd[18008]: password check failed for user (root)
Jan 19 17:02:00 host sshd[17995]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:02:02 host sshd[17995]: Failed password for invalid user root from 45.8.146.213 port 35420 ssh2
Jan 19 17:02:03 host unix_chkpwd[18021]: password check failed for user (root)
Jan 19 17:02:03 host sshd[17995]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:02:04 host sshd[17995]: Failed password for invalid user root from 45.8.146.213 port 35420 ssh2
Jan 19 17:02:05 host unix_chkpwd[18024]: password check failed for user (root)
Jan 19 17:02:05 host sshd[17995]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:02:07 host sshd[17995]: Failed password for invalid user root from 45.8.146.213 port 35420 ssh2
Jan 19 17:02:09 host unix_chkpwd[18047]: password check failed for user (root)
Jan 19 17:02:09 host sshd[17995]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:02:10 host sshd[17995]: Failed password for invalid user root from 45.8.146.213 port 35420 ssh2
Jan 19 17:02:34 host sshd[18105]: Invalid user gm from 194.110.203.109 port 57570
Jan 19 17:02:34 host sshd[18105]: input_userauth_request: invalid user gm [preauth]
Jan 19 17:02:34 host sshd[18105]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 17:02:34 host sshd[18105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 17:02:36 host sshd[18105]: Failed password for invalid user gm from 194.110.203.109 port 57570 ssh2
Jan 19 17:02:40 host sshd[18105]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 17:02:41 host sshd[18112]: User root from 162.247.72.199 not allowed because not listed in AllowUsers
Jan 19 17:02:41 host sshd[18112]: input_userauth_request: invalid user root [preauth]
Jan 19 17:02:41 host unix_chkpwd[18116]: password check failed for user (root)
Jan 19 17:02:41 host sshd[18112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.247.72.199 user=root
Jan 19 17:02:41 host sshd[18112]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:02:41 host sshd[18105]: Failed password for invalid user gm from 194.110.203.109 port 57570 ssh2
Jan 19 17:02:43 host sshd[18112]: Failed password for invalid user root from 162.247.72.199 port 36240 ssh2
Jan 19 17:02:44 host unix_chkpwd[18126]: password check failed for user (root)
Jan 19 17:02:44 host sshd[18112]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:02:44 host sshd[18105]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 17:02:46 host sshd[18112]: Failed password for invalid user root from 162.247.72.199 port 36240 ssh2
Jan 19 17:02:47 host unix_chkpwd[18130]: password check failed for user (root)
Jan 19 17:02:47 host sshd[18112]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:02:47 host sshd[18105]: Failed password for invalid user gm from 194.110.203.109 port 57570 ssh2
Jan 19 17:02:49 host sshd[18112]: Failed password for invalid user root from 162.247.72.199 port 36240 ssh2
Jan 19 17:02:49 host unix_chkpwd[18135]: password check failed for user (root)
Jan 19 17:02:49 host sshd[18112]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:02:50 host sshd[18105]: Connection closed by 194.110.203.109 port 57570 [preauth]
Jan 19 17:02:50 host sshd[18105]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 17:02:51 host sshd[18112]: Failed password for invalid user root from 162.247.72.199 port 36240 ssh2
Jan 19 17:02:52 host unix_chkpwd[18138]: password check failed for user (root)
Jan 19 17:02:52 host sshd[18112]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:02:54 host sshd[18112]: Failed password for invalid user root from 162.247.72.199 port 36240 ssh2
Jan 19 17:03:26 host sshd[18234]: User root from 185.220.101.185 not allowed because not listed in AllowUsers
Jan 19 17:03:26 host sshd[18234]: input_userauth_request: invalid user root [preauth]
Jan 19 17:03:26 host unix_chkpwd[18237]: password check failed for user (root)
Jan 19 17:03:26 host sshd[18234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.101.185 user=root
Jan 19 17:03:26 host sshd[18234]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:03:28 host sshd[18234]: Failed password for invalid user root from 185.220.101.185 port 31140 ssh2
Jan 19 17:03:29 host unix_chkpwd[18261]: password check failed for user (root)
Jan 19 17:03:29 host sshd[18234]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:03:31 host sshd[18234]: Failed password for invalid user root from 185.220.101.185 port 31140 ssh2
Jan 19 17:03:31 host unix_chkpwd[18267]: password check failed for user (root)
Jan 19 17:03:31 host sshd[18234]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:03:33 host sshd[18234]: Failed password for invalid user root from 185.220.101.185 port 31140 ssh2
Jan 19 17:03:34 host unix_chkpwd[18270]: password check failed for user (root)
Jan 19 17:03:34 host sshd[18234]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:03:36 host sshd[18234]: Failed password for invalid user root from 185.220.101.185 port 31140 ssh2
Jan 19 17:03:36 host unix_chkpwd[18273]: password check failed for user (root)
Jan 19 17:03:36 host sshd[18234]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:03:38 host sshd[18234]: Failed password for invalid user root from 185.220.101.185 port 31140 ssh2
Jan 19 17:03:38 host unix_chkpwd[18281]: password check failed for user (root)
Jan 19 17:03:38 host sshd[18234]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:03:40 host sshd[18234]: Failed password for invalid user root from 185.220.101.185 port 31140 ssh2
Jan 19 17:03:40 host sshd[18234]: error: maximum authentication attempts exceeded for invalid user root from 185.220.101.185 port 31140 ssh2 [preauth]
Jan 19 17:03:40 host sshd[18234]: Disconnecting: Too many authentication failures [preauth]
Jan 19 17:03:40 host sshd[18234]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.101.185 user=root
Jan 19 17:03:40 host sshd[18234]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 19 17:04:12 host sshd[18423]: User root from 45.139.122.241 not allowed because not listed in AllowUsers
Jan 19 17:04:12 host sshd[18423]: input_userauth_request: invalid user root [preauth]
Jan 19 17:04:12 host unix_chkpwd[18468]: password check failed for user (root)
Jan 19 17:04:12 host sshd[18423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.139.122.241 user=root
Jan 19 17:04:12 host sshd[18423]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:04:14 host sshd[18423]: Failed password for invalid user root from 45.139.122.241 port 58330 ssh2
Jan 19 17:04:15 host unix_chkpwd[18474]: password check failed for user (root)
Jan 19 17:04:15 host sshd[18423]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:04:17 host sshd[18423]: Failed password for invalid user root from 45.139.122.241 port 58330 ssh2
Jan 19 17:04:18 host unix_chkpwd[18480]: password check failed for user (root)
Jan 19 17:04:18 host sshd[18423]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:04:20 host sshd[18423]: Failed password for invalid user root from 45.139.122.241 port 58330 ssh2
Jan 19 17:04:21 host unix_chkpwd[18483]: password check failed for user (root)
Jan 19 17:04:21 host sshd[18423]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:04:23 host sshd[18423]: Failed password for invalid user root from 45.139.122.241 port 58330 ssh2
Jan 19 17:05:00 host sshd[18575]: User root from 185.220.102.241 not allowed because not listed in AllowUsers
Jan 19 17:05:00 host sshd[18575]: input_userauth_request: invalid user root [preauth]
Jan 19 17:05:00 host unix_chkpwd[18582]: password check failed for user (root)
Jan 19 17:05:00 host sshd[18575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.241 user=root
Jan 19 17:05:00 host sshd[18575]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:05:03 host sshd[18575]: Failed password for invalid user root from 185.220.102.241 port 33597 ssh2
Jan 19 17:05:04 host unix_chkpwd[18608]: password check failed for user (root)
Jan 19 17:05:04 host sshd[18575]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:05:05 host sshd[18575]: Failed password for invalid user root from 185.220.102.241 port 33597 ssh2
Jan 19 17:05:06 host unix_chkpwd[18613]: password check failed for user (root)
Jan 19 17:05:06 host sshd[18575]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:05:08 host sshd[18575]: Failed password for invalid user root from 185.220.102.241 port 33597 ssh2
Jan 19 17:05:09 host unix_chkpwd[18619]: password check failed for user (root)
Jan 19 17:05:09 host sshd[18575]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:05:11 host sshd[18575]: Failed password for invalid user root from 185.220.102.241 port 33597 ssh2
Jan 19 17:05:12 host unix_chkpwd[18624]: password check failed for user (root)
Jan 19 17:05:12 host sshd[18575]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:05:14 host sshd[18575]: Failed password for invalid user root from 185.220.102.241 port 33597 ssh2
Jan 19 17:05:21 host sshd[18664]: Invalid user admin from 220.132.245.196 port 43231
Jan 19 17:05:21 host sshd[18664]: input_userauth_request: invalid user admin [preauth]
Jan 19 17:05:21 host sshd[18664]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 17:05:21 host sshd[18664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.245.196
Jan 19 17:05:23 host sshd[18664]: Failed password for invalid user admin from 220.132.245.196 port 43231 ssh2
Jan 19 17:05:24 host sshd[18664]: Failed password for invalid user admin from 220.132.245.196 port 43231 ssh2
Jan 19 17:05:24 host sshd[18664]: Connection reset by 220.132.245.196 port 43231 [preauth]
Jan 19 17:05:44 host sshd[18725]: User root from 144.172.73.16 not allowed because not listed in AllowUsers
Jan 19 17:05:44 host sshd[18725]: input_userauth_request: invalid user root [preauth]
Jan 19 17:05:44 host unix_chkpwd[18740]: password check failed for user (root)
Jan 19 17:05:44 host sshd[18725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.172.73.16 user=root
Jan 19 17:05:44 host sshd[18725]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:05:46 host sshd[18725]: Failed password for invalid user root from 144.172.73.16 port 47068 ssh2
Jan 19 17:05:47 host unix_chkpwd[18744]: password check failed for user (root)
Jan 19 17:05:47 host sshd[18725]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:05:49 host sshd[18725]: Failed password for invalid user root from 144.172.73.16 port 47068 ssh2
Jan 19 17:05:50 host unix_chkpwd[18747]: password check failed for user (root)
Jan 19 17:05:50 host sshd[18725]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:05:52 host sshd[18725]: Failed password for invalid user root from 144.172.73.16 port 47068 ssh2
Jan 19 17:05:52 host unix_chkpwd[18750]: password check failed for user (root)
Jan 19 17:05:52 host sshd[18725]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:05:54 host sshd[18725]: Failed password for invalid user root from 144.172.73.16 port 47068 ssh2
Jan 19 17:06:27 host sshd[18822]: User root from 162.247.74.201 not allowed because not listed in AllowUsers
Jan 19 17:06:27 host sshd[18822]: input_userauth_request: invalid user root [preauth]
Jan 19 17:06:27 host unix_chkpwd[18851]: password check failed for user (root)
Jan 19 17:06:27 host sshd[18822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.247.74.201 user=root
Jan 19 17:06:27 host sshd[18822]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:06:29 host sshd[18822]: Failed password for invalid user root from 162.247.74.201 port 34180 ssh2
Jan 19 17:06:29 host unix_chkpwd[18854]: password check failed for user (root)
Jan 19 17:06:29 host sshd[18822]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:06:32 host sshd[18822]: Failed password for invalid user root from 162.247.74.201 port 34180 ssh2
Jan 19 17:06:32 host unix_chkpwd[18858]: password check failed for user (root)
Jan 19 17:06:32 host sshd[18822]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:06:34 host sshd[18822]: Failed password for invalid user root from 162.247.74.201 port 34180 ssh2
Jan 19 17:06:35 host unix_chkpwd[18861]: password check failed for user (root)
Jan 19 17:06:35 host sshd[18822]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:06:37 host sshd[18822]: Failed password for invalid user root from 162.247.74.201 port 34180 ssh2
Jan 19 17:06:37 host unix_chkpwd[18864]: password check failed for user (root)
Jan 19 17:06:37 host sshd[18822]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:06:40 host sshd[18822]: Failed password for invalid user root from 162.247.74.201 port 34180 ssh2
Jan 19 17:07:15 host sshd[18953]: User root from 185.129.61.129 not allowed because not listed in AllowUsers
Jan 19 17:07:15 host sshd[18953]: input_userauth_request: invalid user root [preauth]
Jan 19 17:07:15 host unix_chkpwd[18958]: password check failed for user (root)
Jan 19 17:07:15 host sshd[18953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.129.61.129 user=root
Jan 19 17:07:15 host sshd[18953]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:07:16 host sshd[18953]: Failed password for invalid user root from 185.129.61.129 port 46266 ssh2
Jan 19 17:07:16 host unix_chkpwd[18966]: password check failed for user (root)
Jan 19 17:07:16 host sshd[18953]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:07:19 host sshd[18953]: Failed password for invalid user root from 185.129.61.129 port 46266 ssh2
Jan 19 17:07:19 host unix_chkpwd[18971]: password check failed for user (root)
Jan 19 17:07:19 host sshd[18953]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:07:22 host sshd[18953]: Failed password for invalid user root from 185.129.61.129 port 46266 ssh2
Jan 19 17:07:22 host unix_chkpwd[18975]: password check failed for user (root)
Jan 19 17:07:22 host sshd[18953]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:07:24 host sshd[18953]: Failed password for invalid user root from 185.129.61.129 port 46266 ssh2
Jan 19 17:07:24 host unix_chkpwd[18995]: password check failed for user (root)
Jan 19 17:07:24 host sshd[18953]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:07:26 host sshd[18953]: Failed password for invalid user root from 185.129.61.129 port 46266 ssh2
Jan 19 17:08:00 host sshd[19070]: User root from 107.189.4.169 not allowed because not listed in AllowUsers
Jan 19 17:08:00 host sshd[19070]: input_userauth_request: invalid user root [preauth]
Jan 19 17:08:00 host unix_chkpwd[19075]: password check failed for user (root)
Jan 19 17:08:00 host sshd[19070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.4.169 user=root
Jan 19 17:08:00 host sshd[19070]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:08:02 host sshd[19070]: Failed password for invalid user root from 107.189.4.169 port 52358 ssh2
Jan 19 17:08:02 host unix_chkpwd[19088]: password check failed for user (root)
Jan 19 17:08:02 host sshd[19070]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:08:05 host sshd[19070]: Failed password for invalid user root from 107.189.4.169 port 52358 ssh2
Jan 19 17:08:05 host unix_chkpwd[19091]: password check failed for user (root)
Jan 19 17:08:05 host sshd[19070]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:08:07 host sshd[19070]: Failed password for invalid user root from 107.189.4.169 port 52358 ssh2
Jan 19 17:08:08 host unix_chkpwd[19094]: password check failed for user (root)
Jan 19 17:08:08 host sshd[19070]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:08:10 host sshd[19070]: Failed password for invalid user root from 107.189.4.169 port 52358 ssh2
Jan 19 17:08:39 host sshd[19183]: User root from 162.247.74.204 not allowed because not listed in AllowUsers
Jan 19 17:08:39 host sshd[19183]: input_userauth_request: invalid user root [preauth]
Jan 19 17:08:39 host unix_chkpwd[19189]: password check failed for user (root)
Jan 19 17:08:39 host sshd[19183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.247.74.204 user=root
Jan 19 17:08:39 host sshd[19183]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:08:41 host sshd[19183]: Failed password for invalid user root from 162.247.74.204 port 50912 ssh2
Jan 19 17:08:42 host unix_chkpwd[19192]: password check failed for user (root)
Jan 19 17:08:42 host sshd[19183]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:08:44 host sshd[19183]: Failed password for invalid user root from 162.247.74.204 port 50912 ssh2
Jan 19 17:08:44 host unix_chkpwd[19200]: password check failed for user (root)
Jan 19 17:08:44 host sshd[19183]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:08:47 host sshd[19183]: Failed password for invalid user root from 162.247.74.204 port 50912 ssh2
Jan 19 17:08:47 host unix_chkpwd[19206]: password check failed for user (root)
Jan 19 17:08:47 host sshd[19183]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:08:49 host sshd[19183]: Failed password for invalid user root from 162.247.74.204 port 50912 ssh2
Jan 19 17:09:22 host sshd[19308]: User root from 185.220.102.244 not allowed because not listed in AllowUsers
Jan 19 17:09:22 host sshd[19308]: input_userauth_request: invalid user root [preauth]
Jan 19 17:09:22 host unix_chkpwd[19313]: password check failed for user (root)
Jan 19 17:09:22 host sshd[19308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.244 user=root
Jan 19 17:09:22 host sshd[19308]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:09:23 host sshd[19308]: Failed password for invalid user root from 185.220.102.244 port 14561 ssh2
Jan 19 17:09:24 host unix_chkpwd[19316]: password check failed for user (root)
Jan 19 17:09:24 host sshd[19308]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:09:26 host sshd[19308]: Failed password for invalid user root from 185.220.102.244 port 14561 ssh2
Jan 19 17:09:27 host unix_chkpwd[19320]: password check failed for user (root)
Jan 19 17:09:27 host sshd[19308]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:09:29 host sshd[19308]: Failed password for invalid user root from 185.220.102.244 port 14561 ssh2
Jan 19 17:09:30 host unix_chkpwd[19355]: password check failed for user (root)
Jan 19 17:09:30 host sshd[19308]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:09:31 host sshd[19308]: Failed password for invalid user root from 185.220.102.244 port 14561 ssh2
Jan 19 17:09:32 host unix_chkpwd[19359]: password check failed for user (root)
Jan 19 17:09:32 host sshd[19308]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:09:34 host sshd[19308]: Failed password for invalid user root from 185.220.102.244 port 14561 ssh2
Jan 19 17:10:06 host sshd[19568]: User root from 104.244.76.170 not allowed because not listed in AllowUsers
Jan 19 17:10:06 host sshd[19568]: input_userauth_request: invalid user root [preauth]
Jan 19 17:10:06 host unix_chkpwd[19577]: password check failed for user (root)
Jan 19 17:10:06 host sshd[19568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.76.170 user=root
Jan 19 17:10:06 host sshd[19568]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:10:08 host sshd[19568]: Failed password for invalid user root from 104.244.76.170 port 45322 ssh2
Jan 19 17:10:09 host unix_chkpwd[19582]: password check failed for user (root)
Jan 19 17:10:09 host sshd[19568]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:10:11 host sshd[19568]: Failed password for invalid user root from 104.244.76.170 port 45322 ssh2
Jan 19 17:10:11 host unix_chkpwd[19587]: password check failed for user (root)
Jan 19 17:10:11 host sshd[19568]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:10:13 host sshd[19568]: Failed password for invalid user root from 104.244.76.170 port 45322 ssh2
Jan 19 17:10:13 host unix_chkpwd[19604]: password check failed for user (root)
Jan 19 17:10:13 host sshd[19568]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:10:16 host sshd[19568]: Failed password for invalid user root from 104.244.76.170 port 45322 ssh2
Jan 19 17:10:56 host sshd[19726]: User root from 103.251.167.21 not allowed because not listed in AllowUsers
Jan 19 17:10:56 host sshd[19726]: input_userauth_request: invalid user root [preauth]
Jan 19 17:10:56 host unix_chkpwd[19729]: password check failed for user (root)
Jan 19 17:10:56 host sshd[19726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.251.167.21 user=root
Jan 19 17:10:56 host sshd[19726]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:10:58 host sshd[19726]: Failed password for invalid user root from 103.251.167.21 port 45946 ssh2
Jan 19 17:10:58 host unix_chkpwd[19740]: password check failed for user (root)
Jan 19 17:10:58 host sshd[19726]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:11:00 host sshd[19726]: Failed password for invalid user root from 103.251.167.21 port 45946 ssh2
Jan 19 17:11:01 host unix_chkpwd[19745]: password check failed for user (root)
Jan 19 17:11:01 host sshd[19726]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:11:02 host sshd[19726]: Failed password for invalid user root from 103.251.167.21 port 45946 ssh2
Jan 19 17:11:03 host unix_chkpwd[19758]: password check failed for user (root)
Jan 19 17:11:03 host sshd[19726]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:11:05 host sshd[19726]: Failed password for invalid user root from 103.251.167.21 port 45946 ssh2
Jan 19 17:11:09 host sshd[19797]: Invalid user kodi from 190.104.220.42 port 57164
Jan 19 17:11:09 host sshd[19797]: input_userauth_request: invalid user kodi [preauth]
Jan 19 17:11:09 host sshd[19797]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 17:11:09 host sshd[19797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.104.220.42
Jan 19 17:11:11 host sshd[19797]: Failed password for invalid user kodi from 190.104.220.42 port 57164 ssh2
Jan 19 17:11:11 host sshd[19797]: Received disconnect from 190.104.220.42 port 57164:11: Bye Bye [preauth]
Jan 19 17:11:11 host sshd[19797]: Disconnected from 190.104.220.42 port 57164 [preauth]
Jan 19 17:11:37 host sshd[19861]: User root from 162.247.74.206 not allowed because not listed in AllowUsers
Jan 19 17:11:37 host sshd[19861]: input_userauth_request: invalid user root [preauth]
Jan 19 17:11:37 host unix_chkpwd[19869]: password check failed for user (root)
Jan 19 17:11:37 host sshd[19861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.247.74.206 user=root
Jan 19 17:11:37 host sshd[19861]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:11:40 host sshd[19861]: Failed password for invalid user root from 162.247.74.206 port 51146 ssh2
Jan 19 17:11:40 host unix_chkpwd[19877]: password check failed for user (root)
Jan 19 17:11:40 host sshd[19861]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:11:42 host sshd[19861]: Failed password for invalid user root from 162.247.74.206 port 51146 ssh2
Jan 19 17:11:43 host unix_chkpwd[19881]: password check failed for user (root)
Jan 19 17:11:43 host sshd[19861]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:11:45 host sshd[19861]: Failed password for invalid user root from 162.247.74.206 port 51146 ssh2
Jan 19 17:11:46 host unix_chkpwd[19892]: password check failed for user (root)
Jan 19 17:11:46 host sshd[19861]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:11:48 host sshd[19861]: Failed password for invalid user root from 162.247.74.206 port 51146 ssh2
Jan 19 17:11:48 host unix_chkpwd[19902]: password check failed for user (root)
Jan 19 17:11:48 host sshd[19861]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:11:50 host sshd[19861]: Failed password for invalid user root from 162.247.74.206 port 51146 ssh2
Jan 19 17:12:21 host sshd[19991]: User root from 152.32.150.9 not allowed because not listed in AllowUsers
Jan 19 17:12:21 host sshd[19991]: input_userauth_request: invalid user root [preauth]
Jan 19 17:12:21 host unix_chkpwd[19997]: password check failed for user (root)
Jan 19 17:12:21 host sshd[19991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.150.9 user=root
Jan 19 17:12:21 host sshd[19991]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:12:23 host sshd[19991]: Failed password for invalid user root from 152.32.150.9 port 36714 ssh2
Jan 19 17:12:23 host unix_chkpwd[20002]: password check failed for user (root)
Jan 19 17:12:23 host sshd[19991]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:12:26 host sshd[19991]: Failed password for invalid user root from 152.32.150.9 port 36714 ssh2
Jan 19 17:12:27 host unix_chkpwd[20008]: password check failed for user (root)
Jan 19 17:12:27 host sshd[19991]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:12:29 host sshd[19991]: Failed password for invalid user root from 152.32.150.9 port 36714 ssh2
Jan 19 17:12:30 host unix_chkpwd[20037]: password check failed for user (root)
Jan 19 17:12:30 host sshd[19991]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:12:32 host sshd[19991]: Failed password for invalid user root from 152.32.150.9 port 36714 ssh2
Jan 19 17:12:33 host unix_chkpwd[20041]: password check failed for user (root)
Jan 19 17:12:33 host sshd[19991]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:12:35 host sshd[19991]: Failed password for invalid user root from 152.32.150.9 port 36714 ssh2
Jan 19 17:13:05 host sshd[20144]: User root from 185.220.102.250 not allowed because not listed in AllowUsers
Jan 19 17:13:05 host sshd[20144]: input_userauth_request: invalid user root [preauth]
Jan 19 17:13:05 host unix_chkpwd[20149]: password check failed for user (root)
Jan 19 17:13:05 host sshd[20144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.250 user=root
Jan 19 17:13:05 host sshd[20144]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:13:07 host sshd[20144]: Failed password for invalid user root from 185.220.102.250 port 18553 ssh2
Jan 19 17:13:08 host unix_chkpwd[20153]: password check failed for user (root)
Jan 19 17:13:08 host sshd[20144]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:13:10 host sshd[20144]: Failed password for invalid user root from 185.220.102.250 port 18553 ssh2
Jan 19 17:13:11 host unix_chkpwd[20156]: password check failed for user (root)
Jan 19 17:13:11 host sshd[20144]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:13:13 host sshd[20144]: Failed password for invalid user root from 185.220.102.250 port 18553 ssh2
Jan 19 17:13:14 host unix_chkpwd[20182]: password check failed for user (root)
Jan 19 17:13:14 host sshd[20144]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:13:16 host sshd[20144]: Failed password for invalid user root from 185.220.102.250 port 18553 ssh2
Jan 19 17:13:55 host sshd[20276]: User root from 91.203.5.115 not allowed because not listed in AllowUsers
Jan 19 17:13:55 host sshd[20276]: input_userauth_request: invalid user root [preauth]
Jan 19 17:13:55 host unix_chkpwd[20279]: password check failed for user (root)
Jan 19 17:13:55 host sshd[20276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.203.5.115 user=root
Jan 19 17:13:55 host sshd[20276]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:13:58 host sshd[20276]: Failed password for invalid user root from 91.203.5.115 port 34526 ssh2
Jan 19 17:13:59 host unix_chkpwd[20285]: password check failed for user (root)
Jan 19 17:13:59 host sshd[20276]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:14:01 host sshd[20276]: Failed password for invalid user root from 91.203.5.115 port 34526 ssh2
Jan 19 17:14:01 host unix_chkpwd[20297]: password check failed for user (root)
Jan 19 17:14:01 host sshd[20276]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:14:03 host sshd[20276]: Failed password for invalid user root from 91.203.5.115 port 34526 ssh2
Jan 19 17:14:03 host unix_chkpwd[20301]: password check failed for user (root)
Jan 19 17:14:03 host sshd[20276]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:14:05 host sshd[20276]: Failed password for invalid user root from 91.203.5.115 port 34526 ssh2
Jan 19 17:14:36 host sshd[20393]: User root from 185.220.102.243 not allowed because not listed in AllowUsers
Jan 19 17:14:36 host sshd[20393]: input_userauth_request: invalid user root [preauth]
Jan 19 17:14:36 host unix_chkpwd[20397]: password check failed for user (root)
Jan 19 17:14:36 host sshd[20393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.243 user=root
Jan 19 17:14:36 host sshd[20393]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:14:38 host sshd[20393]: Failed password for invalid user root from 185.220.102.243 port 25435 ssh2
Jan 19 17:14:38 host unix_chkpwd[20399]: password check failed for user (root)
Jan 19 17:14:38 host sshd[20393]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:14:41 host sshd[20393]: Failed password for invalid user root from 185.220.102.243 port 25435 ssh2
Jan 19 17:14:41 host unix_chkpwd[20442]: password check failed for user (root)
Jan 19 17:14:41 host sshd[20393]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:14:43 host sshd[20393]: Failed password for invalid user root from 185.220.102.243 port 25435 ssh2
Jan 19 17:14:43 host unix_chkpwd[20476]: password check failed for user (root)
Jan 19 17:14:43 host sshd[20393]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:14:45 host sshd[20393]: Failed password for invalid user root from 185.220.102.243 port 25435 ssh2
Jan 19 17:15:41 host sshd[20674]: User root from 5.255.97.170 not allowed because not listed in AllowUsers
Jan 19 17:15:41 host sshd[20674]: input_userauth_request: invalid user root [preauth]
Jan 19 17:15:41 host unix_chkpwd[20686]: password check failed for user (root)
Jan 19 17:15:41 host sshd[20674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.255.97.170 user=root
Jan 19 17:15:41 host sshd[20674]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:15:43 host sshd[20674]: Failed password for invalid user root from 5.255.97.170 port 40178 ssh2
Jan 19 17:15:44 host unix_chkpwd[20703]: password check failed for user (root)
Jan 19 17:15:44 host sshd[20674]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:15:46 host sshd[20674]: Failed password for invalid user root from 5.255.97.170 port 40178 ssh2
Jan 19 17:15:47 host unix_chkpwd[20708]: password check failed for user (root)
Jan 19 17:15:47 host sshd[20674]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:15:48 host sshd[20674]: Failed password for invalid user root from 5.255.97.170 port 40178 ssh2
Jan 19 17:15:49 host unix_chkpwd[20713]: password check failed for user (root)
Jan 19 17:15:49 host sshd[20674]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:15:51 host sshd[20674]: Failed password for invalid user root from 5.255.97.170 port 40178 ssh2
Jan 19 17:15:53 host unix_chkpwd[20717]: password check failed for user (root)
Jan 19 17:15:53 host sshd[20674]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:15:54 host sshd[20674]: Failed password for invalid user root from 5.255.97.170 port 40178 ssh2
Jan 19 17:16:40 host sshd[20859]: User root from 185.220.101.187 not allowed because not listed in AllowUsers
Jan 19 17:16:40 host sshd[20859]: input_userauth_request: invalid user root [preauth]
Jan 19 17:16:40 host unix_chkpwd[20868]: password check failed for user (root)
Jan 19 17:16:40 host sshd[20859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.101.187 user=root
Jan 19 17:16:40 host sshd[20859]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:16:41 host sshd[20859]: Failed password for invalid user root from 185.220.101.187 port 22916 ssh2
Jan 19 17:16:42 host unix_chkpwd[20870]: password check failed for user (root)
Jan 19 17:16:42 host sshd[20859]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:16:44 host sshd[20859]: Failed password for invalid user root from 185.220.101.187 port 22916 ssh2
Jan 19 17:16:44 host unix_chkpwd[20880]: password check failed for user (root)
Jan 19 17:16:44 host sshd[20859]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:16:47 host sshd[20859]: Failed password for invalid user root from 185.220.101.187 port 22916 ssh2
Jan 19 17:16:47 host unix_chkpwd[20885]: password check failed for user (root)
Jan 19 17:16:47 host sshd[20859]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:16:49 host sshd[20859]: Failed password for invalid user root from 185.220.101.187 port 22916 ssh2
Jan 19 17:16:50 host unix_chkpwd[20909]: password check failed for user (root)
Jan 19 17:16:50 host sshd[20859]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:16:52 host sshd[20859]: Failed password for invalid user root from 185.220.101.187 port 22916 ssh2
Jan 19 17:17:22 host sshd[20970]: User root from 185.220.102.249 not allowed because not listed in AllowUsers
Jan 19 17:17:22 host sshd[20970]: input_userauth_request: invalid user root [preauth]
Jan 19 17:17:22 host unix_chkpwd[20974]: password check failed for user (root)
Jan 19 17:17:22 host sshd[20970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.249 user=root
Jan 19 17:17:22 host sshd[20970]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:17:24 host sshd[20970]: Failed password for invalid user root from 185.220.102.249 port 44235 ssh2
Jan 19 17:17:25 host unix_chkpwd[20979]: password check failed for user (root)
Jan 19 17:17:25 host sshd[20970]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 17:17:27 host sshd[20970]: Failed password for invalid user root from 185.220.102.249 port 44235 ssh2
Jan 19 17:17:28 host sshd[20970]: Connection closed by 185.220.102.249 port 44235 [preauth]
Jan 19 17:17:28 host sshd[20970]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.102.249 user=root
Jan 19 17:18:32 host sshd[21142]: Connection reset by 121.128.171.245 port 60644 [preauth]
Jan 19 17:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=a2zgroup user-2=dartsimp user-3=laundryboniface user-4=cochintaxi user-5=wwwkaretakers user-6=travelboniface user-7=keralaholi user-8=wwwresourcehunte user-9=wwwrmswll user-10=ugotscom user-11=wwwpmcresource user-12=vfmassets user-13=shalinijames user-14=wwwtestugo user-15=pmcresources user-16=wwwkmaorg user-17=disposeat user-18=remysagr user-19=woodpeck user-20=wwwkapin user-21=palco123 user-22=gifterman user-23=phmetals user-24=kottayamcalldriv user-25=wwwnexidigital user-26=mrsclean user-27=bonifacegroup user-28=wwwevmhonda user-29=wwwletsstalkfood user-30=straightcurve feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 17:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-QYBrWnANXAjzglwu.~
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-QYBrWnANXAjzglwu.~'
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-QYBrWnANXAjzglwu.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 17:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 17:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 17:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 17:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 17:39:07 host sshd[24320]: Invalid user sFTPUser from 171.7.29.131 port 46928
Jan 19 17:39:07 host sshd[24320]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 19 17:39:07 host sshd[24320]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 17:39:07 host sshd[24320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.7.29.131
Jan 19 17:39:10 host sshd[24320]: Failed password for invalid user sFTPUser from 171.7.29.131 port 46928 ssh2
Jan 19 17:39:10 host sshd[24320]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 17:39:12 host sshd[24320]: Failed password for invalid user sFTPUser from 171.7.29.131 port 46928 ssh2
Jan 19 17:39:12 host sshd[24320]: Connection reset by 171.7.29.131 port 46928 [preauth]
Jan 19 17:39:12 host sshd[24320]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.7.29.131
Jan 19 17:42:15 host sshd[24767]: Connection reset by 122.117.91.252 port 36357 [preauth]
Jan 19 17:51:38 host sshd[25960]: Invalid user zyfwp from 112.160.9.96 port 61028
Jan 19 17:51:38 host sshd[25960]: input_userauth_request: invalid user zyfwp [preauth]
Jan 19 17:51:38 host sshd[25960]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 17:51:38 host sshd[25960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.160.9.96
Jan 19 17:51:40 host sshd[25960]: Failed password for invalid user zyfwp from 112.160.9.96 port 61028 ssh2
Jan 19 17:51:40 host sshd[25960]: Connection reset by 112.160.9.96 port 61028 [preauth]
Jan 19 18:04:40 host sshd[27692]: Invalid user pi from 1.34.159.50 port 43163
Jan 19 18:04:40 host sshd[27692]: input_userauth_request: invalid user pi [preauth]
Jan 19 18:04:40 host sshd[27692]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:04:40 host sshd[27692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.159.50
Jan 19 18:04:42 host sshd[27692]: Failed password for invalid user pi from 1.34.159.50 port 43163 ssh2
Jan 19 18:04:42 host sshd[27692]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:04:44 host sshd[27692]: Failed password for invalid user pi from 1.34.159.50 port 43163 ssh2
Jan 19 18:04:44 host sshd[27692]: Connection reset by 1.34.159.50 port 43163 [preauth]
Jan 19 18:04:44 host sshd[27692]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.159.50
Jan 19 18:06:16 host sshd[27990]: User root from 114.33.1.109 not allowed because not listed in AllowUsers
Jan 19 18:06:16 host sshd[27990]: input_userauth_request: invalid user root [preauth]
Jan 19 18:06:16 host unix_chkpwd[27995]: password check failed for user (root)
Jan 19 18:06:16 host sshd[27990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.1.109 user=root
Jan 19 18:06:16 host sshd[27990]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 18:06:18 host sshd[27988]: User root from 114.33.1.109 not allowed because not listed in AllowUsers
Jan 19 18:06:18 host sshd[27988]: input_userauth_request: invalid user root [preauth]
Jan 19 18:06:18 host unix_chkpwd[27998]: password check failed for user (root)
Jan 19 18:06:18 host sshd[27988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.1.109 user=root
Jan 19 18:06:18 host sshd[27988]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 18:06:18 host sshd[27990]: Failed password for invalid user root from 114.33.1.109 port 35563 ssh2
Jan 19 18:06:19 host unix_chkpwd[28006]: password check failed for user (root)
Jan 19 18:06:19 host sshd[27990]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 18:06:19 host sshd[27988]: Failed password for invalid user root from 114.33.1.109 port 35577 ssh2
Jan 19 18:06:20 host unix_chkpwd[28008]: password check failed for user (root)
Jan 19 18:06:20 host sshd[27988]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 18:06:21 host sshd[27990]: Failed password for invalid user root from 114.33.1.109 port 35563 ssh2
Jan 19 18:06:22 host sshd[27988]: Failed password for invalid user root from 114.33.1.109 port 35577 ssh2
Jan 19 18:17:29 host sshd[29655]: Invalid user jacob from 107.189.30.59 port 32848
Jan 19 18:17:29 host sshd[29655]: input_userauth_request: invalid user jacob [preauth]
Jan 19 18:17:29 host sshd[29655]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:17:29 host sshd[29655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 19 18:17:32 host sshd[29655]: Failed password for invalid user jacob from 107.189.30.59 port 32848 ssh2
Jan 19 18:17:32 host sshd[29655]: Connection closed by 107.189.30.59 port 32848 [preauth]
Jan 19 18:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkaretakers user-2=cochintaxi user-3=laundryboniface user-4=dartsimp user-5=a2zgroup user-6=wwwpmcresource user-7=ugotscom user-8=wwwrmswll user-9=keralaholi user-10=wwwresourcehunte user-11=travelboniface user-12=wwwkapin user-13=woodpeck user-14=wwwkmaorg user-15=disposeat user-16=remysagr user-17=pmcresources user-18=wwwtestugo user-19=shalinijames user-20=vfmassets user-21=straightcurve user-22=wwwletsstalkfood user-23=wwwevmhonda user-24=bonifacegroup user-25=wwwnexidigital user-26=mrsclean user-27=kottayamcalldriv user-28=phmetals user-29=gifterman user-30=palco123 feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 18:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-RDepXqXzBSGGMlrc.~
Jan 19 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-RDepXqXzBSGGMlrc.~'
Jan 19 18:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-RDepXqXzBSGGMlrc.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 18:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 18:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 18:21:10 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 18:21:10 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 18:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 18:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 18:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 18:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 18:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 18:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 18:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 18:25:05 host sshd[30818]: Connection closed by 45.79.181.223 port 46872 [preauth]
Jan 19 18:25:08 host sshd[30825]: Connection closed by 45.79.181.223 port 64802 [preauth]
Jan 19 18:25:11 host sshd[30835]: Connection closed by 45.79.181.223 port 64818 [preauth]
Jan 19 18:25:25 host sshd[30866]: Invalid user mm from 49.248.17.3 port 57150
Jan 19 18:25:25 host sshd[30866]: input_userauth_request: invalid user mm [preauth]
Jan 19 18:25:25 host sshd[30866]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:25:25 host sshd[30866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.17.3
Jan 19 18:25:26 host sshd[30866]: Failed password for invalid user mm from 49.248.17.3 port 57150 ssh2
Jan 19 18:25:26 host sshd[30866]: Received disconnect from 49.248.17.3 port 57150:11: Bye Bye [preauth]
Jan 19 18:25:26 host sshd[30866]: Disconnected from 49.248.17.3 port 57150 [preauth]
Jan 19 18:27:08 host sshd[31180]: Invalid user asterisk from 200.70.56.202 port 34596
Jan 19 18:27:08 host sshd[31180]: input_userauth_request: invalid user asterisk [preauth]
Jan 19 18:27:08 host sshd[31180]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:27:08 host sshd[31180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.70.56.202
Jan 19 18:27:09 host sshd[31185]: Invalid user db2inst1 from 103.240.110.130 port 55698
Jan 19 18:27:09 host sshd[31185]: input_userauth_request: invalid user db2inst1 [preauth]
Jan 19 18:27:09 host sshd[31185]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:27:09 host sshd[31185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.240.110.130
Jan 19 18:27:11 host sshd[31180]: Failed password for invalid user asterisk from 200.70.56.202 port 34596 ssh2
Jan 19 18:27:11 host sshd[31185]: Failed password for invalid user db2inst1 from 103.240.110.130 port 55698 ssh2
Jan 19 18:27:11 host sshd[31185]: Received disconnect from 103.240.110.130 port 55698:11: Bye Bye [preauth]
Jan 19 18:27:11 host sshd[31185]: Disconnected from 103.240.110.130 port 55698 [preauth]
Jan 19 18:27:11 host sshd[31180]: Received disconnect from 200.70.56.202 port 34596:11: Bye Bye [preauth]
Jan 19 18:27:11 host sshd[31180]: Disconnected from 200.70.56.202 port 34596 [preauth]
Jan 19 18:27:12 host sshd[31189]: Invalid user uftp from 165.227.64.86 port 42012
Jan 19 18:27:12 host sshd[31189]: input_userauth_request: invalid user uftp [preauth]
Jan 19 18:27:12 host sshd[31189]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:27:12 host sshd[31189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.64.86
Jan 19 18:27:14 host sshd[31189]: Failed password for invalid user uftp from 165.227.64.86 port 42012 ssh2
Jan 19 18:27:14 host sshd[31189]: Received disconnect from 165.227.64.86 port 42012:11: Bye Bye [preauth]
Jan 19 18:27:14 host sshd[31189]: Disconnected from 165.227.64.86 port 42012 [preauth]
Jan 19 18:29:37 host sshd[31511]: Invalid user vnc from 138.0.239.70 port 52664
Jan 19 18:29:37 host sshd[31511]: input_userauth_request: invalid user vnc [preauth]
Jan 19 18:29:37 host sshd[31511]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:29:37 host sshd[31511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.0.239.70
Jan 19 18:29:39 host sshd[31511]: Failed password for invalid user vnc from 138.0.239.70 port 52664 ssh2
Jan 19 18:29:40 host sshd[31511]: Received disconnect from 138.0.239.70 port 52664:11: Bye Bye [preauth]
Jan 19 18:29:40 host sshd[31511]: Disconnected from 138.0.239.70 port 52664 [preauth]
Jan 19 18:30:01 host sshd[31565]: Invalid user factorio from 202.139.199.93 port 45796
Jan 19 18:30:01 host sshd[31565]: input_userauth_request: invalid user factorio [preauth]
Jan 19 18:30:01 host sshd[31565]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:30:01 host sshd[31565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.199.93
Jan 19 18:30:03 host sshd[31565]: Failed password for invalid user factorio from 202.139.199.93 port 45796 ssh2
Jan 19 18:30:03 host sshd[31565]: Received disconnect from 202.139.199.93 port 45796:11: Bye Bye [preauth]
Jan 19 18:30:03 host sshd[31565]: Disconnected from 202.139.199.93 port 45796 [preauth]
Jan 19 18:31:06 host sshd[31741]: Invalid user scanner from 49.248.17.3 port 44286
Jan 19 18:31:06 host sshd[31741]: input_userauth_request: invalid user scanner [preauth]
Jan 19 18:31:06 host sshd[31741]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:31:06 host sshd[31741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.17.3
Jan 19 18:31:08 host sshd[31741]: Failed password for invalid user scanner from 49.248.17.3 port 44286 ssh2
Jan 19 18:31:08 host sshd[31741]: Received disconnect from 49.248.17.3 port 44286:11: Bye Bye [preauth]
Jan 19 18:31:08 host sshd[31741]: Disconnected from 49.248.17.3 port 44286 [preauth]
Jan 19 18:31:15 host sshd[31758]: Invalid user samba from 103.115.24.11 port 50894
Jan 19 18:31:15 host sshd[31758]: input_userauth_request: invalid user samba [preauth]
Jan 19 18:31:15 host sshd[31758]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:31:15 host sshd[31758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.24.11
Jan 19 18:31:17 host sshd[31758]: Failed password for invalid user samba from 103.115.24.11 port 50894 ssh2
Jan 19 18:31:17 host sshd[31758]: Received disconnect from 103.115.24.11 port 50894:11: Bye Bye [preauth]
Jan 19 18:31:17 host sshd[31758]: Disconnected from 103.115.24.11 port 50894 [preauth]
Jan 19 18:31:23 host sshd[31773]: Invalid user nvidia from 165.227.64.86 port 57232
Jan 19 18:31:23 host sshd[31773]: input_userauth_request: invalid user nvidia [preauth]
Jan 19 18:31:23 host sshd[31773]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:31:23 host sshd[31773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.64.86
Jan 19 18:31:25 host sshd[31773]: Failed password for invalid user nvidia from 165.227.64.86 port 57232 ssh2
Jan 19 18:31:25 host sshd[31773]: Received disconnect from 165.227.64.86 port 57232:11: Bye Bye [preauth]
Jan 19 18:31:25 host sshd[31773]: Disconnected from 165.227.64.86 port 57232 [preauth]
Jan 19 18:31:34 host sshd[31813]: Invalid user apagar from 202.139.199.93 port 44798
Jan 19 18:31:34 host sshd[31813]: input_userauth_request: invalid user apagar [preauth]
Jan 19 18:31:34 host sshd[31813]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:31:34 host sshd[31813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.199.93
Jan 19 18:31:36 host sshd[31813]: Failed password for invalid user apagar from 202.139.199.93 port 44798 ssh2
Jan 19 18:31:36 host sshd[31813]: Received disconnect from 202.139.199.93 port 44798:11: Bye Bye [preauth]
Jan 19 18:31:36 host sshd[31813]: Disconnected from 202.139.199.93 port 44798 [preauth]
Jan 19 18:31:50 host sshd[31842]: Invalid user hdfs from 43.155.130.86 port 53444
Jan 19 18:31:50 host sshd[31842]: input_userauth_request: invalid user hdfs [preauth]
Jan 19 18:31:50 host sshd[31842]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:31:50 host sshd[31842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.155.130.86
Jan 19 18:31:53 host sshd[31842]: Failed password for invalid user hdfs from 43.155.130.86 port 53444 ssh2
Jan 19 18:31:53 host sshd[31842]: Received disconnect from 43.155.130.86 port 53444:11: Bye Bye [preauth]
Jan 19 18:31:53 host sshd[31842]: Disconnected from 43.155.130.86 port 53444 [preauth]
Jan 19 18:32:09 host sshd[31888]: Invalid user elastic from 138.0.239.70 port 55292
Jan 19 18:32:09 host sshd[31888]: input_userauth_request: invalid user elastic [preauth]
Jan 19 18:32:09 host sshd[31888]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:32:09 host sshd[31888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.0.239.70
Jan 19 18:32:10 host sshd[31888]: Failed password for invalid user elastic from 138.0.239.70 port 55292 ssh2
Jan 19 18:32:11 host sshd[31888]: Received disconnect from 138.0.239.70 port 55292:11: Bye Bye [preauth]
Jan 19 18:32:11 host sshd[31888]: Disconnected from 138.0.239.70 port 55292 [preauth]
Jan 19 18:32:18 host sshd[31907]: Invalid user master from 103.240.110.130 port 45710
Jan 19 18:32:18 host sshd[31907]: input_userauth_request: invalid user master [preauth]
Jan 19 18:32:18 host sshd[31907]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:32:18 host sshd[31907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.240.110.130
Jan 19 18:32:20 host sshd[31907]: Failed password for invalid user master from 103.240.110.130 port 45710 ssh2
Jan 19 18:32:20 host sshd[31907]: Received disconnect from 103.240.110.130 port 45710:11: Bye Bye [preauth]
Jan 19 18:32:20 host sshd[31907]: Disconnected from 103.240.110.130 port 45710 [preauth]
Jan 19 18:32:21 host sshd[31911]: Invalid user administrator from 165.227.64.86 port 51900
Jan 19 18:32:21 host sshd[31911]: input_userauth_request: invalid user administrator [preauth]
Jan 19 18:32:21 host sshd[31911]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:32:21 host sshd[31911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.64.86
Jan 19 18:32:23 host sshd[31911]: Failed password for invalid user administrator from 165.227.64.86 port 51900 ssh2
Jan 19 18:32:23 host sshd[31911]: Received disconnect from 165.227.64.86 port 51900:11: Bye Bye [preauth]
Jan 19 18:32:23 host sshd[31911]: Disconnected from 165.227.64.86 port 51900 [preauth]
Jan 19 18:32:25 host sshd[31920]: Invalid user ventas from 49.248.17.3 port 40188
Jan 19 18:32:25 host sshd[31920]: input_userauth_request: invalid user ventas [preauth]
Jan 19 18:32:25 host sshd[31920]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:32:25 host sshd[31920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.17.3
Jan 19 18:32:27 host sshd[31920]: Failed password for invalid user ventas from 49.248.17.3 port 40188 ssh2
Jan 19 18:32:27 host sshd[31920]: Received disconnect from 49.248.17.3 port 40188:11: Bye Bye [preauth]
Jan 19 18:32:27 host sshd[31920]: Disconnected from 49.248.17.3 port 40188 [preauth]
Jan 19 18:32:53 host sshd[32158]: Invalid user usuario from 202.139.199.93 port 38378
Jan 19 18:32:53 host sshd[32158]: input_userauth_request: invalid user usuario [preauth]
Jan 19 18:32:53 host sshd[32158]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:32:53 host sshd[32158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.199.93
Jan 19 18:32:55 host sshd[32158]: Failed password for invalid user usuario from 202.139.199.93 port 38378 ssh2
Jan 19 18:32:55 host sshd[32158]: Received disconnect from 202.139.199.93 port 38378:11: Bye Bye [preauth]
Jan 19 18:32:55 host sshd[32158]: Disconnected from 202.139.199.93 port 38378 [preauth]
Jan 19 18:33:09 host sshd[32230]: Invalid user tom from 200.70.56.202 port 60694
Jan 19 18:33:09 host sshd[32230]: input_userauth_request: invalid user tom [preauth]
Jan 19 18:33:09 host sshd[32230]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:33:09 host sshd[32230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.70.56.202
Jan 19 18:33:11 host sshd[32230]: Failed password for invalid user tom from 200.70.56.202 port 60694 ssh2
Jan 19 18:33:11 host sshd[32230]: Received disconnect from 200.70.56.202 port 60694:11: Bye Bye [preauth]
Jan 19 18:33:11 host sshd[32230]: Disconnected from 200.70.56.202 port 60694 [preauth]
Jan 19 18:33:15 host sshd[32243]: Invalid user test from 43.155.130.86 port 44446
Jan 19 18:33:15 host sshd[32243]: input_userauth_request: invalid user test [preauth]
Jan 19 18:33:15 host sshd[32243]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:33:15 host sshd[32243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.155.130.86
Jan 19 18:33:17 host sshd[32249]: Invalid user user8 from 103.115.24.11 port 45182
Jan 19 18:33:17 host sshd[32249]: input_userauth_request: invalid user user8 [preauth]
Jan 19 18:33:17 host sshd[32249]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:33:17 host sshd[32249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.24.11
Jan 19 18:33:17 host sshd[32243]: Failed password for invalid user test from 43.155.130.86 port 44446 ssh2
Jan 19 18:33:17 host sshd[32243]: Received disconnect from 43.155.130.86 port 44446:11: Bye Bye [preauth]
Jan 19 18:33:17 host sshd[32243]: Disconnected from 43.155.130.86 port 44446 [preauth]
Jan 19 18:33:19 host sshd[32249]: Failed password for invalid user user8 from 103.115.24.11 port 45182 ssh2
Jan 19 18:33:19 host sshd[32249]: Received disconnect from 103.115.24.11 port 45182:11: Bye Bye [preauth]
Jan 19 18:33:19 host sshd[32249]: Disconnected from 103.115.24.11 port 45182 [preauth]
Jan 19 18:33:32 host sshd[32295]: Invalid user glenn from 138.0.239.70 port 50254
Jan 19 18:33:32 host sshd[32295]: input_userauth_request: invalid user glenn [preauth]
Jan 19 18:33:32 host sshd[32295]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:33:32 host sshd[32295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.0.239.70
Jan 19 18:33:35 host sshd[32295]: Failed password for invalid user glenn from 138.0.239.70 port 50254 ssh2
Jan 19 18:33:35 host sshd[32295]: Received disconnect from 138.0.239.70 port 50254:11: Bye Bye [preauth]
Jan 19 18:33:35 host sshd[32295]: Disconnected from 138.0.239.70 port 50254 [preauth]
Jan 19 18:33:56 host sshd[32377]: Invalid user temp from 103.240.110.130 port 44558
Jan 19 18:33:56 host sshd[32377]: input_userauth_request: invalid user temp [preauth]
Jan 19 18:33:56 host sshd[32377]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:33:56 host sshd[32377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.240.110.130
Jan 19 18:33:58 host sshd[32377]: Failed password for invalid user temp from 103.240.110.130 port 44558 ssh2
Jan 19 18:34:29 host sshd[32492]: Invalid user david from 43.155.130.86 port 52702
Jan 19 18:34:29 host sshd[32492]: input_userauth_request: invalid user david [preauth]
Jan 19 18:34:29 host sshd[32492]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:34:29 host sshd[32492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.155.130.86
Jan 19 18:34:31 host sshd[32492]: Failed password for invalid user david from 43.155.130.86 port 52702 ssh2
Jan 19 18:34:31 host sshd[32492]: Received disconnect from 43.155.130.86 port 52702:11: Bye Bye [preauth]
Jan 19 18:34:31 host sshd[32492]: Disconnected from 43.155.130.86 port 52702 [preauth]
Jan 19 18:34:57 host sshd[32581]: Invalid user www from 103.115.24.11 port 60436
Jan 19 18:34:57 host sshd[32581]: input_userauth_request: invalid user www [preauth]
Jan 19 18:34:57 host sshd[32581]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:34:57 host sshd[32581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.24.11
Jan 19 18:35:00 host sshd[32581]: Failed password for invalid user www from 103.115.24.11 port 60436 ssh2
Jan 19 18:35:00 host sshd[32581]: Received disconnect from 103.115.24.11 port 60436:11: Bye Bye [preauth]
Jan 19 18:35:00 host sshd[32581]: Disconnected from 103.115.24.11 port 60436 [preauth]
Jan 19 18:35:01 host sshd[32586]: Invalid user ts2 from 200.70.56.202 port 60150
Jan 19 18:35:01 host sshd[32586]: input_userauth_request: invalid user ts2 [preauth]
Jan 19 18:35:01 host sshd[32586]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:35:01 host sshd[32586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.70.56.202
Jan 19 18:35:04 host sshd[32586]: Failed password for invalid user ts2 from 200.70.56.202 port 60150 ssh2
Jan 19 18:45:09 host sshd[1757]: User root from 220.134.100.207 not allowed because not listed in AllowUsers
Jan 19 18:45:09 host sshd[1757]: input_userauth_request: invalid user root [preauth]
Jan 19 18:45:09 host unix_chkpwd[1762]: password check failed for user (root)
Jan 19 18:45:09 host sshd[1757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.100.207 user=root
Jan 19 18:45:09 host sshd[1757]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 18:45:11 host sshd[1757]: Failed password for invalid user root from 220.134.100.207 port 52660 ssh2
Jan 19 18:45:12 host unix_chkpwd[1766]: password check failed for user (root)
Jan 19 18:45:12 host sshd[1757]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 18:45:14 host sshd[1757]: Failed password for invalid user root from 220.134.100.207 port 52660 ssh2
Jan 19 18:45:15 host sshd[1757]: Connection reset by 220.134.100.207 port 52660 [preauth]
Jan 19 18:45:15 host sshd[1757]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.100.207 user=root
Jan 19 18:45:28 host sshd[1799]: Invalid user gn from 194.110.203.109 port 56770
Jan 19 18:45:28 host sshd[1799]: input_userauth_request: invalid user gn [preauth]
Jan 19 18:45:28 host sshd[1799]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:45:28 host sshd[1799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 18:45:30 host sshd[1799]: Failed password for invalid user gn from 194.110.203.109 port 56770 ssh2
Jan 19 18:45:34 host sshd[1799]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:45:36 host sshd[1799]: Failed password for invalid user gn from 194.110.203.109 port 56770 ssh2
Jan 19 18:45:39 host sshd[1799]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:45:42 host sshd[1799]: Failed password for invalid user gn from 194.110.203.109 port 56770 ssh2
Jan 19 18:45:45 host sshd[1799]: Connection closed by 194.110.203.109 port 56770 [preauth]
Jan 19 18:45:45 host sshd[1799]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 18:46:16 host sshd[1902]: Invalid user nginx from 175.200.90.176 port 60705
Jan 19 18:46:16 host sshd[1902]: input_userauth_request: invalid user nginx [preauth]
Jan 19 18:46:16 host sshd[1902]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:46:16 host sshd[1902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.200.90.176
Jan 19 18:46:19 host sshd[1902]: Failed password for invalid user nginx from 175.200.90.176 port 60705 ssh2
Jan 19 18:46:19 host sshd[1902]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:46:22 host sshd[1902]: Failed password for invalid user nginx from 175.200.90.176 port 60705 ssh2
Jan 19 18:46:23 host sshd[1902]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:46:24 host sshd[1902]: Failed password for invalid user nginx from 175.200.90.176 port 60705 ssh2
Jan 19 18:46:25 host sshd[1902]: Failed password for invalid user nginx from 175.200.90.176 port 60705 ssh2
Jan 19 18:46:26 host sshd[1902]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:46:28 host sshd[1902]: Failed password for invalid user nginx from 175.200.90.176 port 60705 ssh2
Jan 19 18:54:08 host sshd[2950]: Invalid user ubuntu from 59.11.37.70 port 59543
Jan 19 18:54:08 host sshd[2950]: input_userauth_request: invalid user ubuntu [preauth]
Jan 19 18:54:08 host sshd[2950]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:54:08 host sshd[2950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.11.37.70
Jan 19 18:54:10 host sshd[2950]: Failed password for invalid user ubuntu from 59.11.37.70 port 59543 ssh2
Jan 19 18:54:12 host sshd[2950]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:54:14 host sshd[2950]: Failed password for invalid user ubuntu from 59.11.37.70 port 59543 ssh2
Jan 19 18:54:15 host sshd[2950]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:54:17 host sshd[2950]: Failed password for invalid user ubuntu from 59.11.37.70 port 59543 ssh2
Jan 19 18:54:18 host sshd[2950]: Failed password for invalid user ubuntu from 59.11.37.70 port 59543 ssh2
Jan 19 18:54:19 host sshd[2950]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:54:21 host sshd[2950]: Failed password for invalid user ubuntu from 59.11.37.70 port 59543 ssh2
Jan 19 18:54:21 host sshd[2950]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:54:24 host sshd[2950]: Failed password for invalid user ubuntu from 59.11.37.70 port 59543 ssh2
Jan 19 18:54:24 host sshd[2950]: error: maximum authentication attempts exceeded for invalid user ubuntu from 59.11.37.70 port 59543 ssh2 [preauth]
Jan 19 18:54:24 host sshd[2950]: Disconnecting: Too many authentication failures [preauth]
Jan 19 18:54:24 host sshd[2950]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.11.37.70
Jan 19 18:54:24 host sshd[2950]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 19 18:55:17 host sshd[3217]: Invalid user ubnt from 114.33.46.107 port 47744
Jan 19 18:55:17 host sshd[3217]: input_userauth_request: invalid user ubnt [preauth]
Jan 19 18:55:17 host sshd[3217]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:55:17 host sshd[3217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.46.107
Jan 19 18:55:19 host sshd[3217]: Failed password for invalid user ubnt from 114.33.46.107 port 47744 ssh2
Jan 19 18:55:21 host sshd[3217]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:55:23 host sshd[3217]: Failed password for invalid user ubnt from 114.33.46.107 port 47744 ssh2
Jan 19 18:55:24 host sshd[3217]: Failed password for invalid user ubnt from 114.33.46.107 port 47744 ssh2
Jan 19 18:55:25 host sshd[3217]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 18:55:27 host sshd[3217]: Failed password for invalid user ubnt from 114.33.46.107 port 47744 ssh2
Jan 19 19:07:38 host sshd[4879]: Invalid user vadmin from 114.32.168.57 port 40515
Jan 19 19:07:38 host sshd[4879]: input_userauth_request: invalid user vadmin [preauth]
Jan 19 19:07:38 host sshd[4879]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 19:07:38 host sshd[4879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.168.57
Jan 19 19:07:41 host sshd[4879]: Failed password for invalid user vadmin from 114.32.168.57 port 40515 ssh2
Jan 19 19:07:41 host sshd[4879]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 19:07:43 host sshd[4879]: Failed password for invalid user vadmin from 114.32.168.57 port 40515 ssh2
Jan 19 19:07:44 host sshd[4879]: Failed password for invalid user vadmin from 114.32.168.57 port 40515 ssh2
Jan 19 19:07:44 host sshd[4879]: Connection closed by 114.32.168.57 port 40515 [preauth]
Jan 19 19:07:44 host sshd[4879]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.168.57
Jan 19 19:18:17 host sshd[6657]: Invalid user test from 67.205.135.136 port 57930
Jan 19 19:18:17 host sshd[6657]: input_userauth_request: invalid user test [preauth]
Jan 19 19:18:17 host sshd[6657]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 19:18:17 host sshd[6657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.205.135.136
Jan 19 19:18:19 host sshd[6657]: Failed password for invalid user test from 67.205.135.136 port 57930 ssh2
Jan 19 19:18:19 host sshd[6657]: Received disconnect from 67.205.135.136 port 57930:11: Bye Bye [preauth]
Jan 19 19:18:19 host sshd[6657]: Disconnected from 67.205.135.136 port 57930 [preauth]
Jan 19 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=cochintaxi user-2=wwwkaretakers user-3=laundryboniface user-4=dartsimp user-5=a2zgroup user-6=wwwpmcresource user-7=ugotscom user-8=wwwrmswll user-9=wwwresourcehunte user-10=keralaholi user-11=travelboniface user-12=woodpeck user-13=wwwkapin user-14=disposeat user-15=wwwkmaorg user-16=remysagr user-17=pmcresources user-18=wwwtestugo user-19=shalinijames user-20=vfmassets user-21=wwwletsstalkfood user-22=straightcurve user-23=wwwevmhonda user-24=bonifacegroup user-25=wwwnexidigital user-26=mrsclean user-27=phmetals user-28=kottayamcalldriv user-29=gifterman user-30=palco123 feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 19:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-bH1cEGnqFHU49Vgg.~
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-bH1cEGnqFHU49Vgg.~'
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-bH1cEGnqFHU49Vgg.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 19:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 19:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 19:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 19:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 19:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 19:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 19:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 19:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 19:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 19:23:24 host sshd[7570]: Invalid user super from 131.129.129.40 port 45816
Jan 19 19:23:24 host sshd[7570]: input_userauth_request: invalid user super [preauth]
Jan 19 19:23:24 host sshd[7570]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 19:23:24 host sshd[7570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=131.129.129.40
Jan 19 19:23:26 host sshd[7570]: Failed password for invalid user super from 131.129.129.40 port 45816 ssh2
Jan 19 19:23:26 host sshd[7570]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 19:23:27 host sshd[7574]: Invalid user hikvision from 131.129.129.40 port 45804
Jan 19 19:23:27 host sshd[7574]: input_userauth_request: invalid user hikvision [preauth]
Jan 19 19:23:27 host sshd[7574]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 19:23:27 host sshd[7574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=131.129.129.40
Jan 19 19:23:28 host sshd[7570]: Failed password for invalid user super from 131.129.129.40 port 45816 ssh2
Jan 19 19:23:28 host sshd[7570]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 19:23:29 host sshd[7574]: Failed password for invalid user hikvision from 131.129.129.40 port 45804 ssh2
Jan 19 19:23:29 host sshd[7574]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 19:23:30 host sshd[7570]: Failed password for invalid user super from 131.129.129.40 port 45816 ssh2
Jan 19 19:23:30 host sshd[7570]: Connection reset by 131.129.129.40 port 45816 [preauth]
Jan 19 19:23:30 host sshd[7570]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=131.129.129.40
Jan 19 19:23:31 host sshd[7574]: Failed password for invalid user hikvision from 131.129.129.40 port 45804 ssh2
Jan 19 19:23:31 host sshd[7574]: Connection reset by 131.129.129.40 port 45804 [preauth]
Jan 19 19:23:31 host sshd[7574]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=131.129.129.40
Jan 19 19:30:32 host sshd[8701]: Invalid user jupyter from 130.61.228.129 port 35942
Jan 19 19:30:32 host sshd[8701]: input_userauth_request: invalid user jupyter [preauth]
Jan 19 19:30:32 host sshd[8701]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 19:30:32 host sshd[8701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.228.129
Jan 19 19:30:34 host sshd[8701]: Failed password for invalid user jupyter from 130.61.228.129 port 35942 ssh2
Jan 19 19:30:34 host sshd[8701]: Received disconnect from 130.61.228.129 port 35942:11: Bye Bye [preauth]
Jan 19 19:30:34 host sshd[8701]: Disconnected from 130.61.228.129 port 35942 [preauth]
Jan 19 19:31:36 host sshd[8849]: Invalid user testuser from 130.61.228.129 port 51842
Jan 19 19:31:36 host sshd[8849]: input_userauth_request: invalid user testuser [preauth]
Jan 19 19:31:36 host sshd[8849]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 19:31:36 host sshd[8849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.228.129
Jan 19 19:31:38 host sshd[8849]: Failed password for invalid user testuser from 130.61.228.129 port 51842 ssh2
Jan 19 19:31:38 host sshd[8849]: Received disconnect from 130.61.228.129 port 51842:11: Bye Bye [preauth]
Jan 19 19:31:38 host sshd[8849]: Disconnected from 130.61.228.129 port 51842 [preauth]
Jan 19 19:32:05 host sshd[8908]: Invalid user test1 from 101.36.121.124 port 54914
Jan 19 19:32:05 host sshd[8908]: input_userauth_request: invalid user test1 [preauth]
Jan 19 19:32:05 host sshd[8908]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 19:32:05 host sshd[8908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.121.124
Jan 19 19:32:07 host sshd[8908]: Failed password for invalid user test1 from 101.36.121.124 port 54914 ssh2
Jan 19 19:32:07 host sshd[8908]: Received disconnect from 101.36.121.124 port 54914:11: Bye Bye [preauth]
Jan 19 19:32:07 host sshd[8908]: Disconnected from 101.36.121.124 port 54914 [preauth]
Jan 19 19:32:35 host sshd[8972]: User operator from 130.61.228.129 not allowed because not listed in AllowUsers
Jan 19 19:32:35 host sshd[8972]: input_userauth_request: invalid user operator [preauth]
Jan 19 19:32:35 host unix_chkpwd[8975]: password check failed for user (operator)
Jan 19 19:32:35 host sshd[8972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.228.129 user=operator
Jan 19 19:32:35 host sshd[8972]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "operator"
Jan 19 19:32:37 host sshd[8972]: Failed password for invalid user operator from 130.61.228.129 port 34417 ssh2
Jan 19 19:32:37 host sshd[8972]: Received disconnect from 130.61.228.129 port 34417:11: Bye Bye [preauth]
Jan 19 19:32:37 host sshd[8972]: Disconnected from 130.61.228.129 port 34417 [preauth]
Jan 19 19:33:32 host sshd[9119]: User sshd from 194.169.175.102 not allowed because not listed in AllowUsers
Jan 19 19:33:32 host sshd[9119]: input_userauth_request: invalid user sshd [preauth]
Jan 19 19:33:32 host unix_chkpwd[9124]: password check failed for user (sshd)
Jan 19 19:33:32 host sshd[9119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 user=sshd
Jan 19 19:33:32 host sshd[9119]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd"
Jan 19 19:33:34 host sshd[9119]: Failed password for invalid user sshd from 194.169.175.102 port 64779 ssh2
Jan 19 19:33:34 host sshd[9119]: Received disconnect from 194.169.175.102 port 64779:11: Client disconnecting normally [preauth]
Jan 19 19:33:34 host sshd[9119]: Disconnected from 194.169.175.102 port 64779 [preauth]
Jan 19 19:34:06 host sshd[9178]: Invalid user azureuser from 101.36.121.124 port 44158
Jan 19 19:34:06 host sshd[9178]: input_userauth_request: invalid user azureuser [preauth]
Jan 19 19:34:06 host sshd[9178]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 19:34:06 host sshd[9178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.121.124
Jan 19 19:34:09 host sshd[9178]: Failed password for invalid user azureuser from 101.36.121.124 port 44158 ssh2
Jan 19 19:34:09 host sshd[9178]: Received disconnect from 101.36.121.124 port 44158:11: Bye Bye [preauth]
Jan 19 19:34:09 host sshd[9178]: Disconnected from 101.36.121.124 port 44158 [preauth]
Jan 19 19:35:29 host sshd[9393]: Invalid user ftpadmin from 101.36.121.124 port 57848
Jan 19 19:35:29 host sshd[9393]: input_userauth_request: invalid user ftpadmin [preauth]
Jan 19 19:35:29 host sshd[9393]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 19:35:29 host sshd[9393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.121.124
Jan 19 19:35:31 host sshd[9393]: Failed password for invalid user ftpadmin from 101.36.121.124 port 57848 ssh2
Jan 19 19:35:31 host sshd[9393]: Received disconnect from 101.36.121.124 port 57848:11: Bye Bye [preauth]
Jan 19 19:35:31 host sshd[9393]: Disconnected from 101.36.121.124 port 57848 [preauth]
Jan 19 20:10:37 host sshd[14704]: Connection closed by 147.139.5.108 port 46874 [preauth]
Jan 19 20:18:24 host sshd[15811]: Invalid user super from 60.244.213.73 port 56993
Jan 19 20:18:24 host sshd[15811]: input_userauth_request: invalid user super [preauth]
Jan 19 20:18:24 host sshd[15811]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:18:24 host sshd[15811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.244.213.73
Jan 19 20:18:26 host sshd[15811]: Failed password for invalid user super from 60.244.213.73 port 56993 ssh2
Jan 19 20:18:27 host sshd[15811]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:18:29 host sshd[15811]: Failed password for invalid user super from 60.244.213.73 port 56993 ssh2
Jan 19 20:18:29 host sshd[15811]: Connection reset by 60.244.213.73 port 56993 [preauth]
Jan 19 20:18:29 host sshd[15811]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.244.213.73
Jan 19 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwletsstalkfood user-2=straightcurve user-3=bonifacegroup user-4=wwwevmhonda user-5=mrsclean user-6=wwwnexidigital user-7=palco123 user-8=gifterman user-9=phmetals user-10=kottayamcalldriv user-11=woodpeck user-12=wwwkapin user-13=wwwkmaorg user-14=disposeat user-15=remysagr user-16=pmcresources user-17=vfmassets user-18=shalinijames user-19=wwwtestugo user-20=wwwpmcresource user-21=keralaholi user-22=wwwresourcehunte user-23=wwwrmswll user-24=ugotscom user-25=travelboniface user-26=cochintaxi user-27=wwwkaretakers user-28=laundryboniface user-29=a2zgroup user-30=dartsimp feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 20:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-cxJWLLkuFY0R3PTa.~
Jan 19 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-cxJWLLkuFY0R3PTa.~'
Jan 19 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-cxJWLLkuFY0R3PTa.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 20:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 20:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 20:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 20:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 20:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 20:27:13 host sshd[17258]: Invalid user go from 194.110.203.109 port 59192
Jan 19 20:27:13 host sshd[17258]: input_userauth_request: invalid user go [preauth]
Jan 19 20:27:13 host sshd[17258]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:27:13 host sshd[17258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 20:27:15 host sshd[17258]: Failed password for invalid user go from 194.110.203.109 port 59192 ssh2
Jan 19 20:27:19 host sshd[17258]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:27:21 host sshd[17258]: Failed password for invalid user go from 194.110.203.109 port 59192 ssh2
Jan 19 20:27:24 host sshd[17258]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:27:26 host sshd[17258]: Failed password for invalid user go from 194.110.203.109 port 59192 ssh2
Jan 19 20:27:29 host sshd[17258]: Connection closed by 194.110.203.109 port 59192 [preauth]
Jan 19 20:27:29 host sshd[17258]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 20:32:36 host sshd[18004]: Invalid user pi from 220.134.6.194 port 33215
Jan 19 20:32:36 host sshd[18004]: input_userauth_request: invalid user pi [preauth]
Jan 19 20:32:36 host sshd[18004]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:32:36 host sshd[18004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.6.194
Jan 19 20:32:38 host sshd[18004]: Failed password for invalid user pi from 220.134.6.194 port 33215 ssh2
Jan 19 20:32:38 host sshd[18004]: Connection reset by 220.134.6.194 port 33215 [preauth]
Jan 19 20:36:30 host sshd[18562]: Invalid user Admin from 59.2.56.154 port 40388
Jan 19 20:36:30 host sshd[18562]: input_userauth_request: invalid user Admin [preauth]
Jan 19 20:36:30 host sshd[18562]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:36:30 host sshd[18562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.2.56.154
Jan 19 20:36:32 host sshd[18562]: Failed password for invalid user Admin from 59.2.56.154 port 40388 ssh2
Jan 19 20:36:38 host sshd[18562]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:36:40 host sshd[18562]: Failed password for invalid user Admin from 59.2.56.154 port 40388 ssh2
Jan 19 20:36:42 host sshd[18562]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:36:44 host sshd[18562]: Failed password for invalid user Admin from 59.2.56.154 port 40388 ssh2
Jan 19 20:36:45 host sshd[18562]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:36:48 host sshd[18562]: Failed password for invalid user Admin from 59.2.56.154 port 40388 ssh2
Jan 19 20:45:17 host sshd[20203]: Invalid user ts from 114.206.23.151 port 35238
Jan 19 20:45:17 host sshd[20203]: input_userauth_request: invalid user ts [preauth]
Jan 19 20:45:17 host sshd[20203]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:45:17 host sshd[20203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.206.23.151
Jan 19 20:45:19 host sshd[20203]: Failed password for invalid user ts from 114.206.23.151 port 35238 ssh2
Jan 19 20:45:19 host sshd[20203]: Received disconnect from 114.206.23.151 port 35238:11: Bye Bye [preauth]
Jan 19 20:45:19 host sshd[20203]: Disconnected from 114.206.23.151 port 35238 [preauth]
Jan 19 20:45:32 host sshd[20240]: Connection reset by 118.41.108.141 port 50043 [preauth]
Jan 19 20:46:03 host sshd[20300]: Invalid user test1 from 122.170.105.253 port 60156
Jan 19 20:46:03 host sshd[20300]: input_userauth_request: invalid user test1 [preauth]
Jan 19 20:46:03 host sshd[20300]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:46:03 host sshd[20300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.170.105.253
Jan 19 20:46:06 host sshd[20300]: Failed password for invalid user test1 from 122.170.105.253 port 60156 ssh2
Jan 19 20:46:06 host sshd[20300]: Received disconnect from 122.170.105.253 port 60156:11: Bye Bye [preauth]
Jan 19 20:46:06 host sshd[20300]: Disconnected from 122.170.105.253 port 60156 [preauth]
Jan 19 20:46:44 host sshd[20371]: Invalid user compras from 98.243.72.196 port 52938
Jan 19 20:46:44 host sshd[20371]: input_userauth_request: invalid user compras [preauth]
Jan 19 20:46:44 host sshd[20371]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:46:44 host sshd[20371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.243.72.196
Jan 19 20:46:46 host sshd[20371]: Failed password for invalid user compras from 98.243.72.196 port 52938 ssh2
Jan 19 20:46:46 host sshd[20371]: Received disconnect from 98.243.72.196 port 52938:11: Bye Bye [preauth]
Jan 19 20:46:46 host sshd[20371]: Disconnected from 98.243.72.196 port 52938 [preauth]
Jan 19 20:47:51 host sshd[20512]: Invalid user student from 207.154.228.201 port 40570
Jan 19 20:47:51 host sshd[20512]: input_userauth_request: invalid user student [preauth]
Jan 19 20:47:51 host sshd[20512]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:47:51 host sshd[20512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.228.201
Jan 19 20:47:53 host sshd[20512]: Failed password for invalid user student from 207.154.228.201 port 40570 ssh2
Jan 19 20:47:53 host sshd[20512]: Received disconnect from 207.154.228.201 port 40570:11: Bye Bye [preauth]
Jan 19 20:47:53 host sshd[20512]: Disconnected from 207.154.228.201 port 40570 [preauth]
Jan 19 20:48:48 host sshd[20618]: Invalid user panda from 105.96.11.65 port 45976
Jan 19 20:48:48 host sshd[20618]: input_userauth_request: invalid user panda [preauth]
Jan 19 20:48:48 host sshd[20618]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:48:48 host sshd[20618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=105.96.11.65
Jan 19 20:48:50 host sshd[20618]: Failed password for invalid user panda from 105.96.11.65 port 45976 ssh2
Jan 19 20:48:51 host sshd[20618]: Received disconnect from 105.96.11.65 port 45976:11: Bye Bye [preauth]
Jan 19 20:48:51 host sshd[20618]: Disconnected from 105.96.11.65 port 45976 [preauth]
Jan 19 20:49:35 host sshd[20707]: Invalid user minecraft from 177.76.246.1 port 40876
Jan 19 20:49:35 host sshd[20707]: input_userauth_request: invalid user minecraft [preauth]
Jan 19 20:49:35 host sshd[20707]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:49:35 host sshd[20707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.76.246.1
Jan 19 20:49:37 host sshd[20707]: Failed password for invalid user minecraft from 177.76.246.1 port 40876 ssh2
Jan 19 20:49:37 host sshd[20707]: Received disconnect from 177.76.246.1 port 40876:11: Bye Bye [preauth]
Jan 19 20:49:37 host sshd[20707]: Disconnected from 177.76.246.1 port 40876 [preauth]
Jan 19 20:49:45 host sshd[20828]: Invalid user adsl from 167.71.77.9 port 55648
Jan 19 20:49:45 host sshd[20828]: input_userauth_request: invalid user adsl [preauth]
Jan 19 20:49:45 host sshd[20828]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:49:45 host sshd[20828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.77.9
Jan 19 20:49:47 host sshd[20828]: Failed password for invalid user adsl from 167.71.77.9 port 55648 ssh2
Jan 19 20:49:47 host sshd[20828]: Received disconnect from 167.71.77.9 port 55648:11: Bye Bye [preauth]
Jan 19 20:49:47 host sshd[20828]: Disconnected from 167.71.77.9 port 55648 [preauth]
Jan 19 20:50:24 host sshd[20921]: Invalid user user from 222.120.209.218 port 61888
Jan 19 20:50:24 host sshd[20921]: input_userauth_request: invalid user user [preauth]
Jan 19 20:50:24 host sshd[20921]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:50:24 host sshd[20921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.120.209.218
Jan 19 20:50:26 host sshd[20921]: Failed password for invalid user user from 222.120.209.218 port 61888 ssh2
Jan 19 20:50:27 host sshd[20921]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:50:30 host sshd[20921]: Failed password for invalid user user from 222.120.209.218 port 61888 ssh2
Jan 19 20:50:30 host sshd[20921]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:50:32 host sshd[20921]: Failed password for invalid user user from 222.120.209.218 port 61888 ssh2
Jan 19 20:50:32 host sshd[20921]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:50:33 host sshd[20964]: Invalid user seafile from 165.154.253.141 port 38436
Jan 19 20:50:33 host sshd[20964]: input_userauth_request: invalid user seafile [preauth]
Jan 19 20:50:33 host sshd[20964]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:50:33 host sshd[20964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.253.141
Jan 19 20:50:34 host sshd[20921]: Failed password for invalid user user from 222.120.209.218 port 61888 ssh2
Jan 19 20:50:36 host sshd[20921]: Connection reset by 222.120.209.218 port 61888 [preauth]
Jan 19 20:50:36 host sshd[20921]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.120.209.218
Jan 19 20:50:36 host sshd[20921]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 19 20:50:36 host sshd[20964]: Failed password for invalid user seafile from 165.154.253.141 port 38436 ssh2
Jan 19 20:50:36 host sshd[20964]: Received disconnect from 165.154.253.141 port 38436:11: Bye Bye [preauth]
Jan 19 20:50:36 host sshd[20964]: Disconnected from 165.154.253.141 port 38436 [preauth]
Jan 19 20:51:32 host sshd[21107]: Invalid user csgoserver from 207.154.228.201 port 56822
Jan 19 20:51:32 host sshd[21107]: input_userauth_request: invalid user csgoserver [preauth]
Jan 19 20:51:32 host sshd[21107]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:51:32 host sshd[21107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.228.201
Jan 19 20:51:34 host sshd[21107]: Failed password for invalid user csgoserver from 207.154.228.201 port 56822 ssh2
Jan 19 20:51:34 host sshd[21107]: Received disconnect from 207.154.228.201 port 56822:11: Bye Bye [preauth]
Jan 19 20:51:34 host sshd[21107]: Disconnected from 207.154.228.201 port 56822 [preauth]
Jan 19 20:51:59 host sshd[21144]: Invalid user user4 from 167.71.77.9 port 37816
Jan 19 20:51:59 host sshd[21144]: input_userauth_request: invalid user user4 [preauth]
Jan 19 20:51:59 host sshd[21144]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:51:59 host sshd[21144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.77.9
Jan 19 20:52:00 host sshd[21144]: Failed password for invalid user user4 from 167.71.77.9 port 37816 ssh2
Jan 19 20:52:00 host sshd[21144]: Received disconnect from 167.71.77.9 port 37816:11: Bye Bye [preauth]
Jan 19 20:52:00 host sshd[21144]: Disconnected from 167.71.77.9 port 37816 [preauth]
Jan 19 20:52:09 host sshd[21169]: Invalid user bot from 114.206.23.151 port 40018
Jan 19 20:52:09 host sshd[21169]: input_userauth_request: invalid user bot [preauth]
Jan 19 20:52:09 host sshd[21169]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:52:09 host sshd[21169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.206.23.151
Jan 19 20:52:12 host sshd[21169]: Failed password for invalid user bot from 114.206.23.151 port 40018 ssh2
Jan 19 20:52:12 host sshd[21169]: Received disconnect from 114.206.23.151 port 40018:11: Bye Bye [preauth]
Jan 19 20:52:12 host sshd[21169]: Disconnected from 114.206.23.151 port 40018 [preauth]
Jan 19 20:52:12 host sshd[21166]: Invalid user deploy from 177.76.246.1 port 53822
Jan 19 20:52:12 host sshd[21166]: input_userauth_request: invalid user deploy [preauth]
Jan 19 20:52:12 host sshd[21166]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:52:12 host sshd[21166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.76.246.1
Jan 19 20:52:14 host sshd[21166]: Failed password for invalid user deploy from 177.76.246.1 port 53822 ssh2
Jan 19 20:52:14 host sshd[21166]: Received disconnect from 177.76.246.1 port 53822:11: Bye Bye [preauth]
Jan 19 20:52:14 host sshd[21166]: Disconnected from 177.76.246.1 port 53822 [preauth]
Jan 19 20:52:18 host sshd[21184]: Invalid user magento from 122.170.105.253 port 46544
Jan 19 20:52:18 host sshd[21184]: input_userauth_request: invalid user magento [preauth]
Jan 19 20:52:18 host sshd[21184]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:52:18 host sshd[21184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.170.105.253
Jan 19 20:52:19 host sshd[21182]: Invalid user jason from 98.243.72.196 port 53156
Jan 19 20:52:19 host sshd[21182]: input_userauth_request: invalid user jason [preauth]
Jan 19 20:52:19 host sshd[21182]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:52:19 host sshd[21182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.243.72.196
Jan 19 20:52:19 host sshd[21184]: Failed password for invalid user magento from 122.170.105.253 port 46544 ssh2
Jan 19 20:52:19 host sshd[21184]: Received disconnect from 122.170.105.253 port 46544:11: Bye Bye [preauth]
Jan 19 20:52:19 host sshd[21184]: Disconnected from 122.170.105.253 port 46544 [preauth]
Jan 19 20:52:20 host sshd[21182]: Failed password for invalid user jason from 98.243.72.196 port 53156 ssh2
Jan 19 20:52:21 host sshd[21182]: Received disconnect from 98.243.72.196 port 53156:11: Bye Bye [preauth]
Jan 19 20:52:21 host sshd[21182]: Disconnected from 98.243.72.196 port 53156 [preauth]
Jan 19 20:52:37 host sshd[21235]: Invalid user vagrant from 207.154.228.201 port 55616
Jan 19 20:52:37 host sshd[21235]: input_userauth_request: invalid user vagrant [preauth]
Jan 19 20:52:37 host sshd[21235]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:52:37 host sshd[21235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.228.201
Jan 19 20:52:38 host sshd[21235]: Failed password for invalid user vagrant from 207.154.228.201 port 55616 ssh2
Jan 19 20:52:38 host sshd[21235]: Received disconnect from 207.154.228.201 port 55616:11: Bye Bye [preauth]
Jan 19 20:52:38 host sshd[21235]: Disconnected from 207.154.228.201 port 55616 [preauth]
Jan 19 20:52:47 host sshd[21282]: Invalid user user from 165.154.253.141 port 12590
Jan 19 20:52:47 host sshd[21282]: input_userauth_request: invalid user user [preauth]
Jan 19 20:52:47 host sshd[21282]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:52:47 host sshd[21282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.253.141
Jan 19 20:52:49 host sshd[21282]: Failed password for invalid user user from 165.154.253.141 port 12590 ssh2
Jan 19 20:52:49 host sshd[21282]: Received disconnect from 165.154.253.141 port 12590:11: Bye Bye [preauth]
Jan 19 20:52:49 host sshd[21282]: Disconnected from 165.154.253.141 port 12590 [preauth]
Jan 19 20:53:04 host sshd[21324]: Invalid user smart from 167.71.77.9 port 36766
Jan 19 20:53:04 host sshd[21324]: input_userauth_request: invalid user smart [preauth]
Jan 19 20:53:04 host sshd[21324]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:53:04 host sshd[21324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.77.9
Jan 19 20:53:06 host sshd[21324]: Failed password for invalid user smart from 167.71.77.9 port 36766 ssh2
Jan 19 20:53:06 host sshd[21324]: Received disconnect from 167.71.77.9 port 36766:11: Bye Bye [preauth]
Jan 19 20:53:06 host sshd[21324]: Disconnected from 167.71.77.9 port 36766 [preauth]
Jan 19 20:53:21 host sshd[21378]: Invalid user gitlab from 114.206.23.151 port 55138
Jan 19 20:53:21 host sshd[21378]: input_userauth_request: invalid user gitlab [preauth]
Jan 19 20:53:21 host sshd[21378]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:53:21 host sshd[21378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.206.23.151
Jan 19 20:53:24 host sshd[21378]: Failed password for invalid user gitlab from 114.206.23.151 port 55138 ssh2
Jan 19 20:53:24 host sshd[21378]: Received disconnect from 114.206.23.151 port 55138:11: Bye Bye [preauth]
Jan 19 20:53:24 host sshd[21378]: Disconnected from 114.206.23.151 port 55138 [preauth]
Jan 19 20:53:27 host sshd[21385]: Invalid user ec2-user from 98.243.72.196 port 53250
Jan 19 20:53:27 host sshd[21385]: input_userauth_request: invalid user ec2-user [preauth]
Jan 19 20:53:27 host sshd[21385]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:53:27 host sshd[21385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.243.72.196
Jan 19 20:53:29 host sshd[21385]: Failed password for invalid user ec2-user from 98.243.72.196 port 53250 ssh2
Jan 19 20:53:29 host sshd[21385]: Received disconnect from 98.243.72.196 port 53250:11: Bye Bye [preauth]
Jan 19 20:53:29 host sshd[21385]: Disconnected from 98.243.72.196 port 53250 [preauth]
Jan 19 20:53:30 host sshd[21440]: Invalid user jenkins from 177.76.246.1 port 33242
Jan 19 20:53:30 host sshd[21440]: input_userauth_request: invalid user jenkins [preauth]
Jan 19 20:53:30 host sshd[21440]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:53:30 host sshd[21440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.76.246.1
Jan 19 20:53:31 host sshd[21446]: Invalid user db2inst1 from 122.170.105.253 port 40468
Jan 19 20:53:31 host sshd[21446]: input_userauth_request: invalid user db2inst1 [preauth]
Jan 19 20:53:31 host sshd[21446]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:53:31 host sshd[21446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.170.105.253
Jan 19 20:53:31 host sshd[21440]: Failed password for invalid user jenkins from 177.76.246.1 port 33242 ssh2
Jan 19 20:53:32 host sshd[21440]: Received disconnect from 177.76.246.1 port 33242:11: Bye Bye [preauth]
Jan 19 20:53:32 host sshd[21440]: Disconnected from 177.76.246.1 port 33242 [preauth]
Jan 19 20:53:32 host sshd[21446]: Failed password for invalid user db2inst1 from 122.170.105.253 port 40468 ssh2
Jan 19 20:54:07 host sshd[21602]: Invalid user steam from 165.154.253.141 port 35466
Jan 19 20:54:07 host sshd[21602]: input_userauth_request: invalid user steam [preauth]
Jan 19 20:54:07 host sshd[21602]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:54:07 host sshd[21602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.253.141
Jan 19 20:54:09 host sshd[21602]: Failed password for invalid user steam from 165.154.253.141 port 35466 ssh2
Jan 19 20:54:09 host sshd[21602]: Received disconnect from 165.154.253.141 port 35466:11: Bye Bye [preauth]
Jan 19 20:54:09 host sshd[21602]: Disconnected from 165.154.253.141 port 35466 [preauth]
Jan 19 20:57:34 host sshd[22158]: Invalid user admin from 183.107.45.127 port 49395
Jan 19 20:57:34 host sshd[22158]: input_userauth_request: invalid user admin [preauth]
Jan 19 20:57:34 host sshd[22158]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 20:57:34 host sshd[22158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.107.45.127
Jan 19 20:57:36 host sshd[22158]: Failed password for invalid user admin from 183.107.45.127 port 49395 ssh2
Jan 19 20:57:37 host sshd[22158]: Connection closed by 183.107.45.127 port 49395 [preauth]
Jan 19 20:58:26 host sshd[22250]: Connection reset by 112.172.237.26 port 63357 [preauth]
Jan 19 21:11:56 host sshd[24448]: Invalid user gmodserver from 51.250.54.145 port 43916
Jan 19 21:11:56 host sshd[24448]: input_userauth_request: invalid user gmodserver [preauth]
Jan 19 21:11:56 host sshd[24448]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:11:56 host sshd[24448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.54.145
Jan 19 21:11:58 host sshd[24448]: Failed password for invalid user gmodserver from 51.250.54.145 port 43916 ssh2
Jan 19 21:11:59 host sshd[24448]: Received disconnect from 51.250.54.145 port 43916:11: Bye Bye [preauth]
Jan 19 21:11:59 host sshd[24448]: Disconnected from 51.250.54.145 port 43916 [preauth]
Jan 19 21:12:15 host sshd[24484]: Invalid user nexus from 142.93.220.110 port 33390
Jan 19 21:12:15 host sshd[24484]: input_userauth_request: invalid user nexus [preauth]
Jan 19 21:12:15 host sshd[24484]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:12:15 host sshd[24484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.220.110
Jan 19 21:12:17 host sshd[24484]: Failed password for invalid user nexus from 142.93.220.110 port 33390 ssh2
Jan 19 21:12:17 host sshd[24484]: Received disconnect from 142.93.220.110 port 33390:11: Bye Bye [preauth]
Jan 19 21:12:17 host sshd[24484]: Disconnected from 142.93.220.110 port 33390 [preauth]
Jan 19 21:16:05 host sshd[25089]: Invalid user compras from 146.190.127.140 port 45444
Jan 19 21:16:05 host sshd[25089]: input_userauth_request: invalid user compras [preauth]
Jan 19 21:16:05 host sshd[25089]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:16:05 host sshd[25089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.127.140
Jan 19 21:16:07 host sshd[25089]: Failed password for invalid user compras from 146.190.127.140 port 45444 ssh2
Jan 19 21:16:07 host sshd[25089]: Received disconnect from 146.190.127.140 port 45444:11: Bye Bye [preauth]
Jan 19 21:16:07 host sshd[25089]: Disconnected from 146.190.127.140 port 45444 [preauth]
Jan 19 21:17:04 host sshd[25289]: Invalid user testftp from 197.227.8.186 port 25381
Jan 19 21:17:04 host sshd[25289]: input_userauth_request: invalid user testftp [preauth]
Jan 19 21:17:04 host sshd[25289]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:17:04 host sshd[25289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.8.186
Jan 19 21:17:06 host sshd[25289]: Failed password for invalid user testftp from 197.227.8.186 port 25381 ssh2
Jan 19 21:17:06 host sshd[25289]: Received disconnect from 197.227.8.186 port 25381:11: Bye Bye [preauth]
Jan 19 21:17:06 host sshd[25289]: Disconnected from 197.227.8.186 port 25381 [preauth]
Jan 19 21:18:06 host sshd[25389]: Invalid user ben from 146.190.127.140 port 50116
Jan 19 21:18:06 host sshd[25389]: input_userauth_request: invalid user ben [preauth]
Jan 19 21:18:06 host sshd[25389]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:18:06 host sshd[25389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.127.140
Jan 19 21:18:08 host sshd[25389]: Failed password for invalid user ben from 146.190.127.140 port 50116 ssh2
Jan 19 21:18:08 host sshd[25389]: Received disconnect from 146.190.127.140 port 50116:11: Bye Bye [preauth]
Jan 19 21:18:08 host sshd[25389]: Disconnected from 146.190.127.140 port 50116 [preauth]
Jan 19 21:18:21 host sshd[25416]: Invalid user support from 142.93.220.110 port 58824
Jan 19 21:18:21 host sshd[25416]: input_userauth_request: invalid user support [preauth]
Jan 19 21:18:21 host sshd[25416]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:18:21 host sshd[25416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.220.110
Jan 19 21:18:23 host sshd[25416]: Failed password for invalid user support from 142.93.220.110 port 58824 ssh2
Jan 19 21:18:23 host sshd[25416]: Received disconnect from 142.93.220.110 port 58824:11: Bye Bye [preauth]
Jan 19 21:18:23 host sshd[25416]: Disconnected from 142.93.220.110 port 58824 [preauth]
Jan 19 21:18:25 host sshd[25423]: Invalid user bitnami from 51.250.54.145 port 56006
Jan 19 21:18:25 host sshd[25423]: input_userauth_request: invalid user bitnami [preauth]
Jan 19 21:18:25 host sshd[25423]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:18:25 host sshd[25423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.54.145
Jan 19 21:18:27 host sshd[25423]: Failed password for invalid user bitnami from 51.250.54.145 port 56006 ssh2
Jan 19 21:18:27 host sshd[25423]: Received disconnect from 51.250.54.145 port 56006:11: Bye Bye [preauth]
Jan 19 21:18:27 host sshd[25423]: Disconnected from 51.250.54.145 port 56006 [preauth]
Jan 19 21:19:15 host sshd[25516]: Invalid user kafka from 146.190.127.140 port 42928
Jan 19 21:19:15 host sshd[25516]: input_userauth_request: invalid user kafka [preauth]
Jan 19 21:19:15 host sshd[25516]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:19:15 host sshd[25516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.127.140
Jan 19 21:19:17 host sshd[25516]: Failed password for invalid user kafka from 146.190.127.140 port 42928 ssh2
Jan 19 21:19:17 host sshd[25516]: Received disconnect from 146.190.127.140 port 42928:11: Bye Bye [preauth]
Jan 19 21:19:17 host sshd[25516]: Disconnected from 146.190.127.140 port 42928 [preauth]
Jan 19 21:19:34 host sshd[25595]: Invalid user mqm from 142.93.220.110 port 52824
Jan 19 21:19:34 host sshd[25595]: input_userauth_request: invalid user mqm [preauth]
Jan 19 21:19:34 host sshd[25595]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:19:34 host sshd[25595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.220.110
Jan 19 21:19:36 host sshd[25595]: Failed password for invalid user mqm from 142.93.220.110 port 52824 ssh2
Jan 19 21:19:36 host sshd[25595]: Received disconnect from 142.93.220.110 port 52824:11: Bye Bye [preauth]
Jan 19 21:19:36 host sshd[25595]: Disconnected from 142.93.220.110 port 52824 [preauth]
Jan 19 21:19:37 host sshd[25598]: Invalid user mcserver from 51.250.54.145 port 56816
Jan 19 21:19:37 host sshd[25598]: input_userauth_request: invalid user mcserver [preauth]
Jan 19 21:19:37 host sshd[25598]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:19:37 host sshd[25598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.250.54.145
Jan 19 21:19:39 host sshd[25598]: Failed password for invalid user mcserver from 51.250.54.145 port 56816 ssh2
Jan 19 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 21:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwletsstalkfood user-2=straightcurve user-3=bonifacegroup user-4=wwwevmhonda user-5=wwwnexidigital user-6=mrsclean user-7=palco123 user-8=gifterman user-9=kottayamcalldriv user-10=phmetals user-11=woodpeck user-12=wwwkapin user-13=wwwkmaorg user-14=disposeat user-15=remysagr user-16=pmcresources user-17=vfmassets user-18=shalinijames user-19=wwwtestugo user-20=wwwpmcresource user-21=keralaholi user-22=wwwresourcehunte user-23=wwwrmswll user-24=ugotscom user-25=travelboniface user-26=wwwkaretakers user-27=cochintaxi user-28=laundryboniface user-29=a2zgroup user-30=dartsimp feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 21:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-djPzzUR7cSSlLPVl.~
Jan 19 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-djPzzUR7cSSlLPVl.~'
Jan 19 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-djPzzUR7cSSlLPVl.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 21:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 21:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 21:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 21:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 21:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 21:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 21:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:08 host sshd[25995]: User centos from 197.227.8.186 not allowed because not listed in AllowUsers
Jan 19 21:21:08 host sshd[25995]: input_userauth_request: invalid user centos [preauth]
Jan 19 21:21:08 host unix_chkpwd[26000]: password check failed for user (centos)
Jan 19 21:21:08 host sshd[25995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.227.8.186 user=centos
Jan 19 21:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 21:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 21:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 21:21:10 host sshd[25995]: Failed password for invalid user centos from 197.227.8.186 port 44107 ssh2
Jan 19 21:21:10 host sshd[25995]: Received disconnect from 197.227.8.186 port 44107:11: Bye Bye [preauth]
Jan 19 21:21:10 host sshd[25995]: Disconnected from 197.227.8.186 port 44107 [preauth]
Jan 19 21:24:25 host sshd[26612]: Connection reset by 24.95.143.50 port 47140 [preauth]
Jan 19 21:28:04 host sshd[27422]: Invalid user admin from 149.106.251.56 port 36143
Jan 19 21:28:04 host sshd[27422]: input_userauth_request: invalid user admin [preauth]
Jan 19 21:28:04 host sshd[27422]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:28:04 host sshd[27422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.106.251.56
Jan 19 21:28:06 host sshd[27422]: Failed password for invalid user admin from 149.106.251.56 port 36143 ssh2
Jan 19 21:28:07 host sshd[27422]: Failed password for invalid user admin from 149.106.251.56 port 36143 ssh2
Jan 19 21:28:08 host sshd[27422]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:28:10 host sshd[27422]: Failed password for invalid user admin from 149.106.251.56 port 36143 ssh2
Jan 19 21:28:11 host sshd[27422]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:28:13 host sshd[27422]: Failed password for invalid user admin from 149.106.251.56 port 36143 ssh2
Jan 19 21:28:13 host sshd[27422]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:28:16 host sshd[27422]: Failed password for invalid user admin from 149.106.251.56 port 36143 ssh2
Jan 19 21:38:16 host sshd[29046]: Invalid user pi from 118.37.244.77 port 62277
Jan 19 21:38:16 host sshd[29046]: input_userauth_request: invalid user pi [preauth]
Jan 19 21:38:16 host sshd[29046]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:38:16 host sshd[29046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.37.244.77
Jan 19 21:38:19 host sshd[29046]: Failed password for invalid user pi from 118.37.244.77 port 62277 ssh2
Jan 19 21:38:19 host sshd[29046]: Connection reset by 118.37.244.77 port 62277 [preauth]
Jan 19 21:44:24 host sshd[29897]: User root from 114.157.94.16 not allowed because not listed in AllowUsers
Jan 19 21:44:24 host sshd[29897]: input_userauth_request: invalid user root [preauth]
Jan 19 21:44:24 host unix_chkpwd[29902]: password check failed for user (root)
Jan 19 21:44:24 host sshd[29897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.157.94.16 user=root
Jan 19 21:44:24 host sshd[29897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 21:44:25 host sshd[29897]: Failed password for invalid user root from 114.157.94.16 port 58087 ssh2
Jan 19 21:44:26 host unix_chkpwd[29905]: password check failed for user (root)
Jan 19 21:44:26 host sshd[29897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 21:44:28 host sshd[29897]: Failed password for invalid user root from 114.157.94.16 port 58087 ssh2
Jan 19 21:44:28 host unix_chkpwd[29932]: password check failed for user (root)
Jan 19 21:44:28 host sshd[29897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 21:44:31 host sshd[29897]: Failed password for invalid user root from 114.157.94.16 port 58087 ssh2
Jan 19 21:44:31 host unix_chkpwd[29937]: password check failed for user (root)
Jan 19 21:44:31 host sshd[29897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 21:44:33 host sshd[29897]: Failed password for invalid user root from 114.157.94.16 port 58087 ssh2
Jan 19 21:44:33 host unix_chkpwd[29940]: password check failed for user (root)
Jan 19 21:44:33 host sshd[29897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 21:44:35 host sshd[29897]: Failed password for invalid user root from 114.157.94.16 port 58087 ssh2
Jan 19 21:56:26 host sshd[31514]: Invalid user cisco from 159.203.181.214 port 55626
Jan 19 21:56:26 host sshd[31514]: input_userauth_request: invalid user cisco [preauth]
Jan 19 21:56:26 host sshd[31514]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:56:26 host sshd[31514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.181.214
Jan 19 21:56:28 host sshd[31514]: Failed password for invalid user cisco from 159.203.181.214 port 55626 ssh2
Jan 19 21:56:28 host sshd[31514]: Received disconnect from 159.203.181.214 port 55626:11: Bye Bye [preauth]
Jan 19 21:56:28 host sshd[31514]: Disconnected from 159.203.181.214 port 55626 [preauth]
Jan 19 21:58:49 host sshd[31874]: Invalid user pos from 138.197.180.102 port 37870
Jan 19 21:58:49 host sshd[31874]: input_userauth_request: invalid user pos [preauth]
Jan 19 21:58:49 host sshd[31874]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:58:49 host sshd[31874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.180.102
Jan 19 21:58:51 host sshd[31874]: Failed password for invalid user pos from 138.197.180.102 port 37870 ssh2
Jan 19 21:58:52 host sshd[31874]: Received disconnect from 138.197.180.102 port 37870:11: Bye Bye [preauth]
Jan 19 21:58:52 host sshd[31874]: Disconnected from 138.197.180.102 port 37870 [preauth]
Jan 19 21:58:56 host sshd[31891]: Invalid user elena from 161.35.35.9 port 33424
Jan 19 21:58:56 host sshd[31891]: input_userauth_request: invalid user elena [preauth]
Jan 19 21:58:56 host sshd[31891]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:58:56 host sshd[31891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.35.9
Jan 19 21:58:58 host sshd[31891]: Failed password for invalid user elena from 161.35.35.9 port 33424 ssh2
Jan 19 21:58:58 host sshd[31891]: Received disconnect from 161.35.35.9 port 33424:11: Bye Bye [preauth]
Jan 19 21:58:58 host sshd[31891]: Disconnected from 161.35.35.9 port 33424 [preauth]
Jan 19 21:59:50 host sshd[31986]: Invalid user media from 139.59.0.163 port 43322
Jan 19 21:59:50 host sshd[31986]: input_userauth_request: invalid user media [preauth]
Jan 19 21:59:50 host sshd[31986]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 21:59:50 host sshd[31986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.0.163
Jan 19 21:59:52 host sshd[31986]: Failed password for invalid user media from 139.59.0.163 port 43322 ssh2
Jan 19 21:59:52 host sshd[31986]: Received disconnect from 139.59.0.163 port 43322:11: Bye Bye [preauth]
Jan 19 21:59:52 host sshd[31986]: Disconnected from 139.59.0.163 port 43322 [preauth]
Jan 19 22:01:12 host sshd[32277]: Invalid user minecraft from 137.184.54.207 port 44924
Jan 19 22:01:12 host sshd[32277]: input_userauth_request: invalid user minecraft [preauth]
Jan 19 22:01:12 host sshd[32277]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:01:12 host sshd[32277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.54.207
Jan 19 22:01:14 host sshd[32277]: Failed password for invalid user minecraft from 137.184.54.207 port 44924 ssh2
Jan 19 22:01:15 host sshd[32277]: Received disconnect from 137.184.54.207 port 44924:11: Bye Bye [preauth]
Jan 19 22:01:15 host sshd[32277]: Disconnected from 137.184.54.207 port 44924 [preauth]
Jan 19 22:01:29 host sshd[32318]: Invalid user test01 from 138.197.180.102 port 59836
Jan 19 22:01:29 host sshd[32318]: input_userauth_request: invalid user test01 [preauth]
Jan 19 22:01:29 host sshd[32318]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:01:29 host sshd[32318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.180.102
Jan 19 22:01:31 host sshd[32318]: Failed password for invalid user test01 from 138.197.180.102 port 59836 ssh2
Jan 19 22:01:31 host sshd[32318]: Received disconnect from 138.197.180.102 port 59836:11: Bye Bye [preauth]
Jan 19 22:01:31 host sshd[32318]: Disconnected from 138.197.180.102 port 59836 [preauth]
Jan 19 22:02:27 host sshd[32411]: Invalid user elena from 159.203.181.214 port 55314
Jan 19 22:02:27 host sshd[32411]: input_userauth_request: invalid user elena [preauth]
Jan 19 22:02:27 host sshd[32411]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:02:27 host sshd[32411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.181.214
Jan 19 22:02:29 host sshd[32411]: Failed password for invalid user elena from 159.203.181.214 port 55314 ssh2
Jan 19 22:02:29 host sshd[32411]: Received disconnect from 159.203.181.214 port 55314:11: Bye Bye [preauth]
Jan 19 22:02:29 host sshd[32411]: Disconnected from 159.203.181.214 port 55314 [preauth]
Jan 19 22:02:34 host sshd[32440]: Invalid user test from 138.197.180.102 port 49076
Jan 19 22:02:34 host sshd[32440]: input_userauth_request: invalid user test [preauth]
Jan 19 22:02:34 host sshd[32440]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:02:34 host sshd[32440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.180.102
Jan 19 22:02:37 host sshd[32440]: Failed password for invalid user test from 138.197.180.102 port 49076 ssh2
Jan 19 22:02:37 host sshd[32440]: Received disconnect from 138.197.180.102 port 49076:11: Bye Bye [preauth]
Jan 19 22:02:37 host sshd[32440]: Disconnected from 138.197.180.102 port 49076 [preauth]
Jan 19 22:02:42 host sshd[32477]: Invalid user admin1 from 137.184.54.207 port 46064
Jan 19 22:02:42 host sshd[32477]: input_userauth_request: invalid user admin1 [preauth]
Jan 19 22:02:42 host sshd[32477]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:02:42 host sshd[32477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.54.207
Jan 19 22:02:43 host sshd[32477]: Failed password for invalid user admin1 from 137.184.54.207 port 46064 ssh2
Jan 19 22:02:43 host sshd[32477]: Received disconnect from 137.184.54.207 port 46064:11: Bye Bye [preauth]
Jan 19 22:02:43 host sshd[32477]: Disconnected from 137.184.54.207 port 46064 [preauth]
Jan 19 22:03:02 host sshd[32502]: Invalid user arkserver from 161.35.35.9 port 47836
Jan 19 22:03:02 host sshd[32502]: input_userauth_request: invalid user arkserver [preauth]
Jan 19 22:03:02 host sshd[32502]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:03:02 host sshd[32502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.35.9
Jan 19 22:03:04 host sshd[32502]: Failed password for invalid user arkserver from 161.35.35.9 port 47836 ssh2
Jan 19 22:03:05 host sshd[32502]: Received disconnect from 161.35.35.9 port 47836:11: Bye Bye [preauth]
Jan 19 22:03:05 host sshd[32502]: Disconnected from 161.35.35.9 port 47836 [preauth]
Jan 19 22:03:26 host sshd[32542]: Invalid user testftp from 139.59.0.163 port 55646
Jan 19 22:03:26 host sshd[32542]: input_userauth_request: invalid user testftp [preauth]
Jan 19 22:03:26 host sshd[32542]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:03:26 host sshd[32542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.0.163
Jan 19 22:03:28 host sshd[32542]: Failed password for invalid user testftp from 139.59.0.163 port 55646 ssh2
Jan 19 22:03:28 host sshd[32542]: Received disconnect from 139.59.0.163 port 55646:11: Bye Bye [preauth]
Jan 19 22:03:28 host sshd[32542]: Disconnected from 139.59.0.163 port 55646 [preauth]
Jan 19 22:03:45 host sshd[32582]: Invalid user git from 159.203.181.214 port 54068
Jan 19 22:03:45 host sshd[32582]: input_userauth_request: invalid user git [preauth]
Jan 19 22:03:45 host sshd[32582]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:03:45 host sshd[32582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.181.214
Jan 19 22:03:47 host sshd[32585]: Invalid user kali from 137.184.54.207 port 44792
Jan 19 22:03:47 host sshd[32585]: input_userauth_request: invalid user kali [preauth]
Jan 19 22:03:47 host sshd[32585]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:03:47 host sshd[32585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.54.207
Jan 19 22:03:48 host sshd[32582]: Failed password for invalid user git from 159.203.181.214 port 54068 ssh2
Jan 19 22:03:48 host sshd[32582]: Received disconnect from 159.203.181.214 port 54068:11: Bye Bye [preauth]
Jan 19 22:03:48 host sshd[32582]: Disconnected from 159.203.181.214 port 54068 [preauth]
Jan 19 22:03:49 host sshd[32585]: Failed password for invalid user kali from 137.184.54.207 port 44792 ssh2
Jan 19 22:03:49 host sshd[32585]: Received disconnect from 137.184.54.207 port 44792:11: Bye Bye [preauth]
Jan 19 22:03:49 host sshd[32585]: Disconnected from 137.184.54.207 port 44792 [preauth]
Jan 19 22:04:07 host sshd[32681]: Invalid user temp from 161.35.35.9 port 42648
Jan 19 22:04:07 host sshd[32681]: input_userauth_request: invalid user temp [preauth]
Jan 19 22:04:07 host sshd[32681]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:04:07 host sshd[32681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.35.9
Jan 19 22:04:09 host sshd[32681]: Failed password for invalid user temp from 161.35.35.9 port 42648 ssh2
Jan 19 22:04:09 host sshd[32681]: Received disconnect from 161.35.35.9 port 42648:11: Bye Bye [preauth]
Jan 19 22:04:09 host sshd[32681]: Disconnected from 161.35.35.9 port 42648 [preauth]
Jan 19 22:04:50 host sshd[332]: Invalid user butter from 139.59.0.163 port 53998
Jan 19 22:04:50 host sshd[332]: input_userauth_request: invalid user butter [preauth]
Jan 19 22:04:50 host sshd[332]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:04:50 host sshd[332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.0.163
Jan 19 22:04:51 host sshd[332]: Failed password for invalid user butter from 139.59.0.163 port 53998 ssh2
Jan 19 22:04:51 host sshd[332]: Received disconnect from 139.59.0.163 port 53998:11: Bye Bye [preauth]
Jan 19 22:04:51 host sshd[332]: Disconnected from 139.59.0.163 port 53998 [preauth]
Jan 19 22:06:35 host sshd[703]: User root from 125.139.60.143 not allowed because not listed in AllowUsers
Jan 19 22:06:35 host sshd[703]: input_userauth_request: invalid user root [preauth]
Jan 19 22:06:35 host unix_chkpwd[710]: password check failed for user (root)
Jan 19 22:06:35 host sshd[703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.139.60.143 user=root
Jan 19 22:06:35 host sshd[703]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 22:06:36 host sshd[703]: Failed password for invalid user root from 125.139.60.143 port 60965 ssh2
Jan 19 22:06:37 host sshd[703]: Connection reset by 125.139.60.143 port 60965 [preauth]
Jan 19 22:07:43 host sshd[837]: Invalid user jenkins from 107.182.181.15 port 41154
Jan 19 22:07:43 host sshd[837]: input_userauth_request: invalid user jenkins [preauth]
Jan 19 22:07:43 host sshd[837]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:07:43 host sshd[837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.182.181.15
Jan 19 22:07:44 host sshd[837]: Failed password for invalid user jenkins from 107.182.181.15 port 41154 ssh2
Jan 19 22:07:44 host sshd[837]: Received disconnect from 107.182.181.15 port 41154:11: Bye Bye [preauth]
Jan 19 22:07:44 host sshd[837]: Disconnected from 107.182.181.15 port 41154 [preauth]
Jan 19 22:10:33 host sshd[1229]: Invalid user invoices from 107.182.181.15 port 59024
Jan 19 22:10:33 host sshd[1229]: input_userauth_request: invalid user invoices [preauth]
Jan 19 22:10:33 host sshd[1229]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:10:33 host sshd[1229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.182.181.15
Jan 19 22:10:35 host sshd[1229]: Failed password for invalid user invoices from 107.182.181.15 port 59024 ssh2
Jan 19 22:10:36 host sshd[1229]: Received disconnect from 107.182.181.15 port 59024:11: Bye Bye [preauth]
Jan 19 22:10:36 host sshd[1229]: Disconnected from 107.182.181.15 port 59024 [preauth]
Jan 19 22:11:50 host sshd[1475]: Invalid user oracle from 107.182.181.15 port 53740
Jan 19 22:11:50 host sshd[1475]: input_userauth_request: invalid user oracle [preauth]
Jan 19 22:11:50 host sshd[1475]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:11:50 host sshd[1475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.182.181.15
Jan 19 22:11:52 host sshd[1475]: Failed password for invalid user oracle from 107.182.181.15 port 53740 ssh2
Jan 19 22:11:52 host sshd[1475]: Received disconnect from 107.182.181.15 port 53740:11: Bye Bye [preauth]
Jan 19 22:11:52 host sshd[1475]: Disconnected from 107.182.181.15 port 53740 [preauth]
Jan 19 22:12:24 host sshd[1555]: Invalid user gp from 194.110.203.109 port 33512
Jan 19 22:12:24 host sshd[1555]: input_userauth_request: invalid user gp [preauth]
Jan 19 22:12:24 host sshd[1555]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:12:24 host sshd[1555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 22:12:26 host sshd[1555]: Failed password for invalid user gp from 194.110.203.109 port 33512 ssh2
Jan 19 22:12:29 host sshd[1555]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:12:31 host sshd[1555]: Failed password for invalid user gp from 194.110.203.109 port 33512 ssh2
Jan 19 22:12:34 host sshd[1555]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:12:36 host sshd[1555]: Failed password for invalid user gp from 194.110.203.109 port 33512 ssh2
Jan 19 22:12:39 host sshd[1555]: Connection closed by 194.110.203.109 port 33512 [preauth]
Jan 19 22:12:39 host sshd[1555]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=straightcurve user-2=wwwletsstalkfood user-3=wwwevmhonda user-4=bonifacegroup user-5=wwwnexidigital user-6=mrsclean user-7=kottayamcalldriv user-8=phmetals user-9=palco123 user-10=gifterman user-11=woodpeck user-12=wwwkapin user-13=wwwkmaorg user-14=disposeat user-15=remysagr user-16=pmcresources user-17=shalinijames user-18=wwwtestugo user-19=vfmassets user-20=wwwpmcresource user-21=ugotscom user-22=keralaholi user-23=wwwresourcehunte user-24=wwwrmswll user-25=travelboniface user-26=cochintaxi user-27=wwwkaretakers user-28=laundryboniface user-29=a2zgroup user-30=dartsimp feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 22:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vosGfFnaMhPGQfZB.~
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vosGfFnaMhPGQfZB.~'
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vosGfFnaMhPGQfZB.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 22:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 22:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 22:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 22:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 22:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 22:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 22:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 22:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 22:24:27 host sshd[3427]: Did not receive identification string from 193.35.18.139 port 56582
Jan 19 22:25:16 host sshd[3530]: Did not receive identification string from 193.35.18.139 port 52738
Jan 19 22:26:22 host sshd[3661]: Invalid user admin from 112.104.20.23 port 32936
Jan 19 22:26:22 host sshd[3661]: input_userauth_request: invalid user admin [preauth]
Jan 19 22:26:22 host sshd[3661]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:26:22 host sshd[3661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.104.20.23
Jan 19 22:26:24 host sshd[3661]: Failed password for invalid user admin from 112.104.20.23 port 32936 ssh2
Jan 19 22:26:24 host sshd[3661]: Failed password for invalid user admin from 112.104.20.23 port 32936 ssh2
Jan 19 22:26:25 host sshd[3661]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:26:27 host sshd[3661]: Failed password for invalid user admin from 112.104.20.23 port 32936 ssh2
Jan 19 22:26:28 host sshd[3661]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:26:30 host sshd[3661]: Failed password for invalid user admin from 112.104.20.23 port 32936 ssh2
Jan 19 22:26:30 host sshd[3661]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:26:33 host sshd[3661]: Failed password for invalid user admin from 112.104.20.23 port 32936 ssh2
Jan 19 22:26:48 host sshd[3749]: User root from 193.35.18.139 not allowed because not listed in AllowUsers
Jan 19 22:26:48 host sshd[3749]: input_userauth_request: invalid user root [preauth]
Jan 19 22:26:48 host unix_chkpwd[3752]: password check failed for user (root)
Jan 19 22:26:48 host sshd[3749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.35.18.139 user=root
Jan 19 22:26:48 host sshd[3749]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 22:26:49 host sshd[3749]: Failed password for invalid user root from 193.35.18.139 port 43814 ssh2
Jan 19 22:26:49 host sshd[3749]: Received disconnect from 193.35.18.139 port 43814:11: Normal Shutdown, Thank you for playing [preauth]
Jan 19 22:26:49 host sshd[3749]: Disconnected from 193.35.18.139 port 43814 [preauth]
Jan 19 22:46:26 host sshd[6523]: Invalid user techuser from 54.38.156.102 port 37804
Jan 19 22:46:26 host sshd[6523]: input_userauth_request: invalid user techuser [preauth]
Jan 19 22:46:26 host sshd[6523]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:46:26 host sshd[6523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.156.102
Jan 19 22:46:28 host sshd[6523]: Failed password for invalid user techuser from 54.38.156.102 port 37804 ssh2
Jan 19 22:46:28 host sshd[6523]: Received disconnect from 54.38.156.102 port 37804:11: Bye Bye [preauth]
Jan 19 22:46:28 host sshd[6523]: Disconnected from 54.38.156.102 port 37804 [preauth]
Jan 19 22:47:06 host sshd[6612]: Invalid user ariel from 159.223.102.145 port 37920
Jan 19 22:47:06 host sshd[6612]: input_userauth_request: invalid user ariel [preauth]
Jan 19 22:47:06 host sshd[6612]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:47:06 host sshd[6612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.102.145
Jan 19 22:47:07 host sshd[6612]: Failed password for invalid user ariel from 159.223.102.145 port 37920 ssh2
Jan 19 22:47:08 host sshd[6612]: Received disconnect from 159.223.102.145 port 37920:11: Bye Bye [preauth]
Jan 19 22:47:08 host sshd[6612]: Disconnected from 159.223.102.145 port 37920 [preauth]
Jan 19 22:48:01 host sshd[6721]: Invalid user deployer from 119.252.143.6 port 61311
Jan 19 22:48:01 host sshd[6721]: input_userauth_request: invalid user deployer [preauth]
Jan 19 22:48:01 host sshd[6721]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:48:01 host sshd[6721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.252.143.6
Jan 19 22:48:04 host sshd[6721]: Failed password for invalid user deployer from 119.252.143.6 port 61311 ssh2
Jan 19 22:48:04 host sshd[6721]: Received disconnect from 119.252.143.6 port 61311:11: Bye Bye [preauth]
Jan 19 22:48:04 host sshd[6721]: Disconnected from 119.252.143.6 port 61311 [preauth]
Jan 19 22:48:09 host sshd[6740]: Invalid user local from 31.209.38.156 port 40240
Jan 19 22:48:09 host sshd[6740]: input_userauth_request: invalid user local [preauth]
Jan 19 22:48:09 host sshd[6740]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:48:09 host sshd[6740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.209.38.156
Jan 19 22:48:12 host sshd[6740]: Failed password for invalid user local from 31.209.38.156 port 40240 ssh2
Jan 19 22:48:12 host sshd[6740]: Received disconnect from 31.209.38.156 port 40240:11: Bye Bye [preauth]
Jan 19 22:48:12 host sshd[6740]: Disconnected from 31.209.38.156 port 40240 [preauth]
Jan 19 22:49:12 host sshd[6962]: User centos from 194.65.144.243 not allowed because not listed in AllowUsers
Jan 19 22:49:12 host sshd[6962]: input_userauth_request: invalid user centos [preauth]
Jan 19 22:49:12 host unix_chkpwd[6964]: password check failed for user (centos)
Jan 19 22:49:12 host sshd[6962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.65.144.243 user=centos
Jan 19 22:49:15 host sshd[6962]: Failed password for invalid user centos from 194.65.144.243 port 62722 ssh2
Jan 19 22:49:15 host sshd[6962]: Received disconnect from 194.65.144.243 port 62722:11: Bye Bye [preauth]
Jan 19 22:49:15 host sshd[6962]: Disconnected from 194.65.144.243 port 62722 [preauth]
Jan 19 22:49:33 host sshd[7007]: Invalid user share from 165.22.240.159 port 34384
Jan 19 22:49:33 host sshd[7007]: input_userauth_request: invalid user share [preauth]
Jan 19 22:49:33 host sshd[7007]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:49:33 host sshd[7007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.240.159
Jan 19 22:49:35 host sshd[7007]: Failed password for invalid user share from 165.22.240.159 port 34384 ssh2
Jan 19 22:49:35 host sshd[7007]: Received disconnect from 165.22.240.159 port 34384:11: Bye Bye [preauth]
Jan 19 22:49:35 host sshd[7007]: Disconnected from 165.22.240.159 port 34384 [preauth]
Jan 19 22:50:23 host sshd[7117]: Invalid user asterisk from 164.90.229.196 port 42956
Jan 19 22:50:23 host sshd[7117]: input_userauth_request: invalid user asterisk [preauth]
Jan 19 22:50:23 host sshd[7117]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:50:23 host sshd[7117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.229.196
Jan 19 22:50:24 host sshd[7119]: User root from 122.117.58.111 not allowed because not listed in AllowUsers
Jan 19 22:50:24 host sshd[7119]: input_userauth_request: invalid user root [preauth]
Jan 19 22:50:24 host unix_chkpwd[7123]: password check failed for user (root)
Jan 19 22:50:24 host sshd[7119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.58.111 user=root
Jan 19 22:50:24 host sshd[7119]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 22:50:25 host sshd[7117]: Failed password for invalid user asterisk from 164.90.229.196 port 42956 ssh2
Jan 19 22:50:25 host sshd[7117]: Received disconnect from 164.90.229.196 port 42956:11: Bye Bye [preauth]
Jan 19 22:50:25 host sshd[7117]: Disconnected from 164.90.229.196 port 42956 [preauth]
Jan 19 22:50:26 host sshd[7119]: Failed password for invalid user root from 122.117.58.111 port 35061 ssh2
Jan 19 22:50:26 host unix_chkpwd[7126]: password check failed for user (root)
Jan 19 22:50:26 host sshd[7119]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 22:50:28 host sshd[7119]: Failed password for invalid user root from 122.117.58.111 port 35061 ssh2
Jan 19 22:50:28 host sshd[7119]: Connection reset by 122.117.58.111 port 35061 [preauth]
Jan 19 22:50:28 host sshd[7119]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.58.111 user=root
Jan 19 22:51:18 host sshd[7219]: Invalid user cisco from 159.223.102.145 port 47894
Jan 19 22:51:18 host sshd[7219]: input_userauth_request: invalid user cisco [preauth]
Jan 19 22:51:18 host sshd[7219]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:51:18 host sshd[7219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.102.145
Jan 19 22:51:20 host sshd[7219]: Failed password for invalid user cisco from 159.223.102.145 port 47894 ssh2
Jan 19 22:51:21 host sshd[7219]: Received disconnect from 159.223.102.145 port 47894:11: Bye Bye [preauth]
Jan 19 22:51:21 host sshd[7219]: Disconnected from 159.223.102.145 port 47894 [preauth]
Jan 19 22:51:23 host sshd[7225]: Invalid user taiga from 31.209.38.156 port 54092
Jan 19 22:51:23 host sshd[7225]: input_userauth_request: invalid user taiga [preauth]
Jan 19 22:51:23 host sshd[7225]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:51:23 host sshd[7225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.209.38.156
Jan 19 22:51:24 host sshd[7225]: Failed password for invalid user taiga from 31.209.38.156 port 54092 ssh2
Jan 19 22:51:24 host sshd[7225]: Received disconnect from 31.209.38.156 port 54092:11: Bye Bye [preauth]
Jan 19 22:51:24 host sshd[7225]: Disconnected from 31.209.38.156 port 54092 [preauth]
Jan 19 22:51:28 host sshd[7257]: Invalid user grid from 159.65.128.241 port 40068
Jan 19 22:51:28 host sshd[7257]: input_userauth_request: invalid user grid [preauth]
Jan 19 22:51:28 host sshd[7257]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:51:28 host sshd[7257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.128.241
Jan 19 22:51:29 host sshd[7260]: Invalid user radio from 54.38.156.102 port 54926
Jan 19 22:51:29 host sshd[7260]: input_userauth_request: invalid user radio [preauth]
Jan 19 22:51:29 host sshd[7260]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:51:29 host sshd[7260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.156.102
Jan 19 22:51:30 host sshd[7257]: Failed password for invalid user grid from 159.65.128.241 port 40068 ssh2
Jan 19 22:51:30 host sshd[7257]: Received disconnect from 159.65.128.241 port 40068:11: Bye Bye [preauth]
Jan 19 22:51:30 host sshd[7257]: Disconnected from 159.65.128.241 port 40068 [preauth]
Jan 19 22:51:32 host sshd[7260]: Failed password for invalid user radio from 54.38.156.102 port 54926 ssh2
Jan 19 22:51:32 host sshd[7260]: Received disconnect from 54.38.156.102 port 54926:11: Bye Bye [preauth]
Jan 19 22:51:32 host sshd[7260]: Disconnected from 54.38.156.102 port 54926 [preauth]
Jan 19 22:51:52 host sshd[7292]: User adm from 194.65.144.243 not allowed because not listed in AllowUsers
Jan 19 22:51:52 host sshd[7292]: input_userauth_request: invalid user adm [preauth]
Jan 19 22:51:52 host unix_chkpwd[7294]: password check failed for user (adm)
Jan 19 22:51:52 host sshd[7292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.65.144.243 user=adm
Jan 19 22:51:52 host sshd[7292]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "adm"
Jan 19 22:51:55 host sshd[7292]: Failed password for invalid user adm from 194.65.144.243 port 52036 ssh2
Jan 19 22:51:55 host sshd[7292]: Received disconnect from 194.65.144.243 port 52036:11: Bye Bye [preauth]
Jan 19 22:51:55 host sshd[7292]: Disconnected from 194.65.144.243 port 52036 [preauth]
Jan 19 22:52:02 host sshd[7339]: Invalid user ts2 from 164.90.229.196 port 43166
Jan 19 22:52:02 host sshd[7339]: input_userauth_request: invalid user ts2 [preauth]
Jan 19 22:52:02 host sshd[7339]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:52:02 host sshd[7339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.229.196
Jan 19 22:52:04 host sshd[7339]: Failed password for invalid user ts2 from 164.90.229.196 port 43166 ssh2
Jan 19 22:52:04 host sshd[7339]: Received disconnect from 164.90.229.196 port 43166:11: Bye Bye [preauth]
Jan 19 22:52:04 host sshd[7339]: Disconnected from 164.90.229.196 port 43166 [preauth]
Jan 19 22:52:21 host sshd[7368]: Invalid user nextcloud from 159.223.102.145 port 58210
Jan 19 22:52:21 host sshd[7368]: input_userauth_request: invalid user nextcloud [preauth]
Jan 19 22:52:21 host sshd[7368]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:52:21 host sshd[7368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.102.145
Jan 19 22:52:22 host sshd[7368]: Failed password for invalid user nextcloud from 159.223.102.145 port 58210 ssh2
Jan 19 22:52:30 host sshd[7435]: User centos from 54.38.156.102 not allowed because not listed in AllowUsers
Jan 19 22:52:30 host sshd[7435]: input_userauth_request: invalid user centos [preauth]
Jan 19 22:52:30 host unix_chkpwd[7440]: password check failed for user (centos)
Jan 19 22:52:30 host sshd[7435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.156.102 user=centos
Jan 19 22:52:31 host sshd[7437]: Invalid user user7 from 31.209.38.156 port 47756
Jan 19 22:52:31 host sshd[7437]: input_userauth_request: invalid user user7 [preauth]
Jan 19 22:52:31 host sshd[7437]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:52:31 host sshd[7437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.209.38.156
Jan 19 22:52:32 host sshd[7435]: Failed password for invalid user centos from 54.38.156.102 port 56120 ssh2
Jan 19 22:52:33 host sshd[7437]: Failed password for invalid user user7 from 31.209.38.156 port 47756 ssh2
Jan 19 22:52:59 host sshd[7537]: Invalid user teamspeak from 164.90.229.196 port 55296
Jan 19 22:52:59 host sshd[7537]: input_userauth_request: invalid user teamspeak [preauth]
Jan 19 22:52:59 host sshd[7537]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:52:59 host sshd[7537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.90.229.196
Jan 19 22:53:01 host sshd[7537]: Failed password for invalid user teamspeak from 164.90.229.196 port 55296 ssh2
Jan 19 22:53:01 host sshd[7537]: Received disconnect from 164.90.229.196 port 55296:11: Bye Bye [preauth]
Jan 19 22:53:01 host sshd[7537]: Disconnected from 164.90.229.196 port 55296 [preauth]
Jan 19 22:53:10 host sshd[7597]: Invalid user remote from 159.65.128.241 port 42842
Jan 19 22:53:10 host sshd[7597]: input_userauth_request: invalid user remote [preauth]
Jan 19 22:53:10 host sshd[7597]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:53:10 host sshd[7597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.128.241
Jan 19 22:53:12 host sshd[7597]: Failed password for invalid user remote from 159.65.128.241 port 42842 ssh2
Jan 19 22:53:12 host sshd[7597]: Received disconnect from 159.65.128.241 port 42842:11: Bye Bye [preauth]
Jan 19 22:53:12 host sshd[7597]: Disconnected from 159.65.128.241 port 42842 [preauth]
Jan 19 22:53:18 host sshd[7618]: Invalid user elasticsearch from 165.22.240.159 port 40676
Jan 19 22:53:18 host sshd[7618]: input_userauth_request: invalid user elasticsearch [preauth]
Jan 19 22:53:18 host sshd[7618]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:53:18 host sshd[7618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.240.159
Jan 19 22:53:19 host sshd[7618]: Failed password for invalid user elasticsearch from 165.22.240.159 port 40676 ssh2
Jan 19 22:53:19 host sshd[7618]: Received disconnect from 165.22.240.159 port 40676:11: Bye Bye [preauth]
Jan 19 22:53:19 host sshd[7618]: Disconnected from 165.22.240.159 port 40676 [preauth]
Jan 19 22:53:21 host sshd[7624]: Invalid user hduser from 119.252.143.6 port 28523
Jan 19 22:53:21 host sshd[7624]: input_userauth_request: invalid user hduser [preauth]
Jan 19 22:53:21 host sshd[7624]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:53:21 host sshd[7624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.252.143.6
Jan 19 22:53:23 host sshd[7624]: Failed password for invalid user hduser from 119.252.143.6 port 28523 ssh2
Jan 19 22:53:23 host sshd[7624]: Received disconnect from 119.252.143.6 port 28523:11: Bye Bye [preauth]
Jan 19 22:53:23 host sshd[7624]: Disconnected from 119.252.143.6 port 28523 [preauth]
Jan 19 22:54:27 host sshd[7872]: Invalid user david from 159.65.128.241 port 45192
Jan 19 22:54:27 host sshd[7872]: input_userauth_request: invalid user david [preauth]
Jan 19 22:54:27 host sshd[7872]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:54:27 host sshd[7872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.128.241
Jan 19 22:54:30 host sshd[7872]: Failed password for invalid user david from 159.65.128.241 port 45192 ssh2
Jan 19 22:54:30 host sshd[7872]: Received disconnect from 159.65.128.241 port 45192:11: Bye Bye [preauth]
Jan 19 22:54:30 host sshd[7872]: Disconnected from 159.65.128.241 port 45192 [preauth]
Jan 19 22:54:44 host sshd[7923]: Invalid user devops from 165.22.240.159 port 41240
Jan 19 22:54:44 host sshd[7923]: input_userauth_request: invalid user devops [preauth]
Jan 19 22:54:44 host sshd[7923]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:54:44 host sshd[7923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.240.159
Jan 19 22:54:46 host sshd[7923]: Failed password for invalid user devops from 165.22.240.159 port 41240 ssh2
Jan 19 22:54:46 host sshd[7923]: Received disconnect from 165.22.240.159 port 41240:11: Bye Bye [preauth]
Jan 19 22:54:46 host sshd[7923]: Disconnected from 165.22.240.159 port 41240 [preauth]
Jan 19 22:55:08 host sshd[8005]: Invalid user sftpuser from 119.252.143.6 port 41889
Jan 19 22:55:08 host sshd[8005]: input_userauth_request: invalid user sftpuser [preauth]
Jan 19 22:55:08 host sshd[8005]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:55:08 host sshd[8005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.252.143.6
Jan 19 22:55:10 host sshd[8005]: Failed password for invalid user sftpuser from 119.252.143.6 port 41889 ssh2
Jan 19 22:55:10 host sshd[8005]: Received disconnect from 119.252.143.6 port 41889:11: Bye Bye [preauth]
Jan 19 22:55:10 host sshd[8005]: Disconnected from 119.252.143.6 port 41889 [preauth]
Jan 19 22:55:14 host sshd[8031]: Invalid user restoreonly from 205.185.113.129 port 59260
Jan 19 22:55:14 host sshd[8031]: input_userauth_request: invalid user restoreonly [preauth]
Jan 19 22:55:14 host sshd[8031]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:55:14 host sshd[8031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 19 22:55:16 host sshd[8031]: Failed password for invalid user restoreonly from 205.185.113.129 port 59260 ssh2
Jan 19 22:55:17 host sshd[8031]: Connection closed by 205.185.113.129 port 59260 [preauth]
Jan 19 22:58:37 host sshd[8465]: Invalid user admin from 121.191.20.19 port 60789
Jan 19 22:58:37 host sshd[8465]: input_userauth_request: invalid user admin [preauth]
Jan 19 22:58:37 host sshd[8465]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:58:37 host sshd[8465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.191.20.19
Jan 19 22:58:39 host sshd[8465]: Failed password for invalid user admin from 121.191.20.19 port 60789 ssh2
Jan 19 22:58:39 host sshd[8465]: Failed password for invalid user admin from 121.191.20.19 port 60789 ssh2
Jan 19 22:58:39 host sshd[8465]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 22:58:41 host sshd[8465]: Failed password for invalid user admin from 121.191.20.19 port 60789 ssh2
Jan 19 22:58:55 host sshd[8482]: Connection reset by 116.106.157.138 port 55494 [preauth]
Jan 19 23:06:35 host sshd[9663]: Connection reset by 118.35.18.59 port 57715 [preauth]
Jan 19 23:08:30 host sshd[9898]: Invalid user user from 195.226.194.142 port 21544
Jan 19 23:08:30 host sshd[9898]: input_userauth_request: invalid user user [preauth]
Jan 19 23:08:30 host sshd[9898]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:08:30 host sshd[9898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 19 23:08:33 host sshd[9898]: Failed password for invalid user user from 195.226.194.142 port 21544 ssh2
Jan 19 23:08:33 host sshd[9898]: Received disconnect from 195.226.194.142 port 21544:11: Bye Bye [preauth]
Jan 19 23:08:33 host sshd[9898]: Disconnected from 195.226.194.142 port 21544 [preauth]
Jan 19 23:16:47 host sshd[11107]: Invalid user lee from 107.189.30.59 port 47540
Jan 19 23:16:47 host sshd[11107]: input_userauth_request: invalid user lee [preauth]
Jan 19 23:16:47 host sshd[11107]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:16:47 host sshd[11107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 19 23:16:49 host sshd[11107]: Failed password for invalid user lee from 107.189.30.59 port 47540 ssh2
Jan 19 23:16:50 host sshd[11107]: Connection closed by 107.189.30.59 port 47540 [preauth]
Jan 19 23:19:16 host sshd[11418]: Invalid user dlxuser from 61.77.220.204 port 49690
Jan 19 23:19:16 host sshd[11418]: input_userauth_request: invalid user dlxuser [preauth]
Jan 19 23:19:16 host sshd[11418]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:19:16 host sshd[11418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.77.220.204
Jan 19 23:19:18 host sshd[11418]: Failed password for invalid user dlxuser from 61.77.220.204 port 49690 ssh2
Jan 19 23:19:18 host sshd[11418]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:19:20 host sshd[11418]: Failed password for invalid user dlxuser from 61.77.220.204 port 49690 ssh2
Jan 19 23:19:23 host sshd[11418]: Failed password for invalid user dlxuser from 61.77.220.204 port 49690 ssh2
Jan 19 23:19:24 host sshd[11418]: Connection reset by 61.77.220.204 port 49690 [preauth]
Jan 19 23:19:24 host sshd[11418]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.77.220.204
Jan 19 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 19 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=mrsclean user-2=wwwnexidigital user-3=phmetals user-4=kottayamcalldriv user-5=palco123 user-6=gifterman user-7=wwwletsstalkfood user-8=straightcurve user-9=wwwevmhonda user-10=bonifacegroup user-11=pmcresources user-12=shalinijames user-13=wwwtestugo user-14=vfmassets user-15=woodpeck user-16=wwwkapin user-17=disposeat user-18=wwwkmaorg user-19=remysagr user-20=ugotscom user-21=wwwresourcehunte user-22=keralaholi user-23=wwwrmswll user-24=travelboniface user-25=wwwpmcresource user-26=laundryboniface user-27=a2zgroup user-28=dartsimp user-29=cochintaxi user-30=wwwkaretakers feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 19 23:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 19 23:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-DLdNK9BXEiZs3B8D.~
Jan 19 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-DLdNK9BXEiZs3B8D.~'
Jan 19 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-DLdNK9BXEiZs3B8D.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 19 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 19 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 19 23:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 19 23:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 19 23:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 19 23:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 19 23:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 19 23:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 19 23:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 19 23:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 19 23:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 19 23:24:28 host sshd[12365]: Connection closed by 67.205.135.136 port 57998 [preauth]
Jan 19 23:29:51 host sshd[13144]: Invalid user test from 67.205.135.136 port 55450
Jan 19 23:29:51 host sshd[13144]: input_userauth_request: invalid user test [preauth]
Jan 19 23:29:51 host sshd[13144]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:29:51 host sshd[13144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.205.135.136
Jan 19 23:29:53 host sshd[13144]: Failed password for invalid user test from 67.205.135.136 port 55450 ssh2
Jan 19 23:29:53 host sshd[13144]: Received disconnect from 67.205.135.136 port 55450:11: Bye Bye [preauth]
Jan 19 23:29:53 host sshd[13144]: Disconnected from 67.205.135.136 port 55450 [preauth]
Jan 19 23:33:52 host sshd[13789]: User root from 114.35.114.30 not allowed because not listed in AllowUsers
Jan 19 23:33:52 host sshd[13789]: input_userauth_request: invalid user root [preauth]
Jan 19 23:33:52 host unix_chkpwd[13794]: password check failed for user (root)
Jan 19 23:33:52 host sshd[13789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.114.30 user=root
Jan 19 23:33:52 host sshd[13789]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 23:33:54 host sshd[13789]: Failed password for invalid user root from 114.35.114.30 port 49958 ssh2
Jan 19 23:33:55 host unix_chkpwd[13799]: password check failed for user (root)
Jan 19 23:33:55 host sshd[13789]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 23:33:57 host sshd[13789]: Failed password for invalid user root from 114.35.114.30 port 49958 ssh2
Jan 19 23:33:58 host unix_chkpwd[13808]: password check failed for user (root)
Jan 19 23:33:58 host sshd[13789]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 23:34:01 host sshd[13789]: Failed password for invalid user root from 114.35.114.30 port 49958 ssh2
Jan 19 23:34:01 host unix_chkpwd[13814]: password check failed for user (root)
Jan 19 23:34:01 host sshd[13789]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 23:34:03 host sshd[13789]: Failed password for invalid user root from 114.35.114.30 port 49958 ssh2
Jan 19 23:34:07 host sshd[13858]: Invalid user hikvision from 59.126.32.51 port 50969
Jan 19 23:34:07 host sshd[13858]: input_userauth_request: invalid user hikvision [preauth]
Jan 19 23:34:07 host sshd[13858]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:34:07 host sshd[13858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.32.51
Jan 19 23:34:09 host sshd[13858]: Failed password for invalid user hikvision from 59.126.32.51 port 50969 ssh2
Jan 19 23:34:10 host sshd[13858]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:34:13 host sshd[13858]: Failed password for invalid user hikvision from 59.126.32.51 port 50969 ssh2
Jan 19 23:34:13 host sshd[13858]: Connection reset by 59.126.32.51 port 50969 [preauth]
Jan 19 23:34:13 host sshd[13858]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.32.51
Jan 19 23:36:22 host sshd[14148]: Invalid user test from 67.205.135.136 port 34584
Jan 19 23:36:22 host sshd[14148]: input_userauth_request: invalid user test [preauth]
Jan 19 23:36:23 host sshd[14148]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:36:23 host sshd[14148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.205.135.136
Jan 19 23:36:25 host sshd[14148]: Failed password for invalid user test from 67.205.135.136 port 34584 ssh2
Jan 19 23:36:25 host sshd[14148]: Received disconnect from 67.205.135.136 port 34584:11: Bye Bye [preauth]
Jan 19 23:36:25 host sshd[14148]: Disconnected from 67.205.135.136 port 34584 [preauth]
Jan 19 23:36:59 host sshd[14219]: Invalid user virl from 201.17.131.43 port 63124
Jan 19 23:36:59 host sshd[14219]: input_userauth_request: invalid user virl [preauth]
Jan 19 23:36:59 host sshd[14219]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:36:59 host sshd[14219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.17.131.43
Jan 19 23:37:02 host sshd[14219]: Failed password for invalid user virl from 201.17.131.43 port 63124 ssh2
Jan 19 23:37:02 host sshd[14219]: Received disconnect from 201.17.131.43 port 63124:11: Bye Bye [preauth]
Jan 19 23:37:02 host sshd[14219]: Disconnected from 201.17.131.43 port 63124 [preauth]
Jan 19 23:39:53 host sshd[14647]: Invalid user asterisk from 201.17.131.43 port 1706
Jan 19 23:39:53 host sshd[14647]: input_userauth_request: invalid user asterisk [preauth]
Jan 19 23:39:53 host sshd[14647]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:39:53 host sshd[14647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.17.131.43
Jan 19 23:39:56 host sshd[14647]: Failed password for invalid user asterisk from 201.17.131.43 port 1706 ssh2
Jan 19 23:39:56 host sshd[14647]: Received disconnect from 201.17.131.43 port 1706:11: Bye Bye [preauth]
Jan 19 23:39:56 host sshd[14647]: Disconnected from 201.17.131.43 port 1706 [preauth]
Jan 19 23:41:40 host sshd[14878]: Invalid user manager from 201.17.131.43 port 4986
Jan 19 23:41:40 host sshd[14878]: input_userauth_request: invalid user manager [preauth]
Jan 19 23:41:40 host sshd[14878]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:41:40 host sshd[14878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.17.131.43
Jan 19 23:41:42 host sshd[14878]: Failed password for invalid user manager from 201.17.131.43 port 4986 ssh2
Jan 19 23:41:42 host sshd[14878]: Received disconnect from 201.17.131.43 port 4986:11: Bye Bye [preauth]
Jan 19 23:41:42 host sshd[14878]: Disconnected from 201.17.131.43 port 4986 [preauth]
Jan 19 23:43:26 host sshd[15158]: Invalid user marie from 67.205.135.136 port 51110
Jan 19 23:43:26 host sshd[15158]: input_userauth_request: invalid user marie [preauth]
Jan 19 23:43:26 host sshd[15158]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:43:26 host sshd[15158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.205.135.136
Jan 19 23:43:28 host sshd[15158]: Failed password for invalid user marie from 67.205.135.136 port 51110 ssh2
Jan 19 23:43:28 host sshd[15158]: Received disconnect from 67.205.135.136 port 51110:11: Bye Bye [preauth]
Jan 19 23:43:28 host sshd[15158]: Disconnected from 67.205.135.136 port 51110 [preauth]
Jan 19 23:45:10 host sshd[15475]: User root from 122.116.121.24 not allowed because not listed in AllowUsers
Jan 19 23:45:10 host sshd[15475]: input_userauth_request: invalid user root [preauth]
Jan 19 23:45:10 host unix_chkpwd[15483]: password check failed for user (root)
Jan 19 23:45:10 host sshd[15475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.121.24 user=root
Jan 19 23:45:10 host sshd[15475]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 19 23:45:12 host sshd[15475]: Failed password for invalid user root from 122.116.121.24 port 48426 ssh2
Jan 19 23:45:13 host sshd[15475]: Connection reset by 122.116.121.24 port 48426 [preauth]
Jan 19 23:51:50 host sshd[16645]: Invalid user admin from 59.126.124.2 port 48871
Jan 19 23:51:50 host sshd[16645]: input_userauth_request: invalid user admin [preauth]
Jan 19 23:51:50 host sshd[16645]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:51:50 host sshd[16645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.124.2
Jan 19 23:51:52 host sshd[16645]: Failed password for invalid user admin from 59.126.124.2 port 48871 ssh2
Jan 19 23:51:52 host sshd[16645]: Failed password for invalid user admin from 59.126.124.2 port 48871 ssh2
Jan 19 23:51:53 host sshd[16645]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:51:55 host sshd[16645]: Failed password for invalid user admin from 59.126.124.2 port 48871 ssh2
Jan 19 23:51:56 host sshd[16645]: Connection reset by 59.126.124.2 port 48871 [preauth]
Jan 19 23:51:56 host sshd[16645]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.124.2
Jan 19 23:53:35 host sshd[16885]: Invalid user conectar from 64.227.72.154 port 52632
Jan 19 23:53:35 host sshd[16885]: input_userauth_request: invalid user conectar [preauth]
Jan 19 23:53:35 host sshd[16885]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:53:35 host sshd[16885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.72.154
Jan 19 23:53:37 host sshd[16885]: Failed password for invalid user conectar from 64.227.72.154 port 52632 ssh2
Jan 19 23:53:38 host sshd[16885]: Received disconnect from 64.227.72.154 port 52632:11: Bye Bye [preauth]
Jan 19 23:53:38 host sshd[16885]: Disconnected from 64.227.72.154 port 52632 [preauth]
Jan 19 23:53:44 host sshd[17002]: Invalid user gq from 194.110.203.109 port 38844
Jan 19 23:53:44 host sshd[17002]: input_userauth_request: invalid user gq [preauth]
Jan 19 23:53:44 host sshd[17002]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:53:44 host sshd[17002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 23:53:45 host sshd[17002]: Failed password for invalid user gq from 194.110.203.109 port 38844 ssh2
Jan 19 23:53:49 host sshd[17002]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:53:50 host sshd[17002]: Failed password for invalid user gq from 194.110.203.109 port 38844 ssh2
Jan 19 23:53:53 host sshd[17002]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:53:56 host sshd[17002]: Failed password for invalid user gq from 194.110.203.109 port 38844 ssh2
Jan 19 23:53:59 host sshd[17002]: Connection closed by 194.110.203.109 port 38844 [preauth]
Jan 19 23:53:59 host sshd[17002]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 19 23:55:14 host sshd[17247]: Invalid user mike from 85.172.12.254 port 34236
Jan 19 23:55:14 host sshd[17247]: input_userauth_request: invalid user mike [preauth]
Jan 19 23:55:14 host sshd[17247]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:55:14 host sshd[17247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.172.12.254
Jan 19 23:55:16 host sshd[17247]: Failed password for invalid user mike from 85.172.12.254 port 34236 ssh2
Jan 19 23:55:16 host sshd[17247]: Received disconnect from 85.172.12.254 port 34236:11: Bye Bye [preauth]
Jan 19 23:55:16 host sshd[17247]: Disconnected from 85.172.12.254 port 34236 [preauth]
Jan 19 23:56:29 host sshd[17518]: Invalid user adam from 159.89.206.9 port 58768
Jan 19 23:56:29 host sshd[17518]: input_userauth_request: invalid user adam [preauth]
Jan 19 23:56:29 host sshd[17518]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:56:29 host sshd[17518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.206.9
Jan 19 23:56:31 host sshd[17518]: Failed password for invalid user adam from 159.89.206.9 port 58768 ssh2
Jan 19 23:56:31 host sshd[17518]: Received disconnect from 159.89.206.9 port 58768:11: Bye Bye [preauth]
Jan 19 23:56:31 host sshd[17518]: Disconnected from 159.89.206.9 port 58768 [preauth]
Jan 19 23:56:37 host sshd[17540]: Invalid user splunk from 64.227.72.154 port 36376
Jan 19 23:56:37 host sshd[17540]: input_userauth_request: invalid user splunk [preauth]
Jan 19 23:56:37 host sshd[17540]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:56:37 host sshd[17540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.72.154
Jan 19 23:56:38 host sshd[17540]: Failed password for invalid user splunk from 64.227.72.154 port 36376 ssh2
Jan 19 23:56:38 host sshd[17540]: Received disconnect from 64.227.72.154 port 36376:11: Bye Bye [preauth]
Jan 19 23:56:38 host sshd[17540]: Disconnected from 64.227.72.154 port 36376 [preauth]
Jan 19 23:57:14 host sshd[17682]: Invalid user cesar from 85.172.12.254 port 36192
Jan 19 23:57:14 host sshd[17682]: input_userauth_request: invalid user cesar [preauth]
Jan 19 23:57:14 host sshd[17682]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:57:14 host sshd[17682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.172.12.254
Jan 19 23:57:16 host sshd[17682]: Failed password for invalid user cesar from 85.172.12.254 port 36192 ssh2
Jan 19 23:57:16 host sshd[17682]: Received disconnect from 85.172.12.254 port 36192:11: Bye Bye [preauth]
Jan 19 23:57:16 host sshd[17682]: Disconnected from 85.172.12.254 port 36192 [preauth]
Jan 19 23:57:46 host sshd[17778]: Invalid user ark from 64.227.72.154 port 35124
Jan 19 23:57:46 host sshd[17778]: input_userauth_request: invalid user ark [preauth]
Jan 19 23:57:46 host sshd[17778]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:57:46 host sshd[17778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.72.154
Jan 19 23:57:48 host sshd[17778]: Failed password for invalid user ark from 64.227.72.154 port 35124 ssh2
Jan 19 23:57:48 host sshd[17778]: Received disconnect from 64.227.72.154 port 35124:11: Bye Bye [preauth]
Jan 19 23:57:48 host sshd[17778]: Disconnected from 64.227.72.154 port 35124 [preauth]
Jan 19 23:58:25 host sshd[17946]: Invalid user grid from 159.89.206.9 port 60012
Jan 19 23:58:25 host sshd[17946]: input_userauth_request: invalid user grid [preauth]
Jan 19 23:58:25 host sshd[17946]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:58:25 host sshd[17946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.206.9
Jan 19 23:58:27 host sshd[17946]: Failed password for invalid user grid from 159.89.206.9 port 60012 ssh2
Jan 19 23:58:28 host sshd[17946]: Received disconnect from 159.89.206.9 port 60012:11: Bye Bye [preauth]
Jan 19 23:58:28 host sshd[17946]: Disconnected from 159.89.206.9 port 60012 [preauth]
Jan 19 23:58:36 host sshd[17992]: Invalid user ftpuser1 from 85.172.12.254 port 34022
Jan 19 23:58:36 host sshd[17992]: input_userauth_request: invalid user ftpuser1 [preauth]
Jan 19 23:58:36 host sshd[17992]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:58:36 host sshd[17992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.172.12.254
Jan 19 23:58:38 host sshd[17992]: Failed password for invalid user ftpuser1 from 85.172.12.254 port 34022 ssh2
Jan 19 23:58:38 host sshd[17992]: Received disconnect from 85.172.12.254 port 34022:11: Bye Bye [preauth]
Jan 19 23:58:38 host sshd[17992]: Disconnected from 85.172.12.254 port 34022 [preauth]
Jan 19 23:59:43 host sshd[18332]: Invalid user suporte from 159.89.206.9 port 57040
Jan 19 23:59:43 host sshd[18332]: input_userauth_request: invalid user suporte [preauth]
Jan 19 23:59:43 host sshd[18332]: pam_unix(sshd:auth): check pass; user unknown
Jan 19 23:59:43 host sshd[18332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.206.9
Jan 19 23:59:46 host sshd[18332]: Failed password for invalid user suporte from 159.89.206.9 port 57040 ssh2
Jan 20 00:06:05 host sshd[19724]: Invalid user pi from 121.184.105.238 port 60815
Jan 20 00:06:05 host sshd[19724]: input_userauth_request: invalid user pi [preauth]
Jan 20 00:06:05 host sshd[19724]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:06:05 host sshd[19724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.184.105.238
Jan 20 00:06:07 host sshd[19724]: Failed password for invalid user pi from 121.184.105.238 port 60815 ssh2
Jan 20 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 00:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=dartsimp user-2=a2zgroup user-3=laundryboniface user-4=cochintaxi user-5=wwwkaretakers user-6=travelboniface user-7=wwwrmswll user-8=wwwresourcehunte user-9=keralaholi user-10=ugotscom user-11=wwwpmcresource user-12=vfmassets user-13=wwwtestugo user-14=shalinijames user-15=pmcresources user-16=remysagr user-17=disposeat user-18=wwwkmaorg user-19=woodpeck user-20=wwwkapin user-21=gifterman user-22=palco123 user-23=kottayamcalldriv user-24=phmetals user-25=wwwnexidigital user-26=mrsclean user-27=bonifacegroup user-28=wwwevmhonda user-29=wwwletsstalkfood user-30=straightcurve feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 00:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-KSrlvUVtM1XMdOsx.~
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-KSrlvUVtM1XMdOsx.~'
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-KSrlvUVtM1XMdOsx.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 00:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 00:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 00:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 00:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 00:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 00:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 00:21:13 host sshd[22727]: Connection closed by 167.248.133.63 port 58844 [preauth]
Jan 20 00:22:29 host sshd[23160]: Connection closed by 45.79.181.104 port 12028 [preauth]
Jan 20 00:22:32 host sshd[23167]: Connection closed by 45.79.181.104 port 12030 [preauth]
Jan 20 00:22:35 host sshd[23173]: Connection closed by 45.79.181.104 port 12032 [preauth]
Jan 20 00:22:58 host sshd[23207]: User root from 189.107.251.105 not allowed because not listed in AllowUsers
Jan 20 00:22:58 host sshd[23207]: input_userauth_request: invalid user root [preauth]
Jan 20 00:22:59 host unix_chkpwd[23214]: password check failed for user (root)
Jan 20 00:22:59 host sshd[23207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.107.251.105 user=root
Jan 20 00:22:59 host sshd[23207]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 00:23:00 host sshd[23207]: Failed password for invalid user root from 189.107.251.105 port 37855 ssh2
Jan 20 00:23:01 host unix_chkpwd[23226]: password check failed for user (root)
Jan 20 00:23:01 host sshd[23207]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 00:23:03 host sshd[23207]: Failed password for invalid user root from 189.107.251.105 port 37855 ssh2
Jan 20 00:23:04 host sshd[23207]: Connection reset by 189.107.251.105 port 37855 [preauth]
Jan 20 00:23:04 host sshd[23207]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.107.251.105 user=root
Jan 20 00:27:20 host sshd[23903]: Invalid user jenkins from 206.189.130.185 port 50552
Jan 20 00:27:20 host sshd[23903]: input_userauth_request: invalid user jenkins [preauth]
Jan 20 00:27:20 host sshd[23903]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:27:20 host sshd[23903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.130.185
Jan 20 00:27:22 host sshd[23903]: Failed password for invalid user jenkins from 206.189.130.185 port 50552 ssh2
Jan 20 00:27:22 host sshd[23903]: Received disconnect from 206.189.130.185 port 50552:11: Bye Bye [preauth]
Jan 20 00:27:22 host sshd[23903]: Disconnected from 206.189.130.185 port 50552 [preauth]
Jan 20 00:29:34 host sshd[24227]: Invalid user deployer from 220.86.68.33 port 51740
Jan 20 00:29:34 host sshd[24227]: input_userauth_request: invalid user deployer [preauth]
Jan 20 00:29:34 host sshd[24227]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:29:34 host sshd[24227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.86.68.33
Jan 20 00:29:36 host sshd[24227]: Failed password for invalid user deployer from 220.86.68.33 port 51740 ssh2
Jan 20 00:29:36 host sshd[24227]: Received disconnect from 220.86.68.33 port 51740:11: Bye Bye [preauth]
Jan 20 00:29:36 host sshd[24227]: Disconnected from 220.86.68.33 port 51740 [preauth]
Jan 20 00:32:07 host sshd[24670]: Invalid user admin from 118.189.61.24 port 49765
Jan 20 00:32:07 host sshd[24670]: input_userauth_request: invalid user admin [preauth]
Jan 20 00:32:07 host sshd[24670]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:32:07 host sshd[24670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.189.61.24
Jan 20 00:32:09 host sshd[24670]: Failed password for invalid user admin from 118.189.61.24 port 49765 ssh2
Jan 20 00:32:10 host sshd[24670]: Failed password for invalid user admin from 118.189.61.24 port 49765 ssh2
Jan 20 00:32:10 host sshd[24670]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:32:12 host sshd[24670]: Failed password for invalid user admin from 118.189.61.24 port 49765 ssh2
Jan 20 00:32:13 host sshd[24670]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:32:15 host sshd[24670]: Failed password for invalid user admin from 118.189.61.24 port 49765 ssh2
Jan 20 00:32:16 host sshd[24670]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:32:18 host sshd[24670]: Failed password for invalid user admin from 118.189.61.24 port 49765 ssh2
Jan 20 00:32:44 host sshd[24796]: Invalid user nextcloud from 159.223.87.243 port 50234
Jan 20 00:32:44 host sshd[24796]: input_userauth_request: invalid user nextcloud [preauth]
Jan 20 00:32:44 host sshd[24796]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:32:44 host sshd[24796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.87.243
Jan 20 00:32:46 host sshd[24796]: Failed password for invalid user nextcloud from 159.223.87.243 port 50234 ssh2
Jan 20 00:32:46 host sshd[24796]: Received disconnect from 159.223.87.243 port 50234:11: Bye Bye [preauth]
Jan 20 00:32:46 host sshd[24796]: Disconnected from 159.223.87.243 port 50234 [preauth]
Jan 20 00:33:14 host sshd[24873]: Invalid user esuser from 206.189.130.185 port 36226
Jan 20 00:33:14 host sshd[24873]: input_userauth_request: invalid user esuser [preauth]
Jan 20 00:33:14 host sshd[24873]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:33:14 host sshd[24873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.130.185
Jan 20 00:33:16 host sshd[24873]: Failed password for invalid user esuser from 206.189.130.185 port 36226 ssh2
Jan 20 00:33:16 host sshd[24873]: Received disconnect from 206.189.130.185 port 36226:11: Bye Bye [preauth]
Jan 20 00:33:16 host sshd[24873]: Disconnected from 206.189.130.185 port 36226 [preauth]
Jan 20 00:33:32 host sshd[24916]: User root from 123.240.154.251 not allowed because not listed in AllowUsers
Jan 20 00:33:32 host sshd[24916]: input_userauth_request: invalid user root [preauth]
Jan 20 00:33:32 host unix_chkpwd[24925]: password check failed for user (root)
Jan 20 00:33:32 host sshd[24916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.240.154.251 user=root
Jan 20 00:33:32 host sshd[24916]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 00:33:34 host sshd[24916]: Failed password for invalid user root from 123.240.154.251 port 58428 ssh2
Jan 20 00:33:34 host unix_chkpwd[24928]: password check failed for user (root)
Jan 20 00:33:34 host sshd[24916]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 00:33:36 host sshd[24916]: Failed password for invalid user root from 123.240.154.251 port 58428 ssh2
Jan 20 00:33:36 host unix_chkpwd[24931]: password check failed for user (root)
Jan 20 00:33:36 host sshd[24916]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 00:33:38 host sshd[24916]: Failed password for invalid user root from 123.240.154.251 port 58428 ssh2
Jan 20 00:33:38 host sshd[24916]: Connection reset by 123.240.154.251 port 58428 [preauth]
Jan 20 00:33:38 host sshd[24916]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.240.154.251 user=root
Jan 20 00:34:36 host sshd[25120]: Invalid user shadow from 200.27.113.133 port 51866
Jan 20 00:34:36 host sshd[25120]: input_userauth_request: invalid user shadow [preauth]
Jan 20 00:34:36 host sshd[25120]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:34:36 host sshd[25120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.27.113.133
Jan 20 00:34:38 host sshd[25127]: Invalid user deamon from 220.86.68.33 port 43104
Jan 20 00:34:38 host sshd[25127]: input_userauth_request: invalid user deamon [preauth]
Jan 20 00:34:38 host sshd[25127]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:34:38 host sshd[25127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.86.68.33
Jan 20 00:34:38 host sshd[25120]: Failed password for invalid user shadow from 200.27.113.133 port 51866 ssh2
Jan 20 00:34:38 host sshd[25120]: Received disconnect from 200.27.113.133 port 51866:11: Bye Bye [preauth]
Jan 20 00:34:38 host sshd[25120]: Disconnected from 200.27.113.133 port 51866 [preauth]
Jan 20 00:34:39 host sshd[25133]: Invalid user cesar from 206.189.130.185 port 54116
Jan 20 00:34:39 host sshd[25133]: input_userauth_request: invalid user cesar [preauth]
Jan 20 00:34:39 host sshd[25133]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:34:39 host sshd[25133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.130.185
Jan 20 00:34:40 host sshd[25127]: Failed password for invalid user deamon from 220.86.68.33 port 43104 ssh2
Jan 20 00:34:40 host sshd[25127]: Received disconnect from 220.86.68.33 port 43104:11: Bye Bye [preauth]
Jan 20 00:34:40 host sshd[25127]: Disconnected from 220.86.68.33 port 43104 [preauth]
Jan 20 00:34:41 host sshd[25133]: Failed password for invalid user cesar from 206.189.130.185 port 54116 ssh2
Jan 20 00:34:41 host sshd[25133]: Received disconnect from 206.189.130.185 port 54116:11: Bye Bye [preauth]
Jan 20 00:34:41 host sshd[25133]: Disconnected from 206.189.130.185 port 54116 [preauth]
Jan 20 00:34:55 host sshd[25196]: Invalid user git from 159.223.87.243 port 48110
Jan 20 00:34:55 host sshd[25196]: input_userauth_request: invalid user git [preauth]
Jan 20 00:34:55 host sshd[25196]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:34:55 host sshd[25196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.87.243
Jan 20 00:34:56 host sshd[25196]: Failed password for invalid user git from 159.223.87.243 port 48110 ssh2
Jan 20 00:34:56 host sshd[25196]: Received disconnect from 159.223.87.243 port 48110:11: Bye Bye [preauth]
Jan 20 00:34:56 host sshd[25196]: Disconnected from 159.223.87.243 port 48110 [preauth]
Jan 20 00:35:28 host sshd[25350]: Invalid user admin123 from 35.200.141.182 port 54390
Jan 20 00:35:28 host sshd[25350]: input_userauth_request: invalid user admin123 [preauth]
Jan 20 00:35:28 host sshd[25350]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:35:28 host sshd[25350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.141.182
Jan 20 00:35:30 host sshd[25350]: Failed password for invalid user admin123 from 35.200.141.182 port 54390 ssh2
Jan 20 00:35:30 host sshd[25350]: Received disconnect from 35.200.141.182 port 54390:11: Bye Bye [preauth]
Jan 20 00:35:30 host sshd[25350]: Disconnected from 35.200.141.182 port 54390 [preauth]
Jan 20 00:35:49 host sshd[25385]: Invalid user test1 from 220.86.68.33 port 37396
Jan 20 00:35:49 host sshd[25385]: input_userauth_request: invalid user test1 [preauth]
Jan 20 00:35:49 host sshd[25385]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:35:49 host sshd[25385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.86.68.33
Jan 20 00:35:51 host sshd[25385]: Failed password for invalid user test1 from 220.86.68.33 port 37396 ssh2
Jan 20 00:35:51 host sshd[25385]: Received disconnect from 220.86.68.33 port 37396:11: Bye Bye [preauth]
Jan 20 00:35:51 host sshd[25385]: Disconnected from 220.86.68.33 port 37396 [preauth]
Jan 20 00:35:51 host sshd[25390]: Invalid user devops from 51.178.27.210 port 43664
Jan 20 00:35:51 host sshd[25390]: input_userauth_request: invalid user devops [preauth]
Jan 20 00:35:51 host sshd[25390]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:35:51 host sshd[25390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.27.210
Jan 20 00:35:53 host sshd[25390]: Failed password for invalid user devops from 51.178.27.210 port 43664 ssh2
Jan 20 00:35:54 host sshd[25390]: Received disconnect from 51.178.27.210 port 43664:11: Bye Bye [preauth]
Jan 20 00:35:54 host sshd[25390]: Disconnected from 51.178.27.210 port 43664 [preauth]
Jan 20 00:36:13 host sshd[25486]: Invalid user www from 159.223.87.243 port 38524
Jan 20 00:36:13 host sshd[25486]: input_userauth_request: invalid user www [preauth]
Jan 20 00:36:13 host sshd[25486]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:36:13 host sshd[25486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.87.243
Jan 20 00:36:15 host sshd[25486]: Failed password for invalid user www from 159.223.87.243 port 38524 ssh2
Jan 20 00:36:15 host sshd[25489]: Invalid user ansadmin from 200.27.113.133 port 35494
Jan 20 00:36:15 host sshd[25489]: input_userauth_request: invalid user ansadmin [preauth]
Jan 20 00:36:15 host sshd[25489]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:36:15 host sshd[25489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.27.113.133
Jan 20 00:36:17 host sshd[25489]: Failed password for invalid user ansadmin from 200.27.113.133 port 35494 ssh2
Jan 20 00:36:17 host sshd[25489]: Received disconnect from 200.27.113.133 port 35494:11: Bye Bye [preauth]
Jan 20 00:36:17 host sshd[25489]: Disconnected from 200.27.113.133 port 35494 [preauth]
Jan 20 00:36:23 host sshd[25535]: Invalid user angelica from 23.140.96.107 port 46244
Jan 20 00:36:23 host sshd[25535]: input_userauth_request: invalid user angelica [preauth]
Jan 20 00:36:23 host sshd[25535]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:36:23 host sshd[25535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.140.96.107
Jan 20 00:36:25 host sshd[25535]: Failed password for invalid user angelica from 23.140.96.107 port 46244 ssh2
Jan 20 00:36:25 host sshd[25535]: Received disconnect from 23.140.96.107 port 46244:11: Bye Bye [preauth]
Jan 20 00:36:25 host sshd[25535]: Disconnected from 23.140.96.107 port 46244 [preauth]
Jan 20 00:36:35 host sshd[25594]: Invalid user openbravo from 43.153.193.40 port 43482
Jan 20 00:36:35 host sshd[25594]: input_userauth_request: invalid user openbravo [preauth]
Jan 20 00:36:35 host sshd[25594]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:36:35 host sshd[25594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.193.40
Jan 20 00:36:37 host sshd[25594]: Failed password for invalid user openbravo from 43.153.193.40 port 43482 ssh2
Jan 20 00:36:37 host sshd[25594]: Received disconnect from 43.153.193.40 port 43482:11: Bye Bye [preauth]
Jan 20 00:36:37 host sshd[25594]: Disconnected from 43.153.193.40 port 43482 [preauth]
Jan 20 00:36:59 host sshd[25636]: Invalid user deployer from 81.3.206.160 port 49344
Jan 20 00:36:59 host sshd[25636]: input_userauth_request: invalid user deployer [preauth]
Jan 20 00:36:59 host sshd[25636]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:36:59 host sshd[25636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.3.206.160
Jan 20 00:37:01 host sshd[25636]: Failed password for invalid user deployer from 81.3.206.160 port 49344 ssh2
Jan 20 00:37:01 host sshd[25636]: Received disconnect from 81.3.206.160 port 49344:11: Bye Bye [preauth]
Jan 20 00:37:01 host sshd[25636]: Disconnected from 81.3.206.160 port 49344 [preauth]
Jan 20 00:37:03 host sshd[25654]: Invalid user student from 70.88.3.29 port 56193
Jan 20 00:37:03 host sshd[25654]: input_userauth_request: invalid user student [preauth]
Jan 20 00:37:03 host sshd[25654]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:37:03 host sshd[25654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=70.88.3.29
Jan 20 00:37:05 host sshd[25654]: Failed password for invalid user student from 70.88.3.29 port 56193 ssh2
Jan 20 00:37:05 host sshd[25654]: Received disconnect from 70.88.3.29 port 56193:11: Bye Bye [preauth]
Jan 20 00:37:05 host sshd[25654]: Disconnected from 70.88.3.29 port 56193 [preauth]
Jan 20 00:37:19 host sshd[25809]: Invalid user nexus from 45.114.195.2 port 54906
Jan 20 00:37:19 host sshd[25809]: input_userauth_request: invalid user nexus [preauth]
Jan 20 00:37:19 host sshd[25809]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:37:19 host sshd[25809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.114.195.2
Jan 20 00:37:21 host sshd[25809]: Failed password for invalid user nexus from 45.114.195.2 port 54906 ssh2
Jan 20 00:37:21 host sshd[25809]: Received disconnect from 45.114.195.2 port 54906:11: Bye Bye [preauth]
Jan 20 00:37:21 host sshd[25809]: Disconnected from 45.114.195.2 port 54906 [preauth]
Jan 20 00:37:45 host sshd[25879]: Invalid user tmp from 200.27.113.133 port 46943
Jan 20 00:37:45 host sshd[25879]: input_userauth_request: invalid user tmp [preauth]
Jan 20 00:37:45 host sshd[25879]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:37:45 host sshd[25879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.27.113.133
Jan 20 00:37:47 host sshd[25879]: Failed password for invalid user tmp from 200.27.113.133 port 46943 ssh2
Jan 20 00:37:48 host sshd[25879]: Received disconnect from 200.27.113.133 port 46943:11: Bye Bye [preauth]
Jan 20 00:37:48 host sshd[25879]: Disconnected from 200.27.113.133 port 46943 [preauth]
Jan 20 00:37:52 host sshd[25921]: Invalid user redmine from 43.157.29.8 port 35932
Jan 20 00:37:52 host sshd[25921]: input_userauth_request: invalid user redmine [preauth]
Jan 20 00:37:52 host sshd[25921]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:37:52 host sshd[25921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.29.8
Jan 20 00:37:54 host sshd[25921]: Failed password for invalid user redmine from 43.157.29.8 port 35932 ssh2
Jan 20 00:37:54 host sshd[25921]: Received disconnect from 43.157.29.8 port 35932:11: Bye Bye [preauth]
Jan 20 00:37:54 host sshd[25921]: Disconnected from 43.157.29.8 port 35932 [preauth]
Jan 20 00:38:06 host sshd[25964]: Invalid user nextcloud from 157.230.45.177 port 32888
Jan 20 00:38:06 host sshd[25964]: input_userauth_request: invalid user nextcloud [preauth]
Jan 20 00:38:06 host sshd[25964]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:38:06 host sshd[25964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.45.177
Jan 20 00:38:08 host sshd[25964]: Failed password for invalid user nextcloud from 157.230.45.177 port 32888 ssh2
Jan 20 00:38:08 host sshd[25964]: Received disconnect from 157.230.45.177 port 32888:11: Bye Bye [preauth]
Jan 20 00:38:08 host sshd[25964]: Disconnected from 157.230.45.177 port 32888 [preauth]
Jan 20 00:39:06 host sshd[26110]: Invalid user tom from 192.140.112.78 port 39928
Jan 20 00:39:06 host sshd[26110]: input_userauth_request: invalid user tom [preauth]
Jan 20 00:39:06 host sshd[26110]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:39:06 host sshd[26110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.140.112.78
Jan 20 00:39:08 host sshd[26110]: Failed password for invalid user tom from 192.140.112.78 port 39928 ssh2
Jan 20 00:39:08 host sshd[26110]: Received disconnect from 192.140.112.78 port 39928:11: Bye Bye [preauth]
Jan 20 00:39:08 host sshd[26110]: Disconnected from 192.140.112.78 port 39928 [preauth]
Jan 20 00:40:03 host sshd[26264]: Invalid user remote from 147.182.228.52 port 56368
Jan 20 00:40:03 host sshd[26264]: input_userauth_request: invalid user remote [preauth]
Jan 20 00:40:03 host sshd[26264]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:40:03 host sshd[26264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.228.52
Jan 20 00:40:05 host sshd[26264]: Failed password for invalid user remote from 147.182.228.52 port 56368 ssh2
Jan 20 00:40:05 host sshd[26264]: Received disconnect from 147.182.228.52 port 56368:11: Bye Bye [preauth]
Jan 20 00:40:05 host sshd[26264]: Disconnected from 147.182.228.52 port 56368 [preauth]
Jan 20 00:40:12 host sshd[26293]: User root from 220.134.133.112 not allowed because not listed in AllowUsers
Jan 20 00:40:12 host sshd[26293]: input_userauth_request: invalid user root [preauth]
Jan 20 00:40:12 host unix_chkpwd[26305]: password check failed for user (root)
Jan 20 00:40:12 host sshd[26293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.133.112 user=root
Jan 20 00:40:12 host sshd[26293]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 00:40:13 host sshd[26298]: Invalid user vadmin from 220.134.133.112 port 39493
Jan 20 00:40:13 host sshd[26298]: input_userauth_request: invalid user vadmin [preauth]
Jan 20 00:40:13 host sshd[26298]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:40:13 host sshd[26298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.133.112
Jan 20 00:40:14 host sshd[26293]: Failed password for invalid user root from 220.134.133.112 port 39481 ssh2
Jan 20 00:40:15 host unix_chkpwd[26310]: password check failed for user (root)
Jan 20 00:40:15 host sshd[26293]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 00:40:15 host sshd[26298]: Failed password for invalid user vadmin from 220.134.133.112 port 39493 ssh2
Jan 20 00:40:16 host sshd[26298]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:40:17 host sshd[26293]: Failed password for invalid user root from 220.134.133.112 port 39481 ssh2
Jan 20 00:40:17 host unix_chkpwd[26314]: password check failed for user (root)
Jan 20 00:40:17 host sshd[26293]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 00:40:19 host sshd[26298]: Failed password for invalid user vadmin from 220.134.133.112 port 39493 ssh2
Jan 20 00:40:19 host sshd[26298]: Connection reset by 220.134.133.112 port 39493 [preauth]
Jan 20 00:40:19 host sshd[26298]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.133.112
Jan 20 00:40:20 host sshd[26293]: Failed password for invalid user root from 220.134.133.112 port 39481 ssh2
Jan 20 00:40:36 host sshd[26398]: Invalid user sam from 103.176.78.133 port 55952
Jan 20 00:40:36 host sshd[26398]: input_userauth_request: invalid user sam [preauth]
Jan 20 00:40:36 host sshd[26398]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:40:36 host sshd[26398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.133
Jan 20 00:40:38 host sshd[26398]: Failed password for invalid user sam from 103.176.78.133 port 55952 ssh2
Jan 20 00:40:38 host sshd[26398]: Received disconnect from 103.176.78.133 port 55952:11: Bye Bye [preauth]
Jan 20 00:40:38 host sshd[26398]: Disconnected from 103.176.78.133 port 55952 [preauth]
Jan 20 00:40:50 host sshd[26433]: Invalid user s from 193.70.0.122 port 41564
Jan 20 00:40:50 host sshd[26433]: input_userauth_request: invalid user s [preauth]
Jan 20 00:40:50 host sshd[26433]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:40:50 host sshd[26433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.0.122
Jan 20 00:40:52 host sshd[26433]: Failed password for invalid user s from 193.70.0.122 port 41564 ssh2
Jan 20 00:40:52 host sshd[26433]: Received disconnect from 193.70.0.122 port 41564:11: Bye Bye [preauth]
Jan 20 00:40:52 host sshd[26433]: Disconnected from 193.70.0.122 port 41564 [preauth]
Jan 20 00:41:26 host sshd[26533]: Invalid user deployer from 45.114.195.2 port 41688
Jan 20 00:41:26 host sshd[26533]: input_userauth_request: invalid user deployer [preauth]
Jan 20 00:41:26 host sshd[26533]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:41:26 host sshd[26533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.114.195.2
Jan 20 00:41:28 host sshd[26533]: Failed password for invalid user deployer from 45.114.195.2 port 41688 ssh2
Jan 20 00:41:28 host sshd[26533]: Received disconnect from 45.114.195.2 port 41688:11: Bye Bye [preauth]
Jan 20 00:41:28 host sshd[26533]: Disconnected from 45.114.195.2 port 41688 [preauth]
Jan 20 00:41:39 host sshd[26593]: Invalid user git from 70.88.3.29 port 41665
Jan 20 00:41:39 host sshd[26593]: input_userauth_request: invalid user git [preauth]
Jan 20 00:41:39 host sshd[26593]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:41:39 host sshd[26593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=70.88.3.29
Jan 20 00:41:41 host sshd[26593]: Failed password for invalid user git from 70.88.3.29 port 41665 ssh2
Jan 20 00:41:41 host sshd[26593]: Received disconnect from 70.88.3.29 port 41665:11: Bye Bye [preauth]
Jan 20 00:41:41 host sshd[26593]: Disconnected from 70.88.3.29 port 41665 [preauth]
Jan 20 00:41:55 host sshd[26629]: Invalid user titan from 81.3.206.160 port 56550
Jan 20 00:41:55 host sshd[26629]: input_userauth_request: invalid user titan [preauth]
Jan 20 00:41:55 host sshd[26629]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:41:55 host sshd[26629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.3.206.160
Jan 20 00:41:56 host sshd[26629]: Failed password for invalid user titan from 81.3.206.160 port 56550 ssh2
Jan 20 00:41:57 host sshd[26629]: Received disconnect from 81.3.206.160 port 56550:11: Bye Bye [preauth]
Jan 20 00:41:57 host sshd[26629]: Disconnected from 81.3.206.160 port 56550 [preauth]
Jan 20 00:42:05 host sshd[26670]: Invalid user testing from 51.178.27.210 port 43776
Jan 20 00:42:05 host sshd[26670]: input_userauth_request: invalid user testing [preauth]
Jan 20 00:42:05 host sshd[26670]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:42:05 host sshd[26670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.27.210
Jan 20 00:42:07 host sshd[26670]: Failed password for invalid user testing from 51.178.27.210 port 43776 ssh2
Jan 20 00:42:07 host sshd[26670]: Received disconnect from 51.178.27.210 port 43776:11: Bye Bye [preauth]
Jan 20 00:42:07 host sshd[26670]: Disconnected from 51.178.27.210 port 43776 [preauth]
Jan 20 00:42:16 host sshd[26701]: Invalid user angel from 193.70.0.122 port 38810
Jan 20 00:42:16 host sshd[26701]: input_userauth_request: invalid user angel [preauth]
Jan 20 00:42:16 host sshd[26701]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:42:16 host sshd[26701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.0.122
Jan 20 00:42:17 host sshd[26705]: Invalid user suporte from 157.230.45.177 port 46852
Jan 20 00:42:17 host sshd[26705]: input_userauth_request: invalid user suporte [preauth]
Jan 20 00:42:17 host sshd[26705]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:42:17 host sshd[26705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.45.177
Jan 20 00:42:18 host sshd[26701]: Failed password for invalid user angel from 193.70.0.122 port 38810 ssh2
Jan 20 00:42:19 host sshd[26701]: Received disconnect from 193.70.0.122 port 38810:11: Bye Bye [preauth]
Jan 20 00:42:19 host sshd[26701]: Disconnected from 193.70.0.122 port 38810 [preauth]
Jan 20 00:42:19 host sshd[26705]: Failed password for invalid user suporte from 157.230.45.177 port 46852 ssh2
Jan 20 00:42:19 host sshd[26705]: Received disconnect from 157.230.45.177 port 46852:11: Bye Bye [preauth]
Jan 20 00:42:19 host sshd[26705]: Disconnected from 157.230.45.177 port 46852 [preauth]
Jan 20 00:42:35 host sshd[26759]: Invalid user virl from 43.157.29.8 port 55178
Jan 20 00:42:35 host sshd[26759]: input_userauth_request: invalid user virl [preauth]
Jan 20 00:42:35 host sshd[26759]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:42:35 host sshd[26759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.29.8
Jan 20 00:42:37 host sshd[26759]: Failed password for invalid user virl from 43.157.29.8 port 55178 ssh2
Jan 20 00:42:37 host sshd[26767]: Invalid user elena from 35.200.141.182 port 56398
Jan 20 00:42:37 host sshd[26767]: input_userauth_request: invalid user elena [preauth]
Jan 20 00:42:37 host sshd[26767]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:42:37 host sshd[26767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.141.182
Jan 20 00:42:38 host sshd[26759]: Received disconnect from 43.157.29.8 port 55178:11: Bye Bye [preauth]
Jan 20 00:42:38 host sshd[26759]: Disconnected from 43.157.29.8 port 55178 [preauth]
Jan 20 00:42:39 host sshd[26767]: Failed password for invalid user elena from 35.200.141.182 port 56398 ssh2
Jan 20 00:42:39 host sshd[26767]: Received disconnect from 35.200.141.182 port 56398:11: Bye Bye [preauth]
Jan 20 00:42:39 host sshd[26767]: Disconnected from 35.200.141.182 port 56398 [preauth]
Jan 20 00:42:40 host sshd[26773]: Invalid user admin123 from 23.140.96.107 port 47574
Jan 20 00:42:40 host sshd[26773]: input_userauth_request: invalid user admin123 [preauth]
Jan 20 00:42:40 host sshd[26773]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:42:40 host sshd[26773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.140.96.107
Jan 20 00:42:42 host sshd[26773]: Failed password for invalid user admin123 from 23.140.96.107 port 47574 ssh2
Jan 20 00:42:42 host sshd[26773]: Received disconnect from 23.140.96.107 port 47574:11: Bye Bye [preauth]
Jan 20 00:42:42 host sshd[26773]: Disconnected from 23.140.96.107 port 47574 [preauth]
Jan 20 00:42:43 host sshd[26782]: Invalid user user01 from 45.114.195.2 port 53680
Jan 20 00:42:43 host sshd[26782]: input_userauth_request: invalid user user01 [preauth]
Jan 20 00:42:43 host sshd[26782]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:42:43 host sshd[26782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.114.195.2
Jan 20 00:42:45 host sshd[26782]: Failed password for invalid user user01 from 45.114.195.2 port 53680 ssh2
Jan 20 00:42:51 host sshd[26932]: Invalid user sinusbot from 70.88.3.29 port 31650
Jan 20 00:42:51 host sshd[26932]: input_userauth_request: invalid user sinusbot [preauth]
Jan 20 00:42:51 host sshd[26932]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:42:51 host sshd[26932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=70.88.3.29
Jan 20 00:42:53 host sshd[26932]: Failed password for invalid user sinusbot from 70.88.3.29 port 31650 ssh2
Jan 20 00:42:53 host sshd[26932]: Received disconnect from 70.88.3.29 port 31650:11: Bye Bye [preauth]
Jan 20 00:42:53 host sshd[26932]: Disconnected from 70.88.3.29 port 31650 [preauth]
Jan 20 00:42:55 host sshd[26954]: Invalid user openbravo from 147.182.228.52 port 38312
Jan 20 00:42:55 host sshd[26954]: input_userauth_request: invalid user openbravo [preauth]
Jan 20 00:42:55 host sshd[26954]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:42:55 host sshd[26954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.228.52
Jan 20 00:42:57 host sshd[26954]: Failed password for invalid user openbravo from 147.182.228.52 port 38312 ssh2
Jan 20 00:42:58 host sshd[26980]: Invalid user suporte from 192.140.112.78 port 40108
Jan 20 00:42:58 host sshd[26980]: input_userauth_request: invalid user suporte [preauth]
Jan 20 00:42:58 host sshd[26980]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:42:58 host sshd[26980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.140.112.78
Jan 20 00:42:58 host sshd[26954]: Received disconnect from 147.182.228.52 port 38312:11: Bye Bye [preauth]
Jan 20 00:42:58 host sshd[26954]: Disconnected from 147.182.228.52 port 38312 [preauth]
Jan 20 00:43:00 host sshd[26980]: Failed password for invalid user suporte from 192.140.112.78 port 40108 ssh2
Jan 20 00:43:00 host sshd[26980]: Received disconnect from 192.140.112.78 port 40108:11: Bye Bye [preauth]
Jan 20 00:43:00 host sshd[26980]: Disconnected from 192.140.112.78 port 40108 [preauth]
Jan 20 00:43:01 host sshd[26993]: Invalid user user8 from 81.3.206.160 port 34418
Jan 20 00:43:01 host sshd[26993]: input_userauth_request: invalid user user8 [preauth]
Jan 20 00:43:01 host sshd[26993]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:43:01 host sshd[26993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.3.206.160
Jan 20 00:43:04 host sshd[26993]: Failed password for invalid user user8 from 81.3.206.160 port 34418 ssh2
Jan 20 00:43:04 host sshd[26993]: Received disconnect from 81.3.206.160 port 34418:11: Bye Bye [preauth]
Jan 20 00:43:04 host sshd[26993]: Disconnected from 81.3.206.160 port 34418 [preauth]
Jan 20 00:43:13 host sshd[27084]: Invalid user administrator from 51.178.27.210 port 55830
Jan 20 00:43:13 host sshd[27084]: input_userauth_request: invalid user administrator [preauth]
Jan 20 00:43:13 host sshd[27084]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:43:13 host sshd[27084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.27.210
Jan 20 00:43:16 host sshd[27084]: Failed password for invalid user administrator from 51.178.27.210 port 55830 ssh2
Jan 20 00:43:18 host sshd[27128]: Invalid user mcserver from 43.153.193.40 port 41938
Jan 20 00:43:18 host sshd[27128]: input_userauth_request: invalid user mcserver [preauth]
Jan 20 00:43:18 host sshd[27128]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:43:18 host sshd[27128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.193.40
Jan 20 00:43:21 host sshd[27128]: Failed password for invalid user mcserver from 43.153.193.40 port 41938 ssh2
Jan 20 00:43:21 host sshd[27128]: Received disconnect from 43.153.193.40 port 41938:11: Bye Bye [preauth]
Jan 20 00:43:21 host sshd[27128]: Disconnected from 43.153.193.40 port 41938 [preauth]
Jan 20 00:43:22 host sshd[27137]: Invalid user administrator from 193.70.0.122 port 33878
Jan 20 00:43:22 host sshd[27137]: input_userauth_request: invalid user administrator [preauth]
Jan 20 00:43:22 host sshd[27137]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:43:22 host sshd[27137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.0.122
Jan 20 00:43:24 host sshd[27137]: Failed password for invalid user administrator from 193.70.0.122 port 33878 ssh2
Jan 20 00:43:24 host sshd[27137]: Received disconnect from 193.70.0.122 port 33878:11: Bye Bye [preauth]
Jan 20 00:43:24 host sshd[27137]: Disconnected from 193.70.0.122 port 33878 [preauth]
Jan 20 00:43:29 host sshd[27205]: Invalid user sistemas from 103.176.78.133 port 36048
Jan 20 00:43:29 host sshd[27205]: input_userauth_request: invalid user sistemas [preauth]
Jan 20 00:43:29 host sshd[27205]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:43:29 host sshd[27205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.133
Jan 20 00:43:32 host sshd[27205]: Failed password for invalid user sistemas from 103.176.78.133 port 36048 ssh2
Jan 20 00:43:32 host sshd[27205]: Received disconnect from 103.176.78.133 port 36048:11: Bye Bye [preauth]
Jan 20 00:43:32 host sshd[27205]: Disconnected from 103.176.78.133 port 36048 [preauth]
Jan 20 00:43:34 host sshd[27216]: Invalid user drcomadmin from 157.230.45.177 port 41770
Jan 20 00:43:34 host sshd[27216]: input_userauth_request: invalid user drcomadmin [preauth]
Jan 20 00:43:34 host sshd[27216]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:43:34 host sshd[27216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.45.177
Jan 20 00:43:36 host sshd[27216]: Failed password for invalid user drcomadmin from 157.230.45.177 port 41770 ssh2
Jan 20 00:43:36 host sshd[27216]: Received disconnect from 157.230.45.177 port 41770:11: Bye Bye [preauth]
Jan 20 00:43:36 host sshd[27216]: Disconnected from 157.230.45.177 port 41770 [preauth]
Jan 20 00:43:39 host sshd[27229]: Invalid user pdx from 43.157.29.8 port 50178
Jan 20 00:43:39 host sshd[27229]: input_userauth_request: invalid user pdx [preauth]
Jan 20 00:43:39 host sshd[27229]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:43:39 host sshd[27229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.157.29.8
Jan 20 00:43:41 host sshd[27229]: Failed password for invalid user pdx from 43.157.29.8 port 50178 ssh2
Jan 20 00:43:41 host sshd[27229]: Received disconnect from 43.157.29.8 port 50178:11: Bye Bye [preauth]
Jan 20 00:43:41 host sshd[27229]: Disconnected from 43.157.29.8 port 50178 [preauth]
Jan 20 00:43:49 host sshd[27307]: Invalid user ftpadmin from 23.140.96.107 port 42426
Jan 20 00:43:49 host sshd[27307]: input_userauth_request: invalid user ftpadmin [preauth]
Jan 20 00:43:49 host sshd[27307]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:43:49 host sshd[27307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.140.96.107
Jan 20 00:43:52 host sshd[27307]: Failed password for invalid user ftpadmin from 23.140.96.107 port 42426 ssh2
Jan 20 00:43:52 host sshd[27307]: Received disconnect from 23.140.96.107 port 42426:11: Bye Bye [preauth]
Jan 20 00:43:52 host sshd[27307]: Disconnected from 23.140.96.107 port 42426 [preauth]
Jan 20 00:44:05 host sshd[27382]: Invalid user jenkins from 147.182.228.52 port 55196
Jan 20 00:44:05 host sshd[27382]: input_userauth_request: invalid user jenkins [preauth]
Jan 20 00:44:05 host sshd[27382]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:44:05 host sshd[27382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.228.52
Jan 20 00:44:07 host sshd[27382]: Failed password for invalid user jenkins from 147.182.228.52 port 55196 ssh2
Jan 20 00:44:07 host sshd[27382]: Received disconnect from 147.182.228.52 port 55196:11: Bye Bye [preauth]
Jan 20 00:44:07 host sshd[27382]: Disconnected from 147.182.228.52 port 55196 [preauth]
Jan 20 00:44:19 host sshd[27442]: Invalid user ts from 35.200.141.182 port 56144
Jan 20 00:44:19 host sshd[27442]: input_userauth_request: invalid user ts [preauth]
Jan 20 00:44:19 host sshd[27442]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:44:19 host sshd[27442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.141.182
Jan 20 00:44:21 host sshd[27442]: Failed password for invalid user ts from 35.200.141.182 port 56144 ssh2
Jan 20 00:44:21 host sshd[27442]: Received disconnect from 35.200.141.182 port 56144:11: Bye Bye [preauth]
Jan 20 00:44:21 host sshd[27442]: Disconnected from 35.200.141.182 port 56144 [preauth]
Jan 20 00:44:29 host sshd[27524]: Invalid user fiscal from 192.140.112.78 port 40198
Jan 20 00:44:29 host sshd[27524]: input_userauth_request: invalid user fiscal [preauth]
Jan 20 00:44:29 host sshd[27524]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:44:29 host sshd[27524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.140.112.78
Jan 20 00:44:30 host sshd[27524]: Failed password for invalid user fiscal from 192.140.112.78 port 40198 ssh2
Jan 20 00:44:31 host sshd[27524]: Received disconnect from 192.140.112.78 port 40198:11: Bye Bye [preauth]
Jan 20 00:44:31 host sshd[27524]: Disconnected from 192.140.112.78 port 40198 [preauth]
Jan 20 00:44:42 host sshd[27596]: Invalid user sinusbot from 43.153.193.40 port 36698
Jan 20 00:44:42 host sshd[27596]: input_userauth_request: invalid user sinusbot [preauth]
Jan 20 00:44:42 host sshd[27596]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:44:42 host sshd[27596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.193.40
Jan 20 00:44:44 host sshd[27596]: Failed password for invalid user sinusbot from 43.153.193.40 port 36698 ssh2
Jan 20 00:44:47 host sshd[27643]: Invalid user manager from 103.176.78.133 port 49036
Jan 20 00:44:47 host sshd[27643]: input_userauth_request: invalid user manager [preauth]
Jan 20 00:44:47 host sshd[27643]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:44:47 host sshd[27643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.133
Jan 20 00:44:48 host sshd[27643]: Failed password for invalid user manager from 103.176.78.133 port 49036 ssh2
Jan 20 00:44:48 host sshd[27643]: Received disconnect from 103.176.78.133 port 49036:11: Bye Bye [preauth]
Jan 20 00:44:48 host sshd[27643]: Disconnected from 103.176.78.133 port 49036 [preauth]
Jan 20 00:47:14 host sshd[28040]: Invalid user telnet from 220.132.53.19 port 47262
Jan 20 00:47:14 host sshd[28040]: input_userauth_request: invalid user telnet [preauth]
Jan 20 00:47:14 host sshd[28040]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:47:14 host sshd[28040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.53.19
Jan 20 00:47:15 host sshd[28040]: Failed password for invalid user telnet from 220.132.53.19 port 47262 ssh2
Jan 20 00:47:16 host sshd[28040]: Connection reset by 220.132.53.19 port 47262 [preauth]
Jan 20 00:57:50 host sshd[29684]: Invalid user default from 183.108.66.126 port 51658
Jan 20 00:57:50 host sshd[29684]: input_userauth_request: invalid user default [preauth]
Jan 20 00:57:50 host sshd[29684]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 00:57:50 host sshd[29684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.108.66.126
Jan 20 00:57:52 host sshd[29684]: Failed password for invalid user default from 183.108.66.126 port 51658 ssh2
Jan 20 00:57:52 host sshd[29684]: Connection reset by 183.108.66.126 port 51658 [preauth]
Jan 20 00:59:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 00:59:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 00:59:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:20:44 host sshd[939]: Did not receive identification string from 20.85.226.10 port 53770
Jan 20 01:20:45 host sshd[941]: Invalid user postgres from 20.85.226.10 port 53816
Jan 20 01:20:45 host sshd[941]: input_userauth_request: invalid user postgres [preauth]
Jan 20 01:20:45 host sshd[942]: User root from 20.85.226.10 not allowed because not listed in AllowUsers
Jan 20 01:20:45 host sshd[942]: input_userauth_request: invalid user root [preauth]
Jan 20 01:20:45 host sshd[943]: Invalid user zjw from 20.85.226.10 port 53916
Jan 20 01:20:45 host sshd[943]: input_userauth_request: invalid user zjw [preauth]
Jan 20 01:20:45 host sshd[945]: Invalid user postgres from 20.85.226.10 port 53968
Jan 20 01:20:45 host sshd[945]: input_userauth_request: invalid user postgres [preauth]
Jan 20 01:20:45 host sshd[944]: User root from 20.85.226.10 not allowed because not listed in AllowUsers
Jan 20 01:20:45 host sshd[944]: input_userauth_request: invalid user root [preauth]
Jan 20 01:20:45 host sshd[951]: User root from 20.85.226.10 not allowed because not listed in AllowUsers
Jan 20 01:20:45 host sshd[951]: input_userauth_request: invalid user root [preauth]
Jan 20 01:20:45 host sshd[946]: Invalid user admin from 20.85.226.10 port 53960
Jan 20 01:20:45 host sshd[946]: input_userauth_request: invalid user admin [preauth]
Jan 20 01:20:45 host sshd[949]: User centos from 20.85.226.10 not allowed because not listed in AllowUsers
Jan 20 01:20:45 host sshd[949]: input_userauth_request: invalid user centos [preauth]
Jan 20 01:20:45 host sshd[952]: Invalid user user from 20.85.226.10 port 54046
Jan 20 01:20:45 host sshd[952]: input_userauth_request: invalid user user [preauth]
Jan 20 01:20:45 host sshd[958]: User root from 20.85.226.10 not allowed because not listed in AllowUsers
Jan 20 01:20:45 host sshd[958]: input_userauth_request: invalid user root [preauth]
Jan 20 01:20:45 host sshd[961]: Invalid user ftpuser from 20.85.226.10 port 54054
Jan 20 01:20:45 host sshd[961]: input_userauth_request: invalid user ftpuser [preauth]
Jan 20 01:20:45 host sshd[948]: User mysql from 20.85.226.10 not allowed because not listed in AllowUsers
Jan 20 01:20:45 host sshd[947]: User root from 20.85.226.10 not allowed because not listed in AllowUsers
Jan 20 01:20:45 host sshd[948]: input_userauth_request: invalid user mysql [preauth]
Jan 20 01:20:45 host sshd[947]: input_userauth_request: invalid user root [preauth]
Jan 20 01:20:45 host sshd[953]: User root from 20.85.226.10 not allowed because not listed in AllowUsers
Jan 20 01:20:45 host sshd[953]: input_userauth_request: invalid user root [preauth]
Jan 20 01:20:45 host sshd[957]: Invalid user admin from 20.85.226.10 port 54042
Jan 20 01:20:45 host sshd[957]: input_userauth_request: invalid user admin [preauth]
Jan 20 01:20:45 host sshd[960]: User root from 20.85.226.10 not allowed because not listed in AllowUsers
Jan 20 01:20:45 host sshd[960]: input_userauth_request: invalid user root [preauth]
Jan 20 01:20:45 host sshd[963]: User root from 20.85.226.10 not allowed because not listed in AllowUsers
Jan 20 01:20:45 host sshd[963]: input_userauth_request: invalid user root [preauth]
Jan 20 01:20:45 host sshd[954]: Invalid user postgres from 20.85.226.10 port 53926
Jan 20 01:20:45 host sshd[954]: input_userauth_request: invalid user postgres [preauth]
Jan 20 01:20:45 host sshd[962]: User root from 20.85.226.10 not allowed because not listed in AllowUsers
Jan 20 01:20:45 host sshd[962]: input_userauth_request: invalid user root [preauth]
Jan 20 01:20:45 host sshd[965]: User centos from 20.85.226.10 not allowed because not listed in AllowUsers
Jan 20 01:20:45 host sshd[965]: input_userauth_request: invalid user centos [preauth]
Jan 20 01:20:45 host sshd[959]: User root from 20.85.226.10 not allowed because not listed in AllowUsers
Jan 20 01:20:45 host sshd[959]: input_userauth_request: invalid user root [preauth]
Jan 20 01:20:45 host sshd[955]: Invalid user admin from 20.85.226.10 port 53788
Jan 20 01:20:45 host sshd[955]: input_userauth_request: invalid user admin [preauth]
Jan 20 01:20:46 host sshd[941]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:20:46 host sshd[941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10
Jan 20 01:20:46 host sshd[943]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:20:46 host sshd[943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10
Jan 20 01:20:46 host sshd[945]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:20:46 host sshd[945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10
Jan 20 01:20:46 host unix_chkpwd[994]: password check failed for user (root)
Jan 20 01:20:46 host sshd[942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10 user=root
Jan 20 01:20:46 host sshd[942]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:20:46 host sshd[946]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:20:46 host sshd[946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10
Jan 20 01:20:46 host sshd[952]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:20:46 host sshd[952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10
Jan 20 01:20:46 host unix_chkpwd[997]: password check failed for user (centos)
Jan 20 01:20:46 host sshd[949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10 user=centos
Jan 20 01:20:46 host unix_chkpwd[995]: password check failed for user (root)
Jan 20 01:20:46 host sshd[944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10 user=root
Jan 20 01:20:46 host sshd[944]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:20:46 host unix_chkpwd[996]: password check failed for user (root)
Jan 20 01:20:46 host sshd[951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10 user=root
Jan 20 01:20:46 host sshd[951]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:20:46 host sshd[961]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:20:46 host sshd[961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10
Jan 20 01:20:46 host unix_chkpwd[999]: password check failed for user (mysql)
Jan 20 01:20:46 host sshd[948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10 user=mysql
Jan 20 01:20:46 host sshd[948]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 20 01:20:46 host sshd[957]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:20:46 host sshd[957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10
Jan 20 01:20:46 host unix_chkpwd[998]: password check failed for user (root)
Jan 20 01:20:46 host sshd[958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10 user=root
Jan 20 01:20:46 host sshd[958]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:20:46 host sshd[954]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:20:46 host sshd[954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10
Jan 20 01:20:46 host unix_chkpwd[1000]: password check failed for user (root)
Jan 20 01:20:46 host sshd[947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10 user=root
Jan 20 01:20:46 host sshd[947]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:20:46 host unix_chkpwd[1001]: password check failed for user (root)
Jan 20 01:20:46 host sshd[953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10 user=root
Jan 20 01:20:46 host sshd[953]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:20:46 host sshd[955]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:20:46 host sshd[955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10
Jan 20 01:20:46 host unix_chkpwd[1003]: password check failed for user (root)
Jan 20 01:20:46 host sshd[963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10 user=root
Jan 20 01:20:46 host sshd[963]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:20:46 host unix_chkpwd[1006]: password check failed for user (centos)
Jan 20 01:20:46 host unix_chkpwd[1002]: password check failed for user (root)
Jan 20 01:20:46 host sshd[960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10 user=root
Jan 20 01:20:46 host sshd[960]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:20:46 host sshd[965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10 user=centos
Jan 20 01:20:46 host unix_chkpwd[1004]: password check failed for user (root)
Jan 20 01:20:46 host sshd[962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10 user=root
Jan 20 01:20:46 host sshd[962]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:20:46 host unix_chkpwd[1005]: password check failed for user (root)
Jan 20 01:20:46 host sshd[959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10 user=root
Jan 20 01:20:46 host sshd[959]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:20:46 host sshd[986]: Invalid user hadoop from 20.85.226.10 port 54088
Jan 20 01:20:46 host sshd[986]: input_userauth_request: invalid user hadoop [preauth]
Jan 20 01:20:46 host sshd[989]: Invalid user git from 20.85.226.10 port 54112
Jan 20 01:20:46 host sshd[989]: input_userauth_request: invalid user git [preauth]
Jan 20 01:20:46 host sshd[987]: Invalid user ubuntu from 20.85.226.10 port 53894
Jan 20 01:20:46 host sshd[987]: input_userauth_request: invalid user ubuntu [preauth]
Jan 20 01:20:46 host sshd[988]: Invalid user pi from 20.85.226.10 port 53940
Jan 20 01:20:46 host sshd[988]: input_userauth_request: invalid user pi [preauth]
Jan 20 01:20:47 host sshd[986]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:20:47 host sshd[986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10
Jan 20 01:20:47 host sshd[989]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:20:47 host sshd[989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10
Jan 20 01:20:47 host sshd[987]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:20:47 host sshd[987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10
Jan 20 01:20:47 host sshd[988]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:20:47 host sshd[988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10
Jan 20 01:20:48 host sshd[941]: Failed password for invalid user postgres from 20.85.226.10 port 53816 ssh2
Jan 20 01:20:48 host sshd[943]: Failed password for invalid user zjw from 20.85.226.10 port 53916 ssh2
Jan 20 01:20:48 host sshd[945]: Failed password for invalid user postgres from 20.85.226.10 port 53968 ssh2
Jan 20 01:20:48 host sshd[942]: Failed password for invalid user root from 20.85.226.10 port 54068 ssh2
Jan 20 01:20:48 host sshd[946]: Failed password for invalid user admin from 20.85.226.10 port 53960 ssh2
Jan 20 01:20:48 host sshd[952]: Failed password for invalid user user from 20.85.226.10 port 54046 ssh2
Jan 20 01:20:48 host sshd[949]: Failed password for invalid user centos from 20.85.226.10 port 53908 ssh2
Jan 20 01:20:48 host sshd[944]: Failed password for invalid user root from 20.85.226.10 port 53836 ssh2
Jan 20 01:20:48 host sshd[951]: Failed password for invalid user root from 20.85.226.10 port 53776 ssh2
Jan 20 01:20:48 host sshd[961]: Failed password for invalid user ftpuser from 20.85.226.10 port 54054 ssh2
Jan 20 01:20:48 host sshd[948]: Failed password for invalid user mysql from 20.85.226.10 port 53774 ssh2
Jan 20 01:20:48 host sshd[957]: Failed password for invalid user admin from 20.85.226.10 port 54042 ssh2
Jan 20 01:20:48 host sshd[958]: Failed password for invalid user root from 20.85.226.10 port 53814 ssh2
Jan 20 01:20:48 host sshd[954]: Failed password for invalid user postgres from 20.85.226.10 port 53926 ssh2
Jan 20 01:20:48 host sshd[947]: Failed password for invalid user root from 20.85.226.10 port 53870 ssh2
Jan 20 01:20:48 host sshd[953]: Failed password for invalid user root from 20.85.226.10 port 53854 ssh2
Jan 20 01:20:48 host sshd[955]: Failed password for invalid user admin from 20.85.226.10 port 53788 ssh2
Jan 20 01:20:48 host sshd[963]: Failed password for invalid user root from 20.85.226.10 port 53824 ssh2
Jan 20 01:20:48 host sshd[960]: Failed password for invalid user root from 20.85.226.10 port 53996 ssh2
Jan 20 01:20:48 host sshd[965]: Failed password for invalid user centos from 20.85.226.10 port 53904 ssh2
Jan 20 01:20:48 host sshd[962]: Failed password for invalid user root from 20.85.226.10 port 53822 ssh2
Jan 20 01:20:48 host sshd[959]: Failed password for invalid user root from 20.85.226.10 port 54024 ssh2
Jan 20 01:20:48 host sshd[941]: Connection closed by 20.85.226.10 port 53816 [preauth]
Jan 20 01:20:48 host sshd[943]: Connection closed by 20.85.226.10 port 53916 [preauth]
Jan 20 01:20:48 host sshd[945]: Connection closed by 20.85.226.10 port 53968 [preauth]
Jan 20 01:20:48 host sshd[942]: Connection closed by 20.85.226.10 port 54068 [preauth]
Jan 20 01:20:48 host sshd[946]: Connection closed by 20.85.226.10 port 53960 [preauth]
Jan 20 01:20:48 host sshd[944]: Connection closed by 20.85.226.10 port 53836 [preauth]
Jan 20 01:20:48 host sshd[949]: Connection closed by 20.85.226.10 port 53908 [preauth]
Jan 20 01:20:48 host sshd[952]: Connection closed by 20.85.226.10 port 54046 [preauth]
Jan 20 01:20:48 host sshd[951]: Connection closed by 20.85.226.10 port 53776 [preauth]
Jan 20 01:20:48 host sshd[961]: Connection closed by 20.85.226.10 port 54054 [preauth]
Jan 20 01:20:48 host sshd[948]: Connection closed by 20.85.226.10 port 53774 [preauth]
Jan 20 01:20:48 host sshd[957]: Connection closed by 20.85.226.10 port 54042 [preauth]
Jan 20 01:20:48 host sshd[958]: Connection closed by 20.85.226.10 port 53814 [preauth]
Jan 20 01:20:48 host sshd[954]: Connection closed by 20.85.226.10 port 53926 [preauth]
Jan 20 01:20:48 host sshd[947]: Connection closed by 20.85.226.10 port 53870 [preauth]
Jan 20 01:20:48 host sshd[953]: Connection closed by 20.85.226.10 port 53854 [preauth]
Jan 20 01:20:48 host sshd[955]: Connection closed by 20.85.226.10 port 53788 [preauth]
Jan 20 01:20:48 host sshd[963]: Connection closed by 20.85.226.10 port 53824 [preauth]
Jan 20 01:20:48 host sshd[960]: Connection closed by 20.85.226.10 port 53996 [preauth]
Jan 20 01:20:48 host sshd[965]: Connection closed by 20.85.226.10 port 53904 [preauth]
Jan 20 01:20:48 host sshd[962]: Connection closed by 20.85.226.10 port 53822 [preauth]
Jan 20 01:20:48 host sshd[959]: Connection closed by 20.85.226.10 port 54024 [preauth]
Jan 20 01:20:49 host sshd[986]: Failed password for invalid user hadoop from 20.85.226.10 port 54088 ssh2
Jan 20 01:20:49 host sshd[989]: Failed password for invalid user git from 20.85.226.10 port 54112 ssh2
Jan 20 01:20:49 host sshd[987]: Failed password for invalid user ubuntu from 20.85.226.10 port 53894 ssh2
Jan 20 01:20:49 host sshd[988]: Failed password for invalid user pi from 20.85.226.10 port 53940 ssh2
Jan 20 01:20:49 host sshd[986]: Connection closed by 20.85.226.10 port 54088 [preauth]
Jan 20 01:20:49 host sshd[989]: Connection closed by 20.85.226.10 port 54112 [preauth]
Jan 20 01:20:49 host sshd[987]: Connection closed by 20.85.226.10 port 53894 [preauth]
Jan 20 01:20:49 host sshd[988]: Connection closed by 20.85.226.10 port 53940 [preauth]
Jan 20 01:20:50 host sshd[1009]: Invalid user oracle from 20.85.226.10 port 53980
Jan 20 01:20:50 host sshd[1009]: input_userauth_request: invalid user oracle [preauth]
Jan 20 01:20:50 host sshd[1009]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:20:50 host sshd[1009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.85.226.10
Jan 20 01:20:52 host sshd[1009]: Failed password for invalid user oracle from 20.85.226.10 port 53980 ssh2
Jan 20 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=dartsimp user-2=a2zgroup user-3=laundryboniface user-4=cochintaxi user-5=wwwkaretakers user-6=travelboniface user-7=wwwrmswll user-8=wwwresourcehunte user-9=keralaholi user-10=ugotscom user-11=wwwpmcresource user-12=vfmassets user-13=wwwtestugo user-14=shalinijames user-15=pmcresources user-16=disposeat user-17=wwwkmaorg user-18=remysagr user-19=wwwkapin user-20=woodpeck user-21=gifterman user-22=palco123 user-23=phmetals user-24=kottayamcalldriv user-25=wwwnexidigital user-26=mrsclean user-27=bonifacegroup user-28=wwwevmhonda user-29=wwwletsstalkfood user-30=straightcurve feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 01:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-fwBQsgyAtF4tn7Hy.~
Jan 20 01:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-fwBQsgyAtF4tn7Hy.~'
Jan 20 01:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-fwBQsgyAtF4tn7Hy.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 01:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 01:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 01:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 01:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 01:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 01:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 01:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 01:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 01:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 01:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 01:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 01:24:36 host sshd[1758]: User root from 114.34.116.146 not allowed because not listed in AllowUsers
Jan 20 01:24:36 host sshd[1758]: input_userauth_request: invalid user root [preauth]
Jan 20 01:24:36 host unix_chkpwd[1766]: password check failed for user (root)
Jan 20 01:24:36 host sshd[1758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.116.146 user=root
Jan 20 01:24:36 host sshd[1758]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:24:37 host sshd[1758]: Failed password for invalid user root from 114.34.116.146 port 49262 ssh2
Jan 20 01:24:38 host unix_chkpwd[1771]: password check failed for user (root)
Jan 20 01:24:38 host sshd[1758]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:24:39 host sshd[1758]: Failed password for invalid user root from 114.34.116.146 port 49262 ssh2
Jan 20 01:24:40 host unix_chkpwd[1787]: password check failed for user (root)
Jan 20 01:24:40 host sshd[1758]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:24:42 host sshd[1758]: Failed password for invalid user root from 114.34.116.146 port 49262 ssh2
Jan 20 01:24:42 host unix_chkpwd[1790]: password check failed for user (root)
Jan 20 01:24:42 host sshd[1758]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:24:44 host sshd[1758]: Failed password for invalid user root from 114.34.116.146 port 49262 ssh2
Jan 20 01:24:45 host unix_chkpwd[1799]: password check failed for user (root)
Jan 20 01:24:45 host sshd[1758]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:24:47 host sshd[1758]: Failed password for invalid user root from 114.34.116.146 port 49262 ssh2
Jan 20 01:29:02 host sshd[2439]: Invalid user dnsekakf2$$ from 125.133.185.224 port 60374
Jan 20 01:29:02 host sshd[2439]: input_userauth_request: invalid user dnsekakf2$$ [preauth]
Jan 20 01:29:02 host sshd[2439]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:29:02 host sshd[2439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.133.185.224
Jan 20 01:29:05 host sshd[2439]: Failed password for invalid user dnsekakf2$$ from 125.133.185.224 port 60374 ssh2
Jan 20 01:29:06 host sshd[2439]: Failed password for invalid user dnsekakf2$$ from 125.133.185.224 port 60374 ssh2
Jan 20 01:29:06 host sshd[2439]: Connection reset by 125.133.185.224 port 60374 [preauth]
Jan 20 01:30:54 host sshd[2717]: Invalid user jeremy from 107.182.17.78 port 48718
Jan 20 01:30:54 host sshd[2717]: input_userauth_request: invalid user jeremy [preauth]
Jan 20 01:30:54 host sshd[2717]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:30:54 host sshd[2717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.182.17.78
Jan 20 01:30:56 host sshd[2717]: Failed password for invalid user jeremy from 107.182.17.78 port 48718 ssh2
Jan 20 01:30:56 host sshd[2717]: Received disconnect from 107.182.17.78 port 48718:11: Bye Bye [preauth]
Jan 20 01:30:56 host sshd[2717]: Disconnected from 107.182.17.78 port 48718 [preauth]
Jan 20 01:32:39 host sshd[3087]: Invalid user techuser from 20.229.13.167 port 39398
Jan 20 01:32:39 host sshd[3087]: input_userauth_request: invalid user techuser [preauth]
Jan 20 01:32:39 host sshd[3087]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:32:39 host sshd[3087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.229.13.167
Jan 20 01:32:41 host sshd[3087]: Failed password for invalid user techuser from 20.229.13.167 port 39398 ssh2
Jan 20 01:32:41 host sshd[3087]: Received disconnect from 20.229.13.167 port 39398:11: Bye Bye [preauth]
Jan 20 01:32:41 host sshd[3087]: Disconnected from 20.229.13.167 port 39398 [preauth]
Jan 20 01:34:25 host sshd[3282]: Invalid user john from 110.138.169.201 port 55502
Jan 20 01:34:25 host sshd[3282]: input_userauth_request: invalid user john [preauth]
Jan 20 01:34:25 host sshd[3282]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:34:25 host sshd[3282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.138.169.201
Jan 20 01:34:27 host sshd[3282]: Failed password for invalid user john from 110.138.169.201 port 55502 ssh2
Jan 20 01:34:27 host sshd[3282]: Received disconnect from 110.138.169.201 port 55502:11: Bye Bye [preauth]
Jan 20 01:34:27 host sshd[3282]: Disconnected from 110.138.169.201 port 55502 [preauth]
Jan 20 01:35:05 host sshd[3388]: Invalid user wordpress from 35.226.64.200 port 47020
Jan 20 01:35:05 host sshd[3388]: input_userauth_request: invalid user wordpress [preauth]
Jan 20 01:35:05 host sshd[3388]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:35:05 host sshd[3388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.226.64.200
Jan 20 01:35:07 host sshd[3388]: Failed password for invalid user wordpress from 35.226.64.200 port 47020 ssh2
Jan 20 01:35:07 host sshd[3388]: Received disconnect from 35.226.64.200 port 47020:11: Bye Bye [preauth]
Jan 20 01:35:07 host sshd[3388]: Disconnected from 35.226.64.200 port 47020 [preauth]
Jan 20 01:35:20 host sshd[3430]: Invalid user esuser from 107.182.17.78 port 42000
Jan 20 01:35:20 host sshd[3430]: input_userauth_request: invalid user esuser [preauth]
Jan 20 01:35:20 host sshd[3430]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:35:20 host sshd[3430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.182.17.78
Jan 20 01:35:21 host sshd[3433]: Invalid user gr from 194.110.203.109 port 50274
Jan 20 01:35:21 host sshd[3433]: input_userauth_request: invalid user gr [preauth]
Jan 20 01:35:21 host sshd[3433]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:35:21 host sshd[3433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 01:35:22 host sshd[3430]: Failed password for invalid user esuser from 107.182.17.78 port 42000 ssh2
Jan 20 01:35:22 host sshd[3430]: Received disconnect from 107.182.17.78 port 42000:11: Bye Bye [preauth]
Jan 20 01:35:22 host sshd[3430]: Disconnected from 107.182.17.78 port 42000 [preauth]
Jan 20 01:35:23 host sshd[3433]: Failed password for invalid user gr from 194.110.203.109 port 50274 ssh2
Jan 20 01:35:26 host sshd[3433]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:35:28 host sshd[3433]: Failed password for invalid user gr from 194.110.203.109 port 50274 ssh2
Jan 20 01:35:31 host sshd[3433]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:35:33 host sshd[3433]: Failed password for invalid user gr from 194.110.203.109 port 50274 ssh2
Jan 20 01:35:36 host sshd[3433]: Connection closed by 194.110.203.109 port 50274 [preauth]
Jan 20 01:35:36 host sshd[3433]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 01:35:46 host sshd[3478]: Invalid user master from 20.229.13.167 port 35750
Jan 20 01:35:46 host sshd[3478]: input_userauth_request: invalid user master [preauth]
Jan 20 01:35:46 host sshd[3478]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:35:46 host sshd[3478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.229.13.167
Jan 20 01:35:48 host sshd[3478]: Failed password for invalid user master from 20.229.13.167 port 35750 ssh2
Jan 20 01:35:48 host sshd[3478]: Received disconnect from 20.229.13.167 port 35750:11: Bye Bye [preauth]
Jan 20 01:35:48 host sshd[3478]: Disconnected from 20.229.13.167 port 35750 [preauth]
Jan 20 01:36:45 host sshd[3696]: Invalid user import from 107.182.17.78 port 41120
Jan 20 01:36:45 host sshd[3696]: input_userauth_request: invalid user import [preauth]
Jan 20 01:36:45 host sshd[3696]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:36:45 host sshd[3696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.182.17.78
Jan 20 01:36:47 host sshd[3696]: Failed password for invalid user import from 107.182.17.78 port 41120 ssh2
Jan 20 01:36:47 host sshd[3696]: Received disconnect from 107.182.17.78 port 41120:11: Bye Bye [preauth]
Jan 20 01:36:47 host sshd[3696]: Disconnected from 107.182.17.78 port 41120 [preauth]
Jan 20 01:36:55 host sshd[3743]: Invalid user dockeradmin from 20.229.13.167 port 54232
Jan 20 01:36:55 host sshd[3743]: input_userauth_request: invalid user dockeradmin [preauth]
Jan 20 01:36:55 host sshd[3743]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:36:55 host sshd[3743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.229.13.167
Jan 20 01:36:57 host sshd[3743]: Failed password for invalid user dockeradmin from 20.229.13.167 port 54232 ssh2
Jan 20 01:37:07 host sshd[3795]: Invalid user debian from 195.226.194.142 port 40556
Jan 20 01:37:07 host sshd[3795]: input_userauth_request: invalid user debian [preauth]
Jan 20 01:37:07 host sshd[3795]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:37:07 host sshd[3795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 20 01:37:09 host sshd[3795]: Failed password for invalid user debian from 195.226.194.142 port 40556 ssh2
Jan 20 01:37:09 host sshd[3795]: Received disconnect from 195.226.194.142 port 40556:11: Bye Bye [preauth]
Jan 20 01:37:09 host sshd[3795]: Disconnected from 195.226.194.142 port 40556 [preauth]
Jan 20 01:37:20 host sshd[3817]: Invalid user pi from 114.34.194.201 port 57512
Jan 20 01:37:20 host sshd[3817]: input_userauth_request: invalid user pi [preauth]
Jan 20 01:37:20 host sshd[3817]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:37:20 host sshd[3817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.194.201
Jan 20 01:37:21 host sshd[3817]: Failed password for invalid user pi from 114.34.194.201 port 57512 ssh2
Jan 20 01:37:22 host sshd[3817]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:37:24 host sshd[3817]: Failed password for invalid user pi from 114.34.194.201 port 57512 ssh2
Jan 20 01:37:24 host sshd[3817]: Connection reset by 114.34.194.201 port 57512 [preauth]
Jan 20 01:37:24 host sshd[3817]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.194.201
Jan 20 01:37:30 host sshd[3850]: Invalid user odoo from 110.138.169.201 port 57980
Jan 20 01:37:30 host sshd[3850]: input_userauth_request: invalid user odoo [preauth]
Jan 20 01:37:30 host sshd[3850]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:37:30 host sshd[3850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.138.169.201
Jan 20 01:37:32 host sshd[3850]: Failed password for invalid user odoo from 110.138.169.201 port 57980 ssh2
Jan 20 01:37:32 host sshd[3850]: Received disconnect from 110.138.169.201 port 57980:11: Bye Bye [preauth]
Jan 20 01:37:32 host sshd[3850]: Disconnected from 110.138.169.201 port 57980 [preauth]
Jan 20 01:38:55 host sshd[3996]: Invalid user invoices from 110.138.169.201 port 53304
Jan 20 01:38:55 host sshd[3996]: input_userauth_request: invalid user invoices [preauth]
Jan 20 01:38:55 host sshd[3996]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:38:55 host sshd[3996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.138.169.201
Jan 20 01:38:56 host sshd[3996]: Failed password for invalid user invoices from 110.138.169.201 port 53304 ssh2
Jan 20 01:39:33 host sshd[4120]: Invalid user drcomadmin from 35.226.64.200 port 43384
Jan 20 01:39:33 host sshd[4120]: input_userauth_request: invalid user drcomadmin [preauth]
Jan 20 01:39:33 host sshd[4120]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:39:33 host sshd[4120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.226.64.200
Jan 20 01:39:35 host sshd[4120]: Failed password for invalid user drcomadmin from 35.226.64.200 port 43384 ssh2
Jan 20 01:39:35 host sshd[4120]: Received disconnect from 35.226.64.200 port 43384:11: Bye Bye [preauth]
Jan 20 01:39:35 host sshd[4120]: Disconnected from 35.226.64.200 port 43384 [preauth]
Jan 20 01:40:37 host sshd[4237]: Invalid user admin from 220.255.191.237 port 55603
Jan 20 01:40:37 host sshd[4237]: input_userauth_request: invalid user admin [preauth]
Jan 20 01:40:37 host sshd[4237]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:40:37 host sshd[4237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.255.191.237
Jan 20 01:40:38 host sshd[4237]: Failed password for invalid user admin from 220.255.191.237 port 55603 ssh2
Jan 20 01:40:39 host sshd[4237]: Failed password for invalid user admin from 220.255.191.237 port 55603 ssh2
Jan 20 01:40:39 host sshd[4237]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:40:41 host sshd[4237]: Failed password for invalid user admin from 220.255.191.237 port 55603 ssh2
Jan 20 01:40:41 host sshd[4237]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:40:44 host sshd[4237]: Failed password for invalid user admin from 220.255.191.237 port 55603 ssh2
Jan 20 01:40:44 host sshd[4237]: Connection reset by 220.255.191.237 port 55603 [preauth]
Jan 20 01:40:44 host sshd[4237]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.255.191.237
Jan 20 01:40:49 host sshd[4282]: Invalid user debian from 35.226.64.200 port 44350
Jan 20 01:40:49 host sshd[4282]: input_userauth_request: invalid user debian [preauth]
Jan 20 01:40:49 host sshd[4282]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:40:49 host sshd[4282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.226.64.200
Jan 20 01:40:51 host sshd[4282]: Failed password for invalid user debian from 35.226.64.200 port 44350 ssh2
Jan 20 01:40:51 host sshd[4282]: Received disconnect from 35.226.64.200 port 44350:11: Bye Bye [preauth]
Jan 20 01:40:51 host sshd[4282]: Disconnected from 35.226.64.200 port 44350 [preauth]
Jan 20 01:41:10 host sshd[4347]: Invalid user admin from 123.22.224.12 port 44535
Jan 20 01:41:10 host sshd[4347]: input_userauth_request: invalid user admin [preauth]
Jan 20 01:41:10 host sshd[4347]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:41:10 host sshd[4347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.22.224.12
Jan 20 01:41:13 host sshd[4347]: Failed password for invalid user admin from 123.22.224.12 port 44535 ssh2
Jan 20 01:41:13 host sshd[4347]: Failed password for invalid user admin from 123.22.224.12 port 44535 ssh2
Jan 20 01:41:14 host sshd[4347]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:41:15 host sshd[4347]: Failed password for invalid user admin from 123.22.224.12 port 44535 ssh2
Jan 20 01:41:16 host sshd[4347]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:41:18 host sshd[4360]: Did not receive identification string from 8.219.76.192 port 61000
Jan 20 01:41:18 host sshd[4347]: Failed password for invalid user admin from 123.22.224.12 port 44535 ssh2
Jan 20 01:41:18 host sshd[4347]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:41:20 host sshd[4347]: Failed password for invalid user admin from 123.22.224.12 port 44535 ssh2
Jan 20 01:41:20 host sshd[4347]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:41:22 host sshd[4347]: Failed password for invalid user admin from 123.22.224.12 port 44535 ssh2
Jan 20 01:41:22 host sshd[4347]: error: maximum authentication attempts exceeded for invalid user admin from 123.22.224.12 port 44535 ssh2 [preauth]
Jan 20 01:41:22 host sshd[4347]: Disconnecting: Too many authentication failures [preauth]
Jan 20 01:41:22 host sshd[4347]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.22.224.12
Jan 20 01:41:22 host sshd[4347]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 20 01:45:12 host sshd[5111]: User root from 122.116.46.241 not allowed because not listed in AllowUsers
Jan 20 01:45:12 host sshd[5111]: input_userauth_request: invalid user root [preauth]
Jan 20 01:45:12 host unix_chkpwd[5131]: password check failed for user (root)
Jan 20 01:45:12 host sshd[5111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.46.241 user=root
Jan 20 01:45:12 host sshd[5111]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:45:14 host sshd[5111]: Failed password for invalid user root from 122.116.46.241 port 60307 ssh2
Jan 20 01:45:14 host sshd[5111]: Connection reset by 122.116.46.241 port 60307 [preauth]
Jan 20 01:48:14 host sshd[5810]: Connection reset by 216.181.145.144 port 59601 [preauth]
Jan 20 01:49:41 host sshd[6019]: Invalid user pi from 211.105.122.81 port 60896
Jan 20 01:49:41 host sshd[6019]: input_userauth_request: invalid user pi [preauth]
Jan 20 01:49:41 host sshd[6019]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:49:41 host sshd[6019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.105.122.81
Jan 20 01:49:42 host sshd[6019]: Failed password for invalid user pi from 211.105.122.81 port 60896 ssh2
Jan 20 01:49:43 host sshd[6019]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:49:45 host sshd[6019]: Failed password for invalid user pi from 211.105.122.81 port 60896 ssh2
Jan 20 01:49:46 host sshd[6019]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:49:48 host sshd[6019]: Failed password for invalid user pi from 211.105.122.81 port 60896 ssh2
Jan 20 01:49:49 host sshd[6019]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:49:50 host sshd[6019]: Failed password for invalid user pi from 211.105.122.81 port 60896 ssh2
Jan 20 01:49:51 host sshd[6019]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 01:49:52 host sshd[6019]: Failed password for invalid user pi from 211.105.122.81 port 60896 ssh2
Jan 20 01:50:25 host sshd[6163]: Connection closed by 198.199.101.225 port 59704 [preauth]
Jan 20 01:51:47 host sshd[6365]: User root from 68.82.127.80 not allowed because not listed in AllowUsers
Jan 20 01:51:47 host sshd[6365]: input_userauth_request: invalid user root [preauth]
Jan 20 01:51:47 host unix_chkpwd[6371]: password check failed for user (root)
Jan 20 01:51:47 host sshd[6365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.82.127.80 user=root
Jan 20 01:51:47 host sshd[6365]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:51:49 host sshd[6365]: Failed password for invalid user root from 68.82.127.80 port 58810 ssh2
Jan 20 01:51:50 host unix_chkpwd[6375]: password check failed for user (root)
Jan 20 01:51:50 host sshd[6365]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:51:52 host sshd[6365]: Failed password for invalid user root from 68.82.127.80 port 58810 ssh2
Jan 20 01:51:53 host unix_chkpwd[6378]: password check failed for user (root)
Jan 20 01:51:53 host sshd[6365]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:51:54 host sshd[6365]: Failed password for invalid user root from 68.82.127.80 port 58810 ssh2
Jan 20 01:51:55 host unix_chkpwd[6381]: password check failed for user (root)
Jan 20 01:51:55 host sshd[6365]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 01:51:56 host sshd[6365]: Failed password for invalid user root from 68.82.127.80 port 58810 ssh2
Jan 20 01:55:22 host sshd[6970]: Connection reset by 220.135.139.52 port 39312 [preauth]
Jan 20 02:02:33 host sshd[7948]: Did not receive identification string from 82.156.169.242 port 56374
Jan 20 02:02:38 host sshd[7959]: User root from 82.156.169.242 not allowed because not listed in AllowUsers
Jan 20 02:02:38 host sshd[7959]: input_userauth_request: invalid user root [preauth]
Jan 20 02:02:38 host unix_chkpwd[7998]: password check failed for user (root)
Jan 20 02:02:38 host sshd[7959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.156.169.242 user=root
Jan 20 02:02:38 host sshd[7959]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 02:02:39 host sshd[7959]: Failed password for invalid user root from 82.156.169.242 port 59224 ssh2
Jan 20 02:02:40 host sshd[7959]: Connection closed by 82.156.169.242 port 59224 [preauth]
Jan 20 02:06:37 host sshd[8562]: Invalid user sysop from 195.226.194.142 port 15438
Jan 20 02:06:37 host sshd[8562]: input_userauth_request: invalid user sysop [preauth]
Jan 20 02:06:37 host sshd[8562]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:06:37 host sshd[8562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 20 02:06:39 host sshd[8562]: Failed password for invalid user sysop from 195.226.194.142 port 15438 ssh2
Jan 20 02:06:40 host sshd[8562]: Received disconnect from 195.226.194.142 port 15438:11: Bye Bye [preauth]
Jan 20 02:06:40 host sshd[8562]: Disconnected from 195.226.194.142 port 15438 [preauth]
Jan 20 02:06:52 host sshd[8588]: Did not receive identification string from 188.165.47.193 port 41148
Jan 20 02:07:24 host sshd[8679]: Invalid user admin from 188.165.47.193 port 38626
Jan 20 02:07:24 host sshd[8679]: input_userauth_request: invalid user admin [preauth]
Jan 20 02:07:24 host sshd[8679]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:07:24 host sshd[8679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.165.47.193
Jan 20 02:07:26 host sshd[8679]: Failed password for invalid user admin from 188.165.47.193 port 38626 ssh2
Jan 20 02:07:26 host sshd[8679]: Connection closed by 188.165.47.193 port 38626 [preauth]
Jan 20 02:09:23 host sshd[8968]: Invalid user ansible from 35.228.65.40 port 41220
Jan 20 02:09:23 host sshd[8968]: input_userauth_request: invalid user ansible [preauth]
Jan 20 02:09:23 host sshd[8968]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:09:23 host sshd[8968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.228.65.40
Jan 20 02:09:25 host sshd[8968]: Failed password for invalid user ansible from 35.228.65.40 port 41220 ssh2
Jan 20 02:09:26 host sshd[8968]: Received disconnect from 35.228.65.40 port 41220:11: Bye Bye [preauth]
Jan 20 02:09:26 host sshd[8968]: Disconnected from 35.228.65.40 port 41220 [preauth]
Jan 20 02:09:29 host sshd[9001]: Invalid user admin from 188.165.47.193 port 40038
Jan 20 02:09:29 host sshd[9001]: input_userauth_request: invalid user admin [preauth]
Jan 20 02:09:29 host sshd[9001]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:09:29 host sshd[9001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.165.47.193
Jan 20 02:09:31 host sshd[9001]: Failed password for invalid user admin from 188.165.47.193 port 40038 ssh2
Jan 20 02:09:31 host sshd[9001]: Connection closed by 188.165.47.193 port 40038 [preauth]
Jan 20 02:10:31 host sshd[9285]: Invalid user halo from 162.19.66.82 port 43122
Jan 20 02:10:31 host sshd[9285]: input_userauth_request: invalid user halo [preauth]
Jan 20 02:10:31 host sshd[9285]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:10:31 host sshd[9285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.19.66.82
Jan 20 02:10:33 host sshd[9285]: Failed password for invalid user halo from 162.19.66.82 port 43122 ssh2
Jan 20 02:10:33 host sshd[9285]: Received disconnect from 162.19.66.82 port 43122:11: Bye Bye [preauth]
Jan 20 02:10:33 host sshd[9285]: Disconnected from 162.19.66.82 port 43122 [preauth]
Jan 20 02:12:30 host sshd[9505]: Invalid user iodine from 104.244.74.6 port 39856
Jan 20 02:12:30 host sshd[9505]: input_userauth_request: invalid user iodine [preauth]
Jan 20 02:12:30 host sshd[9505]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:12:30 host sshd[9505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 20 02:12:31 host sshd[9505]: Failed password for invalid user iodine from 104.244.74.6 port 39856 ssh2
Jan 20 02:12:31 host sshd[9505]: Connection closed by 104.244.74.6 port 39856 [preauth]
Jan 20 02:15:03 host sshd[9770]: Invalid user debian from 35.228.65.40 port 60416
Jan 20 02:15:03 host sshd[9770]: input_userauth_request: invalid user debian [preauth]
Jan 20 02:15:03 host sshd[9770]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:15:03 host sshd[9770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.228.65.40
Jan 20 02:15:05 host sshd[9770]: Failed password for invalid user debian from 35.228.65.40 port 60416 ssh2
Jan 20 02:15:05 host sshd[9770]: Received disconnect from 35.228.65.40 port 60416:11: Bye Bye [preauth]
Jan 20 02:15:05 host sshd[9770]: Disconnected from 35.228.65.40 port 60416 [preauth]
Jan 20 02:16:08 host sshd[9892]: Invalid user sysadmin from 162.19.66.82 port 47544
Jan 20 02:16:08 host sshd[9892]: input_userauth_request: invalid user sysadmin [preauth]
Jan 20 02:16:08 host sshd[9892]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:16:08 host sshd[9892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.19.66.82
Jan 20 02:16:10 host sshd[9892]: Failed password for invalid user sysadmin from 162.19.66.82 port 47544 ssh2
Jan 20 02:16:10 host sshd[9895]: Invalid user web from 35.228.65.40 port 49974
Jan 20 02:16:10 host sshd[9895]: input_userauth_request: invalid user web [preauth]
Jan 20 02:16:10 host sshd[9895]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:16:10 host sshd[9895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.228.65.40
Jan 20 02:16:10 host sshd[9892]: Received disconnect from 162.19.66.82 port 47544:11: Bye Bye [preauth]
Jan 20 02:16:10 host sshd[9892]: Disconnected from 162.19.66.82 port 47544 [preauth]
Jan 20 02:16:12 host sshd[9895]: Failed password for invalid user web from 35.228.65.40 port 49974 ssh2
Jan 20 02:16:12 host sshd[9895]: Received disconnect from 35.228.65.40 port 49974:11: Bye Bye [preauth]
Jan 20 02:16:12 host sshd[9895]: Disconnected from 35.228.65.40 port 49974 [preauth]
Jan 20 02:17:09 host sshd[10151]: Invalid user mark from 162.19.66.82 port 36474
Jan 20 02:17:09 host sshd[10151]: input_userauth_request: invalid user mark [preauth]
Jan 20 02:17:09 host sshd[10151]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:17:09 host sshd[10151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.19.66.82
Jan 20 02:17:11 host sshd[10151]: Failed password for invalid user mark from 162.19.66.82 port 36474 ssh2
Jan 20 02:17:11 host sshd[10151]: Received disconnect from 162.19.66.82 port 36474:11: Bye Bye [preauth]
Jan 20 02:17:11 host sshd[10151]: Disconnected from 162.19.66.82 port 36474 [preauth]
Jan 20 02:19:39 host sshd[10455]: Invalid user asterisk from 138.2.72.124 port 53480
Jan 20 02:19:39 host sshd[10455]: input_userauth_request: invalid user asterisk [preauth]
Jan 20 02:19:39 host sshd[10455]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:19:39 host sshd[10455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.2.72.124
Jan 20 02:19:41 host sshd[10455]: Failed password for invalid user asterisk from 138.2.72.124 port 53480 ssh2
Jan 20 02:19:41 host sshd[10455]: Received disconnect from 138.2.72.124 port 53480:11: Bye Bye [preauth]
Jan 20 02:19:41 host sshd[10455]: Disconnected from 138.2.72.124 port 53480 [preauth]
Jan 20 02:19:51 host sshd[10470]: Invalid user azureuser from 83.209.41.236 port 30312
Jan 20 02:19:51 host sshd[10470]: input_userauth_request: invalid user azureuser [preauth]
Jan 20 02:19:51 host sshd[10470]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:19:51 host sshd[10470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.209.41.236
Jan 20 02:19:53 host sshd[10470]: Failed password for invalid user azureuser from 83.209.41.236 port 30312 ssh2
Jan 20 02:19:53 host sshd[10470]: Received disconnect from 83.209.41.236 port 30312:11: Bye Bye [preauth]
Jan 20 02:19:53 host sshd[10470]: Disconnected from 83.209.41.236 port 30312 [preauth]
Jan 20 02:20:45 host sshd[10621]: Invalid user admin from 165.227.222.54 port 52506
Jan 20 02:20:45 host sshd[10621]: input_userauth_request: invalid user admin [preauth]
Jan 20 02:20:45 host sshd[10621]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:20:45 host sshd[10621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.222.54
Jan 20 02:20:48 host sshd[10621]: Failed password for invalid user admin from 165.227.222.54 port 52506 ssh2
Jan 20 02:20:48 host sshd[10621]: Received disconnect from 165.227.222.54 port 52506:11: Bye Bye [preauth]
Jan 20 02:20:48 host sshd[10621]: Disconnected from 165.227.222.54 port 52506 [preauth]
Jan 20 02:20:50 host sshd[10629]: Invalid user martin from 211.253.39.170 port 56220
Jan 20 02:20:50 host sshd[10629]: input_userauth_request: invalid user martin [preauth]
Jan 20 02:20:50 host sshd[10629]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:20:50 host sshd[10629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.39.170
Jan 20 02:20:52 host sshd[10629]: Failed password for invalid user martin from 211.253.39.170 port 56220 ssh2
Jan 20 02:20:53 host sshd[10629]: Received disconnect from 211.253.39.170 port 56220:11: Bye Bye [preauth]
Jan 20 02:20:53 host sshd[10629]: Disconnected from 211.253.39.170 port 56220 [preauth]
Jan 20 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:03 host sshd[10660]: Invalid user csserver from 210.114.1.46 port 56568
Jan 20 02:21:03 host sshd[10660]: input_userauth_request: invalid user csserver [preauth]
Jan 20 02:21:03 host sshd[10660]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:21:03 host sshd[10660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.114.1.46
Jan 20 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=wwwresourcehunte user-4=keralaholi user-5=wwwrmswll user-6=ugotscom user-7=cochintaxi user-8=wwwkaretakers user-9=a2zgroup user-10=dartsimp user-11=laundryboniface user-12=bonifacegroup user-13=wwwevmhonda user-14=wwwletsstalkfood user-15=straightcurve user-16=palco123 user-17=gifterman user-18=kottayamcalldriv user-19=phmetals user-20=wwwnexidigital user-21=mrsclean user-22=disposeat user-23=wwwkmaorg user-24=remysagr user-25=wwwkapin user-26=woodpeck user-27=vfmassets user-28=shalinijames user-29=wwwtestugo user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 02:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:05 host sshd[10660]: Failed password for invalid user csserver from 210.114.1.46 port 56568 ssh2
Jan 20 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-sMH0eelC1j7BeVNi.~
Jan 20 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-sMH0eelC1j7BeVNi.~'
Jan 20 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-sMH0eelC1j7BeVNi.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:05 host sshd[10660]: Received disconnect from 210.114.1.46 port 56568:11: Bye Bye [preauth]
Jan 20 02:21:05 host sshd[10660]: Disconnected from 210.114.1.46 port 56568 [preauth]
Jan 20 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 02:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 02:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 02:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 02:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 02:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 02:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 02:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 02:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:22:16 host sshd[11072]: Invalid user grid from 201.236.186.32 port 55154
Jan 20 02:22:16 host sshd[11072]: input_userauth_request: invalid user grid [preauth]
Jan 20 02:22:16 host sshd[11072]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:22:16 host sshd[11072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.236.186.32
Jan 20 02:22:18 host sshd[11072]: Failed password for invalid user grid from 201.236.186.32 port 55154 ssh2
Jan 20 02:22:18 host sshd[11072]: Received disconnect from 201.236.186.32 port 55154:11: Bye Bye [preauth]
Jan 20 02:22:18 host sshd[11072]: Disconnected from 201.236.186.32 port 55154 [preauth]
Jan 20 02:22:58 host sshd[11132]: Connection reset by 118.91.39.54 port 36583 [preauth]
Jan 20 02:23:11 host sshd[11157]: Invalid user ftpuser from 189.50.42.34 port 43267
Jan 20 02:23:11 host sshd[11157]: input_userauth_request: invalid user ftpuser [preauth]
Jan 20 02:23:11 host sshd[11157]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:23:11 host sshd[11157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.50.42.34
Jan 20 02:23:13 host sshd[11157]: Failed password for invalid user ftpuser from 189.50.42.34 port 43267 ssh2
Jan 20 02:23:14 host sshd[11157]: Received disconnect from 189.50.42.34 port 43267:11: Bye Bye [preauth]
Jan 20 02:23:14 host sshd[11157]: Disconnected from 189.50.42.34 port 43267 [preauth]
Jan 20 02:23:20 host sshd[11175]: Invalid user ftpuser from 171.244.140.174 port 39904
Jan 20 02:23:20 host sshd[11175]: input_userauth_request: invalid user ftpuser [preauth]
Jan 20 02:23:20 host sshd[11175]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:23:20 host sshd[11175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.140.174
Jan 20 02:23:21 host sshd[11179]: Invalid user grid from 165.154.240.15 port 30410
Jan 20 02:23:21 host sshd[11179]: input_userauth_request: invalid user grid [preauth]
Jan 20 02:23:21 host sshd[11179]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:23:21 host sshd[11179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.240.15
Jan 20 02:23:22 host sshd[11175]: Failed password for invalid user ftpuser from 171.244.140.174 port 39904 ssh2
Jan 20 02:23:22 host sshd[11175]: Received disconnect from 171.244.140.174 port 39904:11: Bye Bye [preauth]
Jan 20 02:23:22 host sshd[11175]: Disconnected from 171.244.140.174 port 39904 [preauth]
Jan 20 02:23:23 host sshd[11179]: Failed password for invalid user grid from 165.154.240.15 port 30410 ssh2
Jan 20 02:23:23 host sshd[11179]: Received disconnect from 165.154.240.15 port 30410:11: Bye Bye [preauth]
Jan 20 02:23:23 host sshd[11179]: Disconnected from 165.154.240.15 port 30410 [preauth]
Jan 20 02:23:31 host sshd[11215]: Invalid user test2 from 83.209.41.236 port 42960
Jan 20 02:23:31 host sshd[11215]: input_userauth_request: invalid user test2 [preauth]
Jan 20 02:23:31 host sshd[11215]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:23:31 host sshd[11215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.209.41.236
Jan 20 02:23:32 host sshd[11215]: Failed password for invalid user test2 from 83.209.41.236 port 42960 ssh2
Jan 20 02:23:33 host sshd[11215]: Received disconnect from 83.209.41.236 port 42960:11: Bye Bye [preauth]
Jan 20 02:23:33 host sshd[11215]: Disconnected from 83.209.41.236 port 42960 [preauth]
Jan 20 02:23:43 host sshd[11231]: Invalid user gmodserver from 165.227.222.54 port 50854
Jan 20 02:23:43 host sshd[11231]: input_userauth_request: invalid user gmodserver [preauth]
Jan 20 02:23:43 host sshd[11231]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:23:43 host sshd[11231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.222.54
Jan 20 02:23:44 host sshd[11231]: Failed password for invalid user gmodserver from 165.227.222.54 port 50854 ssh2
Jan 20 02:23:44 host sshd[11231]: Received disconnect from 165.227.222.54 port 50854:11: Bye Bye [preauth]
Jan 20 02:23:44 host sshd[11231]: Disconnected from 165.227.222.54 port 50854 [preauth]
Jan 20 02:23:56 host sshd[11248]: Invalid user angel from 138.2.72.124 port 53676
Jan 20 02:23:56 host sshd[11248]: input_userauth_request: invalid user angel [preauth]
Jan 20 02:23:56 host sshd[11248]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:23:56 host sshd[11248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.2.72.124
Jan 20 02:23:58 host sshd[11248]: Failed password for invalid user angel from 138.2.72.124 port 53676 ssh2
Jan 20 02:23:58 host sshd[11248]: Received disconnect from 138.2.72.124 port 53676:11: Bye Bye [preauth]
Jan 20 02:23:58 host sshd[11248]: Disconnected from 138.2.72.124 port 53676 [preauth]
Jan 20 02:24:13 host sshd[11278]: Invalid user csserver from 211.253.39.170 port 40154
Jan 20 02:24:13 host sshd[11278]: input_userauth_request: invalid user csserver [preauth]
Jan 20 02:24:13 host sshd[11278]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:24:13 host sshd[11278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.39.170
Jan 20 02:24:14 host sshd[11278]: Failed password for invalid user csserver from 211.253.39.170 port 40154 ssh2
Jan 20 02:24:15 host sshd[11278]: Received disconnect from 211.253.39.170 port 40154:11: Bye Bye [preauth]
Jan 20 02:24:15 host sshd[11278]: Disconnected from 211.253.39.170 port 40154 [preauth]
Jan 20 02:24:43 host sshd[11339]: Invalid user bitnami from 83.209.41.236 port 56120
Jan 20 02:24:43 host sshd[11339]: input_userauth_request: invalid user bitnami [preauth]
Jan 20 02:24:43 host sshd[11339]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:24:43 host sshd[11339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.209.41.236
Jan 20 02:24:45 host sshd[11339]: Failed password for invalid user bitnami from 83.209.41.236 port 56120 ssh2
Jan 20 02:24:45 host sshd[11339]: Received disconnect from 83.209.41.236 port 56120:11: Bye Bye [preauth]
Jan 20 02:24:45 host sshd[11339]: Disconnected from 83.209.41.236 port 56120 [preauth]
Jan 20 02:24:49 host sshd[11372]: Invalid user jboss from 165.227.222.54 port 35814
Jan 20 02:24:49 host sshd[11372]: input_userauth_request: invalid user jboss [preauth]
Jan 20 02:24:49 host sshd[11372]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:24:49 host sshd[11372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.222.54
Jan 20 02:24:51 host sshd[11372]: Failed password for invalid user jboss from 165.227.222.54 port 35814 ssh2
Jan 20 02:24:51 host sshd[11372]: Received disconnect from 165.227.222.54 port 35814:11: Bye Bye [preauth]
Jan 20 02:24:51 host sshd[11372]: Disconnected from 165.227.222.54 port 35814 [preauth]
Jan 20 02:25:37 host sshd[11517]: Invalid user scan from 210.114.1.46 port 40722
Jan 20 02:25:37 host sshd[11517]: input_userauth_request: invalid user scan [preauth]
Jan 20 02:25:37 host sshd[11517]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:25:37 host sshd[11517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.114.1.46
Jan 20 02:25:38 host sshd[11520]: Invalid user rustserver from 211.253.39.170 port 39094
Jan 20 02:25:38 host sshd[11520]: input_userauth_request: invalid user rustserver [preauth]
Jan 20 02:25:38 host sshd[11520]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:25:38 host sshd[11520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.39.170
Jan 20 02:25:38 host sshd[11516]: Invalid user frappe from 189.50.42.34 port 58541
Jan 20 02:25:38 host sshd[11516]: input_userauth_request: invalid user frappe [preauth]
Jan 20 02:25:38 host sshd[11516]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:25:38 host sshd[11516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.50.42.34
Jan 20 02:25:39 host sshd[11517]: Failed password for invalid user scan from 210.114.1.46 port 40722 ssh2
Jan 20 02:25:40 host sshd[11517]: Received disconnect from 210.114.1.46 port 40722:11: Bye Bye [preauth]
Jan 20 02:25:40 host sshd[11517]: Disconnected from 210.114.1.46 port 40722 [preauth]
Jan 20 02:25:40 host sshd[11520]: Failed password for invalid user rustserver from 211.253.39.170 port 39094 ssh2
Jan 20 02:25:40 host sshd[11516]: Failed password for invalid user frappe from 189.50.42.34 port 58541 ssh2
Jan 20 02:25:40 host sshd[11520]: Received disconnect from 211.253.39.170 port 39094:11: Bye Bye [preauth]
Jan 20 02:25:40 host sshd[11520]: Disconnected from 211.253.39.170 port 39094 [preauth]
Jan 20 02:25:40 host sshd[11516]: Received disconnect from 189.50.42.34 port 58541:11: Bye Bye [preauth]
Jan 20 02:25:40 host sshd[11516]: Disconnected from 189.50.42.34 port 58541 [preauth]
Jan 20 02:25:43 host sshd[11537]: Invalid user jeremy from 165.154.240.15 port 59472
Jan 20 02:25:43 host sshd[11537]: input_userauth_request: invalid user jeremy [preauth]
Jan 20 02:25:43 host sshd[11537]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:25:43 host sshd[11537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.240.15
Jan 20 02:25:44 host sshd[11537]: Failed password for invalid user jeremy from 165.154.240.15 port 59472 ssh2
Jan 20 02:25:44 host sshd[11537]: Received disconnect from 165.154.240.15 port 59472:11: Bye Bye [preauth]
Jan 20 02:25:44 host sshd[11537]: Disconnected from 165.154.240.15 port 59472 [preauth]
Jan 20 02:26:21 host sshd[11630]: Invalid user deploy from 138.2.72.124 port 53784
Jan 20 02:26:21 host sshd[11630]: input_userauth_request: invalid user deploy [preauth]
Jan 20 02:26:21 host sshd[11630]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:26:21 host sshd[11630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.2.72.124
Jan 20 02:26:23 host sshd[11630]: Failed password for invalid user deploy from 138.2.72.124 port 53784 ssh2
Jan 20 02:26:30 host sshd[11790]: Invalid user samba from 201.236.186.32 port 39743
Jan 20 02:26:30 host sshd[11790]: input_userauth_request: invalid user samba [preauth]
Jan 20 02:26:30 host sshd[11790]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:26:30 host sshd[11790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.236.186.32
Jan 20 02:26:32 host sshd[11790]: Failed password for invalid user samba from 201.236.186.32 port 39743 ssh2
Jan 20 02:26:32 host sshd[11790]: Received disconnect from 201.236.186.32 port 39743:11: Bye Bye [preauth]
Jan 20 02:26:32 host sshd[11790]: Disconnected from 201.236.186.32 port 39743 [preauth]
Jan 20 02:27:03 host sshd[11828]: Invalid user admin1 from 210.114.1.46 port 35058
Jan 20 02:27:03 host sshd[11828]: input_userauth_request: invalid user admin1 [preauth]
Jan 20 02:27:03 host sshd[11828]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:27:03 host sshd[11828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.114.1.46
Jan 20 02:27:04 host sshd[11842]: Invalid user csserver from 165.154.240.15 port 27080
Jan 20 02:27:04 host sshd[11842]: input_userauth_request: invalid user csserver [preauth]
Jan 20 02:27:04 host sshd[11842]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:27:04 host sshd[11842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.240.15
Jan 20 02:27:04 host sshd[11828]: Failed password for invalid user admin1 from 210.114.1.46 port 35058 ssh2
Jan 20 02:27:04 host sshd[11828]: Received disconnect from 210.114.1.46 port 35058:11: Bye Bye [preauth]
Jan 20 02:27:04 host sshd[11828]: Disconnected from 210.114.1.46 port 35058 [preauth]
Jan 20 02:27:06 host sshd[11842]: Failed password for invalid user csserver from 165.154.240.15 port 27080 ssh2
Jan 20 02:27:06 host sshd[11842]: Received disconnect from 165.154.240.15 port 27080:11: Bye Bye [preauth]
Jan 20 02:27:06 host sshd[11842]: Disconnected from 165.154.240.15 port 27080 [preauth]
Jan 20 02:27:15 host sshd[11923]: Invalid user user8 from 171.244.140.174 port 17979
Jan 20 02:27:15 host sshd[11923]: input_userauth_request: invalid user user8 [preauth]
Jan 20 02:27:15 host sshd[11923]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:27:15 host sshd[11923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.140.174
Jan 20 02:27:16 host sshd[11923]: Failed password for invalid user user8 from 171.244.140.174 port 17979 ssh2
Jan 20 02:27:17 host sshd[11923]: Received disconnect from 171.244.140.174 port 17979:11: Bye Bye [preauth]
Jan 20 02:27:17 host sshd[11923]: Disconnected from 171.244.140.174 port 17979 [preauth]
Jan 20 02:27:26 host sshd[11945]: Invalid user user7 from 189.50.42.34 port 43815
Jan 20 02:27:26 host sshd[11945]: input_userauth_request: invalid user user7 [preauth]
Jan 20 02:27:26 host sshd[11945]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:27:26 host sshd[11945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.50.42.34
Jan 20 02:27:28 host sshd[11945]: Failed password for invalid user user7 from 189.50.42.34 port 43815 ssh2
Jan 20 02:28:23 host sshd[12119]: Invalid user splunk from 201.236.186.32 port 60647
Jan 20 02:28:23 host sshd[12119]: input_userauth_request: invalid user splunk [preauth]
Jan 20 02:28:23 host sshd[12119]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:28:23 host sshd[12119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.236.186.32
Jan 20 02:28:25 host sshd[12119]: Failed password for invalid user splunk from 201.236.186.32 port 60647 ssh2
Jan 20 02:28:26 host sshd[12119]: Received disconnect from 201.236.186.32 port 60647:11: Bye Bye [preauth]
Jan 20 02:28:26 host sshd[12119]: Disconnected from 201.236.186.32 port 60647 [preauth]
Jan 20 02:28:49 host sshd[12230]: Invalid user csgoserver from 171.244.140.174 port 40439
Jan 20 02:28:49 host sshd[12230]: input_userauth_request: invalid user csgoserver [preauth]
Jan 20 02:28:49 host sshd[12230]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:28:49 host sshd[12230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.140.174
Jan 20 02:28:50 host sshd[12230]: Failed password for invalid user csgoserver from 171.244.140.174 port 40439 ssh2
Jan 20 02:28:51 host sshd[12230]: Received disconnect from 171.244.140.174 port 40439:11: Bye Bye [preauth]
Jan 20 02:28:51 host sshd[12230]: Disconnected from 171.244.140.174 port 40439 [preauth]
Jan 20 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=disposeat user-2=wwwkmaorg user-3=remysagr user-4=wwwkapin user-5=woodpeck user-6=wwwtestugo user-7=shalinijames user-8=vfmassets user-9=pmcresources user-10=wwwevmhonda user-11=bonifacegroup user-12=wwwletsstalkfood user-13=straightcurve user-14=kottayamcalldriv user-15=phmetals user-16=gifterman user-17=palco123 user-18=wwwnexidigital user-19=mrsclean user-20=cochintaxi user-21=wwwkaretakers user-22=dartsimp user-23=a2zgroup user-24=laundryboniface user-25=wwwpmcresource user-26=travelboniface user-27=ugotscom user-28=wwwrmswll user-29=keralaholi user-30=wwwresourcehunte feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 02:29:02 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwevmhonda --output=json
Jan 20 02:29:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/sh -c cd /home/wwwevmhonda/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 20 02:29:10 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 20 02:29:10 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 20 02:29:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwevmhonda LangPHP php_get_vhost_versions --output=json
Jan 20 02:29:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 package_manager_get_package_info package-0=ea-php72 --output=json
Jan 20 02:29:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwletsstalkfood --output=json
Jan 20 02:29:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:25 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/sh -c cd /home/wwwletsstalkfood/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 20 02:29:25 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 20 02:29:25 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 20 02:29:25 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood LangPHP php_get_vhost_versions --output=json
Jan 20 02:29:25 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:25 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood DomainInfo single_domain_data domain=letsstalkfood.com return_https_redirect_status=1 --output=json
Jan 20 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 fetch_vhost_ssl_components --output=json
Jan 20 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 fetch_ssl_vhosts --output=json
Jan 20 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood Mime list_redirects --output=json
Jan 20 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:40 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood DirectoryPrivacy is_directory_protected dir=/home/wwwletsstalkfood/public_html --output=json
Jan 20 02:29:40 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:40 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:44 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=mrsclean --output=json
Jan 20 02:29:44 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:44 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean DomainInfo single_domain_data domain=mrsclean.co.in return_https_redirect_status=1 --output=json
Jan 20 02:29:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean Mime list_redirects --output=json
Jan 20 02:29:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/sh -c cd /home/mrsclean/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 20 02:29:45 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 20 02:29:45 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 20 02:29:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean LangPHP php_get_vhost_versions --output=json
Jan 20 02:29:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 02:29:45 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 02:29:45 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/sh -c cd /home/mrsclean/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 20 02:29:46 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 20 02:29:46 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 20 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=shalinijames --output=json
Jan 20 02:29:46 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:46 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:54 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/sh -c cd /home/shalinijames/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 20 02:29:54 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 20 02:29:54 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 20 02:29:54 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames LangPHP php_get_vhost_versions --output=json
Jan 20 02:29:54 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:54 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:55 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames DomainInfo single_domain_data domain=shalinijames.com return_https_redirect_status=1 --output=json
Jan 20 02:29:55 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:55 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:29:55 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames Mime list_redirects --output=json
Jan 20 02:29:55 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:29:55 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:30:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames DirectoryPrivacy is_directory_protected dir=/home/shalinijames/public_html --output=json
Jan 20 02:30:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:30:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:30:06 host sshd[12986]: User ftp from 121.155.155.25 not allowed because not listed in AllowUsers
Jan 20 02:30:06 host sshd[12986]: input_userauth_request: invalid user ftp [preauth]
Jan 20 02:30:06 host unix_chkpwd[13079]: password check failed for user (ftp)
Jan 20 02:30:06 host sshd[12986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.155.155.25 user=ftp
Jan 20 02:30:06 host sshd[12986]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 20 02:30:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwtestugo --output=json
Jan 20 02:30:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:30:08 host sshd[12986]: Failed password for invalid user ftp from 121.155.155.25 port 53144 ssh2
Jan 20 02:30:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:30:09 host unix_chkpwd[13141]: password check failed for user (ftp)
Jan 20 02:30:09 host sshd[12986]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 20 02:30:11 host sshd[12986]: Failed password for invalid user ftp from 121.155.155.25 port 53144 ssh2
Jan 20 02:30:12 host unix_chkpwd[13151]: password check failed for user (ftp)
Jan 20 02:30:12 host sshd[12986]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 20 02:30:14 host sshd[12986]: Failed password for invalid user ftp from 121.155.155.25 port 53144 ssh2
Jan 20 02:30:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 20 02:30:14 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 20 02:30:14 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 20 02:30:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo LangPHP php_get_vhost_versions --output=json
Jan 20 02:30:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:30:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:30:15 host sshd[12986]: Failed password for invalid user ftp from 121.155.155.25 port 53144 ssh2
Jan 20 02:30:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DomainInfo single_domain_data domain=testugo.in return_https_redirect_status=1 --output=json
Jan 20 02:30:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:30:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:30:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo Mime list_redirects --output=json
Jan 20 02:30:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:30:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:30:15 host unix_chkpwd[13230]: password check failed for user (ftp)
Jan 20 02:30:15 host sshd[12986]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 20 02:30:17 host sshd[12986]: Failed password for invalid user ftp from 121.155.155.25 port 53144 ssh2
Jan 20 02:30:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/tt1 --output=json
Jan 20 02:30:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:30:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:30:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 20 02:30:31 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 20 02:30:31 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 20 02:30:37 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/tt --output=json
Jan 20 02:30:37 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:30:37 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:30:47 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 20 02:30:47 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 20 02:30:47 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 20 02:30:54 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/HYPE --output=json
Jan 20 02:30:54 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:30:54 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:30:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=ugotscom --output=json
Jan 20 02:30:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:30:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:30:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DomainInfo single_domain_data domain=ugotechnologies.com return_https_redirect_status=1 --output=json
Jan 20 02:30:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:30:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:30:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom Mime list_redirects --output=json
Jan 20 02:30:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:30:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:30:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 20 02:30:59 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 02:30:59 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 02:30:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom LangPHP php_get_vhost_versions --output=json
Jan 20 02:30:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:30:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:31:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 20 02:31:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 02:31:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 02:31:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DirectoryPrivacy is_directory_protected dir=/home/ugotscom/public_html/old/UGOCRM/ugo_blg --output=json
Jan 20 02:31:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:31:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:31:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 20 02:31:22 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 02:31:22 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 02:31:27 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DirectoryPrivacy is_directory_protected dir=/home/ugotscom/public_html/old/site --output=json
Jan 20 02:31:27 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:31:27 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:31:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=woodpeck --output=json
Jan 20 02:31:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:31:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:31:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck DomainInfo single_domain_data domain=woodpeckerindia.com return_https_redirect_status=1 --output=json
Jan 20 02:31:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:31:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:31:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck Mime list_redirects --output=json
Jan 20 02:31:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:31:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:31:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/sh -c cd /home/woodpeck/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 20 02:31:31 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 20 02:31:31 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 20 02:31:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck LangPHP php_get_vhost_versions --output=json
Jan 20 02:31:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:31:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:31:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=palco123 --output=json
Jan 20 02:31:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:31:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:31:34 host sshd[14536]: Invalid user admin from 1.33.123.220 port 56711
Jan 20 02:31:34 host sshd[14536]: input_userauth_request: invalid user admin [preauth]
Jan 20 02:31:34 host sshd[14536]: Failed none for invalid user admin from 1.33.123.220 port 56711 ssh2
Jan 20 02:31:35 host sshd[14536]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:31:35 host sshd[14536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.33.123.220
Jan 20 02:31:37 host sshd[14536]: Failed password for invalid user admin from 1.33.123.220 port 56711 ssh2
Jan 20 02:31:37 host sshd[14536]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:31:39 host sshd[14536]: Failed password for invalid user admin from 1.33.123.220 port 56711 ssh2
Jan 20 02:31:39 host sshd[14536]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:31:41 host sshd[14536]: Failed password for invalid user admin from 1.33.123.220 port 56711 ssh2
Jan 20 02:31:41 host sshd[14536]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:31:44 host sshd[14536]: Failed password for invalid user admin from 1.33.123.220 port 56711 ssh2
Jan 20 02:31:44 host sshd[14536]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:31:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/sh -c cd /home/palco123/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 20 02:31:45 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 20 02:31:45 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 20 02:31:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 LangPHP php_get_vhost_versions --output=json
Jan 20 02:31:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:31:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:31:45 host sshd[14536]: Failed password for invalid user admin from 1.33.123.220 port 56711 ssh2
Jan 20 02:31:45 host sshd[14536]: error: maximum authentication attempts exceeded for invalid user admin from 1.33.123.220 port 56711 ssh2 [preauth]
Jan 20 02:31:45 host sshd[14536]: Disconnecting: Too many authentication failures [preauth]
Jan 20 02:31:46 host sshd[14536]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.33.123.220
Jan 20 02:31:46 host sshd[14536]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 20 02:31:46 host sshd[14695]: Connection closed by 1.33.123.220 port 56752 [preauth]
Jan 20 02:31:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 DomainInfo single_domain_data domain=panlys.com return_https_redirect_status=1 --output=json
Jan 20 02:31:46 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:31:46 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:31:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 Mime list_redirects --output=json
Jan 20 02:31:46 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:31:47 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 DirectoryPrivacy is_directory_protected dir=/home/palco123/public_html --output=json
Jan 20 02:32:00 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwresourcehunte --output=json
Jan 20 02:32:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/sh -c cd /home/wwwresourcehunte/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 20 02:32:11 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 20 02:32:12 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 20 02:32:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte LangPHP php_get_vhost_versions --output=json
Jan 20 02:32:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte DomainInfo single_domain_data domain=resourcehunters.com return_https_redirect_status=1 --output=json
Jan 20 02:32:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte Mime list_redirects --output=json
Jan 20 02:32:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:19 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte DirectoryPrivacy is_directory_protected dir=/home/wwwresourcehunte/public_html --output=json
Jan 20 02:32:19 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:19 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=disposeat WpToolkitNotification send_admin_auto_updates_notification 'available_updates_text=<br/><br/>Updates are available for the following items:<br/><br/>' 'available_updates_list=1. Website "Resource Hunters" (http://resourcehunters.com). Installed version: 4.2.34. Available version: 6.1.1.<br/><br/>' installed_updates_text= installed_updates_list= 'failure_updates_text=Updates were not installed for the following items:<br/><br/>' 'failure_updates_list=1. Website "EVM Honda Cochin" (http://www.evmhonda.com): Failed to reset cache for the instance #1: Fatal error: Uncaught Error: Call to undefined function cardealer_is_wpml_active() in /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-options.php:1041#012Stack trace:#012#0
Jan 20 02:32:22 host sudo: wp-toolkit : (command continued) /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-init.php(22): require_once()#012#1 /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/cardealer-helper-library.php(183): require_once('"'"'/home/wwwevmhon...'"'"')#012#2 /home/wwwevmhonda/public_html/wp-includes/class-wp-hook.php(287): cdhl_include_admin_files('"'"''"'"')#012#3 /home/wwwevmhonda/public_html/wp-includes/class-wp-hook.php(311): WP_Hook->apply_filters(NULL, Array)#012#4 /home/wwwevmhonda/public_html/wp-includes/plugin.php(478): WP_Hook->do_action(Array)#012#5 /home/wwwevmhonda/public_html/wp-settings.php(546): do_action('"'"'init'"'"')#012#6 /usr/local/cpanel/3rdparty/wp-toolkit/plib/vendor/wp-cli/vendor/wp-cli/wp-cli/php/WP_CLI/Runner.php(1356): require('"'"'/home/wwwevmhon...'"'"')#012#7 /usr/local/cpanel/3rdparty/wp-toolkit/plib/ve in
Jan 20 02:32:22 host sudo: wp-toolkit : (command continued) /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-options.php on line 1041#012Error: There has been a critical error on your website.Learn more about debugging in WordPress. There has been a critical error on your website.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>2. Website "/home/mrsclean/public_html/backup" (http://mrsclean.co.in/backup): Failed to reset cache for the instance #5: Error: Error establishing a database connection. This either means that the username and password information in your `wp-config.php` file is incorrect or we can’t contact the database server at `localhost`. This could mean your host’s database server is down.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>3. Website "/home/mrsclean/public_html/blog" (http://mrsclean.co.in/blog): Failed to reset cache for the instance #6: Error: Error
Jan 20 02:32:22 host sudo: wp-toolkit : (command continued) establishing a database connection. This either means that the username and password information in your `wp-config.php` file is incorrect or we can’t contact the database server at `localhost`. This could mean your host’s database server is down.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>4. Website "/home/ugotscom/public_html/boniface/blog" (http://ugotechnologies.com/boniface/blog): Failed to reset cache for the instance #13: Error: Error establishing a database connection.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>5. Website "/home/woodpeck/public_html/wp" (http://woodpeckerindia.com/wp): Failed to reset cache for the instance #16: [error]FailedToExecuteWpCliCommand: chdir /home/woodpeck/public_html/wp: no such file or directory[/error]#012<br/><br/>' --output=json
Jan 20 02:32:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c httpd -v
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/palco123/panlys.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/palco123/panlys.com/wp-toolkit.conf
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/palco123/panlys.com/wp-toolkit.conf
Jan 20 02:32:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/palco123/panlys.com/wp-toolkit.conf
Jan 20 02:32:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 20 02:32:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 20 02:32:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 20 02:32:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:32:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 20 02:32:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 02:32:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 02:33:58 host sshd[15749]: Connection reset by 221.164.91.188 port 55932 [preauth]
Jan 20 02:35:57 host sshd[16051]: Invalid user debianuser from 195.226.194.142 port 62634
Jan 20 02:35:57 host sshd[16051]: input_userauth_request: invalid user debianuser [preauth]
Jan 20 02:35:57 host sshd[16051]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:35:57 host sshd[16051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142
Jan 20 02:35:59 host sshd[16051]: Failed password for invalid user debianuser from 195.226.194.142 port 62634 ssh2
Jan 20 02:50:23 host sshd[18167]: Invalid user deskres from 205.185.113.129 port 45720
Jan 20 02:50:23 host sshd[18167]: input_userauth_request: invalid user deskres [preauth]
Jan 20 02:50:23 host sshd[18167]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:50:23 host sshd[18167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 20 02:50:26 host sshd[18167]: Failed password for invalid user deskres from 205.185.113.129 port 45720 ssh2
Jan 20 02:50:26 host sshd[18167]: Connection closed by 205.185.113.129 port 45720 [preauth]
Jan 20 02:52:55 host sshd[18441]: Invalid user Admin from 189.223.49.131 port 55160
Jan 20 02:52:55 host sshd[18441]: input_userauth_request: invalid user Admin [preauth]
Jan 20 02:52:55 host sshd[18441]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:52:55 host sshd[18441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.223.49.131
Jan 20 02:52:57 host sshd[18441]: Failed password for invalid user Admin from 189.223.49.131 port 55160 ssh2
Jan 20 02:52:58 host sshd[18441]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:52:59 host sshd[18441]: Failed password for invalid user Admin from 189.223.49.131 port 55160 ssh2
Jan 20 02:53:00 host sshd[18441]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:53:02 host sshd[18441]: Failed password for invalid user Admin from 189.223.49.131 port 55160 ssh2
Jan 20 02:53:03 host sshd[18441]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 02:53:04 host sshd[18441]: Failed password for invalid user Admin from 189.223.49.131 port 55160 ssh2
Jan 20 02:53:07 host sshd[18441]: Failed password for invalid user Admin from 189.223.49.131 port 55160 ssh2
Jan 20 02:53:08 host sshd[18441]: Connection reset by 189.223.49.131 port 55160 [preauth]
Jan 20 02:53:08 host sshd[18441]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.223.49.131
Jan 20 02:53:08 host sshd[18441]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 20 03:06:31 host sshd[20702]: User root from 182.219.202.253 not allowed because not listed in AllowUsers
Jan 20 03:06:31 host sshd[20702]: input_userauth_request: invalid user root [preauth]
Jan 20 03:06:31 host unix_chkpwd[20705]: password check failed for user (root)
Jan 20 03:06:31 host sshd[20702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.219.202.253 user=root
Jan 20 03:06:31 host sshd[20702]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 03:06:33 host sshd[20702]: Failed password for invalid user root from 182.219.202.253 port 60770 ssh2
Jan 20 03:06:33 host unix_chkpwd[20715]: password check failed for user (root)
Jan 20 03:06:33 host sshd[20702]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 03:06:35 host sshd[20702]: Failed password for invalid user root from 182.219.202.253 port 60770 ssh2
Jan 20 03:06:36 host unix_chkpwd[20719]: password check failed for user (root)
Jan 20 03:06:36 host sshd[20702]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 03:06:38 host sshd[20702]: Failed password for invalid user root from 182.219.202.253 port 60770 ssh2
Jan 20 03:06:38 host sshd[20702]: Connection reset by 182.219.202.253 port 60770 [preauth]
Jan 20 03:06:38 host sshd[20702]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.219.202.253 user=root
Jan 20 03:16:27 host sshd[22230]: Invalid user uftp from 187.189.37.175 port 31329
Jan 20 03:16:27 host sshd[22230]: input_userauth_request: invalid user uftp [preauth]
Jan 20 03:16:27 host sshd[22230]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:16:27 host sshd[22230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.189.37.175
Jan 20 03:16:28 host sshd[22230]: Failed password for invalid user uftp from 187.189.37.175 port 31329 ssh2
Jan 20 03:16:29 host sshd[22230]: Received disconnect from 187.189.37.175 port 31329:11: Bye Bye [preauth]
Jan 20 03:16:29 host sshd[22230]: Disconnected from 187.189.37.175 port 31329 [preauth]
Jan 20 03:18:03 host sshd[22458]: Invalid user stack from 103.208.137.90 port 49138
Jan 20 03:18:03 host sshd[22458]: input_userauth_request: invalid user stack [preauth]
Jan 20 03:18:03 host sshd[22458]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:18:03 host sshd[22458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.208.137.90
Jan 20 03:18:05 host sshd[22458]: Failed password for invalid user stack from 103.208.137.90 port 49138 ssh2
Jan 20 03:18:05 host sshd[22458]: Received disconnect from 103.208.137.90 port 49138:11: Bye Bye [preauth]
Jan 20 03:18:05 host sshd[22458]: Disconnected from 103.208.137.90 port 49138 [preauth]
Jan 20 03:18:15 host sshd[22578]: Invalid user esuser from 104.168.68.119 port 58920
Jan 20 03:18:15 host sshd[22578]: input_userauth_request: invalid user esuser [preauth]
Jan 20 03:18:15 host sshd[22578]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:18:15 host sshd[22578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.168.68.119
Jan 20 03:18:17 host sshd[22578]: Failed password for invalid user esuser from 104.168.68.119 port 58920 ssh2
Jan 20 03:18:17 host sshd[22578]: Received disconnect from 104.168.68.119 port 58920:11: Bye Bye [preauth]
Jan 20 03:18:17 host sshd[22578]: Disconnected from 104.168.68.119 port 58920 [preauth]
Jan 20 03:18:33 host sshd[22634]: Invalid user shadow from 122.154.253.5 port 50148
Jan 20 03:18:33 host sshd[22634]: input_userauth_request: invalid user shadow [preauth]
Jan 20 03:18:33 host sshd[22634]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:18:33 host sshd[22634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.253.5
Jan 20 03:18:34 host sshd[22634]: Failed password for invalid user shadow from 122.154.253.5 port 50148 ssh2
Jan 20 03:18:34 host sshd[22634]: Received disconnect from 122.154.253.5 port 50148:11: Bye Bye [preauth]
Jan 20 03:18:34 host sshd[22634]: Disconnected from 122.154.253.5 port 50148 [preauth]
Jan 20 03:19:53 host sshd[22802]: Invalid user gs from 194.110.203.109 port 45544
Jan 20 03:19:53 host sshd[22802]: input_userauth_request: invalid user gs [preauth]
Jan 20 03:19:53 host sshd[22802]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:19:53 host sshd[22802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 03:19:55 host sshd[22802]: Failed password for invalid user gs from 194.110.203.109 port 45544 ssh2
Jan 20 03:19:58 host sshd[22802]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:20:00 host sshd[22802]: Failed password for invalid user gs from 194.110.203.109 port 45544 ssh2
Jan 20 03:20:03 host sshd[22802]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:20:04 host sshd[22802]: Failed password for invalid user gs from 194.110.203.109 port 45544 ssh2
Jan 20 03:20:08 host sshd[22802]: Connection closed by 194.110.203.109 port 45544 [preauth]
Jan 20 03:20:08 host sshd[22802]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 03:20:23 host sshd[22880]: Invalid user bot from 138.197.151.213 port 40200
Jan 20 03:20:23 host sshd[22880]: input_userauth_request: invalid user bot [preauth]
Jan 20 03:20:23 host sshd[22880]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:20:23 host sshd[22880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.151.213
Jan 20 03:20:25 host sshd[22880]: Failed password for invalid user bot from 138.197.151.213 port 40200 ssh2
Jan 20 03:20:25 host sshd[22880]: Received disconnect from 138.197.151.213 port 40200:11: Bye Bye [preauth]
Jan 20 03:20:25 host sshd[22880]: Disconnected from 138.197.151.213 port 40200 [preauth]
Jan 20 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 03:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=laundryboniface user-2=dartsimp user-3=a2zgroup user-4=cochintaxi user-5=wwwkaretakers user-6=wwwrmswll user-7=wwwresourcehunte user-8=keralaholi user-9=ugotscom user-10=travelboniface user-11=wwwpmcresource user-12=pmcresources user-13=vfmassets user-14=wwwtestugo user-15=shalinijames user-16=woodpeck user-17=wwwkapin user-18=disposeat user-19=wwwkmaorg user-20=remysagr user-21=mrsclean user-22=wwwnexidigital user-23=gifterman user-24=palco123 user-25=phmetals user-26=kottayamcalldriv user-27=wwwletsstalkfood user-28=straightcurve user-29=bonifacegroup user-30=wwwevmhonda feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 03:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-3WgPHRYMwUTGSJoq.~
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-3WgPHRYMwUTGSJoq.~'
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-3WgPHRYMwUTGSJoq.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 03:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 03:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 03:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 03:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 03:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 03:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 03:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 03:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 03:22:12 host sshd[23347]: Invalid user invoices from 68.168.141.140 port 48974
Jan 20 03:22:12 host sshd[23347]: input_userauth_request: invalid user invoices [preauth]
Jan 20 03:22:12 host sshd[23347]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:22:12 host sshd[23347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.168.141.140
Jan 20 03:22:14 host sshd[23347]: Failed password for invalid user invoices from 68.168.141.140 port 48974 ssh2
Jan 20 03:22:14 host sshd[23347]: Received disconnect from 68.168.141.140 port 48974:11: Bye Bye [preauth]
Jan 20 03:22:14 host sshd[23347]: Disconnected from 68.168.141.140 port 48974 [preauth]
Jan 20 03:22:39 host sshd[23417]: Invalid user user1 from 138.197.151.213 port 46082
Jan 20 03:22:39 host sshd[23417]: input_userauth_request: invalid user user1 [preauth]
Jan 20 03:22:39 host sshd[23417]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:22:39 host sshd[23417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.151.213
Jan 20 03:22:40 host sshd[23417]: Failed password for invalid user user1 from 138.197.151.213 port 46082 ssh2
Jan 20 03:22:41 host sshd[23417]: Received disconnect from 138.197.151.213 port 46082:11: Bye Bye [preauth]
Jan 20 03:22:41 host sshd[23417]: Disconnected from 138.197.151.213 port 46082 [preauth]
Jan 20 03:22:59 host sshd[23441]: Invalid user mike from 36.227.231.251 port 20762
Jan 20 03:22:59 host sshd[23441]: input_userauth_request: invalid user mike [preauth]
Jan 20 03:22:59 host sshd[23441]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:22:59 host sshd[23441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.227.231.251
Jan 20 03:23:00 host sshd[23448]: Invalid user openbravo from 187.189.37.175 port 44865
Jan 20 03:23:00 host sshd[23448]: input_userauth_request: invalid user openbravo [preauth]
Jan 20 03:23:00 host sshd[23448]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:23:00 host sshd[23448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.189.37.175
Jan 20 03:23:02 host sshd[23441]: Failed password for invalid user mike from 36.227.231.251 port 20762 ssh2
Jan 20 03:23:02 host sshd[23441]: Received disconnect from 36.227.231.251 port 20762:11: Bye Bye [preauth]
Jan 20 03:23:02 host sshd[23441]: Disconnected from 36.227.231.251 port 20762 [preauth]
Jan 20 03:23:03 host sshd[23448]: Failed password for invalid user openbravo from 187.189.37.175 port 44865 ssh2
Jan 20 03:23:03 host sshd[23448]: Received disconnect from 187.189.37.175 port 44865:11: Bye Bye [preauth]
Jan 20 03:23:03 host sshd[23448]: Disconnected from 187.189.37.175 port 44865 [preauth]
Jan 20 03:23:37 host sshd[23525]: Invalid user david from 104.168.68.119 port 53752
Jan 20 03:23:37 host sshd[23525]: input_userauth_request: invalid user david [preauth]
Jan 20 03:23:37 host sshd[23525]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:23:37 host sshd[23525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.168.68.119
Jan 20 03:23:39 host sshd[23525]: Failed password for invalid user david from 104.168.68.119 port 53752 ssh2
Jan 20 03:23:40 host sshd[23525]: Received disconnect from 104.168.68.119 port 53752:11: Bye Bye [preauth]
Jan 20 03:23:40 host sshd[23525]: Disconnected from 104.168.68.119 port 53752 [preauth]
Jan 20 03:23:44 host sshd[23537]: Invalid user administrator from 122.154.253.5 port 45416
Jan 20 03:23:44 host sshd[23537]: input_userauth_request: invalid user administrator [preauth]
Jan 20 03:23:44 host sshd[23537]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:23:44 host sshd[23537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.253.5
Jan 20 03:23:45 host sshd[23534]: Invalid user support from 138.197.151.213 port 44208
Jan 20 03:23:45 host sshd[23534]: input_userauth_request: invalid user support [preauth]
Jan 20 03:23:45 host sshd[23534]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:23:45 host sshd[23534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.151.213
Jan 20 03:23:46 host sshd[23537]: Failed password for invalid user administrator from 122.154.253.5 port 45416 ssh2
Jan 20 03:23:46 host sshd[23537]: Received disconnect from 122.154.253.5 port 45416:11: Bye Bye [preauth]
Jan 20 03:23:46 host sshd[23537]: Disconnected from 122.154.253.5 port 45416 [preauth]
Jan 20 03:23:47 host sshd[23534]: Failed password for invalid user support from 138.197.151.213 port 44208 ssh2
Jan 20 03:23:47 host sshd[23534]: Received disconnect from 138.197.151.213 port 44208:11: Bye Bye [preauth]
Jan 20 03:23:47 host sshd[23534]: Disconnected from 138.197.151.213 port 44208 [preauth]
Jan 20 03:24:22 host sshd[23725]: Invalid user openbravo from 187.189.37.175 port 35937
Jan 20 03:24:22 host sshd[23725]: input_userauth_request: invalid user openbravo [preauth]
Jan 20 03:24:22 host sshd[23725]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:24:22 host sshd[23725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.189.37.175
Jan 20 03:24:24 host sshd[23725]: Failed password for invalid user openbravo from 187.189.37.175 port 35937 ssh2
Jan 20 03:24:24 host sshd[23725]: Received disconnect from 187.189.37.175 port 35937:11: Bye Bye [preauth]
Jan 20 03:24:24 host sshd[23725]: Disconnected from 187.189.37.175 port 35937 [preauth]
Jan 20 03:24:26 host sshd[23761]: Invalid user gitlab-runner from 103.208.137.90 port 49458
Jan 20 03:24:26 host sshd[23761]: input_userauth_request: invalid user gitlab-runner [preauth]
Jan 20 03:24:26 host sshd[23761]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:24:26 host sshd[23761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.208.137.90
Jan 20 03:24:28 host sshd[23761]: Failed password for invalid user gitlab-runner from 103.208.137.90 port 49458 ssh2
Jan 20 03:24:28 host sshd[23761]: Received disconnect from 103.208.137.90 port 49458:11: Bye Bye [preauth]
Jan 20 03:24:28 host sshd[23761]: Disconnected from 103.208.137.90 port 49458 [preauth]
Jan 20 03:24:48 host sshd[23811]: Invalid user user01 from 104.168.68.119 port 48232
Jan 20 03:24:48 host sshd[23811]: input_userauth_request: invalid user user01 [preauth]
Jan 20 03:24:48 host sshd[23811]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:24:48 host sshd[23811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.168.68.119
Jan 20 03:24:50 host sshd[23811]: Failed password for invalid user user01 from 104.168.68.119 port 48232 ssh2
Jan 20 03:25:09 host sshd[23897]: Invalid user import from 122.154.253.5 port 44196
Jan 20 03:25:09 host sshd[23897]: input_userauth_request: invalid user import [preauth]
Jan 20 03:25:09 host sshd[23897]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:25:09 host sshd[23897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.154.253.5
Jan 20 03:25:11 host sshd[23897]: Failed password for invalid user import from 122.154.253.5 port 44196 ssh2
Jan 20 03:25:11 host sshd[23897]: Received disconnect from 122.154.253.5 port 44196:11: Bye Bye [preauth]
Jan 20 03:25:11 host sshd[23897]: Disconnected from 122.154.253.5 port 44196 [preauth]
Jan 20 03:25:24 host sshd[23904]: Invalid user mapr from 68.168.141.140 port 42436
Jan 20 03:25:24 host sshd[23904]: input_userauth_request: invalid user mapr [preauth]
Jan 20 03:25:24 host sshd[23904]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:25:24 host sshd[23904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.168.141.140
Jan 20 03:25:26 host sshd[23904]: Failed password for invalid user mapr from 68.168.141.140 port 42436 ssh2
Jan 20 03:25:26 host sshd[23904]: Received disconnect from 68.168.141.140 port 42436:11: Bye Bye [preauth]
Jan 20 03:25:26 host sshd[23904]: Disconnected from 68.168.141.140 port 42436 [preauth]
Jan 20 03:25:59 host sshd[24025]: Invalid user vagrant from 36.227.231.251 port 41142
Jan 20 03:25:59 host sshd[24025]: input_userauth_request: invalid user vagrant [preauth]
Jan 20 03:25:59 host sshd[24025]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:25:59 host sshd[24025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.227.231.251
Jan 20 03:26:01 host sshd[24025]: Failed password for invalid user vagrant from 36.227.231.251 port 41142 ssh2
Jan 20 03:26:01 host sshd[24025]: Received disconnect from 36.227.231.251 port 41142:11: Bye Bye [preauth]
Jan 20 03:26:01 host sshd[24025]: Disconnected from 36.227.231.251 port 41142 [preauth]
Jan 20 03:26:29 host sshd[24114]: Invalid user adam from 103.208.137.90 port 48150
Jan 20 03:26:29 host sshd[24114]: input_userauth_request: invalid user adam [preauth]
Jan 20 03:26:29 host sshd[24114]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:26:29 host sshd[24114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.208.137.90
Jan 20 03:26:30 host sshd[24114]: Failed password for invalid user adam from 103.208.137.90 port 48150 ssh2
Jan 20 03:26:30 host sshd[24114]: Received disconnect from 103.208.137.90 port 48150:11: Bye Bye [preauth]
Jan 20 03:26:30 host sshd[24114]: Disconnected from 103.208.137.90 port 48150 [preauth]
Jan 20 03:27:25 host sshd[24251]: Invalid user admin from 49.213.248.195 port 49681
Jan 20 03:27:25 host sshd[24251]: input_userauth_request: invalid user admin [preauth]
Jan 20 03:27:25 host sshd[24251]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:27:25 host sshd[24251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.248.195
Jan 20 03:27:27 host sshd[24251]: Failed password for invalid user admin from 49.213.248.195 port 49681 ssh2
Jan 20 03:27:29 host sshd[24251]: Failed password for invalid user admin from 49.213.248.195 port 49681 ssh2
Jan 20 03:27:30 host sshd[24251]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:27:33 host sshd[24251]: Failed password for invalid user admin from 49.213.248.195 port 49681 ssh2
Jan 20 03:27:34 host sshd[24251]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:27:36 host sshd[24251]: Failed password for invalid user admin from 49.213.248.195 port 49681 ssh2
Jan 20 03:27:36 host sshd[24251]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:27:39 host sshd[24251]: Failed password for invalid user admin from 49.213.248.195 port 49681 ssh2
Jan 20 03:27:52 host sshd[24333]: Invalid user client from 68.168.141.140 port 59300
Jan 20 03:27:52 host sshd[24333]: input_userauth_request: invalid user client [preauth]
Jan 20 03:27:52 host sshd[24333]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:27:52 host sshd[24333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.168.141.140
Jan 20 03:27:53 host sshd[24333]: Failed password for invalid user client from 68.168.141.140 port 59300 ssh2
Jan 20 03:27:54 host sshd[24333]: Received disconnect from 68.168.141.140 port 59300:11: Bye Bye [preauth]
Jan 20 03:27:54 host sshd[24333]: Disconnected from 68.168.141.140 port 59300 [preauth]
Jan 20 03:27:59 host sshd[24373]: Invalid user ts from 36.227.231.251 port 60150
Jan 20 03:27:59 host sshd[24373]: input_userauth_request: invalid user ts [preauth]
Jan 20 03:27:59 host sshd[24373]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:27:59 host sshd[24373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.227.231.251
Jan 20 03:28:01 host sshd[24373]: Failed password for invalid user ts from 36.227.231.251 port 60150 ssh2
Jan 20 03:31:55 host sshd[24976]: User root from 121.183.44.140 not allowed because not listed in AllowUsers
Jan 20 03:31:55 host sshd[24976]: input_userauth_request: invalid user root [preauth]
Jan 20 03:31:55 host unix_chkpwd[24980]: password check failed for user (root)
Jan 20 03:31:55 host sshd[24976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.183.44.140 user=root
Jan 20 03:31:55 host sshd[24976]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 03:31:57 host sshd[24976]: Failed password for invalid user root from 121.183.44.140 port 60180 ssh2
Jan 20 03:31:58 host unix_chkpwd[24984]: password check failed for user (root)
Jan 20 03:31:58 host sshd[24976]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 03:32:00 host sshd[24976]: Failed password for invalid user root from 121.183.44.140 port 60180 ssh2
Jan 20 03:32:01 host unix_chkpwd[24987]: password check failed for user (root)
Jan 20 03:32:01 host sshd[24976]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 03:32:03 host sshd[24976]: Failed password for invalid user root from 121.183.44.140 port 60180 ssh2
Jan 20 03:32:03 host unix_chkpwd[25001]: password check failed for user (root)
Jan 20 03:32:03 host sshd[24976]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 03:32:05 host sshd[24976]: Failed password for invalid user root from 121.183.44.140 port 60180 ssh2
Jan 20 03:33:54 host sshd[25235]: Connection reset by 94.254.19.113 port 52657 [preauth]
Jan 20 03:37:37 host sshd[25871]: User root from 59.24.127.242 not allowed because not listed in AllowUsers
Jan 20 03:37:37 host sshd[25871]: input_userauth_request: invalid user root [preauth]
Jan 20 03:37:37 host unix_chkpwd[25875]: password check failed for user (root)
Jan 20 03:37:37 host sshd[25871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.24.127.242 user=root
Jan 20 03:37:37 host sshd[25871]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 03:37:39 host sshd[25871]: Failed password for invalid user root from 59.24.127.242 port 60245 ssh2
Jan 20 03:37:39 host unix_chkpwd[25877]: password check failed for user (root)
Jan 20 03:37:39 host sshd[25871]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 03:37:41 host sshd[25871]: Failed password for invalid user root from 59.24.127.242 port 60245 ssh2
Jan 20 03:37:41 host sshd[25871]: Connection reset by 59.24.127.242 port 60245 [preauth]
Jan 20 03:37:41 host sshd[25871]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.24.127.242 user=root
Jan 20 03:39:34 host sshd[26132]: User root from 112.120.121.112 not allowed because not listed in AllowUsers
Jan 20 03:39:34 host sshd[26132]: input_userauth_request: invalid user root [preauth]
Jan 20 03:39:34 host unix_chkpwd[26136]: password check failed for user (root)
Jan 20 03:39:34 host sshd[26132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.120.121.112 user=root
Jan 20 03:39:34 host sshd[26132]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 03:39:36 host sshd[26132]: Failed password for invalid user root from 112.120.121.112 port 52187 ssh2
Jan 20 03:39:36 host sshd[26132]: Connection reset by 112.120.121.112 port 52187 [preauth]
Jan 20 03:40:28 host sshd[26349]: User root from 211.75.194.227 not allowed because not listed in AllowUsers
Jan 20 03:40:28 host sshd[26349]: input_userauth_request: invalid user root [preauth]
Jan 20 03:40:28 host unix_chkpwd[26395]: password check failed for user (root)
Jan 20 03:40:28 host sshd[26349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.75.194.227 user=root
Jan 20 03:40:28 host sshd[26349]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 03:40:30 host sshd[26349]: Failed password for invalid user root from 211.75.194.227 port 58062 ssh2
Jan 20 03:40:31 host unix_chkpwd[26404]: password check failed for user (root)
Jan 20 03:40:31 host sshd[26349]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 03:40:32 host sshd[26349]: Failed password for invalid user root from 211.75.194.227 port 58062 ssh2
Jan 20 03:40:33 host sshd[26349]: Connection reset by 211.75.194.227 port 58062 [preauth]
Jan 20 03:40:33 host sshd[26349]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.75.194.227 user=root
Jan 20 03:52:40 host sshd[28147]: Invalid user oracle from 203.127.161.82 port 52718
Jan 20 03:52:40 host sshd[28147]: input_userauth_request: invalid user oracle [preauth]
Jan 20 03:52:40 host sshd[28147]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:52:40 host sshd[28147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.127.161.82
Jan 20 03:52:42 host sshd[28147]: Failed password for invalid user oracle from 203.127.161.82 port 52718 ssh2
Jan 20 03:52:42 host sshd[28147]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:52:44 host sshd[28147]: Failed password for invalid user oracle from 203.127.161.82 port 52718 ssh2
Jan 20 03:52:44 host sshd[28147]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:52:46 host sshd[28147]: Failed password for invalid user oracle from 203.127.161.82 port 52718 ssh2
Jan 20 03:52:46 host sshd[28147]: Failed password for invalid user oracle from 203.127.161.82 port 52718 ssh2
Jan 20 03:52:47 host sshd[28147]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:52:49 host sshd[28147]: Failed password for invalid user oracle from 203.127.161.82 port 52718 ssh2
Jan 20 03:52:49 host sshd[28147]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 03:52:51 host sshd[28147]: Failed password for invalid user oracle from 203.127.161.82 port 52718 ssh2
Jan 20 03:52:51 host sshd[28147]: error: maximum authentication attempts exceeded for invalid user oracle from 203.127.161.82 port 52718 ssh2 [preauth]
Jan 20 03:52:51 host sshd[28147]: Disconnecting: Too many authentication failures [preauth]
Jan 20 03:52:51 host sshd[28147]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.127.161.82
Jan 20 03:52:51 host sshd[28147]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 20 04:00:26 host sshd[29357]: Invalid user zyfwp from 114.35.65.211 port 37109
Jan 20 04:00:26 host sshd[29357]: input_userauth_request: invalid user zyfwp [preauth]
Jan 20 04:00:26 host sshd[29357]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:00:26 host sshd[29357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.65.211
Jan 20 04:00:28 host sshd[29357]: Failed password for invalid user zyfwp from 114.35.65.211 port 37109 ssh2
Jan 20 04:00:28 host sshd[29357]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:00:31 host sshd[29357]: Failed password for invalid user zyfwp from 114.35.65.211 port 37109 ssh2
Jan 20 04:00:32 host sshd[29357]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:00:34 host sshd[29357]: Failed password for invalid user zyfwp from 114.35.65.211 port 37109 ssh2
Jan 20 04:00:34 host sshd[29357]: Connection closed by 114.35.65.211 port 37109 [preauth]
Jan 20 04:00:34 host sshd[29357]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.65.211
Jan 20 04:03:06 host sshd[29680]: Invalid user melvin from 107.189.30.59 port 34000
Jan 20 04:03:06 host sshd[29680]: input_userauth_request: invalid user melvin [preauth]
Jan 20 04:03:06 host sshd[29680]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:03:06 host sshd[29680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 20 04:03:08 host sshd[29680]: Failed password for invalid user melvin from 107.189.30.59 port 34000 ssh2
Jan 20 04:03:09 host sshd[29680]: Connection closed by 107.189.30.59 port 34000 [preauth]
Jan 20 04:07:44 host sshd[30331]: Invalid user chris from 188.166.14.99 port 38252
Jan 20 04:07:44 host sshd[30331]: input_userauth_request: invalid user chris [preauth]
Jan 20 04:07:44 host sshd[30331]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:07:44 host sshd[30331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.14.99
Jan 20 04:07:46 host sshd[30331]: Failed password for invalid user chris from 188.166.14.99 port 38252 ssh2
Jan 20 04:07:46 host sshd[30331]: Received disconnect from 188.166.14.99 port 38252:11: Bye Bye [preauth]
Jan 20 04:07:46 host sshd[30331]: Disconnected from 188.166.14.99 port 38252 [preauth]
Jan 20 04:09:56 host sshd[30698]: Invalid user halo from 185.238.2.68 port 40326
Jan 20 04:09:56 host sshd[30698]: input_userauth_request: invalid user halo [preauth]
Jan 20 04:09:56 host sshd[30698]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:09:56 host sshd[30698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.238.2.68
Jan 20 04:09:58 host sshd[30698]: Failed password for invalid user halo from 185.238.2.68 port 40326 ssh2
Jan 20 04:09:58 host sshd[30698]: Received disconnect from 185.238.2.68 port 40326:11: Bye Bye [preauth]
Jan 20 04:09:58 host sshd[30698]: Disconnected from 185.238.2.68 port 40326 [preauth]
Jan 20 04:10:40 host sshd[30918]: User root from 209.141.55.27 not allowed because not listed in AllowUsers
Jan 20 04:10:40 host sshd[30918]: input_userauth_request: invalid user root [preauth]
Jan 20 04:10:40 host unix_chkpwd[30921]: password check failed for user (root)
Jan 20 04:10:40 host sshd[30918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.55.27 user=root
Jan 20 04:10:40 host sshd[30918]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 04:10:42 host sshd[30918]: Failed password for invalid user root from 209.141.55.27 port 60594 ssh2
Jan 20 04:10:42 host sshd[30918]: Received disconnect from 209.141.55.27 port 60594:11: Normal Shutdown, Thank you for playing [preauth]
Jan 20 04:10:42 host sshd[30918]: Disconnected from 209.141.55.27 port 60594 [preauth]
Jan 20 04:11:52 host sshd[31041]: Invalid user user from 58.72.151.220 port 50471
Jan 20 04:11:52 host sshd[31041]: input_userauth_request: invalid user user [preauth]
Jan 20 04:11:52 host sshd[31041]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:11:52 host sshd[31041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.72.151.220
Jan 20 04:11:53 host sshd[31041]: Failed password for invalid user user from 58.72.151.220 port 50471 ssh2
Jan 20 04:11:54 host sshd[31041]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:11:56 host sshd[31041]: Failed password for invalid user user from 58.72.151.220 port 50471 ssh2
Jan 20 04:11:57 host sshd[31041]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:11:58 host sshd[31041]: Failed password for invalid user user from 58.72.151.220 port 50471 ssh2
Jan 20 04:11:59 host sshd[31041]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:12:00 host sshd[31041]: Failed password for invalid user user from 58.72.151.220 port 50471 ssh2
Jan 20 04:12:01 host sshd[31041]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:12:04 host sshd[31041]: Failed password for invalid user user from 58.72.151.220 port 50471 ssh2
Jan 20 04:13:17 host sshd[31244]: Invalid user newadmin from 188.166.14.99 port 47808
Jan 20 04:13:17 host sshd[31244]: input_userauth_request: invalid user newadmin [preauth]
Jan 20 04:13:17 host sshd[31244]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:13:17 host sshd[31244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.14.99
Jan 20 04:13:19 host sshd[31244]: Failed password for invalid user newadmin from 188.166.14.99 port 47808 ssh2
Jan 20 04:13:19 host sshd[31244]: Received disconnect from 188.166.14.99 port 47808:11: Bye Bye [preauth]
Jan 20 04:13:19 host sshd[31244]: Disconnected from 188.166.14.99 port 47808 [preauth]
Jan 20 04:14:04 host sshd[31180]: Connection closed by 111.161.125.133 port 34346 [preauth]
Jan 20 04:14:08 host sshd[31386]: Invalid user teamspeak3 from 185.238.2.68 port 51318
Jan 20 04:14:08 host sshd[31386]: input_userauth_request: invalid user teamspeak3 [preauth]
Jan 20 04:14:08 host sshd[31386]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:14:08 host sshd[31386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.238.2.68
Jan 20 04:14:10 host sshd[31386]: Failed password for invalid user teamspeak3 from 185.238.2.68 port 51318 ssh2
Jan 20 04:14:11 host sshd[31386]: Received disconnect from 185.238.2.68 port 51318:11: Bye Bye [preauth]
Jan 20 04:14:11 host sshd[31386]: Disconnected from 185.238.2.68 port 51318 [preauth]
Jan 20 04:14:25 host sshd[31528]: Invalid user oscar from 188.166.14.99 port 60870
Jan 20 04:14:25 host sshd[31528]: input_userauth_request: invalid user oscar [preauth]
Jan 20 04:14:25 host sshd[31528]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:14:25 host sshd[31528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.14.99
Jan 20 04:14:28 host sshd[31528]: Failed password for invalid user oscar from 188.166.14.99 port 60870 ssh2
Jan 20 04:15:17 host sshd[31685]: Invalid user openbravo from 185.238.2.68 port 50610
Jan 20 04:15:17 host sshd[31685]: input_userauth_request: invalid user openbravo [preauth]
Jan 20 04:15:17 host sshd[31685]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:15:17 host sshd[31685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.238.2.68
Jan 20 04:15:19 host sshd[31685]: Failed password for invalid user openbravo from 185.238.2.68 port 50610 ssh2
Jan 20 04:15:19 host sshd[31685]: Received disconnect from 185.238.2.68 port 50610:11: Bye Bye [preauth]
Jan 20 04:15:19 host sshd[31685]: Disconnected from 185.238.2.68 port 50610 [preauth]
Jan 20 04:15:59 host sshd[31813]: Invalid user oracle from 14.56.24.201 port 62753
Jan 20 04:15:59 host sshd[31813]: input_userauth_request: invalid user oracle [preauth]
Jan 20 04:15:59 host sshd[31813]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:15:59 host sshd[31813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.56.24.201
Jan 20 04:16:02 host sshd[31813]: Failed password for invalid user oracle from 14.56.24.201 port 62753 ssh2
Jan 20 04:16:03 host sshd[31813]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:16:04 host sshd[31813]: Failed password for invalid user oracle from 14.56.24.201 port 62753 ssh2
Jan 20 04:16:05 host sshd[31813]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:16:06 host sshd[31813]: Failed password for invalid user oracle from 14.56.24.201 port 62753 ssh2
Jan 20 04:16:07 host sshd[31813]: Connection reset by 14.56.24.201 port 62753 [preauth]
Jan 20 04:16:07 host sshd[31813]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.56.24.201
Jan 20 04:17:26 host sshd[32021]: Invalid user admin from 221.165.227.71 port 60803
Jan 20 04:17:26 host sshd[32021]: input_userauth_request: invalid user admin [preauth]
Jan 20 04:17:26 host sshd[32021]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:17:26 host sshd[32021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.165.227.71
Jan 20 04:17:28 host sshd[32021]: Failed password for invalid user admin from 221.165.227.71 port 60803 ssh2
Jan 20 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 04:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwresourcehunte user-2=keralaholi user-3=wwwrmswll user-4=ugotscom user-5=travelboniface user-6=wwwpmcresource user-7=laundryboniface user-8=a2zgroup user-9=dartsimp user-10=wwwkaretakers user-11=cochintaxi user-12=mrsclean user-13=wwwnexidigital user-14=palco123 user-15=gifterman user-16=phmetals user-17=kottayamcalldriv user-18=wwwletsstalkfood user-19=straightcurve user-20=bonifacegroup user-21=wwwevmhonda user-22=pmcresources user-23=vfmassets user-24=shalinijames user-25=wwwtestugo user-26=wwwkapin user-27=woodpeck user-28=wwwkmaorg user-29=disposeat user-30=remysagr feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 04:21:13 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-7CchUL21WdEvnhef.~
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-7CchUL21WdEvnhef.~'
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-7CchUL21WdEvnhef.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 04:21:14 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 04:21:14 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 04:21:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 04:21:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 04:21:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 04:21:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 04:21:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:21:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 04:21:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 04:21:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 04:25:29 host sshd[1013]: Invalid user nexus from 179.145.31.70 port 46653
Jan 20 04:25:29 host sshd[1013]: input_userauth_request: invalid user nexus [preauth]
Jan 20 04:25:29 host sshd[1013]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:25:29 host sshd[1013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.145.31.70
Jan 20 04:25:31 host sshd[1013]: Failed password for invalid user nexus from 179.145.31.70 port 46653 ssh2
Jan 20 04:25:31 host sshd[1013]: Received disconnect from 179.145.31.70 port 46653:11: Bye Bye [preauth]
Jan 20 04:25:31 host sshd[1013]: Disconnected from 179.145.31.70 port 46653 [preauth]
Jan 20 04:28:50 host sshd[1596]: Did not receive identification string from 217.115.58.242 port 37168
Jan 20 04:28:51 host sshd[1597]: Invalid user ftpuser from 217.115.58.242 port 37658
Jan 20 04:28:51 host sshd[1597]: input_userauth_request: invalid user ftpuser [preauth]
Jan 20 04:28:51 host sshd[1598]: User centos from 217.115.58.242 not allowed because not listed in AllowUsers
Jan 20 04:28:51 host sshd[1598]: input_userauth_request: invalid user centos [preauth]
Jan 20 04:28:51 host sshd[1597]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:28:51 host sshd[1597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.115.58.242
Jan 20 04:28:51 host unix_chkpwd[1602]: password check failed for user (centos)
Jan 20 04:28:51 host sshd[1598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.115.58.242 user=centos
Jan 20 04:28:53 host sshd[1597]: Failed password for invalid user ftpuser from 217.115.58.242 port 37658 ssh2
Jan 20 04:28:54 host sshd[1598]: Failed password for invalid user centos from 217.115.58.242 port 37656 ssh2
Jan 20 04:28:54 host sshd[1597]: Connection closed by 217.115.58.242 port 37658 [preauth]
Jan 20 04:28:54 host sshd[1598]: Connection closed by 217.115.58.242 port 37656 [preauth]
Jan 20 04:34:18 host sshd[2541]: Invalid user csserver from 179.145.31.70 port 48380
Jan 20 04:34:18 host sshd[2541]: input_userauth_request: invalid user csserver [preauth]
Jan 20 04:34:18 host sshd[2541]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:34:18 host sshd[2541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.145.31.70
Jan 20 04:34:21 host sshd[2541]: Failed password for invalid user csserver from 179.145.31.70 port 48380 ssh2
Jan 20 04:34:21 host sshd[2541]: Received disconnect from 179.145.31.70 port 48380:11: Bye Bye [preauth]
Jan 20 04:34:21 host sshd[2541]: Disconnected from 179.145.31.70 port 48380 [preauth]
Jan 20 04:36:43 host sshd[3071]: Invalid user testuser from 179.145.31.70 port 56320
Jan 20 04:36:43 host sshd[3071]: input_userauth_request: invalid user testuser [preauth]
Jan 20 04:36:43 host sshd[3071]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:36:43 host sshd[3071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.145.31.70
Jan 20 04:36:45 host sshd[3071]: Failed password for invalid user testuser from 179.145.31.70 port 56320 ssh2
Jan 20 04:36:45 host sshd[3071]: Received disconnect from 179.145.31.70 port 56320:11: Bye Bye [preauth]
Jan 20 04:36:45 host sshd[3071]: Disconnected from 179.145.31.70 port 56320 [preauth]
Jan 20 04:49:22 host sshd[5738]: Invalid user max from 101.128.68.195 port 58146
Jan 20 04:49:22 host sshd[5738]: input_userauth_request: invalid user max [preauth]
Jan 20 04:49:22 host sshd[5738]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:49:22 host sshd[5738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.128.68.195
Jan 20 04:49:24 host sshd[5738]: Failed password for invalid user max from 101.128.68.195 port 58146 ssh2
Jan 20 04:49:24 host sshd[5738]: Received disconnect from 101.128.68.195 port 58146:11: Bye Bye [preauth]
Jan 20 04:49:24 host sshd[5738]: Disconnected from 101.128.68.195 port 58146 [preauth]
Jan 20 04:50:14 host sshd[5908]: Invalid user iodine from 104.244.74.6 port 60660
Jan 20 04:50:14 host sshd[5908]: input_userauth_request: invalid user iodine [preauth]
Jan 20 04:50:14 host sshd[5908]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:50:14 host sshd[5908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 20 04:50:16 host sshd[5908]: Failed password for invalid user iodine from 104.244.74.6 port 60660 ssh2
Jan 20 04:50:17 host sshd[5908]: Connection closed by 104.244.74.6 port 60660 [preauth]
Jan 20 04:50:25 host sshd[5947]: Invalid user vbox from 1.235.216.34 port 45024
Jan 20 04:50:25 host sshd[5947]: input_userauth_request: invalid user vbox [preauth]
Jan 20 04:50:25 host sshd[5947]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:50:25 host sshd[5947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.235.216.34
Jan 20 04:50:27 host sshd[5947]: Failed password for invalid user vbox from 1.235.216.34 port 45024 ssh2
Jan 20 04:50:27 host sshd[5947]: Received disconnect from 1.235.216.34 port 45024:11: Bye Bye [preauth]
Jan 20 04:50:27 host sshd[5947]: Disconnected from 1.235.216.34 port 45024 [preauth]
Jan 20 04:52:49 host sshd[6404]: Invalid user vpn from 142.93.8.99 port 53230
Jan 20 04:52:49 host sshd[6404]: input_userauth_request: invalid user vpn [preauth]
Jan 20 04:52:49 host sshd[6404]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:52:49 host sshd[6404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.8.99
Jan 20 04:52:52 host sshd[6404]: Failed password for invalid user vpn from 142.93.8.99 port 53230 ssh2
Jan 20 04:52:54 host sshd[6404]: Received disconnect from 142.93.8.99 port 53230:11: Bye Bye [preauth]
Jan 20 04:52:54 host sshd[6404]: Disconnected from 142.93.8.99 port 53230 [preauth]
Jan 20 04:53:29 host sshd[6558]: Invalid user rsync from 139.59.37.86 port 58138
Jan 20 04:53:29 host sshd[6558]: input_userauth_request: invalid user rsync [preauth]
Jan 20 04:53:29 host sshd[6558]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:53:29 host sshd[6558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.37.86
Jan 20 04:53:31 host sshd[6558]: Failed password for invalid user rsync from 139.59.37.86 port 58138 ssh2
Jan 20 04:53:31 host sshd[6558]: Received disconnect from 139.59.37.86 port 58138:11: Bye Bye [preauth]
Jan 20 04:53:31 host sshd[6558]: Disconnected from 139.59.37.86 port 58138 [preauth]
Jan 20 04:54:16 host sshd[6672]: Invalid user iodine from 104.244.74.6 port 45992
Jan 20 04:54:16 host sshd[6672]: input_userauth_request: invalid user iodine [preauth]
Jan 20 04:54:16 host sshd[6672]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:54:16 host sshd[6672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 20 04:54:18 host sshd[6672]: Failed password for invalid user iodine from 104.244.74.6 port 45992 ssh2
Jan 20 04:54:18 host sshd[6672]: Connection closed by 104.244.74.6 port 45992 [preauth]
Jan 20 04:54:49 host sshd[6762]: User root from 59.126.178.100 not allowed because not listed in AllowUsers
Jan 20 04:54:49 host sshd[6762]: input_userauth_request: invalid user root [preauth]
Jan 20 04:54:49 host unix_chkpwd[6766]: password check failed for user (root)
Jan 20 04:54:49 host sshd[6762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.178.100 user=root
Jan 20 04:54:49 host sshd[6762]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 04:54:51 host sshd[6762]: Failed password for invalid user root from 59.126.178.100 port 39006 ssh2
Jan 20 04:54:52 host sshd[6762]: Connection reset by 59.126.178.100 port 39006 [preauth]
Jan 20 04:54:54 host sshd[6778]: Invalid user server from 20.189.74.132 port 53544
Jan 20 04:54:54 host sshd[6778]: input_userauth_request: invalid user server [preauth]
Jan 20 04:54:54 host sshd[6778]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:54:54 host sshd[6778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.189.74.132
Jan 20 04:54:56 host sshd[6778]: Failed password for invalid user server from 20.189.74.132 port 53544 ssh2
Jan 20 04:54:56 host sshd[6778]: Received disconnect from 20.189.74.132 port 53544:11: Bye Bye [preauth]
Jan 20 04:54:56 host sshd[6778]: Disconnected from 20.189.74.132 port 53544 [preauth]
Jan 20 04:55:05 host sshd[6816]: Invalid user halo from 101.128.68.195 port 58330
Jan 20 04:55:05 host sshd[6816]: input_userauth_request: invalid user halo [preauth]
Jan 20 04:55:05 host sshd[6816]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:55:05 host sshd[6816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.128.68.195
Jan 20 04:55:07 host sshd[6816]: Failed password for invalid user halo from 101.128.68.195 port 58330 ssh2
Jan 20 04:55:07 host sshd[6816]: Received disconnect from 101.128.68.195 port 58330:11: Bye Bye [preauth]
Jan 20 04:55:07 host sshd[6816]: Disconnected from 101.128.68.195 port 58330 [preauth]
Jan 20 04:55:40 host sshd[6907]: Invalid user mapr from 142.93.8.99 port 57580
Jan 20 04:55:40 host sshd[6907]: input_userauth_request: invalid user mapr [preauth]
Jan 20 04:55:40 host sshd[6907]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:55:40 host sshd[6907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.8.99
Jan 20 04:55:41 host sshd[6907]: Failed password for invalid user mapr from 142.93.8.99 port 57580 ssh2
Jan 20 04:55:42 host sshd[6907]: Received disconnect from 142.93.8.99 port 57580:11: Bye Bye [preauth]
Jan 20 04:55:42 host sshd[6907]: Disconnected from 142.93.8.99 port 57580 [preauth]
Jan 20 04:56:00 host sshd[6934]: Invalid user mark from 139.59.37.86 port 35982
Jan 20 04:56:00 host sshd[6934]: input_userauth_request: invalid user mark [preauth]
Jan 20 04:56:00 host sshd[6934]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:56:00 host sshd[6934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.37.86
Jan 20 04:56:02 host sshd[6934]: Failed password for invalid user mark from 139.59.37.86 port 35982 ssh2
Jan 20 04:56:02 host sshd[6934]: Received disconnect from 139.59.37.86 port 35982:11: Bye Bye [preauth]
Jan 20 04:56:02 host sshd[6934]: Disconnected from 139.59.37.86 port 35982 [preauth]
Jan 20 04:56:33 host sshd[7024]: Invalid user developer from 1.235.216.34 port 47146
Jan 20 04:56:33 host sshd[7024]: input_userauth_request: invalid user developer [preauth]
Jan 20 04:56:33 host sshd[7024]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:56:33 host sshd[7024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.235.216.34
Jan 20 04:56:35 host sshd[7027]: User adm from 101.128.68.195 not allowed because not listed in AllowUsers
Jan 20 04:56:35 host sshd[7027]: input_userauth_request: invalid user adm [preauth]
Jan 20 04:56:35 host unix_chkpwd[7031]: password check failed for user (adm)
Jan 20 04:56:35 host sshd[7027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.128.68.195 user=adm
Jan 20 04:56:35 host sshd[7027]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "adm"
Jan 20 04:56:35 host sshd[7024]: Failed password for invalid user developer from 1.235.216.34 port 47146 ssh2
Jan 20 04:56:35 host sshd[7024]: Received disconnect from 1.235.216.34 port 47146:11: Bye Bye [preauth]
Jan 20 04:56:35 host sshd[7024]: Disconnected from 1.235.216.34 port 47146 [preauth]
Jan 20 04:56:36 host sshd[7027]: Failed password for invalid user adm from 101.128.68.195 port 43715 ssh2
Jan 20 04:56:36 host sshd[7027]: Received disconnect from 101.128.68.195 port 43715:11: Bye Bye [preauth]
Jan 20 04:56:36 host sshd[7027]: Disconnected from 101.128.68.195 port 43715 [preauth]
Jan 20 04:56:44 host sshd[7069]: Invalid user ubnt from 113.169.100.59 port 34896
Jan 20 04:56:44 host sshd[7069]: input_userauth_request: invalid user ubnt [preauth]
Jan 20 04:56:44 host sshd[7069]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:56:44 host sshd[7069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.169.100.59
Jan 20 04:56:47 host sshd[7069]: Failed password for invalid user ubnt from 113.169.100.59 port 34896 ssh2
Jan 20 04:56:49 host sshd[7069]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:56:51 host sshd[7069]: Failed password for invalid user ubnt from 113.169.100.59 port 34896 ssh2
Jan 20 04:56:51 host sshd[7069]: Failed password for invalid user ubnt from 113.169.100.59 port 34896 ssh2
Jan 20 04:56:53 host sshd[7069]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:56:54 host sshd[7069]: Failed password for invalid user ubnt from 113.169.100.59 port 34896 ssh2
Jan 20 04:56:55 host sshd[7069]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:56:58 host sshd[7069]: Failed password for invalid user ubnt from 113.169.100.59 port 34896 ssh2
Jan 20 04:56:58 host sshd[7069]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:57:00 host sshd[7069]: Failed password for invalid user ubnt from 113.169.100.59 port 34896 ssh2
Jan 20 04:57:00 host sshd[7069]: error: maximum authentication attempts exceeded for invalid user ubnt from 113.169.100.59 port 34896 ssh2 [preauth]
Jan 20 04:57:00 host sshd[7069]: Disconnecting: Too many authentication failures [preauth]
Jan 20 04:57:00 host sshd[7069]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.169.100.59
Jan 20 04:57:00 host sshd[7069]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 20 04:57:07 host sshd[7186]: Invalid user panda from 20.189.74.132 port 51060
Jan 20 04:57:07 host sshd[7186]: input_userauth_request: invalid user panda [preauth]
Jan 20 04:57:07 host sshd[7186]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:57:07 host sshd[7186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.189.74.132
Jan 20 04:57:09 host sshd[7186]: Failed password for invalid user panda from 20.189.74.132 port 51060 ssh2
Jan 20 04:57:09 host sshd[7186]: Received disconnect from 20.189.74.132 port 51060:11: Bye Bye [preauth]
Jan 20 04:57:09 host sshd[7186]: Disconnected from 20.189.74.132 port 51060 [preauth]
Jan 20 04:57:19 host sshd[7222]: Invalid user nvidia from 139.59.37.86 port 34280
Jan 20 04:57:19 host sshd[7222]: input_userauth_request: invalid user nvidia [preauth]
Jan 20 04:57:19 host sshd[7222]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:57:19 host sshd[7222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.37.86
Jan 20 04:57:21 host sshd[7222]: Failed password for invalid user nvidia from 139.59.37.86 port 34280 ssh2
Jan 20 04:57:21 host sshd[7222]: Received disconnect from 139.59.37.86 port 34280:11: Bye Bye [preauth]
Jan 20 04:57:21 host sshd[7222]: Disconnected from 139.59.37.86 port 34280 [preauth]
Jan 20 04:57:50 host sshd[7437]: Invalid user a from 142.93.8.99 port 52900
Jan 20 04:57:50 host sshd[7437]: input_userauth_request: invalid user a [preauth]
Jan 20 04:57:50 host sshd[7437]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:57:50 host sshd[7437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.8.99
Jan 20 04:57:52 host sshd[7437]: Failed password for invalid user a from 142.93.8.99 port 52900 ssh2
Jan 20 04:57:53 host sshd[7437]: Received disconnect from 142.93.8.99 port 52900:11: Bye Bye [preauth]
Jan 20 04:57:53 host sshd[7437]: Disconnected from 142.93.8.99 port 52900 [preauth]
Jan 20 04:57:53 host sshd[7458]: Invalid user public from 1.235.216.34 port 59590
Jan 20 04:57:53 host sshd[7458]: input_userauth_request: invalid user public [preauth]
Jan 20 04:57:53 host sshd[7458]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:57:53 host sshd[7458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.235.216.34
Jan 20 04:57:55 host sshd[7458]: Failed password for invalid user public from 1.235.216.34 port 59590 ssh2
Jan 20 04:57:56 host sshd[7458]: Received disconnect from 1.235.216.34 port 59590:11: Bye Bye [preauth]
Jan 20 04:57:56 host sshd[7458]: Disconnected from 1.235.216.34 port 59590 [preauth]
Jan 20 04:58:22 host sshd[7615]: Invalid user sam from 20.189.74.132 port 46680
Jan 20 04:58:22 host sshd[7615]: input_userauth_request: invalid user sam [preauth]
Jan 20 04:58:22 host sshd[7615]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 04:58:22 host sshd[7615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.189.74.132
Jan 20 04:58:24 host sshd[7615]: Failed password for invalid user sam from 20.189.74.132 port 46680 ssh2
Jan 20 05:02:23 host sshd[8265]: Invalid user gt from 194.110.203.109 port 50586
Jan 20 05:02:23 host sshd[8265]: input_userauth_request: invalid user gt [preauth]
Jan 20 05:02:23 host sshd[8265]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:02:23 host sshd[8265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 05:02:25 host sshd[8265]: Failed password for invalid user gt from 194.110.203.109 port 50586 ssh2
Jan 20 05:02:29 host sshd[8265]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:02:31 host sshd[8265]: Failed password for invalid user gt from 194.110.203.109 port 50586 ssh2
Jan 20 05:02:34 host sshd[8265]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:02:36 host sshd[8265]: Failed password for invalid user gt from 194.110.203.109 port 50586 ssh2
Jan 20 05:02:39 host sshd[8265]: Connection closed by 194.110.203.109 port 50586 [preauth]
Jan 20 05:02:39 host sshd[8265]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 05:03:02 host sshd[8457]: Invalid user pdx from 176.214.78.72 port 55656
Jan 20 05:03:02 host sshd[8457]: input_userauth_request: invalid user pdx [preauth]
Jan 20 05:03:02 host sshd[8457]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:03:02 host sshd[8457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.214.78.72
Jan 20 05:03:03 host sshd[8457]: Failed password for invalid user pdx from 176.214.78.72 port 55656 ssh2
Jan 20 05:03:04 host sshd[8457]: Received disconnect from 176.214.78.72 port 55656:11: Bye Bye [preauth]
Jan 20 05:03:04 host sshd[8457]: Disconnected from 176.214.78.72 port 55656 [preauth]
Jan 20 05:04:12 host sshd[8584]: Connection reset by 110.3.254.213 port 57703 [preauth]
Jan 20 05:05:01 host sshd[8711]: Invalid user soporte from 107.172.99.124 port 54482
Jan 20 05:05:01 host sshd[8711]: input_userauth_request: invalid user soporte [preauth]
Jan 20 05:05:01 host sshd[8711]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:05:01 host sshd[8711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.99.124
Jan 20 05:05:02 host sshd[8711]: Failed password for invalid user soporte from 107.172.99.124 port 54482 ssh2
Jan 20 05:05:03 host sshd[8711]: Received disconnect from 107.172.99.124 port 54482:11: Bye Bye [preauth]
Jan 20 05:05:03 host sshd[8711]: Disconnected from 107.172.99.124 port 54482 [preauth]
Jan 20 05:06:38 host sshd[9007]: Invalid user exx from 176.214.78.72 port 44308
Jan 20 05:06:38 host sshd[9007]: input_userauth_request: invalid user exx [preauth]
Jan 20 05:06:38 host sshd[9007]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:06:38 host sshd[9007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.214.78.72
Jan 20 05:06:39 host sshd[9007]: Failed password for invalid user exx from 176.214.78.72 port 44308 ssh2
Jan 20 05:06:39 host sshd[9007]: Received disconnect from 176.214.78.72 port 44308:11: Bye Bye [preauth]
Jan 20 05:06:39 host sshd[9007]: Disconnected from 176.214.78.72 port 44308 [preauth]
Jan 20 05:07:46 host sshd[9204]: Invalid user mark from 176.214.78.72 port 59232
Jan 20 05:07:46 host sshd[9204]: input_userauth_request: invalid user mark [preauth]
Jan 20 05:07:46 host sshd[9204]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:07:46 host sshd[9204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.214.78.72
Jan 20 05:07:47 host sshd[9204]: Failed password for invalid user mark from 176.214.78.72 port 59232 ssh2
Jan 20 05:07:48 host sshd[9204]: Received disconnect from 176.214.78.72 port 59232:11: Bye Bye [preauth]
Jan 20 05:07:48 host sshd[9204]: Disconnected from 176.214.78.72 port 59232 [preauth]
Jan 20 05:07:51 host sshd[9300]: Invalid user oracle from 107.172.99.124 port 34476
Jan 20 05:07:51 host sshd[9300]: input_userauth_request: invalid user oracle [preauth]
Jan 20 05:07:51 host sshd[9300]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:07:51 host sshd[9300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.99.124
Jan 20 05:07:53 host sshd[9300]: Failed password for invalid user oracle from 107.172.99.124 port 34476 ssh2
Jan 20 05:07:53 host sshd[9300]: Received disconnect from 107.172.99.124 port 34476:11: Bye Bye [preauth]
Jan 20 05:07:53 host sshd[9300]: Disconnected from 107.172.99.124 port 34476 [preauth]
Jan 20 05:09:03 host sshd[9576]: Invalid user ftptest from 107.172.99.124 port 60932
Jan 20 05:09:03 host sshd[9576]: input_userauth_request: invalid user ftptest [preauth]
Jan 20 05:09:03 host sshd[9576]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:09:03 host sshd[9576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.99.124
Jan 20 05:09:05 host sshd[9576]: Failed password for invalid user ftptest from 107.172.99.124 port 60932 ssh2
Jan 20 05:14:00 host sshd[10572]: Invalid user admin from 112.173.152.22 port 59357
Jan 20 05:14:00 host sshd[10572]: input_userauth_request: invalid user admin [preauth]
Jan 20 05:14:00 host sshd[10572]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:14:00 host sshd[10572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.173.152.22
Jan 20 05:14:02 host sshd[10572]: Failed password for invalid user admin from 112.173.152.22 port 59357 ssh2
Jan 20 05:14:04 host sshd[10572]: Failed password for invalid user admin from 112.173.152.22 port 59357 ssh2
Jan 20 05:14:05 host sshd[10572]: Connection reset by 112.173.152.22 port 59357 [preauth]
Jan 20 05:17:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 05:17:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:17:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:17:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 05:17:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:17:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:17:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 05:17:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:17:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:17:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 05:17:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:17:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:17:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 05:17:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:17:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:17:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 05:17:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:17:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:17:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 05:17:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:17:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:20:52 host sshd[11579]: Invalid user pi from 59.126.136.195 port 53218
Jan 20 05:20:52 host sshd[11579]: input_userauth_request: invalid user pi [preauth]
Jan 20 05:20:52 host sshd[11579]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:20:52 host sshd[11579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.136.195
Jan 20 05:20:54 host sshd[11579]: Failed password for invalid user pi from 59.126.136.195 port 53218 ssh2
Jan 20 05:20:55 host sshd[11579]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:20:57 host sshd[11579]: Failed password for invalid user pi from 59.126.136.195 port 53218 ssh2
Jan 20 05:20:58 host sshd[11579]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:20:59 host sshd[11579]: Failed password for invalid user pi from 59.126.136.195 port 53218 ssh2
Jan 20 05:21:01 host sshd[11579]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:03 host sshd[11579]: Failed password for invalid user pi from 59.126.136.195 port 53218 ssh2
Jan 20 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:03 host sshd[11579]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:21:05 host sshd[11579]: Failed password for invalid user pi from 59.126.136.195 port 53218 ssh2
Jan 20 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwletsstalkfood user-2=straightcurve user-3=bonifacegroup user-4=wwwevmhonda user-5=wwwnexidigital user-6=mrsclean user-7=palco123 user-8=gifterman user-9=kottayamcalldriv user-10=phmetals user-11=woodpeck user-12=wwwkapin user-13=disposeat user-14=wwwkmaorg user-15=remysagr user-16=pmcresources user-17=vfmassets user-18=shalinijames user-19=wwwtestugo user-20=wwwpmcresource user-21=keralaholi user-22=wwwresourcehunte user-23=wwwrmswll user-24=ugotscom user-25=travelboniface user-26=cochintaxi user-27=wwwkaretakers user-28=laundryboniface user-29=a2zgroup user-30=dartsimp feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 05:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 05:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 05:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=evmhonda.com --output=json
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/test -e /home/wwwevmhonda/wordpress-backups
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 20 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=letsstalkfood.com --output=json
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/test -e /home/wwwletsstalkfood/wordpress-backups
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 20 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=mrsclean.co.in --output=json
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/test -e /home/mrsclean/wordpress-backups
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 20 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/test -e /home/mrsclean/wordpress-backups
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 20 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=shalinijames.com --output=json
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/test -e /home/shalinijames/wordpress-backups
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 20 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=testugo.in --output=json
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 20 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 20 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 20 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 20 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=ugotechnologies.com --output=json
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=woodpeckerindia.com --output=json
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/test -e /home/woodpeck/wordpress-backups
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 20 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=panlys.com --output=json
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/test -e /home/palco123/wordpress-backups
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 20 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=resourcehunters.com --output=json
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/test -e /home/wwwresourcehunte/wordpress-backups
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 20 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /var/cpanel/licenseid_credentials.json
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/cat /home/wwwletsstalkfood/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=straightcurve ; COMMAND=/bin/cat /home/straightcurve/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user straightcurve by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user straightcurve
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=bonifacegroup ; COMMAND=/bin/cat /home/bonifacegroup/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user bonifacegroup by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user bonifacegroup
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/cat /home/wwwevmhonda/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwnexidigital ; COMMAND=/bin/cat /home/wwwnexidigital/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user wwwnexidigital by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user wwwnexidigital
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/cat /home/mrsclean/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/cat /home/palco123/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=gifterman ; COMMAND=/bin/cat /home/gifterman/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user gifterman by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user gifterman
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=kottayamcalldriv ; COMMAND=/bin/cat /home/kottayamcalldriv/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user kottayamcalldriv by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user kottayamcalldriv
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=phmetals ; COMMAND=/bin/cat /home/phmetals/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user phmetals by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user phmetals
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/cat /home/woodpeck/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkapin ; COMMAND=/bin/cat /home/wwwkapin/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user wwwkapin by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user wwwkapin
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=disposeat ; COMMAND=/bin/cat /home/disposeat/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user disposeat by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user disposeat
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkmaorg ; COMMAND=/bin/cat /home/wwwkmaorg/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user wwwkmaorg by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user wwwkmaorg
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=remysagr ; COMMAND=/bin/cat /home/remysagr/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user remysagr by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user remysagr
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=pmcresources ; COMMAND=/bin/cat /home/pmcresources/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user pmcresources by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user pmcresources
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=vfmassets ; COMMAND=/bin/cat /home/vfmassets/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user vfmassets by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user vfmassets
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/cat /home/shalinijames/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/cat /home/wwwtestugo/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwpmcresource ; COMMAND=/bin/cat /home/wwwpmcresource/.wp-toolkit-identifier
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session opened for user wwwpmcresource by (uid=0)
Jan 20 05:21:09 host sudo: pam_unix(sudo:session): session closed for user wwwpmcresource
Jan 20 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/cat /home/keralaholi/.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -f /home/keralaholi/.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -e /home/keralaholi/-wpt-tmp-Mv0J0cEZ3xIMuTax.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/sh -c cat > /home/keralaholi/-wpt-tmp-Mv0J0cEZ3xIMuTax.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/cat /home/wwwresourcehunte/.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwrmswll ; COMMAND=/bin/cat /home/wwwrmswll/.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user wwwrmswll by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user wwwrmswll
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=travelboniface ; COMMAND=/bin/cat /home/travelboniface/.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user travelboniface by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user travelboniface
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=cochintaxi ; COMMAND=/bin/cat /home/cochintaxi/.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user cochintaxi by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user cochintaxi
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkaretakers ; COMMAND=/bin/cat /home/wwwkaretakers/.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user wwwkaretakers by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user wwwkaretakers
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=laundryboniface ; COMMAND=/bin/cat /home/laundryboniface/.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user laundryboniface by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user laundryboniface
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=a2zgroup ; COMMAND=/bin/cat /home/a2zgroup/.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user a2zgroup by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user a2zgroup
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=dartsimp ; COMMAND=/bin/cat /home/dartsimp/.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user dartsimp by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user dartsimp
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/cat /home/keralaholi/.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -f /home/keralaholi/.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -e /home/keralaholi/-wpt-tmp-RhmTmhypebGSA7KC.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/sh -c cat > /home/keralaholi/-wpt-tmp-RhmTmhypebGSA7KC.wp-toolkit-identifier
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_shared_ip --output=json
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_public_ip ip=167.71.234.10 --output=json
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-0VLgSTzHFpUhbCmq.~
Jan 20 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-0VLgSTzHFpUhbCmq.~'
Jan 20 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-0VLgSTzHFpUhbCmq.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 05:21:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 05:21:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 05:21:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 05:21:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:21:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 05:21:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 05:21:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 05:24:01 host sshd[12776]: Invalid user iodine from 104.244.74.6 port 50836
Jan 20 05:24:01 host sshd[12776]: input_userauth_request: invalid user iodine [preauth]
Jan 20 05:24:01 host sshd[12776]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:24:01 host sshd[12776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 20 05:24:04 host sshd[12776]: Failed password for invalid user iodine from 104.244.74.6 port 50836 ssh2
Jan 20 05:24:04 host sshd[12776]: Connection closed by 104.244.74.6 port 50836 [preauth]
Jan 20 05:29:30 host sshd[13658]: invalid public DH value: >= p-1 [preauth]
Jan 20 05:29:30 host sshd[13658]: ssh_dispatch_run_fatal: Connection from 150.116.101.214 port 46052: incomplete message [preauth]
Jan 20 05:41:51 host sshd[15752]: Invalid user admin from 219.85.185.117 port 37813
Jan 20 05:41:51 host sshd[15752]: input_userauth_request: invalid user admin [preauth]
Jan 20 05:41:51 host sshd[15752]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:41:51 host sshd[15752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.85.185.117
Jan 20 05:41:54 host sshd[15752]: Failed password for invalid user admin from 219.85.185.117 port 37813 ssh2
Jan 20 05:41:54 host sshd[15752]: Failed password for invalid user admin from 219.85.185.117 port 37813 ssh2
Jan 20 05:41:56 host sshd[15752]: Connection reset by 219.85.185.117 port 37813 [preauth]
Jan 20 05:49:21 host sshd[16926]: Did not receive identification string from 92.255.85.115 port 44803
Jan 20 05:52:48 host sshd[17645]: Invalid user ariel from 122.169.53.234 port 38504
Jan 20 05:52:48 host sshd[17645]: input_userauth_request: invalid user ariel [preauth]
Jan 20 05:52:48 host sshd[17645]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:52:48 host sshd[17645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.169.53.234
Jan 20 05:52:50 host sshd[17645]: Failed password for invalid user ariel from 122.169.53.234 port 38504 ssh2
Jan 20 05:52:50 host sshd[17645]: Received disconnect from 122.169.53.234 port 38504:11: Bye Bye [preauth]
Jan 20 05:52:50 host sshd[17645]: Disconnected from 122.169.53.234 port 38504 [preauth]
Jan 20 05:57:19 host sshd[18294]: Invalid user minecraft from 117.158.56.11 port 9571
Jan 20 05:57:19 host sshd[18294]: input_userauth_request: invalid user minecraft [preauth]
Jan 20 05:57:19 host sshd[18294]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:57:19 host sshd[18294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.158.56.11
Jan 20 05:57:21 host sshd[18294]: Failed password for invalid user minecraft from 117.158.56.11 port 9571 ssh2
Jan 20 05:57:21 host sshd[18294]: Received disconnect from 117.158.56.11 port 9571:11: Bye Bye [preauth]
Jan 20 05:57:21 host sshd[18294]: Disconnected from 117.158.56.11 port 9571 [preauth]
Jan 20 05:58:45 host sshd[18477]: Invalid user joe from 45.189.223.71 port 43898
Jan 20 05:58:45 host sshd[18477]: input_userauth_request: invalid user joe [preauth]
Jan 20 05:58:45 host sshd[18477]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:58:45 host sshd[18477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.189.223.71
Jan 20 05:58:47 host sshd[18477]: Failed password for invalid user joe from 45.189.223.71 port 43898 ssh2
Jan 20 05:58:47 host sshd[18477]: Received disconnect from 45.189.223.71 port 43898:11: Bye Bye [preauth]
Jan 20 05:58:47 host sshd[18477]: Disconnected from 45.189.223.71 port 43898 [preauth]
Jan 20 05:58:55 host sshd[18496]: Invalid user ariel from 122.169.53.234 port 56776
Jan 20 05:58:55 host sshd[18496]: input_userauth_request: invalid user ariel [preauth]
Jan 20 05:58:55 host sshd[18496]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 05:58:55 host sshd[18496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.169.53.234
Jan 20 05:58:57 host sshd[18496]: Failed password for invalid user ariel from 122.169.53.234 port 56776 ssh2
Jan 20 05:58:57 host sshd[18496]: Received disconnect from 122.169.53.234 port 56776:11: Bye Bye [preauth]
Jan 20 05:58:57 host sshd[18496]: Disconnected from 122.169.53.234 port 56776 [preauth]
Jan 20 06:00:30 host sshd[18709]: Invalid user spark from 122.169.53.234 port 54012
Jan 20 06:00:30 host sshd[18709]: input_userauth_request: invalid user spark [preauth]
Jan 20 06:00:30 host sshd[18709]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:00:30 host sshd[18709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.169.53.234
Jan 20 06:00:32 host sshd[18709]: Failed password for invalid user spark from 122.169.53.234 port 54012 ssh2
Jan 20 06:00:32 host sshd[18709]: Received disconnect from 122.169.53.234 port 54012:11: Bye Bye [preauth]
Jan 20 06:00:32 host sshd[18709]: Disconnected from 122.169.53.234 port 54012 [preauth]
Jan 20 06:01:23 host sshd[18834]: Invalid user chris from 45.189.223.71 port 47014
Jan 20 06:01:23 host sshd[18834]: input_userauth_request: invalid user chris [preauth]
Jan 20 06:01:23 host sshd[18834]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:01:23 host sshd[18834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.189.223.71
Jan 20 06:01:25 host sshd[18834]: Failed password for invalid user chris from 45.189.223.71 port 47014 ssh2
Jan 20 06:01:25 host sshd[18834]: Received disconnect from 45.189.223.71 port 47014:11: Bye Bye [preauth]
Jan 20 06:01:25 host sshd[18834]: Disconnected from 45.189.223.71 port 47014 [preauth]
Jan 20 06:01:44 host sshd[18889]: Invalid user vadmin from 114.33.111.172 port 53716
Jan 20 06:01:44 host sshd[18889]: input_userauth_request: invalid user vadmin [preauth]
Jan 20 06:01:44 host sshd[18889]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:01:44 host sshd[18889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.111.172
Jan 20 06:01:46 host sshd[18889]: Failed password for invalid user vadmin from 114.33.111.172 port 53716 ssh2
Jan 20 06:01:46 host sshd[18889]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:01:48 host sshd[18889]: Failed password for invalid user vadmin from 114.33.111.172 port 53716 ssh2
Jan 20 06:01:49 host sshd[18889]: Connection reset by 114.33.111.172 port 53716 [preauth]
Jan 20 06:01:49 host sshd[18889]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.111.172
Jan 20 06:02:42 host sshd[19113]: Invalid user leo from 45.189.223.71 port 41722
Jan 20 06:02:42 host sshd[19113]: input_userauth_request: invalid user leo [preauth]
Jan 20 06:02:42 host sshd[19113]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:02:42 host sshd[19113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.189.223.71
Jan 20 06:02:44 host sshd[19113]: Failed password for invalid user leo from 45.189.223.71 port 41722 ssh2
Jan 20 06:02:45 host sshd[19113]: Received disconnect from 45.189.223.71 port 41722:11: Bye Bye [preauth]
Jan 20 06:02:45 host sshd[19113]: Disconnected from 45.189.223.71 port 41722 [preauth]
Jan 20 06:03:51 host sshd[19367]: Bad protocol version identification '' from 223.112.131.34 port 42330
Jan 20 06:04:24 host sshd[19456]: Invalid user admin from 92.255.85.115 port 16112
Jan 20 06:04:24 host sshd[19456]: input_userauth_request: invalid user admin [preauth]
Jan 20 06:04:24 host sshd[19456]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:04:24 host sshd[19456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.255.85.115
Jan 20 06:04:26 host sshd[19456]: Failed password for invalid user admin from 92.255.85.115 port 16112 ssh2
Jan 20 06:04:26 host sshd[19456]: Connection reset by 92.255.85.115 port 16112 [preauth]
Jan 20 06:08:14 host sshd[20081]: Invalid user cesar from 117.158.56.11 port 58654
Jan 20 06:08:14 host sshd[20081]: input_userauth_request: invalid user cesar [preauth]
Jan 20 06:08:14 host sshd[20081]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:08:14 host sshd[20081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.158.56.11
Jan 20 06:08:17 host sshd[20081]: Failed password for invalid user cesar from 117.158.56.11 port 58654 ssh2
Jan 20 06:08:17 host sshd[20081]: Received disconnect from 117.158.56.11 port 58654:11: Bye Bye [preauth]
Jan 20 06:08:17 host sshd[20081]: Disconnected from 117.158.56.11 port 58654 [preauth]
Jan 20 06:09:14 host sshd[20252]: Invalid user airflow from 117.158.56.11 port 1916
Jan 20 06:09:14 host sshd[20252]: input_userauth_request: invalid user airflow [preauth]
Jan 20 06:09:14 host sshd[20252]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:09:14 host sshd[20252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.158.56.11
Jan 20 06:09:16 host sshd[20252]: Failed password for invalid user airflow from 117.158.56.11 port 1916 ssh2
Jan 20 06:10:26 host sshd[20468]: invalid public DH value: >= p-1 [preauth]
Jan 20 06:10:26 host sshd[20468]: ssh_dispatch_run_fatal: Connection from 211.3.78.212 port 47641: incomplete message [preauth]
Jan 20 06:10:56 host sshd[20548]: Invalid user support from 92.255.85.115 port 1135
Jan 20 06:10:56 host sshd[20548]: input_userauth_request: invalid user support [preauth]
Jan 20 06:10:56 host sshd[20548]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:10:56 host sshd[20548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.255.85.115
Jan 20 06:10:58 host sshd[20548]: Failed password for invalid user support from 92.255.85.115 port 1135 ssh2
Jan 20 06:10:58 host sshd[20548]: Connection reset by 92.255.85.115 port 1135 [preauth]
Jan 20 06:11:53 host sshd[20731]: Invalid user admin from 222.97.217.78 port 55581
Jan 20 06:11:53 host sshd[20731]: input_userauth_request: invalid user admin [preauth]
Jan 20 06:11:53 host sshd[20731]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:11:53 host sshd[20731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.97.217.78
Jan 20 06:11:55 host sshd[20731]: Failed password for invalid user admin from 222.97.217.78 port 55581 ssh2
Jan 20 06:11:56 host sshd[20731]: Failed password for invalid user admin from 222.97.217.78 port 55581 ssh2
Jan 20 06:11:56 host sshd[20731]: Connection reset by 222.97.217.78 port 55581 [preauth]
Jan 20 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 06:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 06:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkapin user-2=woodpeck user-3=remysagr user-4=disposeat user-5=wwwkmaorg user-6=pmcresources user-7=wwwtestugo user-8=shalinijames user-9=vfmassets user-10=wwwletsstalkfood user-11=straightcurve user-12=wwwevmhonda user-13=bonifacegroup user-14=mrsclean user-15=wwwnexidigital user-16=kottayamcalldriv user-17=phmetals user-18=gifterman user-19=palco123 user-20=cochintaxi user-21=wwwkaretakers user-22=laundryboniface user-23=dartsimp user-24=a2zgroup user-25=wwwpmcresource user-26=ugotscom user-27=wwwrmswll user-28=wwwresourcehunte user-29=keralaholi user-30=travelboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 06:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 06:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 06:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-hdCeKSpbrH46YK9k.~
Jan 20 06:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-hdCeKSpbrH46YK9k.~'
Jan 20 06:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-hdCeKSpbrH46YK9k.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 06:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 06:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 06:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 06:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 06:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 06:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 06:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 06:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 06:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 06:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 06:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 06:22:13 host sshd[23043]: User root from 220.132.113.133 not allowed because not listed in AllowUsers
Jan 20 06:22:13 host sshd[23043]: input_userauth_request: invalid user root [preauth]
Jan 20 06:22:14 host unix_chkpwd[23051]: password check failed for user (root)
Jan 20 06:22:14 host sshd[23043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.113.133 user=root
Jan 20 06:22:14 host sshd[23043]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 06:22:16 host sshd[23043]: Failed password for invalid user root from 220.132.113.133 port 53480 ssh2
Jan 20 06:22:16 host unix_chkpwd[23074]: password check failed for user (root)
Jan 20 06:22:16 host sshd[23043]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 06:22:18 host sshd[23043]: Failed password for invalid user root from 220.132.113.133 port 53480 ssh2
Jan 20 06:22:19 host sshd[23043]: Connection reset by 220.132.113.133 port 53480 [preauth]
Jan 20 06:22:19 host sshd[23043]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.113.133 user=root
Jan 20 06:26:07 host sshd[23901]: Connection closed by 45.79.128.205 port 58542 [preauth]
Jan 20 06:26:09 host sshd[23906]: Connection closed by 45.79.128.205 port 58548 [preauth]
Jan 20 06:26:12 host sshd[23912]: Connection closed by 45.79.128.205 port 58550 [preauth]
Jan 20 06:26:26 host sshd[23939]: Invalid user vadmin from 118.41.74.95 port 62226
Jan 20 06:26:26 host sshd[23939]: input_userauth_request: invalid user vadmin [preauth]
Jan 20 06:26:26 host sshd[23939]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:26:26 host sshd[23939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.41.74.95
Jan 20 06:26:28 host sshd[23939]: Failed password for invalid user vadmin from 118.41.74.95 port 62226 ssh2
Jan 20 06:26:29 host sshd[23939]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:26:31 host sshd[23939]: Failed password for invalid user vadmin from 118.41.74.95 port 62226 ssh2
Jan 20 06:26:32 host sshd[23939]: Failed password for invalid user vadmin from 118.41.74.95 port 62226 ssh2
Jan 20 06:26:32 host sshd[23939]: Connection closed by 118.41.74.95 port 62226 [preauth]
Jan 20 06:26:32 host sshd[23939]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.41.74.95
Jan 20 06:28:46 host sshd[24296]: Invalid user steam from 121.155.155.32 port 60588
Jan 20 06:28:46 host sshd[24296]: input_userauth_request: invalid user steam [preauth]
Jan 20 06:28:46 host sshd[24296]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:28:46 host sshd[24296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.155.155.32
Jan 20 06:28:49 host sshd[24296]: Failed password for invalid user steam from 121.155.155.32 port 60588 ssh2
Jan 20 06:28:49 host sshd[24296]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:28:51 host sshd[24296]: Failed password for invalid user steam from 121.155.155.32 port 60588 ssh2
Jan 20 06:28:51 host sshd[24296]: Failed password for invalid user steam from 121.155.155.32 port 60588 ssh2
Jan 20 06:28:52 host sshd[24296]: Connection closed by 121.155.155.32 port 60588 [preauth]
Jan 20 06:28:52 host sshd[24296]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.155.155.32
Jan 20 06:29:25 host sshd[24367]: Invalid user user from 59.126.44.87 port 48584
Jan 20 06:29:25 host sshd[24367]: input_userauth_request: invalid user user [preauth]
Jan 20 06:29:25 host sshd[24367]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:29:25 host sshd[24367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.44.87
Jan 20 06:29:26 host sshd[24367]: Failed password for invalid user user from 59.126.44.87 port 48584 ssh2
Jan 20 06:29:27 host sshd[24367]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:29:29 host sshd[24367]: Failed password for invalid user user from 59.126.44.87 port 48584 ssh2
Jan 20 06:29:29 host sshd[24367]: Connection reset by 59.126.44.87 port 48584 [preauth]
Jan 20 06:29:29 host sshd[24367]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.44.87
Jan 20 06:50:52 host sshd[28700]: Invalid user gu from 194.110.203.109 port 57520
Jan 20 06:50:52 host sshd[28700]: input_userauth_request: invalid user gu [preauth]
Jan 20 06:50:52 host sshd[28700]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:50:52 host sshd[28700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 06:50:53 host sshd[28700]: Failed password for invalid user gu from 194.110.203.109 port 57520 ssh2
Jan 20 06:50:57 host sshd[28700]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:50:59 host sshd[28700]: Failed password for invalid user gu from 194.110.203.109 port 57520 ssh2
Jan 20 06:51:02 host sshd[28700]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:51:04 host sshd[28700]: Failed password for invalid user gu from 194.110.203.109 port 57520 ssh2
Jan 20 06:51:07 host sshd[28700]: Connection closed by 194.110.203.109 port 57520 [preauth]
Jan 20 06:51:07 host sshd[28700]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 06:53:06 host sshd[29093]: User sshd from 194.169.175.102 not allowed because not listed in AllowUsers
Jan 20 06:53:06 host sshd[29093]: input_userauth_request: invalid user sshd [preauth]
Jan 20 06:53:06 host unix_chkpwd[29096]: password check failed for user (sshd)
Jan 20 06:53:06 host sshd[29093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 user=sshd
Jan 20 06:53:06 host sshd[29093]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd"
Jan 20 06:53:08 host sshd[29093]: Failed password for invalid user sshd from 194.169.175.102 port 52160 ssh2
Jan 20 06:53:08 host sshd[29093]: Received disconnect from 194.169.175.102 port 52160:11: Client disconnecting normally [preauth]
Jan 20 06:53:08 host sshd[29093]: Disconnected from 194.169.175.102 port 52160 [preauth]
Jan 20 06:53:42 host sshd[29161]: invalid public DH value: >= p-1 [preauth]
Jan 20 06:53:42 host sshd[29161]: ssh_dispatch_run_fatal: Connection from 123.142.34.62 port 50238: incomplete message [preauth]
Jan 20 06:55:13 host sshd[29362]: Invalid user dnsmasq from 205.185.113.129 port 60412
Jan 20 06:55:13 host sshd[29362]: input_userauth_request: invalid user dnsmasq [preauth]
Jan 20 06:55:13 host sshd[29362]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 06:55:13 host sshd[29362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 20 06:55:15 host sshd[29362]: Failed password for invalid user dnsmasq from 205.185.113.129 port 60412 ssh2
Jan 20 06:55:16 host sshd[29362]: Connection closed by 205.185.113.129 port 60412 [preauth]
Jan 20 06:58:04 host sshd[29806]: User root from 77.22.0.212 not allowed because not listed in AllowUsers
Jan 20 06:58:04 host sshd[29806]: input_userauth_request: invalid user root [preauth]
Jan 20 06:58:04 host unix_chkpwd[29826]: password check failed for user (root)
Jan 20 06:58:04 host sshd[29806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.22.0.212 user=root
Jan 20 06:58:04 host sshd[29806]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 06:58:06 host sshd[29806]: Failed password for invalid user root from 77.22.0.212 port 47366 ssh2
Jan 20 06:58:07 host unix_chkpwd[29830]: password check failed for user (root)
Jan 20 06:58:07 host sshd[29806]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 06:58:09 host sshd[29806]: Failed password for invalid user root from 77.22.0.212 port 47366 ssh2
Jan 20 06:58:09 host sshd[29806]: Connection closed by 77.22.0.212 port 47366 [preauth]
Jan 20 06:58:09 host sshd[29806]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.22.0.212 user=root
Jan 20 07:07:16 host sshd[31238]: User root from 122.116.130.164 not allowed because not listed in AllowUsers
Jan 20 07:07:16 host sshd[31238]: input_userauth_request: invalid user root [preauth]
Jan 20 07:07:16 host unix_chkpwd[31245]: password check failed for user (root)
Jan 20 07:07:16 host sshd[31238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.130.164 user=root
Jan 20 07:07:16 host sshd[31238]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 07:07:17 host sshd[31238]: Failed password for invalid user root from 122.116.130.164 port 44726 ssh2
Jan 20 07:07:18 host unix_chkpwd[31250]: password check failed for user (root)
Jan 20 07:07:18 host sshd[31238]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 07:07:20 host sshd[31238]: Failed password for invalid user root from 122.116.130.164 port 44726 ssh2
Jan 20 07:07:21 host unix_chkpwd[31257]: password check failed for user (root)
Jan 20 07:07:21 host sshd[31238]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 07:07:23 host sshd[31238]: Failed password for invalid user root from 122.116.130.164 port 44726 ssh2
Jan 20 07:07:25 host unix_chkpwd[31270]: password check failed for user (root)
Jan 20 07:07:25 host sshd[31238]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 07:07:27 host sshd[31238]: Failed password for invalid user root from 122.116.130.164 port 44726 ssh2
Jan 20 07:07:28 host unix_chkpwd[31278]: password check failed for user (root)
Jan 20 07:07:28 host sshd[31238]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 07:07:29 host sshd[31238]: Failed password for invalid user root from 122.116.130.164 port 44726 ssh2
Jan 20 07:17:12 host sshd[738]: Invalid user admin from 121.191.9.204 port 58924
Jan 20 07:17:12 host sshd[738]: input_userauth_request: invalid user admin [preauth]
Jan 20 07:17:12 host sshd[738]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:17:12 host sshd[738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.191.9.204
Jan 20 07:17:14 host sshd[738]: Failed password for invalid user admin from 121.191.9.204 port 58924 ssh2
Jan 20 07:17:15 host sshd[738]: Failed password for invalid user admin from 121.191.9.204 port 58924 ssh2
Jan 20 07:17:15 host sshd[738]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:17:17 host sshd[738]: Failed password for invalid user admin from 121.191.9.204 port 58924 ssh2
Jan 20 07:17:17 host sshd[738]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:17:19 host sshd[738]: Failed password for invalid user admin from 121.191.9.204 port 58924 ssh2
Jan 20 07:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 07:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 07:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=wwwrmswll user-4=keralaholi user-5=wwwresourcehunte user-6=ugotscom user-7=wwwkaretakers user-8=cochintaxi user-9=dartsimp user-10=a2zgroup user-11=laundryboniface user-12=bonifacegroup user-13=wwwevmhonda user-14=wwwletsstalkfood user-15=straightcurve user-16=gifterman user-17=palco123 user-18=kottayamcalldriv user-19=phmetals user-20=wwwnexidigital user-21=mrsclean user-22=disposeat user-23=wwwkmaorg user-24=remysagr user-25=wwwkapin user-26=woodpeck user-27=vfmassets user-28=wwwtestugo user-29=shalinijames user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 07:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-sX56DdjtdKwCEZ1g.~
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-sX56DdjtdKwCEZ1g.~'
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-sX56DdjtdKwCEZ1g.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 07:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 07:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 07:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 07:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 07:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 07:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 07:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 07:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 07:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 07:24:00 host sshd[2127]: Connection reset by 124.84.240.252 port 61865 [preauth]
Jan 20 07:30:35 host sshd[3049]: User root from 123.240.190.58 not allowed because not listed in AllowUsers
Jan 20 07:30:35 host sshd[3049]: input_userauth_request: invalid user root [preauth]
Jan 20 07:30:35 host unix_chkpwd[3052]: password check failed for user (root)
Jan 20 07:30:35 host sshd[3049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.240.190.58 user=root
Jan 20 07:30:35 host sshd[3049]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 07:30:37 host sshd[3049]: Failed password for invalid user root from 123.240.190.58 port 36925 ssh2
Jan 20 07:30:37 host sshd[3049]: Connection reset by 123.240.190.58 port 36925 [preauth]
Jan 20 07:31:00 host sshd[3083]: Invalid user it from 79.66.75.35 port 36790
Jan 20 07:31:00 host sshd[3083]: input_userauth_request: invalid user it [preauth]
Jan 20 07:31:00 host sshd[3083]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:31:00 host sshd[3083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.66.75.35
Jan 20 07:31:02 host sshd[3083]: Failed password for invalid user it from 79.66.75.35 port 36790 ssh2
Jan 20 07:31:03 host sshd[3083]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:31:05 host sshd[3083]: Failed password for invalid user it from 79.66.75.35 port 36790 ssh2
Jan 20 07:31:06 host sshd[3083]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:31:08 host sshd[3083]: Failed password for invalid user it from 79.66.75.35 port 36790 ssh2
Jan 20 07:31:08 host sshd[3083]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:31:11 host sshd[3083]: Failed password for invalid user it from 79.66.75.35 port 36790 ssh2
Jan 20 07:31:11 host sshd[3083]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:31:14 host sshd[3083]: Failed password for invalid user it from 79.66.75.35 port 36790 ssh2
Jan 20 07:31:14 host sshd[3083]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:31:17 host sshd[3083]: Failed password for invalid user it from 79.66.75.35 port 36790 ssh2
Jan 20 07:31:17 host sshd[3083]: error: maximum authentication attempts exceeded for invalid user it from 79.66.75.35 port 36790 ssh2 [preauth]
Jan 20 07:31:17 host sshd[3083]: Disconnecting: Too many authentication failures [preauth]
Jan 20 07:31:17 host sshd[3083]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.66.75.35
Jan 20 07:31:17 host sshd[3083]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 20 07:33:37 host sshd[3659]: Invalid user gitlab-runner from 54.38.156.147 port 47174
Jan 20 07:33:37 host sshd[3659]: input_userauth_request: invalid user gitlab-runner [preauth]
Jan 20 07:33:37 host sshd[3659]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:33:37 host sshd[3659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.156.147
Jan 20 07:33:39 host sshd[3659]: Failed password for invalid user gitlab-runner from 54.38.156.147 port 47174 ssh2
Jan 20 07:33:39 host sshd[3659]: Received disconnect from 54.38.156.147 port 47174:11: Bye Bye [preauth]
Jan 20 07:33:39 host sshd[3659]: Disconnected from 54.38.156.147 port 47174 [preauth]
Jan 20 07:35:17 host sshd[3835]: Invalid user sammy from 206.189.38.110 port 49072
Jan 20 07:35:17 host sshd[3835]: input_userauth_request: invalid user sammy [preauth]
Jan 20 07:35:17 host sshd[3835]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:35:17 host sshd[3835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.38.110
Jan 20 07:35:19 host sshd[3835]: Failed password for invalid user sammy from 206.189.38.110 port 49072 ssh2
Jan 20 07:35:19 host sshd[3835]: Received disconnect from 206.189.38.110 port 49072:11: Bye Bye [preauth]
Jan 20 07:35:19 host sshd[3835]: Disconnected from 206.189.38.110 port 49072 [preauth]
Jan 20 07:36:36 host sshd[4111]: Invalid user default from 59.24.127.242 port 62454
Jan 20 07:36:36 host sshd[4111]: input_userauth_request: invalid user default [preauth]
Jan 20 07:36:36 host sshd[4111]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:36:36 host sshd[4111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.24.127.242
Jan 20 07:36:38 host sshd[4111]: Failed password for invalid user default from 59.24.127.242 port 62454 ssh2
Jan 20 07:36:39 host sshd[4111]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:36:41 host sshd[4111]: Failed password for invalid user default from 59.24.127.242 port 62454 ssh2
Jan 20 07:36:43 host sshd[4111]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:36:45 host sshd[4111]: Failed password for invalid user default from 59.24.127.242 port 62454 ssh2
Jan 20 07:36:46 host sshd[4111]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:36:48 host sshd[4111]: Failed password for invalid user default from 59.24.127.242 port 62454 ssh2
Jan 20 07:36:48 host sshd[4111]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:36:50 host sshd[4111]: Failed password for invalid user default from 59.24.127.242 port 62454 ssh2
Jan 20 07:37:58 host sshd[4293]: Invalid user system from 47.157.173.196 port 59020
Jan 20 07:37:58 host sshd[4293]: input_userauth_request: invalid user system [preauth]
Jan 20 07:37:58 host sshd[4293]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:37:58 host sshd[4293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.157.173.196
Jan 20 07:37:59 host sshd[4293]: Failed password for invalid user system from 47.157.173.196 port 59020 ssh2
Jan 20 07:38:00 host sshd[4293]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:38:02 host sshd[4293]: Failed password for invalid user system from 47.157.173.196 port 59020 ssh2
Jan 20 07:38:03 host sshd[4293]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:38:06 host sshd[4293]: Failed password for invalid user system from 47.157.173.196 port 59020 ssh2
Jan 20 07:38:08 host sshd[4293]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:38:10 host sshd[4293]: Failed password for invalid user system from 47.157.173.196 port 59020 ssh2
Jan 20 07:38:13 host sshd[4293]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:38:15 host sshd[4293]: Failed password for invalid user system from 47.157.173.196 port 59020 ssh2
Jan 20 07:38:35 host sshd[4404]: Invalid user usr from 118.41.245.98 port 62613
Jan 20 07:38:35 host sshd[4404]: input_userauth_request: invalid user usr [preauth]
Jan 20 07:38:35 host sshd[4404]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:38:35 host sshd[4404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.41.245.98
Jan 20 07:38:37 host sshd[4404]: Failed password for invalid user usr from 118.41.245.98 port 62613 ssh2
Jan 20 07:38:38 host sshd[4404]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:38:40 host sshd[4404]: Failed password for invalid user usr from 118.41.245.98 port 62613 ssh2
Jan 20 07:38:41 host sshd[4404]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:38:42 host sshd[4404]: Failed password for invalid user usr from 118.41.245.98 port 62613 ssh2
Jan 20 07:38:44 host sshd[4404]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:38:46 host sshd[4404]: Failed password for invalid user usr from 118.41.245.98 port 62613 ssh2
Jan 20 07:38:46 host sshd[4404]: Connection reset by 118.41.245.98 port 62613 [preauth]
Jan 20 07:38:46 host sshd[4404]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.41.245.98
Jan 20 07:38:46 host sshd[4404]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 20 07:38:47 host sshd[4426]: Invalid user shiny from 147.182.188.81 port 57502
Jan 20 07:38:47 host sshd[4426]: input_userauth_request: invalid user shiny [preauth]
Jan 20 07:38:47 host sshd[4426]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:38:47 host sshd[4426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.188.81
Jan 20 07:38:49 host sshd[4426]: Failed password for invalid user shiny from 147.182.188.81 port 57502 ssh2
Jan 20 07:38:49 host sshd[4426]: Received disconnect from 147.182.188.81 port 57502:11: Bye Bye [preauth]
Jan 20 07:38:49 host sshd[4426]: Disconnected from 147.182.188.81 port 57502 [preauth]
Jan 20 07:38:59 host sshd[4480]: Invalid user test from 54.38.156.147 port 57756
Jan 20 07:38:59 host sshd[4480]: input_userauth_request: invalid user test [preauth]
Jan 20 07:38:59 host sshd[4480]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:38:59 host sshd[4480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.156.147
Jan 20 07:39:01 host sshd[4480]: Failed password for invalid user test from 54.38.156.147 port 57756 ssh2
Jan 20 07:39:01 host sshd[4480]: Received disconnect from 54.38.156.147 port 57756:11: Bye Bye [preauth]
Jan 20 07:39:01 host sshd[4480]: Disconnected from 54.38.156.147 port 57756 [preauth]
Jan 20 07:39:04 host sshd[4512]: Invalid user ONTUSER from 59.126.160.245 port 55210
Jan 20 07:39:04 host sshd[4512]: input_userauth_request: invalid user ONTUSER [preauth]
Jan 20 07:39:04 host sshd[4512]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:39:04 host sshd[4512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.160.245
Jan 20 07:39:06 host sshd[4512]: Failed password for invalid user ONTUSER from 59.126.160.245 port 55210 ssh2
Jan 20 07:39:06 host sshd[4512]: Connection reset by 59.126.160.245 port 55210 [preauth]
Jan 20 07:39:20 host sshd[4574]: Did not receive identification string from 171.235.243.122 port 40679
Jan 20 07:39:57 host sshd[4650]: Invalid user scan from 147.182.188.81 port 56642
Jan 20 07:39:57 host sshd[4650]: input_userauth_request: invalid user scan [preauth]
Jan 20 07:39:57 host sshd[4650]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:39:57 host sshd[4650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.188.81
Jan 20 07:40:00 host sshd[4650]: Failed password for invalid user scan from 147.182.188.81 port 56642 ssh2
Jan 20 07:40:00 host sshd[4650]: Received disconnect from 147.182.188.81 port 56642:11: Bye Bye [preauth]
Jan 20 07:40:00 host sshd[4650]: Disconnected from 147.182.188.81 port 56642 [preauth]
Jan 20 07:40:05 host sshd[4690]: Invalid user vpn from 54.38.156.147 port 34614
Jan 20 07:40:05 host sshd[4690]: input_userauth_request: invalid user vpn [preauth]
Jan 20 07:40:05 host sshd[4690]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:40:05 host sshd[4690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.156.147
Jan 20 07:40:06 host sshd[4693]: Invalid user prueba from 143.244.130.229 port 46142
Jan 20 07:40:06 host sshd[4693]: input_userauth_request: invalid user prueba [preauth]
Jan 20 07:40:06 host sshd[4693]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:40:06 host sshd[4693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.244.130.229
Jan 20 07:40:07 host sshd[4690]: Failed password for invalid user vpn from 54.38.156.147 port 34614 ssh2
Jan 20 07:40:07 host sshd[4690]: Received disconnect from 54.38.156.147 port 34614:11: Bye Bye [preauth]
Jan 20 07:40:07 host sshd[4690]: Disconnected from 54.38.156.147 port 34614 [preauth]
Jan 20 07:40:08 host sshd[4693]: Failed password for invalid user prueba from 143.244.130.229 port 46142 ssh2
Jan 20 07:40:08 host sshd[4693]: Received disconnect from 143.244.130.229 port 46142:11: Bye Bye [preauth]
Jan 20 07:40:08 host sshd[4693]: Disconnected from 143.244.130.229 port 46142 [preauth]
Jan 20 07:40:36 host sshd[4783]: Invalid user gerrit from 206.189.38.110 port 49332
Jan 20 07:40:36 host sshd[4783]: input_userauth_request: invalid user gerrit [preauth]
Jan 20 07:40:36 host sshd[4783]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:40:36 host sshd[4783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.38.110
Jan 20 07:40:37 host sshd[4783]: Failed password for invalid user gerrit from 206.189.38.110 port 49332 ssh2
Jan 20 07:40:37 host sshd[4783]: Received disconnect from 206.189.38.110 port 49332:11: Bye Bye [preauth]
Jan 20 07:40:37 host sshd[4783]: Disconnected from 206.189.38.110 port 49332 [preauth]
Jan 20 07:41:04 host sshd[4830]: Invalid user angelica from 147.182.188.81 port 55622
Jan 20 07:41:04 host sshd[4830]: input_userauth_request: invalid user angelica [preauth]
Jan 20 07:41:04 host sshd[4830]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:41:04 host sshd[4830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.188.81
Jan 20 07:41:06 host sshd[4830]: Failed password for invalid user angelica from 147.182.188.81 port 55622 ssh2
Jan 20 07:41:30 host sshd[5012]: Invalid user vbox from 143.244.130.229 port 45750
Jan 20 07:41:30 host sshd[5012]: input_userauth_request: invalid user vbox [preauth]
Jan 20 07:41:30 host sshd[5012]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:41:30 host sshd[5012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.244.130.229
Jan 20 07:41:32 host sshd[5012]: Failed password for invalid user vbox from 143.244.130.229 port 45750 ssh2
Jan 20 07:41:32 host sshd[5012]: Received disconnect from 143.244.130.229 port 45750:11: Bye Bye [preauth]
Jan 20 07:41:32 host sshd[5012]: Disconnected from 143.244.130.229 port 45750 [preauth]
Jan 20 07:41:49 host sshd[5036]: User adm from 206.189.38.110 not allowed because not listed in AllowUsers
Jan 20 07:41:49 host sshd[5036]: input_userauth_request: invalid user adm [preauth]
Jan 20 07:41:49 host unix_chkpwd[5038]: password check failed for user (adm)
Jan 20 07:41:49 host sshd[5036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.38.110 user=adm
Jan 20 07:41:49 host sshd[5036]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "adm"
Jan 20 07:41:51 host sshd[5036]: Failed password for invalid user adm from 206.189.38.110 port 38118 ssh2
Jan 20 07:41:51 host sshd[5036]: Received disconnect from 206.189.38.110 port 38118:11: Bye Bye [preauth]
Jan 20 07:41:51 host sshd[5036]: Disconnected from 206.189.38.110 port 38118 [preauth]
Jan 20 07:42:52 host sshd[5191]: Invalid user monitor from 143.244.130.229 port 53304
Jan 20 07:42:52 host sshd[5191]: input_userauth_request: invalid user monitor [preauth]
Jan 20 07:42:52 host sshd[5191]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:42:52 host sshd[5191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.244.130.229
Jan 20 07:42:53 host sshd[5191]: Failed password for invalid user monitor from 143.244.130.229 port 53304 ssh2
Jan 20 07:42:53 host sshd[5191]: Received disconnect from 143.244.130.229 port 53304:11: Bye Bye [preauth]
Jan 20 07:42:53 host sshd[5191]: Disconnected from 143.244.130.229 port 53304 [preauth]
Jan 20 07:44:30 host sshd[5554]: Did not receive identification string from 104.152.52.227 port 40668
Jan 20 07:54:47 host sshd[7326]: Connection reset by 59.4.109.72 port 63769 [preauth]
Jan 20 07:56:52 host sshd[7704]: User root from 59.28.194.230 not allowed because not listed in AllowUsers
Jan 20 07:56:52 host sshd[7704]: input_userauth_request: invalid user root [preauth]
Jan 20 07:56:52 host unix_chkpwd[7710]: password check failed for user (root)
Jan 20 07:56:52 host sshd[7704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.28.194.230 user=root
Jan 20 07:56:52 host sshd[7704]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 07:56:54 host sshd[7704]: Failed password for invalid user root from 59.28.194.230 port 60395 ssh2
Jan 20 07:57:04 host sshd[7740]: Invalid user steam from 221.155.248.14 port 62971
Jan 20 07:57:04 host sshd[7740]: input_userauth_request: invalid user steam [preauth]
Jan 20 07:57:04 host sshd[7740]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 07:57:04 host sshd[7740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.155.248.14
Jan 20 07:57:06 host sshd[7740]: Failed password for invalid user steam from 221.155.248.14 port 62971 ssh2
Jan 20 08:05:00 host sshd[9132]: Invalid user from 64.62.197.99 port 37817
Jan 20 08:05:00 host sshd[9132]: input_userauth_request: invalid user [preauth]
Jan 20 08:05:03 host sshd[9132]: Connection closed by 64.62.197.99 port 37817 [preauth]
Jan 20 08:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 08:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=straightcurve user-2=wwwletsstalkfood user-3=bonifacegroup user-4=wwwevmhonda user-5=wwwnexidigital user-6=mrsclean user-7=gifterman user-8=palco123 user-9=kottayamcalldriv user-10=phmetals user-11=wwwkapin user-12=woodpeck user-13=wwwkmaorg user-14=disposeat user-15=remysagr user-16=pmcresources user-17=vfmassets user-18=wwwtestugo user-19=shalinijames user-20=wwwpmcresource user-21=wwwrmswll user-22=keralaholi user-23=wwwresourcehunte user-24=ugotscom user-25=travelboniface user-26=wwwkaretakers user-27=cochintaxi user-28=laundryboniface user-29=dartsimp user-30=a2zgroup feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 08:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-yBMOJ9TQT4kxYg4R.~
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-yBMOJ9TQT4kxYg4R.~'
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-yBMOJ9TQT4kxYg4R.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 08:21:12 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 08:21:12 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 08:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 08:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 08:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 08:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 08:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:21:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 08:21:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 08:21:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 08:23:52 host sshd[12148]: invalid public DH value: >= p-1 [preauth]
Jan 20 08:23:52 host sshd[12148]: ssh_dispatch_run_fatal: Connection from 112.158.159.107 port 57664: incomplete message [preauth]
Jan 20 08:31:25 host sshd[13325]: Invalid user ubuntu from 210.91.8.155 port 63191
Jan 20 08:31:25 host sshd[13325]: input_userauth_request: invalid user ubuntu [preauth]
Jan 20 08:31:25 host sshd[13325]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 08:31:25 host sshd[13325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.8.155
Jan 20 08:31:27 host sshd[13325]: Failed password for invalid user ubuntu from 210.91.8.155 port 63191 ssh2
Jan 20 08:31:28 host sshd[13325]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 08:31:30 host sshd[13325]: Failed password for invalid user ubuntu from 210.91.8.155 port 63191 ssh2
Jan 20 08:31:31 host sshd[13325]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 08:31:32 host sshd[13325]: Failed password for invalid user ubuntu from 210.91.8.155 port 63191 ssh2
Jan 20 08:31:33 host sshd[13325]: Connection reset by 210.91.8.155 port 63191 [preauth]
Jan 20 08:31:33 host sshd[13325]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.91.8.155
Jan 20 08:35:44 host sshd[13937]: Invalid user gv from 194.110.203.109 port 46676
Jan 20 08:35:44 host sshd[13937]: input_userauth_request: invalid user gv [preauth]
Jan 20 08:35:44 host sshd[13937]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 08:35:44 host sshd[13937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 08:35:46 host sshd[13937]: Failed password for invalid user gv from 194.110.203.109 port 46676 ssh2
Jan 20 08:35:49 host sshd[13937]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 08:35:51 host sshd[13937]: Failed password for invalid user gv from 194.110.203.109 port 46676 ssh2
Jan 20 08:35:55 host sshd[13937]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 08:35:57 host sshd[13937]: Failed password for invalid user gv from 194.110.203.109 port 46676 ssh2
Jan 20 08:36:00 host sshd[13937]: Connection closed by 194.110.203.109 port 46676 [preauth]
Jan 20 08:36:00 host sshd[13937]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 08:36:49 host sshd[14051]: Invalid user telnet from 107.10.173.228 port 49736
Jan 20 08:36:49 host sshd[14051]: input_userauth_request: invalid user telnet [preauth]
Jan 20 08:36:49 host sshd[14051]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 08:36:49 host sshd[14051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.10.173.228
Jan 20 08:36:50 host sshd[14051]: Failed password for invalid user telnet from 107.10.173.228 port 49736 ssh2
Jan 20 08:36:51 host sshd[14051]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 08:36:53 host sshd[14051]: Failed password for invalid user telnet from 107.10.173.228 port 49736 ssh2
Jan 20 08:36:53 host sshd[14051]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 08:36:55 host sshd[14051]: Failed password for invalid user telnet from 107.10.173.228 port 49736 ssh2
Jan 20 08:36:56 host sshd[14051]: Failed password for invalid user telnet from 107.10.173.228 port 49736 ssh2
Jan 20 08:36:57 host sshd[14051]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 08:36:59 host sshd[14051]: Failed password for invalid user telnet from 107.10.173.228 port 49736 ssh2
Jan 20 08:57:36 host sshd[17730]: Invalid user alfred from 107.189.30.59 port 48692
Jan 20 08:57:36 host sshd[17730]: input_userauth_request: invalid user alfred [preauth]
Jan 20 08:57:36 host sshd[17730]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 08:57:36 host sshd[17730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 20 08:57:38 host sshd[17730]: Failed password for invalid user alfred from 107.189.30.59 port 48692 ssh2
Jan 20 08:57:39 host sshd[17730]: Connection closed by 107.189.30.59 port 48692 [preauth]
Jan 20 09:16:14 host sshd[20864]: User root from 31.41.244.124 not allowed because not listed in AllowUsers
Jan 20 09:16:14 host sshd[20864]: input_userauth_request: invalid user root [preauth]
Jan 20 09:16:14 host unix_chkpwd[20867]: password check failed for user (root)
Jan 20 09:16:14 host sshd[20864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124 user=root
Jan 20 09:16:14 host sshd[20864]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 09:16:16 host sshd[20864]: Failed password for invalid user root from 31.41.244.124 port 21400 ssh2
Jan 20 09:16:16 host sshd[20864]: Received disconnect from 31.41.244.124 port 21400:11: Client disconnecting normally [preauth]
Jan 20 09:16:16 host sshd[20864]: Disconnected from 31.41.244.124 port 21400 [preauth]
Jan 20 09:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 09:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:06 host sshd[21622]: Invalid user oracle from 59.126.250.219 port 37046
Jan 20 09:21:06 host sshd[21622]: input_userauth_request: invalid user oracle [preauth]
Jan 20 09:21:06 host sshd[21622]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:21:06 host sshd[21622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.250.219
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=bonifacegroup user-2=wwwevmhonda user-3=wwwletsstalkfood user-4=straightcurve user-5=gifterman user-6=palco123 user-7=phmetals user-8=kottayamcalldriv user-9=mrsclean user-10=wwwnexidigital user-11=disposeat user-12=wwwkmaorg user-13=remysagr user-14=woodpeck user-15=wwwkapin user-16=vfmassets user-17=wwwtestugo user-18=shalinijames user-19=pmcresources user-20=wwwpmcresource user-21=travelboniface user-22=wwwrmswll user-23=wwwresourcehunte user-24=keralaholi user-25=ugotscom user-26=wwwkaretakers user-27=cochintaxi user-28=dartsimp user-29=a2zgroup user-30=laundryboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 09:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ZSDBsTk1CoeGZJq1.~
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ZSDBsTk1CoeGZJq1.~'
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-ZSDBsTk1CoeGZJq1.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 09:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 09:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:07 host sshd[21622]: Failed password for invalid user oracle from 59.126.250.219 port 37046 ssh2
Jan 20 09:21:08 host sshd[21622]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 09:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 09:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 09:21:10 host sshd[21622]: Failed password for invalid user oracle from 59.126.250.219 port 37046 ssh2
Jan 20 09:21:11 host sshd[21622]: Connection reset by 59.126.250.219 port 37046 [preauth]
Jan 20 09:21:11 host sshd[21622]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.250.219
Jan 20 09:23:49 host sshd[22170]: Invalid user admin from 135.181.45.135 port 37428
Jan 20 09:23:49 host sshd[22170]: input_userauth_request: invalid user admin [preauth]
Jan 20 09:23:49 host sshd[22170]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:23:49 host sshd[22170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.181.45.135
Jan 20 09:23:51 host sshd[22170]: Failed password for invalid user admin from 135.181.45.135 port 37428 ssh2
Jan 20 09:23:51 host sshd[22170]: Received disconnect from 135.181.45.135 port 37428:11: Bye Bye [preauth]
Jan 20 09:23:51 host sshd[22170]: Disconnected from 135.181.45.135 port 37428 [preauth]
Jan 20 09:24:13 host sshd[22203]: Invalid user sahil from 143.255.141.251 port 45162
Jan 20 09:24:13 host sshd[22203]: input_userauth_request: invalid user sahil [preauth]
Jan 20 09:24:13 host sshd[22203]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:24:13 host sshd[22203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.255.141.251
Jan 20 09:24:15 host sshd[22203]: Failed password for invalid user sahil from 143.255.141.251 port 45162 ssh2
Jan 20 09:24:15 host sshd[22203]: Received disconnect from 143.255.141.251 port 45162:11: Bye Bye [preauth]
Jan 20 09:24:15 host sshd[22203]: Disconnected from 143.255.141.251 port 45162 [preauth]
Jan 20 09:25:56 host sshd[22528]: Invalid user sqladmin from 139.59.70.64 port 53982
Jan 20 09:25:56 host sshd[22528]: input_userauth_request: invalid user sqladmin [preauth]
Jan 20 09:25:56 host sshd[22528]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:25:56 host sshd[22528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.70.64
Jan 20 09:25:59 host sshd[22528]: Failed password for invalid user sqladmin from 139.59.70.64 port 53982 ssh2
Jan 20 09:25:59 host sshd[22528]: Received disconnect from 139.59.70.64 port 53982:11: Bye Bye [preauth]
Jan 20 09:25:59 host sshd[22528]: Disconnected from 139.59.70.64 port 53982 [preauth]
Jan 20 09:27:17 host sshd[22704]: Invalid user oracleadmin from 178.62.8.163 port 35832
Jan 20 09:27:17 host sshd[22704]: input_userauth_request: invalid user oracleadmin [preauth]
Jan 20 09:27:17 host sshd[22704]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:27:17 host sshd[22704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.8.163
Jan 20 09:27:19 host sshd[22704]: Failed password for invalid user oracleadmin from 178.62.8.163 port 35832 ssh2
Jan 20 09:27:19 host sshd[22704]: Received disconnect from 178.62.8.163 port 35832:11: Bye Bye [preauth]
Jan 20 09:27:19 host sshd[22704]: Disconnected from 178.62.8.163 port 35832 [preauth]
Jan 20 09:27:22 host sshd[22711]: Invalid user sqladmin from 34.122.221.254 port 14750
Jan 20 09:27:22 host sshd[22711]: input_userauth_request: invalid user sqladmin [preauth]
Jan 20 09:27:22 host sshd[22711]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:27:22 host sshd[22711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.122.221.254
Jan 20 09:27:23 host sshd[22711]: Failed password for invalid user sqladmin from 34.122.221.254 port 14750 ssh2
Jan 20 09:27:24 host sshd[22711]: Received disconnect from 34.122.221.254 port 14750:11: Bye Bye [preauth]
Jan 20 09:27:24 host sshd[22711]: Disconnected from 34.122.221.254 port 14750 [preauth]
Jan 20 09:28:08 host sshd[22798]: Invalid user deploy from 34.132.47.136 port 47042
Jan 20 09:28:08 host sshd[22798]: input_userauth_request: invalid user deploy [preauth]
Jan 20 09:28:08 host sshd[22798]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:28:08 host sshd[22798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.132.47.136
Jan 20 09:28:10 host sshd[22798]: Failed password for invalid user deploy from 34.132.47.136 port 47042 ssh2
Jan 20 09:28:10 host sshd[22798]: Received disconnect from 34.132.47.136 port 47042:11: Bye Bye [preauth]
Jan 20 09:28:10 host sshd[22798]: Disconnected from 34.132.47.136 port 47042 [preauth]
Jan 20 09:29:59 host sshd[23108]: Invalid user bitnami from 135.181.45.135 port 41424
Jan 20 09:29:59 host sshd[23108]: input_userauth_request: invalid user bitnami [preauth]
Jan 20 09:29:59 host sshd[23108]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:29:59 host sshd[23108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.181.45.135
Jan 20 09:30:00 host sshd[23108]: Failed password for invalid user bitnami from 135.181.45.135 port 41424 ssh2
Jan 20 09:30:01 host sshd[23108]: Received disconnect from 135.181.45.135 port 41424:11: Bye Bye [preauth]
Jan 20 09:30:01 host sshd[23108]: Disconnected from 135.181.45.135 port 41424 [preauth]
Jan 20 09:30:27 host sshd[23165]: Invalid user admin from 118.97.212.14 port 43234
Jan 20 09:30:27 host sshd[23165]: input_userauth_request: invalid user admin [preauth]
Jan 20 09:30:27 host sshd[23165]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:30:27 host sshd[23165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.97.212.14
Jan 20 09:30:28 host sshd[23165]: Failed password for invalid user admin from 118.97.212.14 port 43234 ssh2
Jan 20 09:30:29 host sshd[23165]: Received disconnect from 118.97.212.14 port 43234:11: Bye Bye [preauth]
Jan 20 09:30:29 host sshd[23165]: Disconnected from 118.97.212.14 port 43234 [preauth]
Jan 20 09:30:30 host sshd[23202]: Invalid user administrador from 34.122.221.254 port 60892
Jan 20 09:30:30 host sshd[23202]: input_userauth_request: invalid user administrador [preauth]
Jan 20 09:30:30 host sshd[23202]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:30:30 host sshd[23202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.122.221.254
Jan 20 09:30:32 host sshd[23202]: Failed password for invalid user administrador from 34.122.221.254 port 60892 ssh2
Jan 20 09:30:33 host sshd[23202]: Received disconnect from 34.122.221.254 port 60892:11: Bye Bye [preauth]
Jan 20 09:30:33 host sshd[23202]: Disconnected from 34.122.221.254 port 60892 [preauth]
Jan 20 09:30:49 host sshd[23230]: Invalid user birgit from 178.62.8.163 port 36024
Jan 20 09:30:49 host sshd[23230]: input_userauth_request: invalid user birgit [preauth]
Jan 20 09:30:49 host sshd[23230]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:30:49 host sshd[23230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.8.163
Jan 20 09:30:51 host sshd[23230]: Failed password for invalid user birgit from 178.62.8.163 port 36024 ssh2
Jan 20 09:30:52 host sshd[23230]: Received disconnect from 178.62.8.163 port 36024:11: Bye Bye [preauth]
Jan 20 09:30:52 host sshd[23230]: Disconnected from 178.62.8.163 port 36024 [preauth]
Jan 20 09:31:02 host sshd[23245]: Invalid user anaconda from 150.109.205.234 port 43184
Jan 20 09:31:02 host sshd[23245]: input_userauth_request: invalid user anaconda [preauth]
Jan 20 09:31:02 host sshd[23245]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:31:02 host sshd[23245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.205.234
Jan 20 09:31:04 host sshd[23245]: Failed password for invalid user anaconda from 150.109.205.234 port 43184 ssh2
Jan 20 09:31:04 host sshd[23245]: Received disconnect from 150.109.205.234 port 43184:11: Bye Bye [preauth]
Jan 20 09:31:04 host sshd[23245]: Disconnected from 150.109.205.234 port 43184 [preauth]
Jan 20 09:31:06 host sshd[23261]: Invalid user csgoserver from 143.255.141.251 port 60062
Jan 20 09:31:06 host sshd[23261]: input_userauth_request: invalid user csgoserver [preauth]
Jan 20 09:31:06 host sshd[23261]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:31:06 host sshd[23261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.255.141.251
Jan 20 09:31:07 host sshd[23264]: Invalid user scan from 135.181.45.135 port 42938
Jan 20 09:31:07 host sshd[23264]: input_userauth_request: invalid user scan [preauth]
Jan 20 09:31:07 host sshd[23264]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:31:07 host sshd[23264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.181.45.135
Jan 20 09:31:08 host sshd[23261]: Failed password for invalid user csgoserver from 143.255.141.251 port 60062 ssh2
Jan 20 09:31:08 host sshd[23261]: Received disconnect from 143.255.141.251 port 60062:11: Bye Bye [preauth]
Jan 20 09:31:08 host sshd[23261]: Disconnected from 143.255.141.251 port 60062 [preauth]
Jan 20 09:31:09 host sshd[23264]: Failed password for invalid user scan from 135.181.45.135 port 42938 ssh2
Jan 20 09:31:09 host sshd[23264]: Received disconnect from 135.181.45.135 port 42938:11: Bye Bye [preauth]
Jan 20 09:31:09 host sshd[23264]: Disconnected from 135.181.45.135 port 42938 [preauth]
Jan 20 09:31:31 host sshd[23365]: Invalid user tcadmin from 34.132.47.136 port 33682
Jan 20 09:31:31 host sshd[23365]: input_userauth_request: invalid user tcadmin [preauth]
Jan 20 09:31:31 host sshd[23365]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:31:31 host sshd[23365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.132.47.136
Jan 20 09:31:33 host sshd[23365]: Failed password for invalid user tcadmin from 34.132.47.136 port 33682 ssh2
Jan 20 09:31:34 host sshd[23365]: Received disconnect from 34.132.47.136 port 33682:11: Bye Bye [preauth]
Jan 20 09:31:34 host sshd[23365]: Disconnected from 34.132.47.136 port 33682 [preauth]
Jan 20 09:31:35 host sshd[23376]: Invalid user sftpuser from 139.59.70.64 port 48412
Jan 20 09:31:35 host sshd[23376]: input_userauth_request: invalid user sftpuser [preauth]
Jan 20 09:31:35 host sshd[23376]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:31:35 host sshd[23376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.70.64
Jan 20 09:31:37 host sshd[23376]: Failed password for invalid user sftpuser from 139.59.70.64 port 48412 ssh2
Jan 20 09:31:37 host sshd[23376]: Received disconnect from 139.59.70.64 port 48412:11: Bye Bye [preauth]
Jan 20 09:31:37 host sshd[23376]: Disconnected from 139.59.70.64 port 48412 [preauth]
Jan 20 09:31:39 host sshd[23380]: Invalid user test from 34.122.221.254 port 26197
Jan 20 09:31:39 host sshd[23380]: input_userauth_request: invalid user test [preauth]
Jan 20 09:31:39 host sshd[23380]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:31:39 host sshd[23380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.122.221.254
Jan 20 09:31:41 host sshd[23380]: Failed password for invalid user test from 34.122.221.254 port 26197 ssh2
Jan 20 09:31:41 host sshd[23380]: Received disconnect from 34.122.221.254 port 26197:11: Bye Bye [preauth]
Jan 20 09:31:41 host sshd[23380]: Disconnected from 34.122.221.254 port 26197 [preauth]
Jan 20 09:31:58 host sshd[23429]: Invalid user openbravo from 178.62.8.163 port 36144
Jan 20 09:31:58 host sshd[23429]: input_userauth_request: invalid user openbravo [preauth]
Jan 20 09:31:58 host sshd[23429]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:31:58 host sshd[23429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.8.163
Jan 20 09:32:00 host sshd[23429]: Failed password for invalid user openbravo from 178.62.8.163 port 36144 ssh2
Jan 20 09:32:29 host sshd[23502]: Invalid user scpuser from 143.255.141.251 port 46018
Jan 20 09:32:29 host sshd[23502]: input_userauth_request: invalid user scpuser [preauth]
Jan 20 09:32:29 host sshd[23502]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:32:29 host sshd[23502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.255.141.251
Jan 20 09:32:32 host sshd[23502]: Failed password for invalid user scpuser from 143.255.141.251 port 46018 ssh2
Jan 20 09:32:32 host sshd[23502]: Received disconnect from 143.255.141.251 port 46018:11: Bye Bye [preauth]
Jan 20 09:32:32 host sshd[23502]: Disconnected from 143.255.141.251 port 46018 [preauth]
Jan 20 09:32:49 host sshd[23581]: Invalid user usuario from 34.132.47.136 port 40368
Jan 20 09:32:49 host sshd[23581]: input_userauth_request: invalid user usuario [preauth]
Jan 20 09:32:49 host sshd[23581]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:32:49 host sshd[23581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.132.47.136
Jan 20 09:32:50 host sshd[23581]: Failed password for invalid user usuario from 34.132.47.136 port 40368 ssh2
Jan 20 09:32:51 host sshd[23616]: Invalid user administrator from 139.59.70.64 port 42418
Jan 20 09:32:51 host sshd[23616]: input_userauth_request: invalid user administrator [preauth]
Jan 20 09:32:51 host sshd[23616]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:32:51 host sshd[23616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.70.64
Jan 20 09:32:54 host sshd[23616]: Failed password for invalid user administrator from 139.59.70.64 port 42418 ssh2
Jan 20 09:32:54 host sshd[23616]: Received disconnect from 139.59.70.64 port 42418:11: Bye Bye [preauth]
Jan 20 09:32:54 host sshd[23616]: Disconnected from 139.59.70.64 port 42418 [preauth]
Jan 20 09:33:28 host sshd[23699]: Invalid user esbuser from 118.97.212.14 port 33592
Jan 20 09:33:28 host sshd[23699]: input_userauth_request: invalid user esbuser [preauth]
Jan 20 09:33:28 host sshd[23699]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:33:28 host sshd[23699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.97.212.14
Jan 20 09:33:30 host sshd[23699]: Failed password for invalid user esbuser from 118.97.212.14 port 33592 ssh2
Jan 20 09:33:31 host sshd[23699]: Received disconnect from 118.97.212.14 port 33592:11: Bye Bye [preauth]
Jan 20 09:33:31 host sshd[23699]: Disconnected from 118.97.212.14 port 33592 [preauth]
Jan 20 09:33:41 host sshd[23780]: Invalid user ftpuser from 150.109.205.234 port 45556
Jan 20 09:33:41 host sshd[23780]: input_userauth_request: invalid user ftpuser [preauth]
Jan 20 09:33:41 host sshd[23780]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:33:41 host sshd[23780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.205.234
Jan 20 09:33:43 host sshd[23780]: Failed password for invalid user ftpuser from 150.109.205.234 port 45556 ssh2
Jan 20 09:33:43 host sshd[23780]: Received disconnect from 150.109.205.234 port 45556:11: Bye Bye [preauth]
Jan 20 09:33:43 host sshd[23780]: Disconnected from 150.109.205.234 port 45556 [preauth]
Jan 20 09:35:00 host sshd[24050]: Invalid user asterisk from 150.109.205.234 port 40664
Jan 20 09:35:00 host sshd[24050]: input_userauth_request: invalid user asterisk [preauth]
Jan 20 09:35:00 host sshd[24050]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:35:00 host sshd[24050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.205.234
Jan 20 09:35:02 host sshd[24050]: Failed password for invalid user asterisk from 150.109.205.234 port 40664 ssh2
Jan 20 09:35:02 host sshd[24050]: Received disconnect from 150.109.205.234 port 40664:11: Bye Bye [preauth]
Jan 20 09:35:02 host sshd[24050]: Disconnected from 150.109.205.234 port 40664 [preauth]
Jan 20 09:35:14 host sshd[24131]: Invalid user user4 from 118.97.212.14 port 55058
Jan 20 09:35:14 host sshd[24131]: input_userauth_request: invalid user user4 [preauth]
Jan 20 09:35:14 host sshd[24131]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:35:14 host sshd[24131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.97.212.14
Jan 20 09:35:16 host sshd[24131]: Failed password for invalid user user4 from 118.97.212.14 port 55058 ssh2
Jan 20 09:35:16 host sshd[24131]: Received disconnect from 118.97.212.14 port 55058:11: Bye Bye [preauth]
Jan 20 09:35:16 host sshd[24131]: Disconnected from 118.97.212.14 port 55058 [preauth]
Jan 20 09:35:46 host sshd[24252]: Did not receive identification string from 8.219.76.192 port 61000
Jan 20 09:37:59 host sshd[24507]: Invalid user oracle from 119.207.40.166 port 60680
Jan 20 09:37:59 host sshd[24507]: input_userauth_request: invalid user oracle [preauth]
Jan 20 09:37:59 host sshd[24507]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:37:59 host sshd[24507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.207.40.166
Jan 20 09:38:01 host sshd[24507]: Failed password for invalid user oracle from 119.207.40.166 port 60680 ssh2
Jan 20 09:38:02 host sshd[24507]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:38:05 host sshd[24507]: Failed password for invalid user oracle from 119.207.40.166 port 60680 ssh2
Jan 20 09:41:11 host sshd[25243]: invalid public DH value: >= p-1 [preauth]
Jan 20 09:41:11 host sshd[25243]: ssh_dispatch_run_fatal: Connection from 89.234.212.55 port 53115: incomplete message [preauth]
Jan 20 09:49:46 host sshd[26464]: Did not receive identification string from 114.96.95.21 port 44368
Jan 20 09:49:49 host sshd[26465]: User centos from 114.96.95.21 not allowed because not listed in AllowUsers
Jan 20 09:49:49 host sshd[26467]: Invalid user esuser from 114.96.95.21 port 44720
Jan 20 09:49:49 host sshd[26465]: input_userauth_request: invalid user centos [preauth]
Jan 20 09:49:49 host sshd[26467]: input_userauth_request: invalid user esuser [preauth]
Jan 20 09:49:49 host sshd[26469]: User centos from 114.96.95.21 not allowed because not listed in AllowUsers
Jan 20 09:49:49 host sshd[26469]: input_userauth_request: invalid user centos [preauth]
Jan 20 09:49:49 host sshd[26467]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 09:49:49 host sshd[26467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.96.95.21
Jan 20 09:49:49 host unix_chkpwd[26477]: password check failed for user (centos)
Jan 20 09:49:49 host sshd[26465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.96.95.21 user=centos
Jan 20 09:49:49 host unix_chkpwd[26478]: password check failed for user (centos)
Jan 20 09:49:49 host sshd[26469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.96.95.21 user=centos
Jan 20 09:49:51 host sshd[26467]: Failed password for invalid user esuser from 114.96.95.21 port 44720 ssh2
Jan 20 09:49:51 host sshd[26465]: Failed password for invalid user centos from 114.96.95.21 port 44716 ssh2
Jan 20 09:49:51 host sshd[26469]: Failed password for invalid user centos from 114.96.95.21 port 44726 ssh2
Jan 20 09:51:22 host sshd[26837]: Did not receive identification string from 117.50.66.128 port 56946
Jan 20 10:06:42 host sshd[29090]: Connection closed by 192.241.221.20 port 56420 [preauth]
Jan 20 10:20:24 host sshd[31277]: Invalid user gw from 194.110.203.109 port 38264
Jan 20 10:20:24 host sshd[31277]: input_userauth_request: invalid user gw [preauth]
Jan 20 10:20:24 host sshd[31277]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:20:24 host sshd[31277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 10:20:26 host sshd[31277]: Failed password for invalid user gw from 194.110.203.109 port 38264 ssh2
Jan 20 10:20:29 host sshd[31277]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:20:30 host sshd[31277]: Failed password for invalid user gw from 194.110.203.109 port 38264 ssh2
Jan 20 10:20:34 host sshd[31277]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:20:35 host sshd[31277]: Failed password for invalid user gw from 194.110.203.109 port 38264 ssh2
Jan 20 10:20:38 host sshd[31277]: Connection closed by 194.110.203.109 port 38264 [preauth]
Jan 20 10:20:38 host sshd[31277]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwletsstalkfood user-2=straightcurve user-3=wwwevmhonda user-4=bonifacegroup user-5=wwwnexidigital user-6=mrsclean user-7=phmetals user-8=kottayamcalldriv user-9=palco123 user-10=gifterman user-11=wwwkapin user-12=woodpeck user-13=disposeat user-14=wwwkmaorg user-15=remysagr user-16=pmcresources user-17=shalinijames user-18=wwwtestugo user-19=vfmassets user-20=wwwpmcresource user-21=ugotscom user-22=keralaholi user-23=wwwresourcehunte user-24=wwwrmswll user-25=travelboniface user-26=wwwkaretakers user-27=cochintaxi user-28=laundryboniface user-29=a2zgroup user-30=dartsimp feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 10:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-GIivlyhKE14RUi0l.~
Jan 20 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-GIivlyhKE14RUi0l.~'
Jan 20 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-GIivlyhKE14RUi0l.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 10:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 10:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 10:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 10:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 10:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 10:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 10:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 10:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 10:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 10:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 10:35:48 host sshd[1755]: User root from 59.31.128.84 not allowed because not listed in AllowUsers
Jan 20 10:35:48 host sshd[1755]: input_userauth_request: invalid user root [preauth]
Jan 20 10:35:48 host unix_chkpwd[1760]: password check failed for user (root)
Jan 20 10:35:48 host sshd[1755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.128.84 user=root
Jan 20 10:35:48 host sshd[1755]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 10:35:50 host sshd[1755]: Failed password for invalid user root from 59.31.128.84 port 63670 ssh2
Jan 20 10:35:51 host unix_chkpwd[1763]: password check failed for user (root)
Jan 20 10:35:51 host sshd[1755]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 10:35:53 host sshd[1755]: Failed password for invalid user root from 59.31.128.84 port 63670 ssh2
Jan 20 10:35:54 host sshd[1755]: Connection reset by 59.31.128.84 port 63670 [preauth]
Jan 20 10:35:54 host sshd[1755]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.128.84 user=root
Jan 20 10:49:41 host sshd[3961]: Invalid user userx from 128.199.111.126 port 57578
Jan 20 10:49:41 host sshd[3961]: input_userauth_request: invalid user userx [preauth]
Jan 20 10:49:41 host sshd[3961]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:49:41 host sshd[3961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.111.126
Jan 20 10:49:43 host sshd[3961]: Failed password for invalid user userx from 128.199.111.126 port 57578 ssh2
Jan 20 10:49:44 host sshd[3961]: Received disconnect from 128.199.111.126 port 57578:11: Bye Bye [preauth]
Jan 20 10:49:44 host sshd[3961]: Disconnected from 128.199.111.126 port 57578 [preauth]
Jan 20 10:50:25 host sshd[4067]: Invalid user ghost from 213.87.101.176 port 49894
Jan 20 10:50:25 host sshd[4067]: input_userauth_request: invalid user ghost [preauth]
Jan 20 10:50:25 host sshd[4067]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:50:25 host sshd[4067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.87.101.176
Jan 20 10:50:27 host sshd[4067]: Failed password for invalid user ghost from 213.87.101.176 port 49894 ssh2
Jan 20 10:50:27 host sshd[4067]: Received disconnect from 213.87.101.176 port 49894:11: Bye Bye [preauth]
Jan 20 10:50:27 host sshd[4067]: Disconnected from 213.87.101.176 port 49894 [preauth]
Jan 20 10:51:29 host sshd[4331]: Invalid user jenkins2 from 125.163.160.229 port 49360
Jan 20 10:51:29 host sshd[4331]: input_userauth_request: invalid user jenkins2 [preauth]
Jan 20 10:51:29 host sshd[4331]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:51:29 host sshd[4331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.163.160.229
Jan 20 10:51:31 host sshd[4331]: Failed password for invalid user jenkins2 from 125.163.160.229 port 49360 ssh2
Jan 20 10:51:31 host sshd[4331]: Received disconnect from 125.163.160.229 port 49360:11: Bye Bye [preauth]
Jan 20 10:51:31 host sshd[4331]: Disconnected from 125.163.160.229 port 49360 [preauth]
Jan 20 10:52:40 host sshd[4465]: Invalid user userx from 159.223.80.140 port 56812
Jan 20 10:52:40 host sshd[4465]: input_userauth_request: invalid user userx [preauth]
Jan 20 10:52:40 host sshd[4465]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:52:40 host sshd[4465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.80.140
Jan 20 10:52:42 host sshd[4465]: Failed password for invalid user userx from 159.223.80.140 port 56812 ssh2
Jan 20 10:52:42 host sshd[4465]: Received disconnect from 159.223.80.140 port 56812:11: Bye Bye [preauth]
Jan 20 10:52:42 host sshd[4465]: Disconnected from 159.223.80.140 port 56812 [preauth]
Jan 20 10:53:01 host sshd[4497]: Invalid user steven from 210.183.21.48 port 5857
Jan 20 10:53:01 host sshd[4497]: input_userauth_request: invalid user steven [preauth]
Jan 20 10:53:01 host sshd[4497]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:53:01 host sshd[4497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.183.21.48
Jan 20 10:53:03 host sshd[4497]: Failed password for invalid user steven from 210.183.21.48 port 5857 ssh2
Jan 20 10:53:03 host sshd[4497]: Received disconnect from 210.183.21.48 port 5857:11: Bye Bye [preauth]
Jan 20 10:53:03 host sshd[4497]: Disconnected from 210.183.21.48 port 5857 [preauth]
Jan 20 10:54:42 host sshd[4767]: Invalid user sysop from 128.199.111.126 port 44916
Jan 20 10:54:42 host sshd[4767]: input_userauth_request: invalid user sysop [preauth]
Jan 20 10:54:42 host sshd[4767]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:54:42 host sshd[4767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.111.126
Jan 20 10:54:45 host sshd[4767]: Failed password for invalid user sysop from 128.199.111.126 port 44916 ssh2
Jan 20 10:54:45 host sshd[4767]: Received disconnect from 128.199.111.126 port 44916:11: Bye Bye [preauth]
Jan 20 10:54:45 host sshd[4767]: Disconnected from 128.199.111.126 port 44916 [preauth]
Jan 20 10:55:29 host sshd[4877]: Invalid user sqladmin from 213.87.101.176 port 44444
Jan 20 10:55:29 host sshd[4877]: input_userauth_request: invalid user sqladmin [preauth]
Jan 20 10:55:29 host sshd[4877]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:55:29 host sshd[4877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.87.101.176
Jan 20 10:55:31 host sshd[4877]: Failed password for invalid user sqladmin from 213.87.101.176 port 44444 ssh2
Jan 20 10:55:31 host sshd[4877]: Received disconnect from 213.87.101.176 port 44444:11: Bye Bye [preauth]
Jan 20 10:55:31 host sshd[4877]: Disconnected from 213.87.101.176 port 44444 [preauth]
Jan 20 10:55:42 host sshd[4932]: Invalid user testappl from 159.223.80.140 port 44090
Jan 20 10:55:42 host sshd[4932]: input_userauth_request: invalid user testappl [preauth]
Jan 20 10:55:42 host sshd[4932]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:55:42 host sshd[4932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.80.140
Jan 20 10:55:42 host sshd[4934]: Invalid user steven from 125.163.160.229 port 36002
Jan 20 10:55:42 host sshd[4934]: input_userauth_request: invalid user steven [preauth]
Jan 20 10:55:42 host sshd[4934]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:55:42 host sshd[4934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.163.160.229
Jan 20 10:55:43 host sshd[4932]: Failed password for invalid user testappl from 159.223.80.140 port 44090 ssh2
Jan 20 10:55:43 host sshd[4932]: Received disconnect from 159.223.80.140 port 44090:11: Bye Bye [preauth]
Jan 20 10:55:43 host sshd[4932]: Disconnected from 159.223.80.140 port 44090 [preauth]
Jan 20 10:55:44 host sshd[4934]: Failed password for invalid user steven from 125.163.160.229 port 36002 ssh2
Jan 20 10:55:44 host sshd[4934]: Received disconnect from 125.163.160.229 port 36002:11: Bye Bye [preauth]
Jan 20 10:55:44 host sshd[4934]: Disconnected from 125.163.160.229 port 36002 [preauth]
Jan 20 10:55:59 host sshd[4958]: Invalid user testemail from 128.199.111.126 port 56620
Jan 20 10:55:59 host sshd[4958]: input_userauth_request: invalid user testemail [preauth]
Jan 20 10:55:59 host sshd[4958]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:55:59 host sshd[4958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.111.126
Jan 20 10:56:01 host sshd[4958]: Failed password for invalid user testemail from 128.199.111.126 port 56620 ssh2
Jan 20 10:56:01 host sshd[4958]: Received disconnect from 128.199.111.126 port 56620:11: Bye Bye [preauth]
Jan 20 10:56:01 host sshd[4958]: Disconnected from 128.199.111.126 port 56620 [preauth]
Jan 20 10:56:09 host sshd[4666]: Connection closed by 112.28.209.66 port 51303 [preauth]
Jan 20 10:56:31 host sshd[5161]: User root from 210.183.21.48 not allowed because not listed in AllowUsers
Jan 20 10:56:31 host sshd[5161]: input_userauth_request: invalid user root [preauth]
Jan 20 10:56:31 host unix_chkpwd[5164]: password check failed for user (root)
Jan 20 10:56:31 host sshd[5161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.183.21.48 user=root
Jan 20 10:56:31 host sshd[5161]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 10:56:34 host sshd[5161]: Failed password for invalid user root from 210.183.21.48 port 9291 ssh2
Jan 20 10:56:34 host sshd[5161]: Received disconnect from 210.183.21.48 port 9291:11: Bye Bye [preauth]
Jan 20 10:56:34 host sshd[5161]: Disconnected from 210.183.21.48 port 9291 [preauth]
Jan 20 10:56:51 host sshd[5232]: Invalid user Ubuntu from 213.87.101.176 port 43096
Jan 20 10:56:51 host sshd[5232]: input_userauth_request: invalid user Ubuntu [preauth]
Jan 20 10:56:51 host sshd[5232]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:56:51 host sshd[5232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.87.101.176
Jan 20 10:56:53 host sshd[5232]: Failed password for invalid user Ubuntu from 213.87.101.176 port 43096 ssh2
Jan 20 10:57:01 host sshd[5288]: Invalid user ts3user from 159.223.80.140 port 59918
Jan 20 10:57:01 host sshd[5288]: input_userauth_request: invalid user ts3user [preauth]
Jan 20 10:57:01 host sshd[5288]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:57:01 host sshd[5288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.80.140
Jan 20 10:57:03 host sshd[5288]: Failed password for invalid user ts3user from 159.223.80.140 port 59918 ssh2
Jan 20 10:57:03 host sshd[5288]: Received disconnect from 159.223.80.140 port 59918:11: Bye Bye [preauth]
Jan 20 10:57:03 host sshd[5288]: Disconnected from 159.223.80.140 port 59918 [preauth]
Jan 20 10:57:32 host sshd[5407]: Invalid user cuser from 125.163.160.229 port 34654
Jan 20 10:57:32 host sshd[5407]: input_userauth_request: invalid user cuser [preauth]
Jan 20 10:57:32 host sshd[5407]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 10:57:32 host sshd[5407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.163.160.229
Jan 20 10:57:35 host sshd[5407]: Failed password for invalid user cuser from 125.163.160.229 port 34654 ssh2
Jan 20 10:57:35 host sshd[5407]: Received disconnect from 125.163.160.229 port 34654:11: Bye Bye [preauth]
Jan 20 10:57:35 host sshd[5407]: Disconnected from 125.163.160.229 port 34654 [preauth]
Jan 20 11:00:39 host sshd[5928]: Invalid user admin from 62.233.50.248 port 34129
Jan 20 11:00:39 host sshd[5928]: input_userauth_request: invalid user admin [preauth]
Jan 20 11:00:39 host sshd[5928]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 11:00:39 host sshd[5928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248
Jan 20 11:00:41 host sshd[5928]: Failed password for invalid user admin from 62.233.50.248 port 34129 ssh2
Jan 20 11:00:41 host sshd[5928]: Received disconnect from 62.233.50.248 port 34129:11: Client disconnecting normally [preauth]
Jan 20 11:00:41 host sshd[5928]: Disconnected from 62.233.50.248 port 34129 [preauth]
Jan 20 11:02:11 host sshd[6239]: Invalid user willie from 209.141.56.48 port 33124
Jan 20 11:02:11 host sshd[6239]: input_userauth_request: invalid user willie [preauth]
Jan 20 11:02:11 host sshd[6239]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 11:02:11 host sshd[6239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 20 11:02:13 host sshd[6239]: Failed password for invalid user willie from 209.141.56.48 port 33124 ssh2
Jan 20 11:02:14 host sshd[6239]: Connection closed by 209.141.56.48 port 33124 [preauth]
Jan 20 11:08:06 host sshd[7028]: Invalid user sys from 205.185.113.129 port 46872
Jan 20 11:08:06 host sshd[7028]: input_userauth_request: invalid user sys [preauth]
Jan 20 11:08:06 host sshd[7028]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 11:08:06 host sshd[7028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 20 11:08:08 host sshd[7028]: Failed password for invalid user sys from 205.185.113.129 port 46872 ssh2
Jan 20 11:08:08 host sshd[7028]: Connection closed by 205.185.113.129 port 46872 [preauth]
Jan 20 11:08:21 host sshd[7048]: Connection reset by 24.70.218.159 port 60916 [preauth]
Jan 20 11:19:23 host sshd[8754]: Invalid user admin from 121.152.79.3 port 62556
Jan 20 11:19:23 host sshd[8754]: input_userauth_request: invalid user admin [preauth]
Jan 20 11:19:23 host sshd[8754]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 11:19:23 host sshd[8754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.152.79.3
Jan 20 11:19:25 host sshd[8754]: Failed password for invalid user admin from 121.152.79.3 port 62556 ssh2
Jan 20 11:19:26 host sshd[8754]: Connection reset by 121.152.79.3 port 62556 [preauth]
Jan 20 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=vfmassets user-2=shalinijames user-3=wwwtestugo user-4=pmcresources user-5=wwwkmaorg user-6=disposeat user-7=remysagr user-8=woodpeck user-9=wwwkapin user-10=palco123 user-11=gifterman user-12=phmetals user-13=kottayamcalldriv user-14=wwwnexidigital user-15=mrsclean user-16=bonifacegroup user-17=wwwevmhonda user-18=straightcurve user-19=wwwletsstalkfood user-20=a2zgroup user-21=dartsimp user-22=laundryboniface user-23=cochintaxi user-24=wwwkaretakers user-25=travelboniface user-26=wwwresourcehunte user-27=keralaholi user-28=wwwrmswll user-29=ugotscom user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 11:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-OxS0ASw7Xn6XdaKC.~
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-OxS0ASw7Xn6XdaKC.~'
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-OxS0ASw7Xn6XdaKC.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 11:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 11:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 11:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 11:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 11:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 11:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 11:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 11:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 11:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 11:21:36 host sshd[9399]: Invalid user support from 175.202.151.115 port 63761
Jan 20 11:21:36 host sshd[9399]: input_userauth_request: invalid user support [preauth]
Jan 20 11:21:36 host sshd[9399]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 11:21:36 host sshd[9399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.202.151.115
Jan 20 11:21:37 host sshd[9399]: Failed password for invalid user support from 175.202.151.115 port 63761 ssh2
Jan 20 11:21:38 host sshd[9399]: Connection reset by 175.202.151.115 port 63761 [preauth]
Jan 20 11:28:20 host sshd[10459]: invalid public DH value: >= p-1 [preauth]
Jan 20 11:28:20 host sshd[10459]: ssh_dispatch_run_fatal: Connection from 202.59.126.6 port 47198: incomplete message [preauth]
Jan 20 11:44:50 host sshd[12814]: Invalid user admin from 114.34.253.61 port 33754
Jan 20 11:44:50 host sshd[12814]: input_userauth_request: invalid user admin [preauth]
Jan 20 11:44:50 host sshd[12814]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 11:44:50 host sshd[12814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.34.253.61
Jan 20 11:44:52 host sshd[12814]: Failed password for invalid user admin from 114.34.253.61 port 33754 ssh2
Jan 20 11:44:54 host sshd[12814]: Failed password for invalid user admin from 114.34.253.61 port 33754 ssh2
Jan 20 11:44:54 host sshd[12814]: Connection reset by 114.34.253.61 port 33754 [preauth]
Jan 20 11:54:56 host sshd[14195]: Bad protocol version identification 'MGLNDD_167.71.234.10_22' from 192.241.199.52 port 57776
Jan 20 12:03:21 host sshd[15464]: Invalid user super from 122.116.170.221 port 42004
Jan 20 12:03:21 host sshd[15464]: input_userauth_request: invalid user super [preauth]
Jan 20 12:03:21 host sshd[15464]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:03:21 host sshd[15464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.170.221
Jan 20 12:03:23 host sshd[15464]: Failed password for invalid user super from 122.116.170.221 port 42004 ssh2
Jan 20 12:03:24 host sshd[15464]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:03:26 host sshd[15464]: Failed password for invalid user super from 122.116.170.221 port 42004 ssh2
Jan 20 12:03:28 host sshd[15464]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:03:30 host sshd[15464]: Failed password for invalid user super from 122.116.170.221 port 42004 ssh2
Jan 20 12:03:31 host sshd[15464]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:03:33 host sshd[15464]: Failed password for invalid user super from 122.116.170.221 port 42004 ssh2
Jan 20 12:03:34 host sshd[15464]: Failed password for invalid user super from 122.116.170.221 port 42004 ssh2
Jan 20 12:03:35 host sshd[15464]: Connection closed by 122.116.170.221 port 42004 [preauth]
Jan 20 12:03:35 host sshd[15464]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.170.221
Jan 20 12:03:35 host sshd[15464]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 20 12:08:29 host sshd[16866]: Invalid user cloudadmin from 103.134.113.78 port 34332
Jan 20 12:08:29 host sshd[16866]: input_userauth_request: invalid user cloudadmin [preauth]
Jan 20 12:08:29 host sshd[16866]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:08:29 host sshd[16866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.134.113.78
Jan 20 12:08:31 host sshd[16866]: Failed password for invalid user cloudadmin from 103.134.113.78 port 34332 ssh2
Jan 20 12:08:31 host sshd[16866]: Received disconnect from 103.134.113.78 port 34332:11: Bye Bye [preauth]
Jan 20 12:08:31 host sshd[16866]: Disconnected from 103.134.113.78 port 34332 [preauth]
Jan 20 12:09:35 host sshd[17189]: Invalid user cuser from 84.201.158.231 port 56324
Jan 20 12:09:35 host sshd[17189]: input_userauth_request: invalid user cuser [preauth]
Jan 20 12:09:35 host sshd[17189]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:09:35 host sshd[17189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.201.158.231
Jan 20 12:09:37 host sshd[17189]: Failed password for invalid user cuser from 84.201.158.231 port 56324 ssh2
Jan 20 12:09:37 host sshd[17189]: Received disconnect from 84.201.158.231 port 56324:11: Bye Bye [preauth]
Jan 20 12:09:37 host sshd[17189]: Disconnected from 84.201.158.231 port 56324 [preauth]
Jan 20 12:10:33 host sshd[17406]: Invalid user gx from 194.110.203.109 port 33900
Jan 20 12:10:33 host sshd[17406]: input_userauth_request: invalid user gx [preauth]
Jan 20 12:10:33 host sshd[17406]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:10:33 host sshd[17406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 12:10:34 host sshd[17406]: Failed password for invalid user gx from 194.110.203.109 port 33900 ssh2
Jan 20 12:10:38 host sshd[17406]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:10:40 host sshd[17406]: Failed password for invalid user gx from 194.110.203.109 port 33900 ssh2
Jan 20 12:10:43 host sshd[17406]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:10:45 host sshd[17406]: Failed password for invalid user gx from 194.110.203.109 port 33900 ssh2
Jan 20 12:10:46 host sshd[17465]: Invalid user apiadmin from 45.127.88.139 port 45616
Jan 20 12:10:46 host sshd[17465]: input_userauth_request: invalid user apiadmin [preauth]
Jan 20 12:10:46 host sshd[17465]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:10:46 host sshd[17465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.127.88.139
Jan 20 12:10:48 host sshd[17465]: Failed password for invalid user apiadmin from 45.127.88.139 port 45616 ssh2
Jan 20 12:10:48 host sshd[17465]: Received disconnect from 45.127.88.139 port 45616:11: Bye Bye [preauth]
Jan 20 12:10:48 host sshd[17465]: Disconnected from 45.127.88.139 port 45616 [preauth]
Jan 20 12:10:49 host sshd[17406]: Connection closed by 194.110.203.109 port 33900 [preauth]
Jan 20 12:10:49 host sshd[17406]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 12:12:10 host sshd[17854]: Invalid user vncuser from 51.89.88.86 port 43754
Jan 20 12:12:10 host sshd[17854]: input_userauth_request: invalid user vncuser [preauth]
Jan 20 12:12:10 host sshd[17854]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:12:10 host sshd[17854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.89.88.86
Jan 20 12:12:12 host sshd[17854]: Failed password for invalid user vncuser from 51.89.88.86 port 43754 ssh2
Jan 20 12:12:12 host sshd[17854]: Received disconnect from 51.89.88.86 port 43754:11: Bye Bye [preauth]
Jan 20 12:12:12 host sshd[17854]: Disconnected from 51.89.88.86 port 43754 [preauth]
Jan 20 12:12:13 host sshd[17892]: Invalid user cpadmin from 144.48.8.118 port 60616
Jan 20 12:12:13 host sshd[17892]: input_userauth_request: invalid user cpadmin [preauth]
Jan 20 12:12:13 host sshd[17892]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:12:13 host sshd[17892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.48.8.118
Jan 20 12:12:15 host sshd[17892]: Failed password for invalid user cpadmin from 144.48.8.118 port 60616 ssh2
Jan 20 12:12:15 host sshd[17892]: Received disconnect from 144.48.8.118 port 60616:11: Bye Bye [preauth]
Jan 20 12:12:15 host sshd[17892]: Disconnected from 144.48.8.118 port 60616 [preauth]
Jan 20 12:12:22 host sshd[17919]: Invalid user user from 96.67.59.65 port 59951
Jan 20 12:12:22 host sshd[17919]: input_userauth_request: invalid user user [preauth]
Jan 20 12:12:22 host sshd[17919]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:12:22 host sshd[17919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
Jan 20 12:12:25 host sshd[17919]: Failed password for invalid user user from 96.67.59.65 port 59951 ssh2
Jan 20 12:12:25 host sshd[17919]: Received disconnect from 96.67.59.65 port 59951:11: Bye Bye [preauth]
Jan 20 12:12:25 host sshd[17919]: Disconnected from 96.67.59.65 port 59951 [preauth]
Jan 20 12:12:40 host sshd[17998]: Invalid user anaconda from 134.209.159.210 port 52082
Jan 20 12:12:40 host sshd[17998]: input_userauth_request: invalid user anaconda [preauth]
Jan 20 12:12:40 host sshd[17998]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:12:40 host sshd[17998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.159.210
Jan 20 12:12:42 host sshd[17998]: Failed password for invalid user anaconda from 134.209.159.210 port 52082 ssh2
Jan 20 12:12:42 host sshd[17998]: Received disconnect from 134.209.159.210 port 52082:11: Bye Bye [preauth]
Jan 20 12:12:42 host sshd[17998]: Disconnected from 134.209.159.210 port 52082 [preauth]
Jan 20 12:12:44 host sshd[18005]: Invalid user user1 from 192.241.154.229 port 52418
Jan 20 12:12:44 host sshd[18005]: input_userauth_request: invalid user user1 [preauth]
Jan 20 12:12:44 host sshd[18005]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:12:44 host sshd[18005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.154.229
Jan 20 12:12:46 host sshd[18005]: Failed password for invalid user user1 from 192.241.154.229 port 52418 ssh2
Jan 20 12:12:46 host sshd[18005]: Received disconnect from 192.241.154.229 port 52418:11: Bye Bye [preauth]
Jan 20 12:12:46 host sshd[18005]: Disconnected from 192.241.154.229 port 52418 [preauth]
Jan 20 12:13:07 host sshd[18082]: Invalid user willie from 209.141.56.48 port 36856
Jan 20 12:13:07 host sshd[18082]: input_userauth_request: invalid user willie [preauth]
Jan 20 12:13:07 host sshd[18082]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:13:07 host sshd[18082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 20 12:13:08 host sshd[18082]: Failed password for invalid user willie from 209.141.56.48 port 36856 ssh2
Jan 20 12:13:09 host sshd[18082]: Connection closed by 209.141.56.48 port 36856 [preauth]
Jan 20 12:14:23 host sshd[18399]: Invalid user ubuntu from 119.92.56.77 port 33042
Jan 20 12:14:23 host sshd[18399]: input_userauth_request: invalid user ubuntu [preauth]
Jan 20 12:14:23 host sshd[18399]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:14:23 host sshd[18399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.92.56.77
Jan 20 12:14:25 host sshd[18399]: Failed password for invalid user ubuntu from 119.92.56.77 port 33042 ssh2
Jan 20 12:14:25 host sshd[18399]: Received disconnect from 119.92.56.77 port 33042:11: Bye Bye [preauth]
Jan 20 12:14:25 host sshd[18399]: Disconnected from 119.92.56.77 port 33042 [preauth]
Jan 20 12:15:12 host sshd[18559]: Invalid user test from 45.127.88.139 port 36098
Jan 20 12:15:12 host sshd[18559]: input_userauth_request: invalid user test [preauth]
Jan 20 12:15:12 host sshd[18559]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:15:12 host sshd[18559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.127.88.139
Jan 20 12:15:13 host sshd[18559]: Failed password for invalid user test from 45.127.88.139 port 36098 ssh2
Jan 20 12:15:14 host sshd[18559]: Received disconnect from 45.127.88.139 port 36098:11: Bye Bye [preauth]
Jan 20 12:15:14 host sshd[18559]: Disconnected from 45.127.88.139 port 36098 [preauth]
Jan 20 12:15:15 host sshd[18568]: Invalid user adminuser from 103.134.113.78 port 37094
Jan 20 12:15:15 host sshd[18568]: input_userauth_request: invalid user adminuser [preauth]
Jan 20 12:15:15 host sshd[18568]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:15:15 host sshd[18568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.134.113.78
Jan 20 12:15:18 host sshd[18568]: Failed password for invalid user adminuser from 103.134.113.78 port 37094 ssh2
Jan 20 12:15:18 host sshd[18568]: Received disconnect from 103.134.113.78 port 37094:11: Bye Bye [preauth]
Jan 20 12:15:18 host sshd[18568]: Disconnected from 103.134.113.78 port 37094 [preauth]
Jan 20 12:15:26 host sshd[18587]: Invalid user catadmin from 84.201.158.231 port 34522
Jan 20 12:15:26 host sshd[18587]: input_userauth_request: invalid user catadmin [preauth]
Jan 20 12:15:26 host sshd[18587]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:15:26 host sshd[18587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.201.158.231
Jan 20 12:15:28 host sshd[18587]: Failed password for invalid user catadmin from 84.201.158.231 port 34522 ssh2
Jan 20 12:15:28 host sshd[18587]: Received disconnect from 84.201.158.231 port 34522:11: Bye Bye [preauth]
Jan 20 12:15:28 host sshd[18587]: Disconnected from 84.201.158.231 port 34522 [preauth]
Jan 20 12:15:58 host sshd[18691]: Invalid user bitrix from 144.48.8.118 port 44216
Jan 20 12:15:58 host sshd[18691]: input_userauth_request: invalid user bitrix [preauth]
Jan 20 12:15:58 host sshd[18691]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:15:58 host sshd[18691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.48.8.118
Jan 20 12:16:00 host sshd[18691]: Failed password for invalid user bitrix from 144.48.8.118 port 44216 ssh2
Jan 20 12:16:00 host sshd[18691]: Received disconnect from 144.48.8.118 port 44216:11: Bye Bye [preauth]
Jan 20 12:16:00 host sshd[18691]: Disconnected from 144.48.8.118 port 44216 [preauth]
Jan 20 12:16:06 host sshd[18719]: Invalid user vnc from 45.152.67.253 port 52586
Jan 20 12:16:06 host sshd[18719]: input_userauth_request: invalid user vnc [preauth]
Jan 20 12:16:06 host sshd[18719]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:16:06 host sshd[18719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.67.253
Jan 20 12:16:08 host sshd[18719]: Failed password for invalid user vnc from 45.152.67.253 port 52586 ssh2
Jan 20 12:16:08 host sshd[18719]: Received disconnect from 45.152.67.253 port 52586:11: Bye Bye [preauth]
Jan 20 12:16:08 host sshd[18719]: Disconnected from 45.152.67.253 port 52586 [preauth]
Jan 20 12:16:20 host sshd[18752]: Did not receive identification string from 58.72.18.130 port 16067
Jan 20 12:16:25 host sshd[18763]: Invalid user postgres from 45.127.88.139 port 44400
Jan 20 12:16:25 host sshd[18763]: input_userauth_request: invalid user postgres [preauth]
Jan 20 12:16:25 host sshd[18763]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:16:25 host sshd[18763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.127.88.139
Jan 20 12:16:28 host sshd[18763]: Failed password for invalid user postgres from 45.127.88.139 port 44400 ssh2
Jan 20 12:16:36 host sshd[18839]: Invalid user vpntest from 84.201.158.231 port 59222
Jan 20 12:16:36 host sshd[18839]: input_userauth_request: invalid user vpntest [preauth]
Jan 20 12:16:36 host sshd[18839]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:16:36 host sshd[18839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.201.158.231
Jan 20 12:16:38 host sshd[18839]: Failed password for invalid user vpntest from 84.201.158.231 port 59222 ssh2
Jan 20 12:16:39 host sshd[18839]: Received disconnect from 84.201.158.231 port 59222:11: Bye Bye [preauth]
Jan 20 12:16:39 host sshd[18839]: Disconnected from 84.201.158.231 port 59222 [preauth]
Jan 20 12:16:57 host sshd[18926]: Invalid user testuser from 192.241.154.229 port 52178
Jan 20 12:16:57 host sshd[18926]: input_userauth_request: invalid user testuser [preauth]
Jan 20 12:16:57 host sshd[18926]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:16:57 host sshd[18926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.154.229
Jan 20 12:16:59 host sshd[18926]: Failed password for invalid user testuser from 192.241.154.229 port 52178 ssh2
Jan 20 12:17:00 host sshd[18926]: Received disconnect from 192.241.154.229 port 52178:11: Bye Bye [preauth]
Jan 20 12:17:00 host sshd[18926]: Disconnected from 192.241.154.229 port 52178 [preauth]
Jan 20 12:17:02 host sshd[18945]: Invalid user internet from 51.89.88.86 port 38340
Jan 20 12:17:02 host sshd[18945]: input_userauth_request: invalid user internet [preauth]
Jan 20 12:17:02 host sshd[18945]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:17:02 host sshd[18945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.89.88.86
Jan 20 12:17:04 host sshd[18945]: Failed password for invalid user internet from 51.89.88.86 port 38340 ssh2
Jan 20 12:17:04 host sshd[18945]: Received disconnect from 51.89.88.86 port 38340:11: Bye Bye [preauth]
Jan 20 12:17:04 host sshd[18945]: Disconnected from 51.89.88.86 port 38340 [preauth]
Jan 20 12:17:05 host sshd[18962]: Invalid user esuser from 144.48.8.118 port 38780
Jan 20 12:17:05 host sshd[18962]: input_userauth_request: invalid user esuser [preauth]
Jan 20 12:17:05 host sshd[18962]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:17:05 host sshd[18962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.48.8.118
Jan 20 12:17:07 host sshd[18962]: Failed password for invalid user esuser from 144.48.8.118 port 38780 ssh2
Jan 20 12:17:09 host sshd[19002]: Invalid user weblogic from 103.134.113.78 port 36112
Jan 20 12:17:09 host sshd[19002]: input_userauth_request: invalid user weblogic [preauth]
Jan 20 12:17:09 host sshd[19002]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:17:09 host sshd[19002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.134.113.78
Jan 20 12:17:11 host sshd[19002]: Failed password for invalid user weblogic from 103.134.113.78 port 36112 ssh2
Jan 20 12:17:11 host sshd[19002]: Received disconnect from 103.134.113.78 port 36112:11: Bye Bye [preauth]
Jan 20 12:17:11 host sshd[19002]: Disconnected from 103.134.113.78 port 36112 [preauth]
Jan 20 12:17:17 host sshd[19071]: Invalid user internet from 119.92.56.77 port 63568
Jan 20 12:17:17 host sshd[19071]: input_userauth_request: invalid user internet [preauth]
Jan 20 12:17:17 host sshd[19071]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:17:17 host sshd[19071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.92.56.77
Jan 20 12:17:17 host sshd[19078]: Invalid user gitlab-psql from 134.209.159.210 port 43982
Jan 20 12:17:17 host sshd[19078]: input_userauth_request: invalid user gitlab-psql [preauth]
Jan 20 12:17:17 host sshd[19078]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:17:17 host sshd[19078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.159.210
Jan 20 12:17:18 host sshd[19071]: Failed password for invalid user internet from 119.92.56.77 port 63568 ssh2
Jan 20 12:17:19 host sshd[19071]: Received disconnect from 119.92.56.77 port 63568:11: Bye Bye [preauth]
Jan 20 12:17:19 host sshd[19071]: Disconnected from 119.92.56.77 port 63568 [preauth]
Jan 20 12:17:19 host sshd[19078]: Failed password for invalid user gitlab-psql from 134.209.159.210 port 43982 ssh2
Jan 20 12:17:19 host sshd[19078]: Received disconnect from 134.209.159.210 port 43982:11: Bye Bye [preauth]
Jan 20 12:17:19 host sshd[19078]: Disconnected from 134.209.159.210 port 43982 [preauth]
Jan 20 12:18:05 host sshd[19193]: Invalid user admin2 from 192.241.154.229 port 56944
Jan 20 12:18:05 host sshd[19193]: input_userauth_request: invalid user admin2 [preauth]
Jan 20 12:18:05 host sshd[19193]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:18:05 host sshd[19193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.154.229
Jan 20 12:18:07 host sshd[19193]: Failed password for invalid user admin2 from 192.241.154.229 port 56944 ssh2
Jan 20 12:18:11 host sshd[19237]: Invalid user host from 45.152.67.253 port 56538
Jan 20 12:18:11 host sshd[19237]: input_userauth_request: invalid user host [preauth]
Jan 20 12:18:11 host sshd[19237]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:18:11 host sshd[19237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.67.253
Jan 20 12:18:12 host sshd[19237]: Failed password for invalid user host from 45.152.67.253 port 56538 ssh2
Jan 20 12:18:12 host sshd[19237]: Received disconnect from 45.152.67.253 port 56538:11: Bye Bye [preauth]
Jan 20 12:18:12 host sshd[19237]: Disconnected from 45.152.67.253 port 56538 [preauth]
Jan 20 12:18:15 host sshd[19243]: User root from 134.17.24.54 not allowed because not listed in AllowUsers
Jan 20 12:18:15 host sshd[19243]: input_userauth_request: invalid user root [preauth]
Jan 20 12:18:15 host unix_chkpwd[19254]: password check failed for user (root)
Jan 20 12:18:15 host sshd[19243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.24.54 user=root
Jan 20 12:18:15 host sshd[19243]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 12:18:16 host sshd[19251]: Invalid user redis from 96.67.59.65 port 56475
Jan 20 12:18:16 host sshd[19251]: input_userauth_request: invalid user redis [preauth]
Jan 20 12:18:16 host sshd[19251]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:18:16 host sshd[19251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
Jan 20 12:18:18 host sshd[19243]: Failed password for invalid user root from 134.17.24.54 port 45590 ssh2
Jan 20 12:18:18 host sshd[19251]: Failed password for invalid user redis from 96.67.59.65 port 56475 ssh2
Jan 20 12:18:18 host unix_chkpwd[19263]: password check failed for user (root)
Jan 20 12:18:18 host sshd[19243]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 12:18:18 host sshd[19251]: Received disconnect from 96.67.59.65 port 56475:11: Bye Bye [preauth]
Jan 20 12:18:18 host sshd[19251]: Disconnected from 96.67.59.65 port 56475 [preauth]
Jan 20 12:18:20 host sshd[19243]: Failed password for invalid user root from 134.17.24.54 port 45590 ssh2
Jan 20 12:18:22 host unix_chkpwd[19268]: password check failed for user (root)
Jan 20 12:18:22 host sshd[19243]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 12:18:24 host sshd[19243]: Failed password for invalid user root from 134.17.24.54 port 45590 ssh2
Jan 20 12:18:24 host unix_chkpwd[19279]: password check failed for user (root)
Jan 20 12:18:24 host sshd[19243]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 12:18:27 host sshd[19243]: Failed password for invalid user root from 134.17.24.54 port 45590 ssh2
Jan 20 12:18:39 host sshd[19453]: Invalid user developer from 134.209.159.210 port 42084
Jan 20 12:18:39 host sshd[19453]: input_userauth_request: invalid user developer [preauth]
Jan 20 12:18:39 host sshd[19453]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:18:39 host sshd[19453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.159.210
Jan 20 12:18:40 host sshd[19455]: Invalid user mapadmin from 51.89.88.86 port 37590
Jan 20 12:18:40 host sshd[19455]: input_userauth_request: invalid user mapadmin [preauth]
Jan 20 12:18:40 host sshd[19455]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:18:40 host sshd[19455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.89.88.86
Jan 20 12:18:42 host sshd[19453]: Failed password for invalid user developer from 134.209.159.210 port 42084 ssh2
Jan 20 12:18:42 host sshd[19455]: Failed password for invalid user mapadmin from 51.89.88.86 port 37590 ssh2
Jan 20 12:19:04 host sshd[19559]: Invalid user otrs from 119.92.56.77 port 32580
Jan 20 12:19:04 host sshd[19559]: input_userauth_request: invalid user otrs [preauth]
Jan 20 12:19:04 host sshd[19559]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:19:04 host sshd[19559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.92.56.77
Jan 20 12:19:06 host sshd[19559]: Failed password for invalid user otrs from 119.92.56.77 port 32580 ssh2
Jan 20 12:19:06 host sshd[19559]: Received disconnect from 119.92.56.77 port 32580:11: Bye Bye [preauth]
Jan 20 12:19:06 host sshd[19559]: Disconnected from 119.92.56.77 port 32580 [preauth]
Jan 20 12:19:21 host sshd[19631]: Invalid user admin from 1.34.4.10 port 51189
Jan 20 12:19:21 host sshd[19631]: input_userauth_request: invalid user admin [preauth]
Jan 20 12:19:21 host sshd[19631]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:19:21 host sshd[19631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.4.10
Jan 20 12:19:23 host sshd[19631]: Failed password for invalid user admin from 1.34.4.10 port 51189 ssh2
Jan 20 12:19:23 host sshd[19631]: Failed password for invalid user admin from 1.34.4.10 port 51189 ssh2
Jan 20 12:19:24 host sshd[19631]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:19:26 host sshd[19631]: Failed password for invalid user admin from 1.34.4.10 port 51189 ssh2
Jan 20 12:19:26 host sshd[19631]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:19:28 host sshd[19631]: Failed password for invalid user admin from 1.34.4.10 port 51189 ssh2
Jan 20 12:19:29 host sshd[19631]: Connection reset by 1.34.4.10 port 51189 [preauth]
Jan 20 12:19:29 host sshd[19631]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.4.10
Jan 20 12:19:34 host sshd[19698]: Invalid user info from 96.67.59.65 port 54671
Jan 20 12:19:34 host sshd[19698]: input_userauth_request: invalid user info [preauth]
Jan 20 12:19:34 host sshd[19698]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:19:34 host sshd[19698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
Jan 20 12:19:34 host sshd[19703]: Invalid user linuxacademy from 45.152.67.253 port 55852
Jan 20 12:19:34 host sshd[19703]: input_userauth_request: invalid user linuxacademy [preauth]
Jan 20 12:19:34 host sshd[19703]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:19:34 host sshd[19703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.67.253
Jan 20 12:19:35 host sshd[19698]: Failed password for invalid user info from 96.67.59.65 port 54671 ssh2
Jan 20 12:19:35 host sshd[19698]: Received disconnect from 96.67.59.65 port 54671:11: Bye Bye [preauth]
Jan 20 12:19:35 host sshd[19698]: Disconnected from 96.67.59.65 port 54671 [preauth]
Jan 20 12:19:36 host sshd[19703]: Failed password for invalid user linuxacademy from 45.152.67.253 port 55852 ssh2
Jan 20 12:19:36 host sshd[19703]: Received disconnect from 45.152.67.253 port 55852:11: Bye Bye [preauth]
Jan 20 12:19:36 host sshd[19703]: Disconnected from 45.152.67.253 port 55852 [preauth]
Jan 20 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwnexidigital user-2=mrsclean user-3=kottayamcalldriv user-4=phmetals user-5=gifterman user-6=palco123 user-7=wwwletsstalkfood user-8=straightcurve user-9=wwwevmhonda user-10=bonifacegroup user-11=pmcresources user-12=wwwtestugo user-13=shalinijames user-14=vfmassets user-15=woodpeck user-16=wwwkapin user-17=remysagr user-18=disposeat user-19=wwwkmaorg user-20=ugotscom user-21=wwwrmswll user-22=wwwresourcehunte user-23=keralaholi user-24=travelboniface user-25=wwwpmcresource user-26=laundryboniface user-27=dartsimp user-28=a2zgroup user-29=wwwkaretakers user-30=cochintaxi feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 12:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-pHDcgmcHAPKL4ZJk.~
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-pHDcgmcHAPKL4ZJk.~'
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-pHDcgmcHAPKL4ZJk.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 12:21:14 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 12:21:14 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 12:21:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 12:21:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 12:21:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 12:21:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 12:21:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:21:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 12:21:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 12:21:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 12:25:08 host sshd[20828]: Invalid user super from 151.73.220.142 port 45463
Jan 20 12:25:08 host sshd[20828]: input_userauth_request: invalid user super [preauth]
Jan 20 12:25:08 host sshd[20828]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:25:08 host sshd[20828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.73.220.142
Jan 20 12:25:11 host sshd[20828]: Failed password for invalid user super from 151.73.220.142 port 45463 ssh2
Jan 20 12:25:15 host sshd[20828]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:25:17 host sshd[20828]: Failed password for invalid user super from 151.73.220.142 port 45463 ssh2
Jan 20 12:25:22 host sshd[20828]: Connection reset by 151.73.220.142 port 45463 [preauth]
Jan 20 12:25:22 host sshd[20828]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.73.220.142
Jan 20 12:28:27 host sshd[21246]: Connection closed by 172.105.128.11 port 63426 [preauth]
Jan 20 12:28:30 host sshd[21255]: Connection closed by 172.105.128.11 port 63442 [preauth]
Jan 20 12:28:33 host sshd[21280]: Connection closed by 172.105.128.11 port 63458 [preauth]
Jan 20 12:39:12 host sshd[22716]: Invalid user willie from 209.141.56.48 port 55752
Jan 20 12:39:12 host sshd[22716]: input_userauth_request: invalid user willie [preauth]
Jan 20 12:39:12 host sshd[22716]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:39:12 host sshd[22716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 20 12:39:14 host sshd[22716]: Failed password for invalid user willie from 209.141.56.48 port 55752 ssh2
Jan 20 12:39:14 host sshd[22716]: Connection closed by 209.141.56.48 port 55752 [preauth]
Jan 20 12:40:07 host sshd[22842]: Invalid user user from 195.226.194.242 port 48236
Jan 20 12:40:07 host sshd[22842]: input_userauth_request: invalid user user [preauth]
Jan 20 12:40:07 host sshd[22842]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:40:07 host sshd[22842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 20 12:40:09 host sshd[22842]: Failed password for invalid user user from 195.226.194.242 port 48236 ssh2
Jan 20 12:40:09 host sshd[22842]: Received disconnect from 195.226.194.242 port 48236:11: Bye Bye [preauth]
Jan 20 12:40:09 host sshd[22842]: Disconnected from 195.226.194.242 port 48236 [preauth]
Jan 20 12:40:50 host sshd[23030]: Invalid user support from 223.72.43.35 port 17490
Jan 20 12:40:50 host sshd[23030]: input_userauth_request: invalid user support [preauth]
Jan 20 12:40:50 host sshd[23030]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:40:50 host sshd[23030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.72.43.35
Jan 20 12:40:52 host sshd[23030]: Failed password for invalid user support from 223.72.43.35 port 17490 ssh2
Jan 20 12:40:52 host sshd[23030]: Received disconnect from 223.72.43.35 port 17490:11: Bye Bye [preauth]
Jan 20 12:40:52 host sshd[23030]: Disconnected from 223.72.43.35 port 17490 [preauth]
Jan 20 12:41:29 host sshd[23094]: Invalid user zyfwp from 114.33.122.156 port 57338
Jan 20 12:41:29 host sshd[23094]: input_userauth_request: invalid user zyfwp [preauth]
Jan 20 12:41:29 host sshd[23094]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:41:29 host sshd[23094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.122.156
Jan 20 12:41:30 host sshd[23118]: Invalid user willie from 209.141.56.48 port 59382
Jan 20 12:41:30 host sshd[23118]: input_userauth_request: invalid user willie [preauth]
Jan 20 12:41:30 host sshd[23118]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 12:41:30 host sshd[23118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 20 12:41:31 host sshd[23094]: Failed password for invalid user zyfwp from 114.33.122.156 port 57338 ssh2
Jan 20 12:41:31 host sshd[23094]: Connection reset by 114.33.122.156 port 57338 [preauth]
Jan 20 12:41:32 host sshd[23118]: Failed password for invalid user willie from 209.141.56.48 port 59382 ssh2
Jan 20 12:41:32 host sshd[23118]: Connection closed by 209.141.56.48 port 59382 [preauth]
Jan 20 12:55:05 host sshd[25153]: User root from 125.228.161.61 not allowed because not listed in AllowUsers
Jan 20 12:55:05 host sshd[25153]: input_userauth_request: invalid user root [preauth]
Jan 20 12:55:05 host unix_chkpwd[25159]: password check failed for user (root)
Jan 20 12:55:05 host sshd[25153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.161.61 user=root
Jan 20 12:55:05 host sshd[25153]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 12:55:07 host sshd[25153]: Failed password for invalid user root from 125.228.161.61 port 43127 ssh2
Jan 20 12:55:08 host unix_chkpwd[25163]: password check failed for user (root)
Jan 20 12:55:08 host sshd[25153]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 12:55:10 host sshd[25153]: Failed password for invalid user root from 125.228.161.61 port 43127 ssh2
Jan 20 12:55:10 host sshd[25153]: Connection reset by 125.228.161.61 port 43127 [preauth]
Jan 20 12:55:10 host sshd[25153]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.161.61 user=root
Jan 20 13:00:49 host sshd[26046]: Invalid user myappuser from 189.182.191.236 port 31604
Jan 20 13:00:49 host sshd[26046]: input_userauth_request: invalid user myappuser [preauth]
Jan 20 13:00:49 host sshd[26046]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:00:49 host sshd[26046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.182.191.236
Jan 20 13:00:51 host sshd[26046]: Failed password for invalid user myappuser from 189.182.191.236 port 31604 ssh2
Jan 20 13:00:51 host sshd[26046]: Received disconnect from 189.182.191.236 port 31604:11: Bye Bye [preauth]
Jan 20 13:00:51 host sshd[26046]: Disconnected from 189.182.191.236 port 31604 [preauth]
Jan 20 13:02:18 host sshd[26208]: Invalid user albert from 134.209.153.189 port 44192
Jan 20 13:02:18 host sshd[26208]: input_userauth_request: invalid user albert [preauth]
Jan 20 13:02:18 host sshd[26208]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:02:18 host sshd[26208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.153.189
Jan 20 13:02:20 host sshd[26208]: Failed password for invalid user albert from 134.209.153.189 port 44192 ssh2
Jan 20 13:02:20 host sshd[26208]: Received disconnect from 134.209.153.189 port 44192:11: Bye Bye [preauth]
Jan 20 13:02:20 host sshd[26208]: Disconnected from 134.209.153.189 port 44192 [preauth]
Jan 20 13:02:38 host sshd[26256]: Invalid user ftpuser from 223.72.43.35 port 17853
Jan 20 13:02:38 host sshd[26256]: input_userauth_request: invalid user ftpuser [preauth]
Jan 20 13:02:38 host sshd[26256]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:02:38 host sshd[26256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.72.43.35
Jan 20 13:02:40 host sshd[26256]: Failed password for invalid user ftpuser from 223.72.43.35 port 17853 ssh2
Jan 20 13:02:40 host sshd[26256]: Received disconnect from 223.72.43.35 port 17853:11: Bye Bye [preauth]
Jan 20 13:02:40 host sshd[26256]: Disconnected from 223.72.43.35 port 17853 [preauth]
Jan 20 13:02:50 host sshd[26280]: Invalid user postgres from 128.199.138.145 port 60608
Jan 20 13:02:50 host sshd[26280]: input_userauth_request: invalid user postgres [preauth]
Jan 20 13:02:50 host sshd[26280]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:02:50 host sshd[26280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.138.145
Jan 20 13:02:53 host sshd[26280]: Failed password for invalid user postgres from 128.199.138.145 port 60608 ssh2
Jan 20 13:02:53 host sshd[26280]: Received disconnect from 128.199.138.145 port 60608:11: Bye Bye [preauth]
Jan 20 13:02:53 host sshd[26280]: Disconnected from 128.199.138.145 port 60608 [preauth]
Jan 20 13:02:56 host sshd[26288]: Invalid user git from 189.182.191.236 port 41490
Jan 20 13:02:56 host sshd[26288]: input_userauth_request: invalid user git [preauth]
Jan 20 13:02:56 host sshd[26288]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:02:56 host sshd[26288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.182.191.236
Jan 20 13:02:58 host sshd[26288]: Failed password for invalid user git from 189.182.191.236 port 41490 ssh2
Jan 20 13:02:59 host sshd[26288]: Received disconnect from 189.182.191.236 port 41490:11: Bye Bye [preauth]
Jan 20 13:02:59 host sshd[26288]: Disconnected from 189.182.191.236 port 41490 [preauth]
Jan 20 13:03:37 host sshd[26369]: Invalid user adminuser from 189.182.191.236 port 48398
Jan 20 13:03:37 host sshd[26369]: input_userauth_request: invalid user adminuser [preauth]
Jan 20 13:03:37 host sshd[26369]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:03:37 host sshd[26369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.182.191.236
Jan 20 13:03:39 host sshd[26369]: Failed password for invalid user adminuser from 189.182.191.236 port 48398 ssh2
Jan 20 13:05:31 host sshd[26759]: Invalid user albert from 143.198.58.89 port 42408
Jan 20 13:05:31 host sshd[26759]: input_userauth_request: invalid user albert [preauth]
Jan 20 13:05:31 host sshd[26759]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:05:31 host sshd[26759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.58.89
Jan 20 13:05:32 host sshd[26759]: Failed password for invalid user albert from 143.198.58.89 port 42408 ssh2
Jan 20 13:05:33 host sshd[26759]: Received disconnect from 143.198.58.89 port 42408:11: Bye Bye [preauth]
Jan 20 13:05:33 host sshd[26759]: Disconnected from 143.198.58.89 port 42408 [preauth]
Jan 20 13:05:47 host sshd[26797]: Invalid user soksuser from 128.199.68.220 port 48222
Jan 20 13:05:47 host sshd[26797]: input_userauth_request: invalid user soksuser [preauth]
Jan 20 13:05:47 host sshd[26797]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:05:47 host sshd[26797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.68.220
Jan 20 13:05:49 host sshd[26797]: Failed password for invalid user soksuser from 128.199.68.220 port 48222 ssh2
Jan 20 13:05:49 host sshd[26797]: Received disconnect from 128.199.68.220 port 48222:11: Bye Bye [preauth]
Jan 20 13:05:49 host sshd[26797]: Disconnected from 128.199.68.220 port 48222 [preauth]
Jan 20 13:06:48 host sshd[26893]: Invalid user adminweb from 134.209.153.189 port 58102
Jan 20 13:06:48 host sshd[26893]: input_userauth_request: invalid user adminweb [preauth]
Jan 20 13:06:48 host sshd[26893]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:06:48 host sshd[26893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.153.189
Jan 20 13:06:51 host sshd[26893]: Failed password for invalid user adminweb from 134.209.153.189 port 58102 ssh2
Jan 20 13:06:51 host sshd[26893]: Received disconnect from 134.209.153.189 port 58102:11: Bye Bye [preauth]
Jan 20 13:06:51 host sshd[26893]: Disconnected from 134.209.153.189 port 58102 [preauth]
Jan 20 13:07:54 host sshd[27003]: Invalid user ubuntu from 128.199.68.220 port 50772
Jan 20 13:07:54 host sshd[27003]: input_userauth_request: invalid user ubuntu [preauth]
Jan 20 13:07:54 host sshd[27003]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:07:54 host sshd[27003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.68.220
Jan 20 13:07:56 host sshd[27003]: Failed password for invalid user ubuntu from 128.199.68.220 port 50772 ssh2
Jan 20 13:07:56 host sshd[27003]: Received disconnect from 128.199.68.220 port 50772:11: Bye Bye [preauth]
Jan 20 13:07:56 host sshd[27003]: Disconnected from 128.199.68.220 port 50772 [preauth]
Jan 20 13:08:07 host sshd[27031]: Invalid user test from 134.209.153.189 port 53114
Jan 20 13:08:07 host sshd[27031]: input_userauth_request: invalid user test [preauth]
Jan 20 13:08:07 host sshd[27031]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:08:07 host sshd[27031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.153.189
Jan 20 13:08:09 host sshd[27031]: Failed password for invalid user test from 134.209.153.189 port 53114 ssh2
Jan 20 13:08:13 host sshd[27075]: Invalid user devops from 128.199.138.145 port 53372
Jan 20 13:08:13 host sshd[27075]: input_userauth_request: invalid user devops [preauth]
Jan 20 13:08:13 host sshd[27075]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:08:13 host sshd[27075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.138.145
Jan 20 13:08:16 host sshd[27075]: Failed password for invalid user devops from 128.199.138.145 port 53372 ssh2
Jan 20 13:08:16 host sshd[27075]: Received disconnect from 128.199.138.145 port 53372:11: Bye Bye [preauth]
Jan 20 13:08:16 host sshd[27075]: Disconnected from 128.199.138.145 port 53372 [preauth]
Jan 20 13:08:34 host sshd[27120]: Invalid user catadmin from 143.198.58.89 port 60934
Jan 20 13:08:34 host sshd[27120]: input_userauth_request: invalid user catadmin [preauth]
Jan 20 13:08:34 host sshd[27120]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:08:34 host sshd[27120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.58.89
Jan 20 13:08:36 host sshd[27120]: Failed password for invalid user catadmin from 143.198.58.89 port 60934 ssh2
Jan 20 13:08:36 host sshd[27120]: Received disconnect from 143.198.58.89 port 60934:11: Bye Bye [preauth]
Jan 20 13:08:36 host sshd[27120]: Disconnected from 143.198.58.89 port 60934 [preauth]
Jan 20 13:09:12 host sshd[27200]: Invalid user tsuser from 128.199.68.220 port 48120
Jan 20 13:09:12 host sshd[27200]: input_userauth_request: invalid user tsuser [preauth]
Jan 20 13:09:12 host sshd[27200]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:09:12 host sshd[27200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.68.220
Jan 20 13:09:15 host sshd[27200]: Failed password for invalid user tsuser from 128.199.68.220 port 48120 ssh2
Jan 20 13:09:28 host sshd[27270]: Invalid user qauser from 128.199.138.145 port 47452
Jan 20 13:09:28 host sshd[27270]: input_userauth_request: invalid user qauser [preauth]
Jan 20 13:09:28 host sshd[27270]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:09:28 host sshd[27270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.138.145
Jan 20 13:09:30 host sshd[27270]: Failed password for invalid user qauser from 128.199.138.145 port 47452 ssh2
Jan 20 13:09:30 host sshd[27270]: Received disconnect from 128.199.138.145 port 47452:11: Bye Bye [preauth]
Jan 20 13:09:30 host sshd[27270]: Disconnected from 128.199.138.145 port 47452 [preauth]
Jan 20 13:09:36 host sshd[27316]: User root from 195.226.194.242 not allowed because not listed in AllowUsers
Jan 20 13:09:36 host sshd[27316]: input_userauth_request: invalid user root [preauth]
Jan 20 13:09:37 host unix_chkpwd[27323]: password check failed for user (root)
Jan 20 13:09:37 host sshd[27316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242 user=root
Jan 20 13:09:37 host sshd[27316]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 13:09:37 host sshd[27320]: Invalid user nodeuser from 143.198.58.89 port 38606
Jan 20 13:09:37 host sshd[27320]: input_userauth_request: invalid user nodeuser [preauth]
Jan 20 13:09:37 host sshd[27320]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:09:37 host sshd[27320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.58.89
Jan 20 13:09:38 host sshd[27316]: Failed password for invalid user root from 195.226.194.242 port 27802 ssh2
Jan 20 13:09:38 host sshd[27316]: Received disconnect from 195.226.194.242 port 27802:11: Bye Bye [preauth]
Jan 20 13:09:38 host sshd[27316]: Disconnected from 195.226.194.242 port 27802 [preauth]
Jan 20 13:09:39 host sshd[27320]: Failed password for invalid user nodeuser from 143.198.58.89 port 38606 ssh2
Jan 20 13:16:28 host sshd[28580]: Connection reset by 130.25.138.153 port 51695 [preauth]
Jan 20 13:17:20 host sshd[28709]: Connection reset by 221.144.48.195 port 61985 [preauth]
Jan 20 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwletsstalkfood user-2=straightcurve user-3=bonifacegroup user-4=wwwevmhonda user-5=wwwnexidigital user-6=mrsclean user-7=palco123 user-8=gifterman user-9=phmetals user-10=kottayamcalldriv user-11=wwwkapin user-12=woodpeck user-13=wwwkmaorg user-14=disposeat user-15=remysagr user-16=pmcresources user-17=vfmassets user-18=shalinijames user-19=wwwtestugo user-20=wwwpmcresource user-21=wwwresourcehunte user-22=keralaholi user-23=wwwrmswll user-24=ugotscom user-25=travelboniface user-26=cochintaxi user-27=wwwkaretakers user-28=laundryboniface user-29=a2zgroup user-30=dartsimp feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 13:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-zQ1Jquewqc9dUkIg.~
Jan 20 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-zQ1Jquewqc9dUkIg.~'
Jan 20 13:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-zQ1Jquewqc9dUkIg.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 13:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 13:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 13:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 13:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 13:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 13:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 13:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 13:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 13:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 13:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 13:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 13:25:05 host sshd[30066]: Invalid user pi from 223.72.43.35 port 17765
Jan 20 13:25:05 host sshd[30066]: input_userauth_request: invalid user pi [preauth]
Jan 20 13:25:06 host sshd[30066]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:25:06 host sshd[30066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.72.43.35
Jan 20 13:25:07 host sshd[30066]: Failed password for invalid user pi from 223.72.43.35 port 17765 ssh2
Jan 20 13:25:08 host sshd[30066]: Received disconnect from 223.72.43.35 port 17765:11: Bye Bye [preauth]
Jan 20 13:25:08 host sshd[30066]: Disconnected from 223.72.43.35 port 17765 [preauth]
Jan 20 13:30:09 host sshd[30794]: Invalid user nisuser from 146.190.121.89 port 35560
Jan 20 13:30:09 host sshd[30794]: input_userauth_request: invalid user nisuser [preauth]
Jan 20 13:30:09 host sshd[30794]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:30:09 host sshd[30794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.121.89
Jan 20 13:30:11 host sshd[30794]: Failed password for invalid user nisuser from 146.190.121.89 port 35560 ssh2
Jan 20 13:30:11 host sshd[30794]: Received disconnect from 146.190.121.89 port 35560:11: Bye Bye [preauth]
Jan 20 13:30:11 host sshd[30794]: Disconnected from 146.190.121.89 port 35560 [preauth]
Jan 20 13:30:44 host sshd[30876]: Invalid user administrator from 148.153.110.76 port 33522
Jan 20 13:30:44 host sshd[30876]: input_userauth_request: invalid user administrator [preauth]
Jan 20 13:30:44 host sshd[30876]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:30:44 host sshd[30876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.153.110.76
Jan 20 13:30:46 host sshd[30876]: Failed password for invalid user administrator from 148.153.110.76 port 33522 ssh2
Jan 20 13:30:46 host sshd[30876]: Received disconnect from 148.153.110.76 port 33522:11: Bye Bye [preauth]
Jan 20 13:30:46 host sshd[30876]: Disconnected from 148.153.110.76 port 33522 [preauth]
Jan 20 13:33:28 host sshd[31189]: Invalid user adminn from 43.153.84.59 port 47748
Jan 20 13:33:28 host sshd[31189]: input_userauth_request: invalid user adminn [preauth]
Jan 20 13:33:28 host sshd[31189]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:33:28 host sshd[31189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.84.59
Jan 20 13:33:30 host sshd[31189]: Failed password for invalid user adminn from 43.153.84.59 port 47748 ssh2
Jan 20 13:33:30 host sshd[31189]: Received disconnect from 43.153.84.59 port 47748:11: Bye Bye [preauth]
Jan 20 13:33:30 host sshd[31189]: Disconnected from 43.153.84.59 port 47748 [preauth]
Jan 20 13:34:24 host sshd[31291]: Invalid user client from 187.149.126.170 port 32089
Jan 20 13:34:24 host sshd[31291]: input_userauth_request: invalid user client [preauth]
Jan 20 13:34:24 host sshd[31291]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:34:24 host sshd[31291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.149.126.170
Jan 20 13:34:27 host sshd[31291]: Failed password for invalid user client from 187.149.126.170 port 32089 ssh2
Jan 20 13:34:27 host sshd[31291]: Received disconnect from 187.149.126.170 port 32089:11: Bye Bye [preauth]
Jan 20 13:34:27 host sshd[31291]: Disconnected from 187.149.126.170 port 32089 [preauth]
Jan 20 13:34:40 host sshd[31339]: Invalid user wduser from 146.190.121.89 port 36254
Jan 20 13:34:40 host sshd[31339]: input_userauth_request: invalid user wduser [preauth]
Jan 20 13:34:40 host sshd[31339]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:34:40 host sshd[31339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.121.89
Jan 20 13:34:42 host sshd[31339]: Failed password for invalid user wduser from 146.190.121.89 port 36254 ssh2
Jan 20 13:34:43 host sshd[31339]: Received disconnect from 146.190.121.89 port 36254:11: Bye Bye [preauth]
Jan 20 13:34:43 host sshd[31339]: Disconnected from 146.190.121.89 port 36254 [preauth]
Jan 20 13:35:41 host sshd[31589]: Invalid user ubuntu from 148.153.110.76 port 48626
Jan 20 13:35:41 host sshd[31589]: input_userauth_request: invalid user ubuntu [preauth]
Jan 20 13:35:41 host sshd[31589]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:35:41 host sshd[31589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.153.110.76
Jan 20 13:35:43 host sshd[31589]: Failed password for invalid user ubuntu from 148.153.110.76 port 48626 ssh2
Jan 20 13:35:43 host sshd[31589]: Received disconnect from 148.153.110.76 port 48626:11: Bye Bye [preauth]
Jan 20 13:35:43 host sshd[31589]: Disconnected from 148.153.110.76 port 48626 [preauth]
Jan 20 13:35:49 host sshd[31597]: Invalid user ubadmin from 146.190.121.89 port 50504
Jan 20 13:35:49 host sshd[31597]: input_userauth_request: invalid user ubadmin [preauth]
Jan 20 13:35:49 host sshd[31597]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:35:49 host sshd[31597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.121.89
Jan 20 13:35:50 host sshd[31597]: Failed password for invalid user ubadmin from 146.190.121.89 port 50504 ssh2
Jan 20 13:35:50 host sshd[31597]: Received disconnect from 146.190.121.89 port 50504:11: Bye Bye [preauth]
Jan 20 13:35:50 host sshd[31597]: Disconnected from 146.190.121.89 port 50504 [preauth]
Jan 20 13:36:25 host sshd[31685]: Invalid user wduser from 43.153.84.59 port 49758
Jan 20 13:36:25 host sshd[31685]: input_userauth_request: invalid user wduser [preauth]
Jan 20 13:36:25 host sshd[31685]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:36:25 host sshd[31685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.84.59
Jan 20 13:36:27 host sshd[31685]: Failed password for invalid user wduser from 43.153.84.59 port 49758 ssh2
Jan 20 13:36:27 host sshd[31685]: Received disconnect from 43.153.84.59 port 49758:11: Bye Bye [preauth]
Jan 20 13:36:27 host sshd[31685]: Disconnected from 43.153.84.59 port 49758 [preauth]
Jan 20 13:36:38 host sshd[31723]: Invalid user backupadmin from 106.241.143.74 port 34632
Jan 20 13:36:38 host sshd[31723]: input_userauth_request: invalid user backupadmin [preauth]
Jan 20 13:36:38 host sshd[31723]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:36:38 host sshd[31723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.241.143.74
Jan 20 13:36:40 host sshd[31723]: Failed password for invalid user backupadmin from 106.241.143.74 port 34632 ssh2
Jan 20 13:36:41 host sshd[31723]: Received disconnect from 106.241.143.74 port 34632:11: Bye Bye [preauth]
Jan 20 13:36:41 host sshd[31723]: Disconnected from 106.241.143.74 port 34632 [preauth]
Jan 20 13:36:54 host sshd[31754]: Invalid user admin from 148.153.110.76 port 43166
Jan 20 13:36:54 host sshd[31754]: input_userauth_request: invalid user admin [preauth]
Jan 20 13:36:54 host sshd[31754]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:36:54 host sshd[31754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.153.110.76
Jan 20 13:36:56 host sshd[31754]: Failed password for invalid user admin from 148.153.110.76 port 43166 ssh2
Jan 20 13:37:22 host sshd[31840]: Invalid user webadmin from 51.15.204.199 port 45926
Jan 20 13:37:22 host sshd[31840]: input_userauth_request: invalid user webadmin [preauth]
Jan 20 13:37:22 host sshd[31840]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:37:22 host sshd[31840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.204.199
Jan 20 13:37:24 host sshd[31840]: Failed password for invalid user webadmin from 51.15.204.199 port 45926 ssh2
Jan 20 13:37:24 host sshd[31840]: Received disconnect from 51.15.204.199 port 45926:11: Bye Bye [preauth]
Jan 20 13:37:24 host sshd[31840]: Disconnected from 51.15.204.199 port 45926 [preauth]
Jan 20 13:37:32 host sshd[31872]: Invalid user siteadmin from 187.149.126.170 port 17876
Jan 20 13:37:32 host sshd[31872]: input_userauth_request: invalid user siteadmin [preauth]
Jan 20 13:37:32 host sshd[31872]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:37:32 host sshd[31872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.149.126.170
Jan 20 13:37:34 host sshd[31872]: Failed password for invalid user siteadmin from 187.149.126.170 port 17876 ssh2
Jan 20 13:37:34 host sshd[31872]: Received disconnect from 187.149.126.170 port 17876:11: Bye Bye [preauth]
Jan 20 13:37:34 host sshd[31872]: Disconnected from 187.149.126.170 port 17876 [preauth]
Jan 20 13:38:53 host sshd[32042]: Invalid user postgres from 59.126.47.168 port 51634
Jan 20 13:38:53 host sshd[32042]: input_userauth_request: invalid user postgres [preauth]
Jan 20 13:38:53 host sshd[32042]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:38:53 host sshd[32042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.47.168
Jan 20 13:38:55 host sshd[32042]: Failed password for invalid user postgres from 59.126.47.168 port 51634 ssh2
Jan 20 13:38:55 host sshd[32042]: Connection reset by 59.126.47.168 port 51634 [preauth]
Jan 20 13:39:07 host sshd[32079]: Invalid user admin from 51.15.204.199 port 59592
Jan 20 13:39:07 host sshd[32079]: input_userauth_request: invalid user admin [preauth]
Jan 20 13:39:07 host sshd[32079]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:39:07 host sshd[32079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.204.199
Jan 20 13:39:09 host sshd[32079]: Failed password for invalid user admin from 51.15.204.199 port 59592 ssh2
Jan 20 13:39:09 host sshd[32079]: Received disconnect from 51.15.204.199 port 59592:11: Bye Bye [preauth]
Jan 20 13:39:09 host sshd[32079]: Disconnected from 51.15.204.199 port 59592 [preauth]
Jan 20 13:39:43 host sshd[32149]: Invalid user birgitta from 43.153.84.59 port 46282
Jan 20 13:39:43 host sshd[32149]: input_userauth_request: invalid user birgitta [preauth]
Jan 20 13:39:43 host sshd[32149]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:39:43 host sshd[32149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.84.59
Jan 20 13:39:44 host sshd[32149]: Failed password for invalid user birgitta from 43.153.84.59 port 46282 ssh2
Jan 20 13:39:45 host sshd[32149]: Received disconnect from 43.153.84.59 port 46282:11: Bye Bye [preauth]
Jan 20 13:39:45 host sshd[32149]: Disconnected from 43.153.84.59 port 46282 [preauth]
Jan 20 13:40:01 host sshd[32207]: Invalid user ubadmin from 187.149.126.170 port 13477
Jan 20 13:40:01 host sshd[32207]: input_userauth_request: invalid user ubadmin [preauth]
Jan 20 13:40:01 host sshd[32207]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:40:01 host sshd[32207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.149.126.170
Jan 20 13:40:03 host sshd[32207]: Failed password for invalid user ubadmin from 187.149.126.170 port 13477 ssh2
Jan 20 13:40:04 host sshd[32207]: Received disconnect from 187.149.126.170 port 13477:11: Bye Bye [preauth]
Jan 20 13:40:04 host sshd[32207]: Disconnected from 187.149.126.170 port 13477 [preauth]
Jan 20 13:40:08 host sshd[32332]: Invalid user gpadmin from 51.15.204.199 port 42750
Jan 20 13:40:08 host sshd[32332]: input_userauth_request: invalid user gpadmin [preauth]
Jan 20 13:40:08 host sshd[32332]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:40:08 host sshd[32332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.204.199
Jan 20 13:40:10 host sshd[32332]: Failed password for invalid user gpadmin from 51.15.204.199 port 42750 ssh2
Jan 20 13:40:18 host sshd[32416]: Invalid user mqm from 106.241.143.74 port 43704
Jan 20 13:40:18 host sshd[32416]: input_userauth_request: invalid user mqm [preauth]
Jan 20 13:40:18 host sshd[32416]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:40:18 host sshd[32416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.241.143.74
Jan 20 13:40:20 host sshd[32416]: Failed password for invalid user mqm from 106.241.143.74 port 43704 ssh2
Jan 20 13:40:20 host sshd[32416]: Received disconnect from 106.241.143.74 port 43704:11: Bye Bye [preauth]
Jan 20 13:40:20 host sshd[32416]: Disconnected from 106.241.143.74 port 43704 [preauth]
Jan 20 13:41:47 host sshd[32609]: Invalid user test12345 from 106.241.143.74 port 38408
Jan 20 13:41:47 host sshd[32609]: input_userauth_request: invalid user test12345 [preauth]
Jan 20 13:41:47 host sshd[32609]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:41:47 host sshd[32609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.241.143.74
Jan 20 13:41:48 host sshd[32609]: Failed password for invalid user test12345 from 106.241.143.74 port 38408 ssh2
Jan 20 13:41:48 host sshd[32609]: Received disconnect from 106.241.143.74 port 38408:11: Bye Bye [preauth]
Jan 20 13:41:48 host sshd[32609]: Disconnected from 106.241.143.74 port 38408 [preauth]
Jan 20 13:52:56 host sshd[2085]: Invalid user kyle from 107.189.30.59 port 35152
Jan 20 13:52:56 host sshd[2085]: input_userauth_request: invalid user kyle [preauth]
Jan 20 13:52:56 host sshd[2085]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:52:56 host sshd[2085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 20 13:52:58 host sshd[2085]: Failed password for invalid user kyle from 107.189.30.59 port 35152 ssh2
Jan 20 13:52:59 host sshd[2085]: Connection closed by 107.189.30.59 port 35152 [preauth]
Jan 20 13:59:27 host sshd[2975]: Invalid user gy from 194.110.203.109 port 38226
Jan 20 13:59:27 host sshd[2975]: input_userauth_request: invalid user gy [preauth]
Jan 20 13:59:27 host sshd[2975]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:59:27 host sshd[2975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 13:59:29 host sshd[2975]: Failed password for invalid user gy from 194.110.203.109 port 38226 ssh2
Jan 20 13:59:32 host sshd[2975]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:59:34 host sshd[2975]: Failed password for invalid user gy from 194.110.203.109 port 38226 ssh2
Jan 20 13:59:37 host sshd[2975]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 13:59:39 host sshd[2975]: Failed password for invalid user gy from 194.110.203.109 port 38226 ssh2
Jan 20 13:59:42 host sshd[2975]: Connection closed by 194.110.203.109 port 38226 [preauth]
Jan 20 13:59:42 host sshd[2975]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 14:01:41 host sshd[3279]: Invalid user admin from 125.228.24.60 port 46325
Jan 20 14:01:41 host sshd[3279]: input_userauth_request: invalid user admin [preauth]
Jan 20 14:01:41 host sshd[3279]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:01:41 host sshd[3279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.24.60
Jan 20 14:01:43 host sshd[3279]: Failed password for invalid user admin from 125.228.24.60 port 46325 ssh2
Jan 20 14:01:44 host sshd[3279]: Failed password for invalid user admin from 125.228.24.60 port 46325 ssh2
Jan 20 14:01:44 host sshd[3279]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:01:46 host sshd[3279]: Failed password for invalid user admin from 125.228.24.60 port 46325 ssh2
Jan 20 14:01:47 host sshd[3279]: Connection reset by 125.228.24.60 port 46325 [preauth]
Jan 20 14:01:47 host sshd[3279]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.24.60
Jan 20 14:08:08 host sshd[4161]: Invalid user sshvpn from 188.250.172.49 port 35589
Jan 20 14:08:08 host sshd[4161]: input_userauth_request: invalid user sshvpn [preauth]
Jan 20 14:08:08 host sshd[4161]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:08:08 host sshd[4161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.250.172.49
Jan 20 14:08:10 host sshd[4161]: Failed password for invalid user sshvpn from 188.250.172.49 port 35589 ssh2
Jan 20 14:08:10 host sshd[4161]: Received disconnect from 188.250.172.49 port 35589:11: Bye Bye [preauth]
Jan 20 14:08:10 host sshd[4161]: Disconnected from 188.250.172.49 port 35589 [preauth]
Jan 20 14:13:33 host sshd[5279]: Invalid user testappl from 188.250.172.49 port 46094
Jan 20 14:13:33 host sshd[5279]: input_userauth_request: invalid user testappl [preauth]
Jan 20 14:13:33 host sshd[5279]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:13:33 host sshd[5279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.250.172.49
Jan 20 14:13:35 host sshd[5279]: Failed password for invalid user testappl from 188.250.172.49 port 46094 ssh2
Jan 20 14:13:35 host sshd[5279]: Received disconnect from 188.250.172.49 port 46094:11: Bye Bye [preauth]
Jan 20 14:13:35 host sshd[5279]: Disconnected from 188.250.172.49 port 46094 [preauth]
Jan 20 14:14:35 host sshd[5574]: Invalid user pdx from 188.250.172.49 port 63113
Jan 20 14:14:35 host sshd[5574]: input_userauth_request: invalid user pdx [preauth]
Jan 20 14:14:35 host sshd[5574]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:14:35 host sshd[5574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.250.172.49
Jan 20 14:14:36 host sshd[5574]: Failed password for invalid user pdx from 188.250.172.49 port 63113 ssh2
Jan 20 14:16:44 host sshd[5938]: Invalid user admin from 210.97.106.213 port 62220
Jan 20 14:16:44 host sshd[5938]: input_userauth_request: invalid user admin [preauth]
Jan 20 14:16:44 host sshd[5938]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:16:44 host sshd[5938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.97.106.213
Jan 20 14:16:45 host sshd[5938]: Failed password for invalid user admin from 210.97.106.213 port 62220 ssh2
Jan 20 14:16:46 host sshd[5938]: Failed password for invalid user admin from 210.97.106.213 port 62220 ssh2
Jan 20 14:16:46 host sshd[5938]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:16:48 host sshd[5938]: Failed password for invalid user admin from 210.97.106.213 port 62220 ssh2
Jan 20 14:16:49 host sshd[5938]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:16:50 host sshd[5938]: Failed password for invalid user admin from 210.97.106.213 port 62220 ssh2
Jan 20 14:16:50 host sshd[5938]: Connection reset by 210.97.106.213 port 62220 [preauth]
Jan 20 14:16:50 host sshd[5938]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.97.106.213
Jan 20 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkaretakers user-2=cochintaxi user-3=laundryboniface user-4=a2zgroup user-5=dartsimp user-6=wwwpmcresource user-7=ugotscom user-8=keralaholi user-9=wwwresourcehunte user-10=wwwrmswll user-11=travelboniface user-12=wwwkapin user-13=woodpeck user-14=disposeat user-15=wwwkmaorg user-16=remysagr user-17=pmcresources user-18=shalinijames user-19=wwwtestugo user-20=vfmassets user-21=wwwletsstalkfood user-22=straightcurve user-23=wwwevmhonda user-24=bonifacegroup user-25=wwwnexidigital user-26=mrsclean user-27=kottayamcalldriv user-28=phmetals user-29=palco123 user-30=gifterman feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 14:21:07 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-P0KMZiyzEixEJG2x.~
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-P0KMZiyzEixEJG2x.~'
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-P0KMZiyzEixEJG2x.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 14:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 14:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 14:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 14:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 14:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 14:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 14:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 14:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 14:21:29 host sshd[6711]: invalid public DH value: >= p-1 [preauth]
Jan 20 14:21:29 host sshd[6711]: ssh_dispatch_run_fatal: Connection from 185.164.212.57 port 58908: incomplete message [preauth]
Jan 20 14:21:34 host sshd[6739]: Invalid user db2inst1 from 143.198.143.233 port 37262
Jan 20 14:21:34 host sshd[6739]: input_userauth_request: invalid user db2inst1 [preauth]
Jan 20 14:21:34 host sshd[6739]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:21:34 host sshd[6739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.143.233
Jan 20 14:21:36 host sshd[6739]: Failed password for invalid user db2inst1 from 143.198.143.233 port 37262 ssh2
Jan 20 14:21:36 host sshd[6739]: Received disconnect from 143.198.143.233 port 37262:11: Bye Bye [preauth]
Jan 20 14:21:36 host sshd[6739]: Disconnected from 143.198.143.233 port 37262 [preauth]
Jan 20 14:21:52 host sshd[6765]: Invalid user user from 187.243.248.114 port 41498
Jan 20 14:21:52 host sshd[6765]: input_userauth_request: invalid user user [preauth]
Jan 20 14:21:52 host sshd[6765]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:21:52 host sshd[6765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.243.248.114
Jan 20 14:21:54 host sshd[6765]: Failed password for invalid user user from 187.243.248.114 port 41498 ssh2
Jan 20 14:21:54 host sshd[6765]: Received disconnect from 187.243.248.114 port 41498:11: Bye Bye [preauth]
Jan 20 14:21:54 host sshd[6765]: Disconnected from 187.243.248.114 port 41498 [preauth]
Jan 20 14:21:58 host sshd[6774]: Invalid user phpmyadmin from 43.134.78.43 port 40824
Jan 20 14:21:58 host sshd[6774]: input_userauth_request: invalid user phpmyadmin [preauth]
Jan 20 14:21:58 host sshd[6774]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:21:58 host sshd[6774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.78.43
Jan 20 14:22:00 host sshd[6777]: Invalid user default from 117.209.104.148 port 33616
Jan 20 14:22:00 host sshd[6777]: input_userauth_request: invalid user default [preauth]
Jan 20 14:22:00 host sshd[6777]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:22:00 host sshd[6777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.209.104.148
Jan 20 14:22:00 host sshd[6774]: Failed password for invalid user phpmyadmin from 43.134.78.43 port 40824 ssh2
Jan 20 14:22:00 host sshd[6774]: Received disconnect from 43.134.78.43 port 40824:11: Bye Bye [preauth]
Jan 20 14:22:00 host sshd[6774]: Disconnected from 43.134.78.43 port 40824 [preauth]
Jan 20 14:22:01 host sshd[6777]: Failed password for invalid user default from 117.209.104.148 port 33616 ssh2
Jan 20 14:22:01 host sshd[6777]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:22:03 host sshd[6792]: Invalid user diradmin from 178.220.122.156 port 51795
Jan 20 14:22:03 host sshd[6792]: input_userauth_request: invalid user diradmin [preauth]
Jan 20 14:22:03 host sshd[6792]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:22:03 host sshd[6792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.220.122.156
Jan 20 14:22:04 host sshd[6777]: Failed password for invalid user default from 117.209.104.148 port 33616 ssh2
Jan 20 14:22:04 host sshd[6777]: Connection reset by 117.209.104.148 port 33616 [preauth]
Jan 20 14:22:04 host sshd[6777]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.209.104.148
Jan 20 14:22:06 host sshd[6792]: Failed password for invalid user diradmin from 178.220.122.156 port 51795 ssh2
Jan 20 14:22:06 host sshd[6792]: Received disconnect from 178.220.122.156 port 51795:11: Bye Bye [preauth]
Jan 20 14:22:06 host sshd[6792]: Disconnected from 178.220.122.156 port 51795 [preauth]
Jan 20 14:22:14 host sshd[6805]: Invalid user usertest from 167.172.194.232 port 49968
Jan 20 14:22:14 host sshd[6805]: input_userauth_request: invalid user usertest [preauth]
Jan 20 14:22:14 host sshd[6805]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:22:14 host sshd[6805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.194.232
Jan 20 14:22:16 host sshd[6805]: Failed password for invalid user usertest from 167.172.194.232 port 49968 ssh2
Jan 20 14:22:17 host sshd[6805]: Received disconnect from 167.172.194.232 port 49968:11: Bye Bye [preauth]
Jan 20 14:22:17 host sshd[6805]: Disconnected from 167.172.194.232 port 49968 [preauth]
Jan 20 14:22:25 host sshd[6814]: Invalid user stuser from 201.6.107.69 port 52392
Jan 20 14:22:25 host sshd[6814]: input_userauth_request: invalid user stuser [preauth]
Jan 20 14:22:25 host sshd[6814]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:22:25 host sshd[6814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.6.107.69
Jan 20 14:22:27 host sshd[6814]: Failed password for invalid user stuser from 201.6.107.69 port 52392 ssh2
Jan 20 14:22:27 host sshd[6814]: Received disconnect from 201.6.107.69 port 52392:11: Bye Bye [preauth]
Jan 20 14:22:27 host sshd[6814]: Disconnected from 201.6.107.69 port 52392 [preauth]
Jan 20 14:23:33 host sshd[6956]: Invalid user usertest from 178.220.122.156 port 41601
Jan 20 14:23:33 host sshd[6956]: input_userauth_request: invalid user usertest [preauth]
Jan 20 14:23:33 host sshd[6956]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:23:33 host sshd[6956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.220.122.156
Jan 20 14:23:35 host sshd[6956]: Failed password for invalid user usertest from 178.220.122.156 port 41601 ssh2
Jan 20 14:23:35 host sshd[6956]: Received disconnect from 178.220.122.156 port 41601:11: Bye Bye [preauth]
Jan 20 14:23:35 host sshd[6956]: Disconnected from 178.220.122.156 port 41601 [preauth]
Jan 20 14:23:42 host sshd[6982]: Invalid user linuxadmin from 198.27.67.44 port 50492
Jan 20 14:23:42 host sshd[6982]: input_userauth_request: invalid user linuxadmin [preauth]
Jan 20 14:23:42 host sshd[6982]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:23:42 host sshd[6982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.27.67.44
Jan 20 14:23:44 host sshd[6982]: Failed password for invalid user linuxadmin from 198.27.67.44 port 50492 ssh2
Jan 20 14:23:44 host sshd[6982]: Received disconnect from 198.27.67.44 port 50492:11: Bye Bye [preauth]
Jan 20 14:23:44 host sshd[6982]: Disconnected from 198.27.67.44 port 50492 [preauth]
Jan 20 14:24:06 host sshd[7039]: Invalid user nuser from 181.176.145.114 port 55840
Jan 20 14:24:06 host sshd[7039]: input_userauth_request: invalid user nuser [preauth]
Jan 20 14:24:06 host sshd[7039]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:24:06 host sshd[7039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.145.114
Jan 20 14:24:08 host sshd[7039]: Failed password for invalid user nuser from 181.176.145.114 port 55840 ssh2
Jan 20 14:24:09 host sshd[7039]: Received disconnect from 181.176.145.114 port 55840:11: Bye Bye [preauth]
Jan 20 14:24:09 host sshd[7039]: Disconnected from 181.176.145.114 port 55840 [preauth]
Jan 20 14:24:16 host sshd[7051]: Invalid user FTPUser from 178.220.122.156 port 50378
Jan 20 14:24:16 host sshd[7051]: input_userauth_request: invalid user FTPUser [preauth]
Jan 20 14:24:16 host sshd[7051]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:24:16 host sshd[7051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.220.122.156
Jan 20 14:24:19 host sshd[7051]: Failed password for invalid user FTPUser from 178.220.122.156 port 50378 ssh2
Jan 20 14:24:19 host sshd[7051]: Received disconnect from 178.220.122.156 port 50378:11: Bye Bye [preauth]
Jan 20 14:24:19 host sshd[7051]: Disconnected from 178.220.122.156 port 50378 [preauth]
Jan 20 14:24:47 host sshd[7249]: Invalid user ftpuser from 188.166.240.186 port 57304
Jan 20 14:24:47 host sshd[7249]: input_userauth_request: invalid user ftpuser [preauth]
Jan 20 14:24:47 host sshd[7249]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:24:47 host sshd[7249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.240.186
Jan 20 14:24:48 host sshd[7247]: Invalid user postgres from 110.136.247.180 port 56228
Jan 20 14:24:48 host sshd[7247]: input_userauth_request: invalid user postgres [preauth]
Jan 20 14:24:48 host sshd[7247]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:24:48 host sshd[7247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.136.247.180
Jan 20 14:24:49 host sshd[7249]: Failed password for invalid user ftpuser from 188.166.240.186 port 57304 ssh2
Jan 20 14:24:49 host sshd[7249]: Received disconnect from 188.166.240.186 port 57304:11: Bye Bye [preauth]
Jan 20 14:24:49 host sshd[7249]: Disconnected from 188.166.240.186 port 57304 [preauth]
Jan 20 14:24:50 host sshd[7247]: Failed password for invalid user postgres from 110.136.247.180 port 56228 ssh2
Jan 20 14:24:50 host sshd[7247]: Received disconnect from 110.136.247.180 port 56228:11: Bye Bye [preauth]
Jan 20 14:24:50 host sshd[7247]: Disconnected from 110.136.247.180 port 56228 [preauth]
Jan 20 14:25:16 host sshd[7313]: Invalid user nagiosuser from 157.230.6.213 port 60566
Jan 20 14:25:16 host sshd[7313]: input_userauth_request: invalid user nagiosuser [preauth]
Jan 20 14:25:16 host sshd[7313]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:25:16 host sshd[7313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.6.213
Jan 20 14:25:18 host sshd[7313]: Failed password for invalid user nagiosuser from 157.230.6.213 port 60566 ssh2
Jan 20 14:25:18 host sshd[7313]: Received disconnect from 157.230.6.213 port 60566:11: Bye Bye [preauth]
Jan 20 14:25:18 host sshd[7313]: Disconnected from 157.230.6.213 port 60566 [preauth]
Jan 20 14:25:44 host sshd[7373]: Invalid user temp from 137.184.112.37 port 38574
Jan 20 14:25:44 host sshd[7373]: input_userauth_request: invalid user temp [preauth]
Jan 20 14:25:44 host sshd[7373]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:25:44 host sshd[7373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.112.37
Jan 20 14:25:46 host sshd[7373]: Failed password for invalid user temp from 137.184.112.37 port 38574 ssh2
Jan 20 14:25:46 host sshd[7373]: Received disconnect from 137.184.112.37 port 38574:11: Bye Bye [preauth]
Jan 20 14:25:46 host sshd[7373]: Disconnected from 137.184.112.37 port 38574 [preauth]
Jan 20 14:26:34 host sshd[7485]: Invalid user jenkins from 112.78.136.204 port 34400
Jan 20 14:26:34 host sshd[7485]: input_userauth_request: invalid user jenkins [preauth]
Jan 20 14:26:34 host sshd[7485]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:26:34 host sshd[7485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.78.136.204
Jan 20 14:26:37 host sshd[7485]: Failed password for invalid user jenkins from 112.78.136.204 port 34400 ssh2
Jan 20 14:26:37 host sshd[7485]: Received disconnect from 112.78.136.204 port 34400:11: Bye Bye [preauth]
Jan 20 14:26:37 host sshd[7485]: Disconnected from 112.78.136.204 port 34400 [preauth]
Jan 20 14:26:57 host sshd[7514]: Invalid user myappuser from 198.27.67.44 port 45504
Jan 20 14:26:57 host sshd[7514]: input_userauth_request: invalid user myappuser [preauth]
Jan 20 14:26:57 host sshd[7514]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:26:57 host sshd[7514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.27.67.44
Jan 20 14:26:59 host sshd[7514]: Failed password for invalid user myappuser from 198.27.67.44 port 45504 ssh2
Jan 20 14:26:59 host sshd[7517]: Invalid user jenkins from 190.64.68.178 port 29305
Jan 20 14:26:59 host sshd[7517]: input_userauth_request: invalid user jenkins [preauth]
Jan 20 14:26:59 host sshd[7517]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:26:59 host sshd[7517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.64.68.178
Jan 20 14:26:59 host sshd[7514]: Received disconnect from 198.27.67.44 port 45504:11: Bye Bye [preauth]
Jan 20 14:26:59 host sshd[7514]: Disconnected from 198.27.67.44 port 45504 [preauth]
Jan 20 14:27:01 host sshd[7517]: Failed password for invalid user jenkins from 190.64.68.178 port 29305 ssh2
Jan 20 14:27:01 host sshd[7517]: Received disconnect from 190.64.68.178 port 29305:11: Bye Bye [preauth]
Jan 20 14:27:01 host sshd[7517]: Disconnected from 190.64.68.178 port 29305 [preauth]
Jan 20 14:27:02 host sshd[7521]: Invalid user eacsaci from 187.243.248.114 port 43282
Jan 20 14:27:02 host sshd[7521]: input_userauth_request: invalid user eacsaci [preauth]
Jan 20 14:27:02 host sshd[7521]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:27:02 host sshd[7521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.243.248.114
Jan 20 14:27:04 host sshd[7521]: Failed password for invalid user eacsaci from 187.243.248.114 port 43282 ssh2
Jan 20 14:27:04 host sshd[7521]: Received disconnect from 187.243.248.114 port 43282:11: Bye Bye [preauth]
Jan 20 14:27:04 host sshd[7521]: Disconnected from 187.243.248.114 port 43282 [preauth]
Jan 20 14:27:05 host sshd[7536]: Invalid user admin from 143.198.143.233 port 37760
Jan 20 14:27:05 host sshd[7536]: input_userauth_request: invalid user admin [preauth]
Jan 20 14:27:05 host sshd[7536]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:27:05 host sshd[7536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.143.233
Jan 20 14:27:07 host sshd[7536]: Failed password for invalid user admin from 143.198.143.233 port 37760 ssh2
Jan 20 14:27:07 host sshd[7536]: Received disconnect from 143.198.143.233 port 37760:11: Bye Bye [preauth]
Jan 20 14:27:07 host sshd[7536]: Disconnected from 143.198.143.233 port 37760 [preauth]
Jan 20 14:27:49 host sshd[7610]: Invalid user ubuntu from 137.184.112.37 port 54722
Jan 20 14:27:49 host sshd[7610]: input_userauth_request: invalid user ubuntu [preauth]
Jan 20 14:27:49 host sshd[7610]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:27:49 host sshd[7610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.112.37
Jan 20 14:27:51 host sshd[7610]: Failed password for invalid user ubuntu from 137.184.112.37 port 54722 ssh2
Jan 20 14:27:51 host sshd[7610]: Received disconnect from 137.184.112.37 port 54722:11: Bye Bye [preauth]
Jan 20 14:27:51 host sshd[7610]: Disconnected from 137.184.112.37 port 54722 [preauth]
Jan 20 14:28:01 host sshd[7629]: Invalid user administrator from 198.27.67.44 port 42962
Jan 20 14:28:01 host sshd[7629]: input_userauth_request: invalid user administrator [preauth]
Jan 20 14:28:01 host sshd[7629]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:28:01 host sshd[7629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.27.67.44
Jan 20 14:28:03 host sshd[7629]: Failed password for invalid user administrator from 198.27.67.44 port 42962 ssh2
Jan 20 14:28:03 host sshd[7629]: Received disconnect from 198.27.67.44 port 42962:11: Bye Bye [preauth]
Jan 20 14:28:03 host sshd[7629]: Disconnected from 198.27.67.44 port 42962 [preauth]
Jan 20 14:28:05 host sshd[7656]: Invalid user git from 157.230.6.213 port 38384
Jan 20 14:28:05 host sshd[7656]: input_userauth_request: invalid user git [preauth]
Jan 20 14:28:05 host sshd[7656]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:28:05 host sshd[7656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.6.213
Jan 20 14:28:07 host sshd[7656]: Failed password for invalid user git from 157.230.6.213 port 38384 ssh2
Jan 20 14:28:07 host sshd[7656]: Received disconnect from 157.230.6.213 port 38384:11: Bye Bye [preauth]
Jan 20 14:28:07 host sshd[7656]: Disconnected from 157.230.6.213 port 38384 [preauth]
Jan 20 14:28:10 host sshd[7695]: Invalid user julie from 143.198.143.233 port 36468
Jan 20 14:28:10 host sshd[7695]: input_userauth_request: invalid user julie [preauth]
Jan 20 14:28:10 host sshd[7695]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:28:10 host sshd[7695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.143.233
Jan 20 14:28:12 host sshd[7695]: Failed password for invalid user julie from 143.198.143.233 port 36468 ssh2
Jan 20 14:28:18 host sshd[7738]: Invalid user internet from 43.134.78.43 port 41148
Jan 20 14:28:18 host sshd[7738]: input_userauth_request: invalid user internet [preauth]
Jan 20 14:28:18 host sshd[7738]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:28:18 host sshd[7738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.78.43
Jan 20 14:28:18 host sshd[7740]: Invalid user safeuser from 188.166.240.186 port 42058
Jan 20 14:28:18 host sshd[7740]: input_userauth_request: invalid user safeuser [preauth]
Jan 20 14:28:18 host sshd[7740]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:28:18 host sshd[7740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.240.186
Jan 20 14:28:20 host sshd[7738]: Failed password for invalid user internet from 43.134.78.43 port 41148 ssh2
Jan 20 14:28:20 host sshd[7740]: Failed password for invalid user safeuser from 188.166.240.186 port 42058 ssh2
Jan 20 14:28:20 host sshd[7738]: Received disconnect from 43.134.78.43 port 41148:11: Bye Bye [preauth]
Jan 20 14:28:20 host sshd[7738]: Disconnected from 43.134.78.43 port 41148 [preauth]
Jan 20 14:28:20 host sshd[7740]: Received disconnect from 188.166.240.186 port 42058:11: Bye Bye [preauth]
Jan 20 14:28:20 host sshd[7740]: Disconnected from 188.166.240.186 port 42058 [preauth]
Jan 20 14:28:24 host sshd[7746]: Invalid user rtest from 201.6.107.69 port 60886
Jan 20 14:28:24 host sshd[7746]: input_userauth_request: invalid user rtest [preauth]
Jan 20 14:28:24 host sshd[7746]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:28:24 host sshd[7746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.6.107.69
Jan 20 14:28:26 host sshd[7746]: Failed password for invalid user rtest from 201.6.107.69 port 60886 ssh2
Jan 20 14:28:26 host sshd[7746]: Received disconnect from 201.6.107.69 port 60886:11: Bye Bye [preauth]
Jan 20 14:28:26 host sshd[7746]: Disconnected from 201.6.107.69 port 60886 [preauth]
Jan 20 14:28:27 host sshd[7751]: Invalid user admin from 112.78.136.204 port 36664
Jan 20 14:28:27 host sshd[7751]: input_userauth_request: invalid user admin [preauth]
Jan 20 14:28:27 host sshd[7751]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:28:27 host sshd[7751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.78.136.204
Jan 20 14:28:29 host sshd[7751]: Failed password for invalid user admin from 112.78.136.204 port 36664 ssh2
Jan 20 14:28:29 host sshd[7751]: Received disconnect from 112.78.136.204 port 36664:11: Bye Bye [preauth]
Jan 20 14:28:29 host sshd[7751]: Disconnected from 112.78.136.204 port 36664 [preauth]
Jan 20 14:28:35 host sshd[7781]: Invalid user user2 from 181.176.145.114 port 44644
Jan 20 14:28:35 host sshd[7781]: input_userauth_request: invalid user user2 [preauth]
Jan 20 14:28:35 host sshd[7781]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:28:35 host sshd[7781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.145.114
Jan 20 14:28:37 host sshd[7781]: Failed password for invalid user user2 from 181.176.145.114 port 44644 ssh2
Jan 20 14:28:37 host sshd[7781]: Received disconnect from 181.176.145.114 port 44644:11: Bye Bye [preauth]
Jan 20 14:28:37 host sshd[7781]: Disconnected from 181.176.145.114 port 44644 [preauth]
Jan 20 14:28:51 host sshd[7812]: Invalid user nvidia from 167.172.194.232 port 40160
Jan 20 14:28:51 host sshd[7812]: input_userauth_request: invalid user nvidia [preauth]
Jan 20 14:28:51 host sshd[7812]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:28:51 host sshd[7812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.194.232
Jan 20 14:28:52 host sshd[7815]: Invalid user josh from 187.243.248.114 port 40800
Jan 20 14:28:52 host sshd[7815]: input_userauth_request: invalid user josh [preauth]
Jan 20 14:28:52 host sshd[7815]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:28:52 host sshd[7815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.243.248.114
Jan 20 14:28:54 host sshd[7812]: Failed password for invalid user nvidia from 167.172.194.232 port 40160 ssh2
Jan 20 14:28:54 host sshd[7812]: Received disconnect from 167.172.194.232 port 40160:11: Bye Bye [preauth]
Jan 20 14:28:54 host sshd[7812]: Disconnected from 167.172.194.232 port 40160 [preauth]
Jan 20 14:28:54 host sshd[7815]: Failed password for invalid user josh from 187.243.248.114 port 40800 ssh2
Jan 20 14:28:54 host sshd[7815]: Received disconnect from 187.243.248.114 port 40800:11: Bye Bye [preauth]
Jan 20 14:28:54 host sshd[7815]: Disconnected from 187.243.248.114 port 40800 [preauth]
Jan 20 14:29:01 host sshd[7858]: Invalid user nexus from 137.184.112.37 port 56794
Jan 20 14:29:01 host sshd[7858]: input_userauth_request: invalid user nexus [preauth]
Jan 20 14:29:01 host sshd[7858]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:29:01 host sshd[7858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.112.37
Jan 20 14:29:03 host sshd[7858]: Failed password for invalid user nexus from 137.184.112.37 port 56794 ssh2
Jan 20 14:29:04 host sshd[7858]: Received disconnect from 137.184.112.37 port 56794:11: Bye Bye [preauth]
Jan 20 14:29:04 host sshd[7858]: Disconnected from 137.184.112.37 port 56794 [preauth]
Jan 20 14:29:04 host sshd[7875]: Invalid user ubuntu from 157.230.6.213 port 32868
Jan 20 14:29:04 host sshd[7875]: input_userauth_request: invalid user ubuntu [preauth]
Jan 20 14:29:04 host sshd[7875]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:29:04 host sshd[7875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.6.213
Jan 20 14:29:05 host sshd[7877]: User root from 31.41.244.124 not allowed because not listed in AllowUsers
Jan 20 14:29:05 host sshd[7877]: input_userauth_request: invalid user root [preauth]
Jan 20 14:29:05 host unix_chkpwd[7880]: password check failed for user (root)
Jan 20 14:29:05 host sshd[7877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124 user=root
Jan 20 14:29:05 host sshd[7877]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 14:29:06 host sshd[7875]: Failed password for invalid user ubuntu from 157.230.6.213 port 32868 ssh2
Jan 20 14:29:06 host sshd[7877]: Failed password for invalid user root from 31.41.244.124 port 25753 ssh2
Jan 20 14:29:07 host sshd[7877]: Received disconnect from 31.41.244.124 port 25753:11: Client disconnecting normally [preauth]
Jan 20 14:29:07 host sshd[7877]: Disconnected from 31.41.244.124 port 25753 [preauth]
Jan 20 14:29:31 host sshd[7991]: Invalid user elena from 110.136.247.180 port 36624
Jan 20 14:29:31 host sshd[7991]: input_userauth_request: invalid user elena [preauth]
Jan 20 14:29:31 host sshd[7991]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:29:31 host sshd[7991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.136.247.180
Jan 20 14:29:33 host sshd[7991]: Failed password for invalid user elena from 110.136.247.180 port 36624 ssh2
Jan 20 14:29:33 host sshd[7991]: Received disconnect from 110.136.247.180 port 36624:11: Bye Bye [preauth]
Jan 20 14:29:33 host sshd[7991]: Disconnected from 110.136.247.180 port 36624 [preauth]
Jan 20 14:29:40 host sshd[8005]: Invalid user sftp_user from 188.166.240.186 port 40638
Jan 20 14:29:40 host sshd[8005]: input_userauth_request: invalid user sftp_user [preauth]
Jan 20 14:29:40 host sshd[8005]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:29:40 host sshd[8005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.240.186
Jan 20 14:29:42 host sshd[8005]: Failed password for invalid user sftp_user from 188.166.240.186 port 40638 ssh2
Jan 20 14:29:44 host sshd[8106]: Invalid user florian from 43.134.78.43 port 39710
Jan 20 14:29:44 host sshd[8106]: input_userauth_request: invalid user florian [preauth]
Jan 20 14:29:44 host sshd[8106]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:29:44 host sshd[8106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.78.43
Jan 20 14:29:46 host sshd[8106]: Failed password for invalid user florian from 43.134.78.43 port 39710 ssh2
Jan 20 14:29:50 host sshd[8183]: Invalid user service from 181.176.145.114 port 58120
Jan 20 14:29:50 host sshd[8183]: input_userauth_request: invalid user service [preauth]
Jan 20 14:29:50 host sshd[8183]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:29:50 host sshd[8183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.145.114
Jan 20 14:29:52 host sshd[8188]: Invalid user admin from 112.78.136.204 port 35654
Jan 20 14:29:52 host sshd[8188]: input_userauth_request: invalid user admin [preauth]
Jan 20 14:29:52 host sshd[8188]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:29:52 host sshd[8188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.78.136.204
Jan 20 14:29:52 host sshd[8183]: Failed password for invalid user service from 181.176.145.114 port 58120 ssh2
Jan 20 14:29:54 host sshd[8188]: Failed password for invalid user admin from 112.78.136.204 port 35654 ssh2
Jan 20 14:29:54 host sshd[8188]: Received disconnect from 112.78.136.204 port 35654:11: Bye Bye [preauth]
Jan 20 14:29:54 host sshd[8188]: Disconnected from 112.78.136.204 port 35654 [preauth]
Jan 20 14:30:07 host sshd[8290]: Invalid user dbfenc from 167.172.194.232 port 46378
Jan 20 14:30:07 host sshd[8290]: input_userauth_request: invalid user dbfenc [preauth]
Jan 20 14:30:07 host sshd[8290]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:30:07 host sshd[8290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.194.232
Jan 20 14:30:09 host sshd[8290]: Failed password for invalid user dbfenc from 167.172.194.232 port 46378 ssh2
Jan 20 14:30:09 host sshd[8290]: Received disconnect from 167.172.194.232 port 46378:11: Bye Bye [preauth]
Jan 20 14:30:09 host sshd[8290]: Disconnected from 167.172.194.232 port 46378 [preauth]
Jan 20 14:30:13 host sshd[8318]: Invalid user internet from 201.6.107.69 port 49778
Jan 20 14:30:13 host sshd[8318]: input_userauth_request: invalid user internet [preauth]
Jan 20 14:30:13 host sshd[8318]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:30:13 host sshd[8318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.6.107.69
Jan 20 14:30:15 host sshd[8318]: Failed password for invalid user internet from 201.6.107.69 port 49778 ssh2
Jan 20 14:30:16 host sshd[7968]: Invalid user dnsekakf2$$ from 218.150.144.219 port 63658
Jan 20 14:30:16 host sshd[7968]: input_userauth_request: invalid user dnsekakf2$$ [preauth]
Jan 20 14:30:16 host sshd[7968]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:30:16 host sshd[7968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.150.144.219
Jan 20 14:30:16 host sshd[8318]: Received disconnect from 201.6.107.69 port 49778:11: Bye Bye [preauth]
Jan 20 14:30:16 host sshd[8318]: Disconnected from 201.6.107.69 port 49778 [preauth]
Jan 20 14:30:16 host sshd[8334]: Invalid user sammy from 190.64.68.178 port 29306
Jan 20 14:30:16 host sshd[8334]: input_userauth_request: invalid user sammy [preauth]
Jan 20 14:30:16 host sshd[8334]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:30:16 host sshd[8334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.64.68.178
Jan 20 14:30:18 host sshd[7968]: Failed password for invalid user dnsekakf2$$ from 218.150.144.219 port 63658 ssh2
Jan 20 14:30:18 host sshd[8334]: Failed password for invalid user sammy from 190.64.68.178 port 29306 ssh2
Jan 20 14:30:18 host sshd[8334]: Received disconnect from 190.64.68.178 port 29306:11: Bye Bye [preauth]
Jan 20 14:30:18 host sshd[8334]: Disconnected from 190.64.68.178 port 29306 [preauth]
Jan 20 14:30:19 host sshd[7968]: Failed password for invalid user dnsekakf2$$ from 218.150.144.219 port 63658 ssh2
Jan 20 14:30:20 host sshd[7968]: Connection closed by 218.150.144.219 port 63658 [preauth]
Jan 20 14:31:34 host sshd[8513]: Invalid user dev from 110.136.247.180 port 54522
Jan 20 14:31:34 host sshd[8513]: input_userauth_request: invalid user dev [preauth]
Jan 20 14:31:34 host sshd[8513]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:31:34 host sshd[8513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.136.247.180
Jan 20 14:31:36 host sshd[8513]: Failed password for invalid user dev from 110.136.247.180 port 54522 ssh2
Jan 20 14:31:36 host sshd[8513]: Received disconnect from 110.136.247.180 port 54522:11: Bye Bye [preauth]
Jan 20 14:31:36 host sshd[8513]: Disconnected from 110.136.247.180 port 54522 [preauth]
Jan 20 14:31:46 host sshd[8566]: Invalid user admin from 190.64.68.178 port 29307
Jan 20 14:31:46 host sshd[8566]: input_userauth_request: invalid user admin [preauth]
Jan 20 14:31:46 host sshd[8566]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:31:46 host sshd[8566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.64.68.178
Jan 20 14:31:47 host sshd[8566]: Failed password for invalid user admin from 190.64.68.178 port 29307 ssh2
Jan 20 14:34:36 host sshd[8901]: Connection reset by 220.88.129.239 port 63916 [preauth]
Jan 20 14:40:14 host sshd[9650]: Invalid user default from 220.89.127.53 port 62761
Jan 20 14:40:14 host sshd[9650]: input_userauth_request: invalid user default [preauth]
Jan 20 14:40:14 host sshd[9650]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:40:14 host sshd[9650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.89.127.53
Jan 20 14:40:17 host sshd[9650]: Failed password for invalid user default from 220.89.127.53 port 62761 ssh2
Jan 20 14:40:17 host sshd[9650]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:40:19 host sshd[9650]: Failed password for invalid user default from 220.89.127.53 port 62761 ssh2
Jan 20 14:40:19 host sshd[9650]: Connection reset by 220.89.127.53 port 62761 [preauth]
Jan 20 14:40:19 host sshd[9650]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.89.127.53
Jan 20 14:40:29 host sshd[9664]: Invalid user leo from 68.190.197.250 port 55799
Jan 20 14:40:29 host sshd[9664]: input_userauth_request: invalid user leo [preauth]
Jan 20 14:40:30 host sshd[9664]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:40:30 host sshd[9664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.190.197.250
Jan 20 14:40:31 host sshd[9664]: Failed password for invalid user leo from 68.190.197.250 port 55799 ssh2
Jan 20 14:40:31 host sshd[9664]: Received disconnect from 68.190.197.250 port 55799:11: Bye Bye [preauth]
Jan 20 14:40:31 host sshd[9664]: Disconnected from 68.190.197.250 port 55799 [preauth]
Jan 20 14:40:33 host sshd[9690]: User root from 68.190.197.250 not allowed because not listed in AllowUsers
Jan 20 14:40:33 host sshd[9690]: input_userauth_request: invalid user root [preauth]
Jan 20 14:40:34 host unix_chkpwd[9694]: password check failed for user (root)
Jan 20 14:40:34 host sshd[9690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.190.197.250 user=root
Jan 20 14:40:34 host sshd[9690]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 14:40:36 host sshd[9690]: Failed password for invalid user root from 68.190.197.250 port 55946 ssh2
Jan 20 14:40:36 host sshd[9690]: Received disconnect from 68.190.197.250 port 55946:11: Bye Bye [preauth]
Jan 20 14:40:36 host sshd[9690]: Disconnected from 68.190.197.250 port 55946 [preauth]
Jan 20 14:45:31 host sshd[10441]: Invalid user dnsekakf2$$ from 93.51.122.254 port 55413
Jan 20 14:45:31 host sshd[10441]: input_userauth_request: invalid user dnsekakf2$$ [preauth]
Jan 20 14:45:31 host sshd[10441]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:45:31 host sshd[10441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.51.122.254
Jan 20 14:45:33 host sshd[10441]: Failed password for invalid user dnsekakf2$$ from 93.51.122.254 port 55413 ssh2
Jan 20 14:45:34 host sshd[10441]: Connection reset by 93.51.122.254 port 55413 [preauth]
Jan 20 14:49:28 host sshd[10886]: Invalid user monitor from 209.141.55.27 port 54042
Jan 20 14:49:28 host sshd[10886]: input_userauth_request: invalid user monitor [preauth]
Jan 20 14:49:28 host sshd[10886]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:49:28 host sshd[10886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.55.27
Jan 20 14:49:31 host sshd[10886]: Failed password for invalid user monitor from 209.141.55.27 port 54042 ssh2
Jan 20 14:49:31 host sshd[10886]: Received disconnect from 209.141.55.27 port 54042:11: Normal Shutdown, Thank you for playing [preauth]
Jan 20 14:49:31 host sshd[10886]: Disconnected from 209.141.55.27 port 54042 [preauth]
Jan 20 14:51:22 host sshd[11257]: Invalid user user from 59.24.2.176 port 43032
Jan 20 14:51:22 host sshd[11257]: input_userauth_request: invalid user user [preauth]
Jan 20 14:51:22 host sshd[11257]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:51:22 host sshd[11257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.24.2.176
Jan 20 14:51:24 host sshd[11257]: Failed password for invalid user user from 59.24.2.176 port 43032 ssh2
Jan 20 14:51:26 host sshd[11257]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:51:27 host sshd[11257]: Failed password for invalid user user from 59.24.2.176 port 43032 ssh2
Jan 20 14:51:28 host sshd[11257]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 14:51:30 host sshd[11257]: Failed password for invalid user user from 59.24.2.176 port 43032 ssh2
Jan 20 14:51:32 host sshd[11257]: Connection reset by 59.24.2.176 port 43032 [preauth]
Jan 20 14:51:32 host sshd[11257]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.24.2.176
Jan 20 15:14:27 host sshd[14833]: Invalid user admin from 114.32.60.242 port 47612
Jan 20 15:14:27 host sshd[14833]: input_userauth_request: invalid user admin [preauth]
Jan 20 15:14:27 host sshd[14833]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 15:14:27 host sshd[14833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.60.242
Jan 20 15:14:29 host sshd[14833]: Failed password for invalid user admin from 114.32.60.242 port 47612 ssh2
Jan 20 15:14:30 host sshd[14833]: Failed password for invalid user admin from 114.32.60.242 port 47612 ssh2
Jan 20 15:14:31 host sshd[14833]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 15:14:33 host sshd[14833]: Failed password for invalid user admin from 114.32.60.242 port 47612 ssh2
Jan 20 15:14:33 host sshd[14833]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 15:14:35 host sshd[14833]: Failed password for invalid user admin from 114.32.60.242 port 47612 ssh2
Jan 20 15:14:36 host sshd[14833]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 15:14:37 host sshd[14833]: Failed password for invalid user admin from 114.32.60.242 port 47612 ssh2
Jan 20 15:15:43 host sshd[15028]: Invalid user admin from 183.107.205.177 port 54382
Jan 20 15:15:43 host sshd[15028]: input_userauth_request: invalid user admin [preauth]
Jan 20 15:15:43 host sshd[15028]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 15:15:43 host sshd[15028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.107.205.177
Jan 20 15:15:45 host sshd[15028]: Failed password for invalid user admin from 183.107.205.177 port 54382 ssh2
Jan 20 15:15:45 host sshd[15028]: Connection closed by 183.107.205.177 port 54382 [preauth]
Jan 20 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwnexidigital user-2=mrsclean user-3=gifterman user-4=palco123 user-5=kottayamcalldriv user-6=phmetals user-7=straightcurve user-8=wwwletsstalkfood user-9=bonifacegroup user-10=wwwevmhonda user-11=pmcresources user-12=vfmassets user-13=wwwtestugo user-14=shalinijames user-15=wwwkapin user-16=woodpeck user-17=disposeat user-18=wwwkmaorg user-19=remysagr user-20=wwwrmswll user-21=wwwresourcehunte user-22=keralaholi user-23=ugotscom user-24=travelboniface user-25=wwwpmcresource user-26=laundryboniface user-27=dartsimp user-28=a2zgroup user-29=wwwkaretakers user-30=cochintaxi feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 15:21:07 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-LIk41dpvsdWnaTCM.~
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-LIk41dpvsdWnaTCM.~'
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-LIk41dpvsdWnaTCM.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 15:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 15:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 15:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 15:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 15:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 15:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 15:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 15:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 15:22:26 host sshd[16296]: User root from 203.229.158.149 not allowed because not listed in AllowUsers
Jan 20 15:22:26 host sshd[16296]: input_userauth_request: invalid user root [preauth]
Jan 20 15:22:26 host unix_chkpwd[16302]: password check failed for user (root)
Jan 20 15:22:26 host sshd[16296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.229.158.149 user=root
Jan 20 15:22:26 host sshd[16296]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 15:22:28 host sshd[16296]: Failed password for invalid user root from 203.229.158.149 port 61768 ssh2
Jan 20 15:22:29 host unix_chkpwd[16329]: password check failed for user (root)
Jan 20 15:22:29 host sshd[16296]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 15:22:30 host sshd[16296]: Failed password for invalid user root from 203.229.158.149 port 61768 ssh2
Jan 20 15:22:31 host unix_chkpwd[16335]: password check failed for user (root)
Jan 20 15:22:31 host sshd[16296]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 15:22:33 host sshd[16296]: Failed password for invalid user root from 203.229.158.149 port 61768 ssh2
Jan 20 15:22:34 host sshd[16296]: Connection reset by 203.229.158.149 port 61768 [preauth]
Jan 20 15:22:34 host sshd[16296]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.229.158.149 user=root
Jan 20 15:28:30 host sshd[17295]: Invalid user maint1 from 205.185.113.129 port 33332
Jan 20 15:28:30 host sshd[17295]: input_userauth_request: invalid user maint1 [preauth]
Jan 20 15:28:30 host sshd[17295]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 15:28:30 host sshd[17295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 20 15:28:32 host sshd[17295]: Failed password for invalid user maint1 from 205.185.113.129 port 33332 ssh2
Jan 20 15:28:33 host sshd[17295]: Connection closed by 205.185.113.129 port 33332 [preauth]
Jan 20 15:29:12 host sshd[17412]: Did not receive identification string from 110.77.223.119 port 60029
Jan 20 15:42:38 host sshd[19355]: Invalid user gz from 194.110.203.109 port 55882
Jan 20 15:42:38 host sshd[19355]: input_userauth_request: invalid user gz [preauth]
Jan 20 15:42:38 host sshd[19355]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 15:42:38 host sshd[19355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 15:42:40 host sshd[19355]: Failed password for invalid user gz from 194.110.203.109 port 55882 ssh2
Jan 20 15:42:44 host sshd[19355]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 15:42:45 host sshd[19355]: Failed password for invalid user gz from 194.110.203.109 port 55882 ssh2
Jan 20 15:42:48 host sshd[19355]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 15:42:50 host sshd[19355]: Failed password for invalid user gz from 194.110.203.109 port 55882 ssh2
Jan 20 15:42:54 host sshd[19355]: Connection closed by 194.110.203.109 port 55882 [preauth]
Jan 20 15:42:54 host sshd[19355]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 15:53:29 host sshd[20877]: Invalid user vagrant from 118.163.95.168 port 58962
Jan 20 15:53:29 host sshd[20877]: input_userauth_request: invalid user vagrant [preauth]
Jan 20 15:53:29 host sshd[20877]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 15:53:29 host sshd[20877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.163.95.168
Jan 20 15:53:31 host sshd[20877]: Failed password for invalid user vagrant from 118.163.95.168 port 58962 ssh2
Jan 20 15:53:32 host sshd[20877]: Failed password for invalid user vagrant from 118.163.95.168 port 58962 ssh2
Jan 20 15:53:33 host sshd[20877]: Connection closed by 118.163.95.168 port 58962 [preauth]
Jan 20 16:18:08 host sshd[24268]: Invalid user monitor from 62.233.50.248 port 41528
Jan 20 16:18:08 host sshd[24268]: input_userauth_request: invalid user monitor [preauth]
Jan 20 16:18:08 host sshd[24268]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 16:18:08 host sshd[24268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248
Jan 20 16:18:10 host sshd[24268]: Failed password for invalid user monitor from 62.233.50.248 port 41528 ssh2
Jan 20 16:18:10 host sshd[24268]: Received disconnect from 62.233.50.248 port 41528:11: Client disconnecting normally [preauth]
Jan 20 16:18:10 host sshd[24268]: Disconnected from 62.233.50.248 port 41528 [preauth]
Jan 20 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=ugotscom user-4=keralaholi user-5=wwwresourcehunte user-6=wwwrmswll user-7=wwwkaretakers user-8=cochintaxi user-9=a2zgroup user-10=dartsimp user-11=laundryboniface user-12=wwwevmhonda user-13=bonifacegroup user-14=wwwletsstalkfood user-15=straightcurve user-16=phmetals user-17=kottayamcalldriv user-18=palco123 user-19=gifterman user-20=wwwnexidigital user-21=mrsclean user-22=wwwkmaorg user-23=disposeat user-24=remysagr user-25=woodpeck user-26=wwwkapin user-27=shalinijames user-28=wwwtestugo user-29=vfmassets user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 16:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 16:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-CX5zD3PAJmeq30z9.~
Jan 20 16:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-CX5zD3PAJmeq30z9.~'
Jan 20 16:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-CX5zD3PAJmeq30z9.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 16:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 16:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 16:21:14 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 16:21:14 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 16:21:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 16:21:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 16:21:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 16:21:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 16:21:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:21:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 16:21:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 16:21:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 16:40:15 host sshd[27625]: Invalid user pi from 220.94.9.7 port 45304
Jan 20 16:40:15 host sshd[27625]: input_userauth_request: invalid user pi [preauth]
Jan 20 16:40:15 host sshd[27625]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 16:40:15 host sshd[27625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.94.9.7
Jan 20 16:40:17 host sshd[27625]: Failed password for invalid user pi from 220.94.9.7 port 45304 ssh2
Jan 20 16:40:17 host sshd[27625]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 16:40:20 host sshd[27625]: Failed password for invalid user pi from 220.94.9.7 port 45304 ssh2
Jan 20 16:40:20 host sshd[27625]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 16:40:22 host sshd[27625]: Failed password for invalid user pi from 220.94.9.7 port 45304 ssh2
Jan 20 16:40:23 host sshd[27625]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 16:40:25 host sshd[27625]: Failed password for invalid user pi from 220.94.9.7 port 45304 ssh2
Jan 20 16:40:26 host sshd[27625]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 16:40:27 host sshd[27625]: Failed password for invalid user pi from 220.94.9.7 port 45304 ssh2
Jan 20 16:40:41 host sshd[27735]: Connection reset by 122.116.80.142 port 56798 [preauth]
Jan 20 16:41:19 host sshd[27835]: Bad protocol version identification 'GET / HTTP/1.1' from 167.71.233.165 port 39334
Jan 20 16:41:37 host sshd[27906]: User root from 167.71.233.165 not allowed because not listed in AllowUsers
Jan 20 16:41:37 host sshd[27906]: input_userauth_request: invalid user root [preauth]
Jan 20 16:41:37 host unix_chkpwd[27908]: password check failed for user (root)
Jan 20 16:41:37 host sshd[27906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.233.165 user=root
Jan 20 16:41:37 host sshd[27906]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 16:41:39 host sshd[27906]: Failed password for invalid user root from 167.71.233.165 port 33724 ssh2
Jan 20 16:41:39 host sshd[27906]: Connection closed by 167.71.233.165 port 33724 [preauth]
Jan 20 16:41:40 host sshd[27915]: User root from 167.71.233.165 not allowed because not listed in AllowUsers
Jan 20 16:41:40 host sshd[27915]: input_userauth_request: invalid user root [preauth]
Jan 20 16:41:40 host unix_chkpwd[27917]: password check failed for user (root)
Jan 20 16:41:40 host sshd[27915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.233.165 user=root
Jan 20 16:41:40 host sshd[27915]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 16:41:42 host sshd[27915]: Failed password for invalid user root from 167.71.233.165 port 33732 ssh2
Jan 20 16:46:10 host sshd[28685]: User root from 108.230.75.54 not allowed because not listed in AllowUsers
Jan 20 16:46:10 host sshd[28685]: input_userauth_request: invalid user root [preauth]
Jan 20 16:46:11 host unix_chkpwd[28688]: password check failed for user (root)
Jan 20 16:46:11 host sshd[28685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.230.75.54 user=root
Jan 20 16:46:11 host sshd[28685]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 16:46:13 host sshd[28685]: Failed password for invalid user root from 108.230.75.54 port 61300 ssh2
Jan 20 16:46:14 host unix_chkpwd[28694]: password check failed for user (root)
Jan 20 16:46:14 host sshd[28685]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 16:46:16 host sshd[28685]: Failed password for invalid user root from 108.230.75.54 port 61300 ssh2
Jan 20 16:46:16 host unix_chkpwd[28698]: password check failed for user (root)
Jan 20 16:46:16 host sshd[28685]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 16:46:18 host sshd[28685]: Failed password for invalid user root from 108.230.75.54 port 61300 ssh2
Jan 20 16:46:19 host unix_chkpwd[28701]: password check failed for user (root)
Jan 20 16:46:19 host sshd[28685]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 16:46:20 host sshd[28685]: Failed password for invalid user root from 108.230.75.54 port 61300 ssh2
Jan 20 16:46:21 host unix_chkpwd[28711]: password check failed for user (root)
Jan 20 16:46:21 host sshd[28685]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 16:46:23 host sshd[28685]: Failed password for invalid user root from 108.230.75.54 port 61300 ssh2
Jan 20 16:53:31 host sshd[29958]: Connection closed by 60.119.64.113 port 51246 [preauth]
Jan 20 17:11:12 host sshd[882]: User ftp from 211.248.1.26 not allowed because not listed in AllowUsers
Jan 20 17:11:12 host sshd[882]: input_userauth_request: invalid user ftp [preauth]
Jan 20 17:11:12 host unix_chkpwd[889]: password check failed for user (ftp)
Jan 20 17:11:12 host sshd[882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.248.1.26 user=ftp
Jan 20 17:11:12 host sshd[882]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 20 17:11:15 host sshd[882]: Failed password for invalid user ftp from 211.248.1.26 port 50139 ssh2
Jan 20 17:11:16 host unix_chkpwd[895]: password check failed for user (ftp)
Jan 20 17:11:16 host sshd[882]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 20 17:11:17 host sshd[882]: Failed password for invalid user ftp from 211.248.1.26 port 50139 ssh2
Jan 20 17:11:18 host unix_chkpwd[904]: password check failed for user (ftp)
Jan 20 17:11:18 host sshd[882]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 20 17:11:20 host sshd[882]: Failed password for invalid user ftp from 211.248.1.26 port 50139 ssh2
Jan 20 17:11:21 host sshd[882]: Failed password for invalid user ftp from 211.248.1.26 port 50139 ssh2
Jan 20 17:11:22 host unix_chkpwd[921]: password check failed for user (ftp)
Jan 20 17:11:22 host sshd[882]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 20 17:11:24 host sshd[882]: Failed password for invalid user ftp from 211.248.1.26 port 50139 ssh2
Jan 20 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=phmetals user-2=kottayamcalldriv user-3=palco123 user-4=gifterman user-5=wwwnexidigital user-6=mrsclean user-7=wwwevmhonda user-8=bonifacegroup user-9=wwwletsstalkfood user-10=straightcurve user-11=shalinijames user-12=wwwtestugo user-13=vfmassets user-14=pmcresources user-15=disposeat user-16=remysagr user-17=wwwkmaorg user-18=wwwkapin user-19=woodpeck user-20=travelboniface user-21=ugotscom user-22=wwwresourcehunte user-23=keralaholi user-24=wwwrmswll user-25=wwwpmcresource user-26=a2zgroup user-27=dartsimp user-28=laundryboniface user-29=wwwkaretakers user-30=cochintaxi feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 17:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 17:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-400QzAm2gJQLjaJR.~
Jan 20 17:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-400QzAm2gJQLjaJR.~'
Jan 20 17:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-400QzAm2gJQLjaJR.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 17:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 17:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 17:21:11 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 17:21:11 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 17:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 17:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 17:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 17:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 17:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 17:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 17:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 17:23:41 host sshd[3566]: Connection reset by 114.33.61.109 port 56964 [preauth]
Jan 20 17:29:49 host sshd[4695]: Invalid user zyfwp from 125.135.227.101 port 63506
Jan 20 17:29:49 host sshd[4695]: input_userauth_request: invalid user zyfwp [preauth]
Jan 20 17:29:49 host sshd[4695]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 17:29:49 host sshd[4695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.135.227.101
Jan 20 17:29:51 host sshd[4695]: Failed password for invalid user zyfwp from 125.135.227.101 port 63506 ssh2
Jan 20 17:29:51 host sshd[4695]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 17:29:53 host sshd[4695]: Failed password for invalid user zyfwp from 125.135.227.101 port 63506 ssh2
Jan 20 17:29:54 host sshd[4695]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 17:29:56 host sshd[4695]: Failed password for invalid user zyfwp from 125.135.227.101 port 63506 ssh2
Jan 20 17:29:58 host sshd[4728]: Did not receive identification string from 46.101.97.107 port 61000
Jan 20 17:31:17 host sshd[4969]: Invalid user h from 194.110.203.109 port 50170
Jan 20 17:31:17 host sshd[4969]: input_userauth_request: invalid user h [preauth]
Jan 20 17:31:17 host sshd[4969]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 17:31:17 host sshd[4969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 17:31:19 host sshd[4969]: Failed password for invalid user h from 194.110.203.109 port 50170 ssh2
Jan 20 17:31:22 host sshd[4969]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 17:31:24 host sshd[4969]: Failed password for invalid user h from 194.110.203.109 port 50170 ssh2
Jan 20 17:31:27 host sshd[4969]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 17:31:29 host sshd[4969]: Failed password for invalid user h from 194.110.203.109 port 50170 ssh2
Jan 20 17:31:32 host sshd[4969]: Connection closed by 194.110.203.109 port 50170 [preauth]
Jan 20 17:31:32 host sshd[4969]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 18:03:13 host sshd[11428]: User root from 121.254.106.72 not allowed because not listed in AllowUsers
Jan 20 18:03:13 host sshd[11428]: input_userauth_request: invalid user root [preauth]
Jan 20 18:03:13 host unix_chkpwd[11439]: password check failed for user (root)
Jan 20 18:03:13 host sshd[11428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.254.106.72 user=root
Jan 20 18:03:13 host sshd[11428]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 18:03:13 host sshd[11434]: Invalid user pi from 121.254.106.72 port 52082
Jan 20 18:03:13 host sshd[11434]: input_userauth_request: invalid user pi [preauth]
Jan 20 18:03:13 host sshd[11434]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:03:13 host sshd[11434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.254.106.72
Jan 20 18:03:14 host sshd[11429]: Invalid user usr from 121.254.106.72 port 52060
Jan 20 18:03:14 host sshd[11429]: input_userauth_request: invalid user usr [preauth]
Jan 20 18:03:14 host sshd[11429]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:03:14 host sshd[11429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.254.106.72
Jan 20 18:03:15 host sshd[11428]: Failed password for invalid user root from 121.254.106.72 port 52042 ssh2
Jan 20 18:03:15 host sshd[11434]: Failed password for invalid user pi from 121.254.106.72 port 52082 ssh2
Jan 20 18:03:15 host sshd[11429]: Failed password for invalid user usr from 121.254.106.72 port 52060 ssh2
Jan 20 18:03:16 host unix_chkpwd[11442]: password check failed for user (root)
Jan 20 18:03:16 host sshd[11428]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 18:03:16 host sshd[11429]: Connection reset by 121.254.106.72 port 52060 [preauth]
Jan 20 18:03:17 host sshd[11434]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:03:18 host sshd[11428]: Failed password for invalid user root from 121.254.106.72 port 52042 ssh2
Jan 20 18:03:19 host unix_chkpwd[11457]: password check failed for user (root)
Jan 20 18:03:19 host sshd[11428]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 18:03:19 host sshd[11434]: Failed password for invalid user pi from 121.254.106.72 port 52082 ssh2
Jan 20 18:03:21 host sshd[11428]: Failed password for invalid user root from 121.254.106.72 port 52042 ssh2
Jan 20 18:12:22 host sshd[13156]: Invalid user tu from 165.227.182.136 port 41290
Jan 20 18:12:22 host sshd[13156]: input_userauth_request: invalid user tu [preauth]
Jan 20 18:12:22 host sshd[13156]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:12:22 host sshd[13156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.182.136
Jan 20 18:12:24 host sshd[13156]: Failed password for invalid user tu from 165.227.182.136 port 41290 ssh2
Jan 20 18:12:24 host sshd[13156]: Received disconnect from 165.227.182.136 port 41290:11: Bye Bye [preauth]
Jan 20 18:12:24 host sshd[13156]: Disconnected from 165.227.182.136 port 41290 [preauth]
Jan 20 18:12:25 host sshd[13167]: User sshd from 194.169.175.102 not allowed because not listed in AllowUsers
Jan 20 18:12:25 host sshd[13167]: input_userauth_request: invalid user sshd [preauth]
Jan 20 18:12:25 host unix_chkpwd[13170]: password check failed for user (sshd)
Jan 20 18:12:25 host sshd[13167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 user=sshd
Jan 20 18:12:25 host sshd[13167]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd"
Jan 20 18:12:27 host sshd[13167]: Failed password for invalid user sshd from 194.169.175.102 port 49407 ssh2
Jan 20 18:12:27 host sshd[13167]: Received disconnect from 194.169.175.102 port 49407:11: Client disconnecting normally [preauth]
Jan 20 18:12:27 host sshd[13167]: Disconnected from 194.169.175.102 port 49407 [preauth]
Jan 20 18:12:46 host sshd[13237]: Invalid user labuser from 103.242.199.129 port 38334
Jan 20 18:12:46 host sshd[13237]: input_userauth_request: invalid user labuser [preauth]
Jan 20 18:12:46 host sshd[13237]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:12:46 host sshd[13237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.242.199.129
Jan 20 18:12:48 host sshd[13237]: Failed password for invalid user labuser from 103.242.199.129 port 38334 ssh2
Jan 20 18:12:48 host sshd[13237]: Received disconnect from 103.242.199.129 port 38334:11: Bye Bye [preauth]
Jan 20 18:12:48 host sshd[13237]: Disconnected from 103.242.199.129 port 38334 [preauth]
Jan 20 18:12:58 host sshd[13377]: Invalid user elk from 143.198.77.231 port 51286
Jan 20 18:12:58 host sshd[13377]: input_userauth_request: invalid user elk [preauth]
Jan 20 18:12:58 host sshd[13377]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:12:58 host sshd[13377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.77.231
Jan 20 18:13:00 host sshd[13377]: Failed password for invalid user elk from 143.198.77.231 port 51286 ssh2
Jan 20 18:13:00 host sshd[13377]: Received disconnect from 143.198.77.231 port 51286:11: Bye Bye [preauth]
Jan 20 18:13:00 host sshd[13377]: Disconnected from 143.198.77.231 port 51286 [preauth]
Jan 20 18:14:10 host sshd[13615]: Invalid user testman from 114.205.54.184 port 43800
Jan 20 18:14:10 host sshd[13615]: input_userauth_request: invalid user testman [preauth]
Jan 20 18:14:10 host sshd[13615]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:14:10 host sshd[13615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.54.184
Jan 20 18:14:10 host sshd[13612]: Invalid user postmaster from 107.173.86.225 port 48624
Jan 20 18:14:10 host sshd[13612]: input_userauth_request: invalid user postmaster [preauth]
Jan 20 18:14:10 host sshd[13612]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:14:10 host sshd[13612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.173.86.225
Jan 20 18:14:12 host sshd[13615]: Failed password for invalid user testman from 114.205.54.184 port 43800 ssh2
Jan 20 18:14:12 host sshd[13612]: Failed password for invalid user postmaster from 107.173.86.225 port 48624 ssh2
Jan 20 18:14:12 host sshd[13615]: Received disconnect from 114.205.54.184 port 43800:11: Bye Bye [preauth]
Jan 20 18:14:12 host sshd[13615]: Disconnected from 114.205.54.184 port 43800 [preauth]
Jan 20 18:14:13 host sshd[13612]: Received disconnect from 107.173.86.225 port 48624:11: Bye Bye [preauth]
Jan 20 18:14:13 host sshd[13612]: Disconnected from 107.173.86.225 port 48624 [preauth]
Jan 20 18:16:08 host sshd[14027]: Invalid user admin from 157.245.107.128 port 64621
Jan 20 18:16:08 host sshd[14027]: input_userauth_request: invalid user admin [preauth]
Jan 20 18:16:08 host sshd[14027]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:16:08 host sshd[14027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.107.128
Jan 20 18:16:10 host sshd[14027]: Failed password for invalid user admin from 157.245.107.128 port 64621 ssh2
Jan 20 18:16:10 host sshd[14027]: Received disconnect from 157.245.107.128 port 64621:11: Bye Bye [preauth]
Jan 20 18:16:10 host sshd[14027]: Disconnected from 157.245.107.128 port 64621 [preauth]
Jan 20 18:17:38 host sshd[14286]: Invalid user otrs from 139.99.237.82 port 53330
Jan 20 18:17:38 host sshd[14286]: input_userauth_request: invalid user otrs [preauth]
Jan 20 18:17:38 host sshd[14286]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:17:38 host sshd[14286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.237.82
Jan 20 18:17:40 host sshd[14286]: Failed password for invalid user otrs from 139.99.237.82 port 53330 ssh2
Jan 20 18:17:40 host sshd[14286]: Received disconnect from 139.99.237.82 port 53330:11: Bye Bye [preauth]
Jan 20 18:17:40 host sshd[14286]: Disconnected from 139.99.237.82 port 53330 [preauth]
Jan 20 18:18:03 host sshd[14355]: Invalid user tom from 165.227.182.136 port 43344
Jan 20 18:18:03 host sshd[14355]: input_userauth_request: invalid user tom [preauth]
Jan 20 18:18:03 host sshd[14355]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:18:03 host sshd[14355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.182.136
Jan 20 18:18:04 host sshd[14355]: Failed password for invalid user tom from 165.227.182.136 port 43344 ssh2
Jan 20 18:18:04 host sshd[14355]: Received disconnect from 165.227.182.136 port 43344:11: Bye Bye [preauth]
Jan 20 18:18:04 host sshd[14355]: Disconnected from 165.227.182.136 port 43344 [preauth]
Jan 20 18:18:07 host sshd[14371]: Invalid user admin from 103.242.199.129 port 36590
Jan 20 18:18:07 host sshd[14371]: input_userauth_request: invalid user admin [preauth]
Jan 20 18:18:07 host sshd[14371]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:18:07 host sshd[14371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.242.199.129
Jan 20 18:18:10 host sshd[14371]: Failed password for invalid user admin from 103.242.199.129 port 36590 ssh2
Jan 20 18:18:10 host sshd[14371]: Received disconnect from 103.242.199.129 port 36590:11: Bye Bye [preauth]
Jan 20 18:18:10 host sshd[14371]: Disconnected from 103.242.199.129 port 36590 [preauth]
Jan 20 18:18:58 host sshd[14491]: Invalid user alpine from 107.173.86.225 port 39520
Jan 20 18:18:58 host sshd[14491]: input_userauth_request: invalid user alpine [preauth]
Jan 20 18:18:58 host sshd[14491]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:18:58 host sshd[14491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.173.86.225
Jan 20 18:19:00 host sshd[14491]: Failed password for invalid user alpine from 107.173.86.225 port 39520 ssh2
Jan 20 18:19:00 host sshd[14491]: Received disconnect from 107.173.86.225 port 39520:11: Bye Bye [preauth]
Jan 20 18:19:00 host sshd[14491]: Disconnected from 107.173.86.225 port 39520 [preauth]
Jan 20 18:19:07 host sshd[14521]: Invalid user julian from 185.182.105.17 port 29966
Jan 20 18:19:07 host sshd[14521]: input_userauth_request: invalid user julian [preauth]
Jan 20 18:19:07 host sshd[14521]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:19:07 host sshd[14521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.182.105.17
Jan 20 18:19:07 host sshd[14519]: Invalid user user13 from 165.227.182.136 port 41996
Jan 20 18:19:07 host sshd[14519]: input_userauth_request: invalid user user13 [preauth]
Jan 20 18:19:07 host sshd[14519]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:19:07 host sshd[14519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.182.136
Jan 20 18:19:09 host sshd[14521]: Failed password for invalid user julian from 185.182.105.17 port 29966 ssh2
Jan 20 18:19:09 host sshd[14519]: Failed password for invalid user user13 from 165.227.182.136 port 41996 ssh2
Jan 20 18:19:09 host sshd[14521]: Received disconnect from 185.182.105.17 port 29966:11: Bye Bye [preauth]
Jan 20 18:19:09 host sshd[14521]: Disconnected from 185.182.105.17 port 29966 [preauth]
Jan 20 18:19:09 host sshd[14519]: Received disconnect from 165.227.182.136 port 41996:11: Bye Bye [preauth]
Jan 20 18:19:09 host sshd[14519]: Disconnected from 165.227.182.136 port 41996 [preauth]
Jan 20 18:19:41 host sshd[14757]: Invalid user testsite from 103.242.199.129 port 36636
Jan 20 18:19:41 host sshd[14757]: input_userauth_request: invalid user testsite [preauth]
Jan 20 18:19:41 host sshd[14757]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:19:41 host sshd[14757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.242.199.129
Jan 20 18:19:41 host sshd[14755]: Invalid user eric from 114.205.54.184 port 35470
Jan 20 18:19:41 host sshd[14755]: input_userauth_request: invalid user eric [preauth]
Jan 20 18:19:41 host sshd[14755]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:19:41 host sshd[14755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.54.184
Jan 20 18:19:43 host sshd[14757]: Failed password for invalid user testsite from 103.242.199.129 port 36636 ssh2
Jan 20 18:19:43 host sshd[14757]: Received disconnect from 103.242.199.129 port 36636:11: Bye Bye [preauth]
Jan 20 18:19:43 host sshd[14757]: Disconnected from 103.242.199.129 port 36636 [preauth]
Jan 20 18:19:43 host sshd[14755]: Failed password for invalid user eric from 114.205.54.184 port 35470 ssh2
Jan 20 18:19:43 host sshd[14755]: Received disconnect from 114.205.54.184 port 35470:11: Bye Bye [preauth]
Jan 20 18:19:43 host sshd[14755]: Disconnected from 114.205.54.184 port 35470 [preauth]
Jan 20 18:19:54 host sshd[14822]: Invalid user gitlab-psql from 157.245.107.128 port 47010
Jan 20 18:19:54 host sshd[14822]: input_userauth_request: invalid user gitlab-psql [preauth]
Jan 20 18:19:54 host sshd[14822]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:19:54 host sshd[14822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.107.128
Jan 20 18:19:56 host sshd[14822]: Failed password for invalid user gitlab-psql from 157.245.107.128 port 47010 ssh2
Jan 20 18:19:56 host sshd[14822]: Received disconnect from 157.245.107.128 port 47010:11: Bye Bye [preauth]
Jan 20 18:19:56 host sshd[14822]: Disconnected from 157.245.107.128 port 47010 [preauth]
Jan 20 18:19:59 host sshd[14831]: Invalid user ftpadmin from 139.99.237.82 port 60324
Jan 20 18:19:59 host sshd[14831]: input_userauth_request: invalid user ftpadmin [preauth]
Jan 20 18:19:59 host sshd[14831]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:19:59 host sshd[14831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.237.82
Jan 20 18:20:02 host sshd[14831]: Failed password for invalid user ftpadmin from 139.99.237.82 port 60324 ssh2
Jan 20 18:20:02 host sshd[14831]: Received disconnect from 139.99.237.82 port 60324:11: Bye Bye [preauth]
Jan 20 18:20:02 host sshd[14831]: Disconnected from 139.99.237.82 port 60324 [preauth]
Jan 20 18:20:05 host sshd[14871]: Invalid user trojanuser from 107.173.86.225 port 34338
Jan 20 18:20:05 host sshd[14871]: input_userauth_request: invalid user trojanuser [preauth]
Jan 20 18:20:05 host sshd[14871]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:20:05 host sshd[14871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.173.86.225
Jan 20 18:20:07 host sshd[14871]: Failed password for invalid user trojanuser from 107.173.86.225 port 34338 ssh2
Jan 20 18:20:07 host sshd[14871]: Received disconnect from 107.173.86.225 port 34338:11: Bye Bye [preauth]
Jan 20 18:20:07 host sshd[14871]: Disconnected from 107.173.86.225 port 34338 [preauth]
Jan 20 18:20:47 host sshd[15019]: Invalid user ubuntu from 143.198.77.231 port 49492
Jan 20 18:20:47 host sshd[15019]: input_userauth_request: invalid user ubuntu [preauth]
Jan 20 18:20:47 host sshd[15019]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:20:47 host sshd[15019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.77.231
Jan 20 18:20:49 host sshd[15019]: Failed password for invalid user ubuntu from 143.198.77.231 port 49492 ssh2
Jan 20 18:20:49 host sshd[15019]: Received disconnect from 143.198.77.231 port 49492:11: Bye Bye [preauth]
Jan 20 18:20:49 host sshd[15019]: Disconnected from 143.198.77.231 port 49492 [preauth]
Jan 20 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 18:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwevmhonda user-2=bonifacegroup user-3=wwwletsstalkfood user-4=straightcurve user-5=kottayamcalldriv user-6=phmetals user-7=palco123 user-8=gifterman user-9=mrsclean user-10=wwwnexidigital user-11=wwwkmaorg user-12=disposeat user-13=remysagr user-14=woodpeck user-15=wwwkapin user-16=shalinijames user-17=wwwtestugo user-18=vfmassets user-19=pmcresources user-20=wwwpmcresource user-21=travelboniface user-22=ugotscom user-23=keralaholi user-24=wwwresourcehunte user-25=wwwrmswll user-26=cochintaxi user-27=wwwkaretakers user-28=a2zgroup user-29=dartsimp user-30=laundryboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 18:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-1HJNzAa3cOpY0e1U.~
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-1HJNzAa3cOpY0e1U.~'
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-1HJNzAa3cOpY0e1U.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 18:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 18:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 18:21:07 host sshd[15194]: Invalid user ftpuser from 114.205.54.184 port 58874
Jan 20 18:21:07 host sshd[15194]: input_userauth_request: invalid user ftpuser [preauth]
Jan 20 18:21:07 host sshd[15194]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:21:07 host sshd[15194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.54.184
Jan 20 18:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 18:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 18:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 18:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 18:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:09 host sshd[15194]: Failed password for invalid user ftpuser from 114.205.54.184 port 58874 ssh2
Jan 20 18:21:09 host sshd[15194]: Received disconnect from 114.205.54.184 port 58874:11: Bye Bye [preauth]
Jan 20 18:21:09 host sshd[15194]: Disconnected from 114.205.54.184 port 58874 [preauth]
Jan 20 18:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 18:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 18:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 18:21:18 host sshd[15351]: Invalid user trojanuser from 157.245.107.128 port 13639
Jan 20 18:21:18 host sshd[15351]: input_userauth_request: invalid user trojanuser [preauth]
Jan 20 18:21:18 host sshd[15351]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:21:18 host sshd[15351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.107.128
Jan 20 18:21:19 host sshd[15351]: Failed password for invalid user trojanuser from 157.245.107.128 port 13639 ssh2
Jan 20 18:21:19 host sshd[15351]: Received disconnect from 157.245.107.128 port 13639:11: Bye Bye [preauth]
Jan 20 18:21:19 host sshd[15351]: Disconnected from 157.245.107.128 port 13639 [preauth]
Jan 20 18:21:30 host sshd[15455]: Invalid user pos from 139.99.237.82 port 43978
Jan 20 18:21:30 host sshd[15455]: input_userauth_request: invalid user pos [preauth]
Jan 20 18:21:30 host sshd[15455]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:21:30 host sshd[15455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.99.237.82
Jan 20 18:21:31 host sshd[15455]: Failed password for invalid user pos from 139.99.237.82 port 43978 ssh2
Jan 20 18:21:32 host sshd[15455]: Received disconnect from 139.99.237.82 port 43978:11: Bye Bye [preauth]
Jan 20 18:21:32 host sshd[15455]: Disconnected from 139.99.237.82 port 43978 [preauth]
Jan 20 18:21:51 host sshd[15529]: Invalid user faxadmin from 185.182.105.17 port 58144
Jan 20 18:21:51 host sshd[15529]: input_userauth_request: invalid user faxadmin [preauth]
Jan 20 18:21:51 host sshd[15529]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:21:51 host sshd[15529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.182.105.17
Jan 20 18:21:52 host sshd[15529]: Failed password for invalid user faxadmin from 185.182.105.17 port 58144 ssh2
Jan 20 18:21:53 host sshd[15529]: Received disconnect from 185.182.105.17 port 58144:11: Bye Bye [preauth]
Jan 20 18:21:53 host sshd[15529]: Disconnected from 185.182.105.17 port 58144 [preauth]
Jan 20 18:21:59 host sshd[15543]: Invalid user zope from 134.17.89.182 port 50714
Jan 20 18:21:59 host sshd[15543]: input_userauth_request: invalid user zope [preauth]
Jan 20 18:21:59 host sshd[15543]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:21:59 host sshd[15543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.89.182
Jan 20 18:22:01 host sshd[15543]: Failed password for invalid user zope from 134.17.89.182 port 50714 ssh2
Jan 20 18:22:01 host sshd[15543]: Received disconnect from 134.17.89.182 port 50714:11: Bye Bye [preauth]
Jan 20 18:22:01 host sshd[15543]: Disconnected from 134.17.89.182 port 50714 [preauth]
Jan 20 18:22:05 host sshd[15572]: Invalid user dockeruser from 165.154.242.88 port 46218
Jan 20 18:22:05 host sshd[15572]: input_userauth_request: invalid user dockeruser [preauth]
Jan 20 18:22:05 host sshd[15572]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:22:05 host sshd[15572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.242.88
Jan 20 18:22:07 host sshd[15572]: Failed password for invalid user dockeruser from 165.154.242.88 port 46218 ssh2
Jan 20 18:22:07 host sshd[15572]: Received disconnect from 165.154.242.88 port 46218:11: Bye Bye [preauth]
Jan 20 18:22:07 host sshd[15572]: Disconnected from 165.154.242.88 port 46218 [preauth]
Jan 20 18:22:20 host sshd[15599]: Invalid user postgres from 178.161.243.41 port 59288
Jan 20 18:22:20 host sshd[15599]: input_userauth_request: invalid user postgres [preauth]
Jan 20 18:22:20 host sshd[15599]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:22:20 host sshd[15599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.161.243.41
Jan 20 18:22:22 host sshd[15599]: Failed password for invalid user postgres from 178.161.243.41 port 59288 ssh2
Jan 20 18:22:22 host sshd[15599]: Received disconnect from 178.161.243.41 port 59288:11: Bye Bye [preauth]
Jan 20 18:22:22 host sshd[15599]: Disconnected from 178.161.243.41 port 59288 [preauth]
Jan 20 18:22:55 host sshd[15686]: Invalid user test from 143.198.77.231 port 38852
Jan 20 18:22:55 host sshd[15686]: input_userauth_request: invalid user test [preauth]
Jan 20 18:22:55 host sshd[15686]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:22:55 host sshd[15686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.77.231
Jan 20 18:22:57 host sshd[15686]: Failed password for invalid user test from 143.198.77.231 port 38852 ssh2
Jan 20 18:22:57 host sshd[15686]: Received disconnect from 143.198.77.231 port 38852:11: Bye Bye [preauth]
Jan 20 18:22:57 host sshd[15686]: Disconnected from 143.198.77.231 port 38852 [preauth]
Jan 20 18:23:27 host sshd[15794]: Invalid user ftpadmin from 185.182.105.17 port 25172
Jan 20 18:23:27 host sshd[15794]: input_userauth_request: invalid user ftpadmin [preauth]
Jan 20 18:23:27 host sshd[15794]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:23:27 host sshd[15794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.182.105.17
Jan 20 18:23:28 host sshd[15794]: Failed password for invalid user ftpadmin from 185.182.105.17 port 25172 ssh2
Jan 20 18:23:29 host sshd[15794]: Received disconnect from 185.182.105.17 port 25172:11: Bye Bye [preauth]
Jan 20 18:23:29 host sshd[15794]: Disconnected from 185.182.105.17 port 25172 [preauth]
Jan 20 18:24:01 host sshd[15935]: Invalid user user from 94.110.124.21 port 37878
Jan 20 18:24:01 host sshd[15935]: input_userauth_request: invalid user user [preauth]
Jan 20 18:24:01 host sshd[15935]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:24:01 host sshd[15935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.110.124.21
Jan 20 18:24:04 host sshd[15935]: Failed password for invalid user user from 94.110.124.21 port 37878 ssh2
Jan 20 18:24:04 host sshd[15935]: Received disconnect from 94.110.124.21 port 37878:11: Bye Bye [preauth]
Jan 20 18:24:04 host sshd[15935]: Disconnected from 94.110.124.21 port 37878 [preauth]
Jan 20 18:24:33 host sshd[16126]: Invalid user pi from 60.249.7.81 port 55102
Jan 20 18:24:33 host sshd[16126]: input_userauth_request: invalid user pi [preauth]
Jan 20 18:24:33 host sshd[16126]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:24:33 host sshd[16126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.249.7.81
Jan 20 18:24:35 host sshd[16126]: Failed password for invalid user pi from 60.249.7.81 port 55102 ssh2
Jan 20 18:24:35 host sshd[16126]: Connection reset by 60.249.7.81 port 55102 [preauth]
Jan 20 18:26:48 host sshd[16501]: Invalid user euser from 94.110.124.21 port 46966
Jan 20 18:26:48 host sshd[16501]: input_userauth_request: invalid user euser [preauth]
Jan 20 18:26:48 host sshd[16501]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:26:48 host sshd[16501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.110.124.21
Jan 20 18:26:50 host sshd[16501]: Failed password for invalid user euser from 94.110.124.21 port 46966 ssh2
Jan 20 18:26:51 host sshd[16501]: Received disconnect from 94.110.124.21 port 46966:11: Bye Bye [preauth]
Jan 20 18:26:51 host sshd[16501]: Disconnected from 94.110.124.21 port 46966 [preauth]
Jan 20 18:27:07 host sshd[16553]: Invalid user ubuntu from 178.161.243.41 port 47413
Jan 20 18:27:07 host sshd[16553]: input_userauth_request: invalid user ubuntu [preauth]
Jan 20 18:27:07 host sshd[16553]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:27:07 host sshd[16553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.161.243.41
Jan 20 18:27:09 host sshd[16553]: Failed password for invalid user ubuntu from 178.161.243.41 port 47413 ssh2
Jan 20 18:27:09 host sshd[16553]: Received disconnect from 178.161.243.41 port 47413:11: Bye Bye [preauth]
Jan 20 18:27:09 host sshd[16553]: Disconnected from 178.161.243.41 port 47413 [preauth]
Jan 20 18:27:13 host sshd[16566]: Did not receive identification string from 45.33.80.243 port 35550
Jan 20 18:27:16 host sshd[16568]: Connection closed by 45.33.80.243 port 18022 [preauth]
Jan 20 18:27:17 host sshd[16579]: Did not receive identification string from 45.33.80.243 port 18030
Jan 20 18:27:53 host sshd[16686]: Invalid user itmuser from 134.17.89.182 port 44480
Jan 20 18:27:53 host sshd[16686]: input_userauth_request: invalid user itmuser [preauth]
Jan 20 18:27:53 host sshd[16686]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:27:53 host sshd[16686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.89.182
Jan 20 18:27:54 host sshd[16686]: Failed password for invalid user itmuser from 134.17.89.182 port 44480 ssh2
Jan 20 18:27:55 host sshd[16686]: Received disconnect from 134.17.89.182 port 44480:11: Bye Bye [preauth]
Jan 20 18:27:55 host sshd[16686]: Disconnected from 134.17.89.182 port 44480 [preauth]
Jan 20 18:28:03 host sshd[16733]: Invalid user hpcadmin from 94.110.124.21 port 45978
Jan 20 18:28:03 host sshd[16733]: input_userauth_request: invalid user hpcadmin [preauth]
Jan 20 18:28:03 host sshd[16733]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:28:03 host sshd[16733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.110.124.21
Jan 20 18:28:05 host sshd[16733]: Failed password for invalid user hpcadmin from 94.110.124.21 port 45978 ssh2
Jan 20 18:28:05 host sshd[16733]: Received disconnect from 94.110.124.21 port 45978:11: Bye Bye [preauth]
Jan 20 18:28:05 host sshd[16733]: Disconnected from 94.110.124.21 port 45978 [preauth]
Jan 20 18:28:07 host sshd[16776]: Invalid user frank from 165.154.242.88 port 44552
Jan 20 18:28:07 host sshd[16776]: input_userauth_request: invalid user frank [preauth]
Jan 20 18:28:07 host sshd[16776]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:28:07 host sshd[16776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.242.88
Jan 20 18:28:09 host sshd[16776]: Failed password for invalid user frank from 165.154.242.88 port 44552 ssh2
Jan 20 18:28:09 host sshd[16776]: Received disconnect from 165.154.242.88 port 44552:11: Bye Bye [preauth]
Jan 20 18:28:09 host sshd[16776]: Disconnected from 165.154.242.88 port 44552 [preauth]
Jan 20 18:28:21 host sshd[16823]: Invalid user tempadmin from 178.161.243.41 port 54268
Jan 20 18:28:21 host sshd[16823]: input_userauth_request: invalid user tempadmin [preauth]
Jan 20 18:28:21 host sshd[16823]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:28:21 host sshd[16823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.161.243.41
Jan 20 18:28:24 host sshd[16823]: Failed password for invalid user tempadmin from 178.161.243.41 port 54268 ssh2
Jan 20 18:28:24 host sshd[16823]: Received disconnect from 178.161.243.41 port 54268:11: Bye Bye [preauth]
Jan 20 18:28:24 host sshd[16823]: Disconnected from 178.161.243.41 port 54268 [preauth]
Jan 20 18:29:14 host sshd[17002]: Invalid user devadmin from 134.17.89.182 port 38908
Jan 20 18:29:14 host sshd[17002]: input_userauth_request: invalid user devadmin [preauth]
Jan 20 18:29:14 host sshd[17002]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:29:14 host sshd[17002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.17.89.182
Jan 20 18:29:16 host sshd[17002]: Failed password for invalid user devadmin from 134.17.89.182 port 38908 ssh2
Jan 20 18:29:25 host sshd[17061]: Invalid user testuser from 165.154.242.88 port 11980
Jan 20 18:29:25 host sshd[17061]: input_userauth_request: invalid user testuser [preauth]
Jan 20 18:29:25 host sshd[17061]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:29:25 host sshd[17061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.242.88
Jan 20 18:29:27 host sshd[17061]: Failed password for invalid user testuser from 165.154.242.88 port 11980 ssh2
Jan 20 18:29:27 host sshd[17061]: Received disconnect from 165.154.242.88 port 11980:11: Bye Bye [preauth]
Jan 20 18:29:27 host sshd[17061]: Disconnected from 165.154.242.88 port 11980 [preauth]
Jan 20 18:31:21 host sshd[17555]: Invalid user administrator from 103.179.56.43 port 50416
Jan 20 18:31:21 host sshd[17555]: input_userauth_request: invalid user administrator [preauth]
Jan 20 18:31:21 host sshd[17555]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:31:21 host sshd[17555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.56.43
Jan 20 18:31:22 host sshd[17555]: Failed password for invalid user administrator from 103.179.56.43 port 50416 ssh2
Jan 20 18:31:22 host sshd[17555]: Received disconnect from 103.179.56.43 port 50416:11: Bye Bye [preauth]
Jan 20 18:31:22 host sshd[17555]: Disconnected from 103.179.56.43 port 50416 [preauth]
Jan 20 18:32:20 host sshd[17747]: Invalid user cumulus from 212.83.144.11 port 47612
Jan 20 18:32:20 host sshd[17747]: input_userauth_request: invalid user cumulus [preauth]
Jan 20 18:32:20 host sshd[17747]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:32:20 host sshd[17747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.144.11
Jan 20 18:32:23 host sshd[17747]: Failed password for invalid user cumulus from 212.83.144.11 port 47612 ssh2
Jan 20 18:32:23 host sshd[17747]: Received disconnect from 212.83.144.11 port 47612:11: Bye Bye [preauth]
Jan 20 18:32:23 host sshd[17747]: Disconnected from 212.83.144.11 port 47612 [preauth]
Jan 20 18:32:48 host sshd[17829]: Invalid user cpd from 49.236.204.16 port 40277
Jan 20 18:32:48 host sshd[17829]: input_userauth_request: invalid user cpd [preauth]
Jan 20 18:32:48 host sshd[17829]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:32:48 host sshd[17829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.236.204.16
Jan 20 18:32:50 host sshd[17829]: Failed password for invalid user cpd from 49.236.204.16 port 40277 ssh2
Jan 20 18:32:50 host sshd[17829]: Received disconnect from 49.236.204.16 port 40277:11: Bye Bye [preauth]
Jan 20 18:32:50 host sshd[17829]: Disconnected from 49.236.204.16 port 40277 [preauth]
Jan 20 18:33:53 host sshd[18037]: Invalid user testik from 58.186.85.94 port 56436
Jan 20 18:33:53 host sshd[18037]: input_userauth_request: invalid user testik [preauth]
Jan 20 18:33:53 host sshd[18037]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:33:53 host sshd[18037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.186.85.94
Jan 20 18:33:55 host sshd[18037]: Failed password for invalid user testik from 58.186.85.94 port 56436 ssh2
Jan 20 18:33:56 host sshd[18037]: Received disconnect from 58.186.85.94 port 56436:11: Bye Bye [preauth]
Jan 20 18:33:56 host sshd[18037]: Disconnected from 58.186.85.94 port 56436 [preauth]
Jan 20 18:37:05 host sshd[18706]: Invalid user jan from 103.179.56.43 port 49314
Jan 20 18:37:05 host sshd[18706]: input_userauth_request: invalid user jan [preauth]
Jan 20 18:37:05 host sshd[18706]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:37:05 host sshd[18706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.56.43
Jan 20 18:37:07 host sshd[18706]: Failed password for invalid user jan from 103.179.56.43 port 49314 ssh2
Jan 20 18:37:08 host sshd[18706]: Received disconnect from 103.179.56.43 port 49314:11: Bye Bye [preauth]
Jan 20 18:37:08 host sshd[18706]: Disconnected from 103.179.56.43 port 49314 [preauth]
Jan 20 18:37:43 host sshd[18805]: Invalid user srvadmin from 49.236.204.16 port 35507
Jan 20 18:37:43 host sshd[18805]: input_userauth_request: invalid user srvadmin [preauth]
Jan 20 18:37:43 host sshd[18805]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:37:43 host sshd[18805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.236.204.16
Jan 20 18:37:45 host sshd[18805]: Failed password for invalid user srvadmin from 49.236.204.16 port 35507 ssh2
Jan 20 18:37:45 host sshd[18805]: Received disconnect from 49.236.204.16 port 35507:11: Bye Bye [preauth]
Jan 20 18:37:45 host sshd[18805]: Disconnected from 49.236.204.16 port 35507 [preauth]
Jan 20 18:38:02 host sshd[18840]: Invalid user sFTPUser from 175.200.90.176 port 62980
Jan 20 18:38:02 host sshd[18840]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 20 18:38:02 host sshd[18840]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:38:02 host sshd[18840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.200.90.176
Jan 20 18:38:04 host sshd[18840]: Failed password for invalid user sFTPUser from 175.200.90.176 port 62980 ssh2
Jan 20 18:38:04 host sshd[18840]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:38:06 host sshd[18840]: Failed password for invalid user sFTPUser from 175.200.90.176 port 62980 ssh2
Jan 20 18:38:07 host sshd[18840]: Connection reset by 175.200.90.176 port 62980 [preauth]
Jan 20 18:38:07 host sshd[18840]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.200.90.176
Jan 20 18:38:37 host sshd[18950]: Invalid user tester1 from 103.179.56.43 port 48236
Jan 20 18:38:37 host sshd[18950]: input_userauth_request: invalid user tester1 [preauth]
Jan 20 18:38:37 host sshd[18950]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:38:37 host sshd[18950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.56.43
Jan 20 18:38:38 host sshd[18950]: Failed password for invalid user tester1 from 103.179.56.43 port 48236 ssh2
Jan 20 18:38:39 host sshd[18950]: Received disconnect from 103.179.56.43 port 48236:11: Bye Bye [preauth]
Jan 20 18:38:39 host sshd[18950]: Disconnected from 103.179.56.43 port 48236 [preauth]
Jan 20 18:39:04 host sshd[19050]: Invalid user hadoopuser from 49.236.204.16 port 46828
Jan 20 18:39:04 host sshd[19050]: input_userauth_request: invalid user hadoopuser [preauth]
Jan 20 18:39:04 host sshd[19050]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:39:04 host sshd[19050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.236.204.16
Jan 20 18:39:06 host sshd[19050]: Failed password for invalid user hadoopuser from 49.236.204.16 port 46828 ssh2
Jan 20 18:39:15 host sshd[19100]: Invalid user administrator from 58.186.85.94 port 43524
Jan 20 18:39:15 host sshd[19100]: input_userauth_request: invalid user administrator [preauth]
Jan 20 18:39:15 host sshd[19100]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:39:15 host sshd[19100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.186.85.94
Jan 20 18:39:17 host sshd[19100]: Failed password for invalid user administrator from 58.186.85.94 port 43524 ssh2
Jan 20 18:39:17 host sshd[19100]: Received disconnect from 58.186.85.94 port 43524:11: Bye Bye [preauth]
Jan 20 18:39:17 host sshd[19100]: Disconnected from 58.186.85.94 port 43524 [preauth]
Jan 20 18:39:47 host sshd[19210]: Invalid user myusertest from 212.83.144.11 port 42138
Jan 20 18:39:47 host sshd[19210]: input_userauth_request: invalid user myusertest [preauth]
Jan 20 18:39:47 host sshd[19210]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:39:47 host sshd[19210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.144.11
Jan 20 18:39:49 host sshd[19210]: Failed password for invalid user myusertest from 212.83.144.11 port 42138 ssh2
Jan 20 18:39:50 host sshd[19210]: Received disconnect from 212.83.144.11 port 42138:11: Bye Bye [preauth]
Jan 20 18:39:50 host sshd[19210]: Disconnected from 212.83.144.11 port 42138 [preauth]
Jan 20 18:40:55 host sshd[19484]: Invalid user backup from 58.186.85.94 port 37816
Jan 20 18:40:55 host sshd[19484]: input_userauth_request: invalid user backup [preauth]
Jan 20 18:40:55 host sshd[19484]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:40:55 host sshd[19484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.186.85.94
Jan 20 18:40:57 host sshd[19484]: Failed password for invalid user backup from 58.186.85.94 port 37816 ssh2
Jan 20 18:40:57 host sshd[19484]: Received disconnect from 58.186.85.94 port 37816:11: Bye Bye [preauth]
Jan 20 18:40:57 host sshd[19484]: Disconnected from 58.186.85.94 port 37816 [preauth]
Jan 20 18:41:10 host sshd[19556]: Invalid user admin from 212.83.144.11 port 36734
Jan 20 18:41:10 host sshd[19556]: input_userauth_request: invalid user admin [preauth]
Jan 20 18:41:10 host sshd[19556]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:41:10 host sshd[19556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.144.11
Jan 20 18:41:12 host sshd[19556]: Failed password for invalid user admin from 212.83.144.11 port 36734 ssh2
Jan 20 18:41:12 host sshd[19556]: Received disconnect from 212.83.144.11 port 36734:11: Bye Bye [preauth]
Jan 20 18:41:12 host sshd[19556]: Disconnected from 212.83.144.11 port 36734 [preauth]
Jan 20 18:42:21 host sshd[19760]: User root from 59.126.150.225 not allowed because not listed in AllowUsers
Jan 20 18:42:21 host sshd[19760]: input_userauth_request: invalid user root [preauth]
Jan 20 18:42:21 host unix_chkpwd[19768]: password check failed for user (root)
Jan 20 18:42:21 host sshd[19760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.150.225 user=root
Jan 20 18:42:21 host sshd[19760]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 18:42:23 host sshd[19760]: Failed password for invalid user root from 59.126.150.225 port 53067 ssh2
Jan 20 18:42:24 host unix_chkpwd[19774]: password check failed for user (root)
Jan 20 18:42:24 host sshd[19760]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 18:42:26 host sshd[19760]: Failed password for invalid user root from 59.126.150.225 port 53067 ssh2
Jan 20 18:42:27 host unix_chkpwd[19785]: password check failed for user (root)
Jan 20 18:42:27 host sshd[19760]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 18:42:29 host sshd[19760]: Failed password for invalid user root from 59.126.150.225 port 53067 ssh2
Jan 20 18:42:30 host unix_chkpwd[19832]: password check failed for user (root)
Jan 20 18:42:30 host sshd[19760]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 18:42:32 host sshd[19760]: Failed password for invalid user root from 59.126.150.225 port 53067 ssh2
Jan 20 18:42:40 host sshd[19875]: Did not receive identification string from 109.244.96.74 port 56542
Jan 20 18:49:06 host sshd[21081]: ssh_dispatch_run_fatal: Connection from 182.217.1.210 port 38361: bignum is negative [preauth]
Jan 20 18:50:40 host sshd[21433]: Connection reset by 1.34.170.9 port 51025 [preauth]
Jan 20 18:51:46 host sshd[21743]: User root from 183.62.183.14 not allowed because not listed in AllowUsers
Jan 20 18:51:46 host sshd[21743]: input_userauth_request: invalid user root [preauth]
Jan 20 18:51:47 host unix_chkpwd[21753]: password check failed for user (root)
Jan 20 18:51:47 host sshd[21743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.62.183.14 user=root
Jan 20 18:51:47 host sshd[21743]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 18:51:49 host sshd[21743]: Failed password for invalid user root from 183.62.183.14 port 50401 ssh2
Jan 20 18:51:50 host unix_chkpwd[21761]: password check failed for user (root)
Jan 20 18:51:50 host sshd[21743]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 18:51:52 host sshd[21743]: Failed password for invalid user root from 183.62.183.14 port 50401 ssh2
Jan 20 18:51:52 host unix_chkpwd[21772]: password check failed for user (root)
Jan 20 18:51:52 host sshd[21743]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 18:51:55 host sshd[21743]: Failed password for invalid user root from 183.62.183.14 port 50401 ssh2
Jan 20 18:51:55 host unix_chkpwd[21779]: password check failed for user (root)
Jan 20 18:51:55 host sshd[21743]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 18:51:57 host sshd[21743]: Failed password for invalid user root from 183.62.183.14 port 50401 ssh2
Jan 20 18:54:17 host sshd[22207]: Invalid user vagrant from 125.228.183.102 port 56175
Jan 20 18:54:17 host sshd[22207]: input_userauth_request: invalid user vagrant [preauth]
Jan 20 18:54:17 host sshd[22207]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:54:17 host sshd[22207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.183.102
Jan 20 18:54:19 host sshd[22207]: Failed password for invalid user vagrant from 125.228.183.102 port 56175 ssh2
Jan 20 18:54:20 host sshd[22207]: Failed password for invalid user vagrant from 125.228.183.102 port 56175 ssh2
Jan 20 18:54:20 host sshd[22207]: Connection closed by 125.228.183.102 port 56175 [preauth]
Jan 20 18:55:00 host sshd[22344]: Invalid user francis from 107.189.30.59 port 49844
Jan 20 18:55:00 host sshd[22344]: input_userauth_request: invalid user francis [preauth]
Jan 20 18:55:00 host sshd[22344]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 18:55:00 host sshd[22344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 20 18:55:02 host sshd[22344]: Failed password for invalid user francis from 107.189.30.59 port 49844 ssh2
Jan 20 18:55:03 host sshd[22344]: Connection closed by 107.189.30.59 port 49844 [preauth]
Jan 20 18:56:20 host sshd[22622]: User root from 174.45.113.182 not allowed because not listed in AllowUsers
Jan 20 18:56:20 host sshd[22622]: input_userauth_request: invalid user root [preauth]
Jan 20 18:56:20 host unix_chkpwd[22627]: password check failed for user (root)
Jan 20 18:56:20 host sshd[22622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.45.113.182 user=root
Jan 20 18:56:20 host sshd[22622]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 18:56:22 host sshd[22622]: Failed password for invalid user root from 174.45.113.182 port 63551 ssh2
Jan 20 18:56:23 host unix_chkpwd[22699]: password check failed for user (root)
Jan 20 18:56:23 host sshd[22622]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 18:56:25 host sshd[22622]: Failed password for invalid user root from 174.45.113.182 port 63551 ssh2
Jan 20 18:56:34 host sshd[22622]: Connection reset by 174.45.113.182 port 63551 [preauth]
Jan 20 18:56:34 host sshd[22622]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.45.113.182 user=root
Jan 20 19:09:47 host sshd[25520]: Invalid user admin from 59.28.237.64 port 51042
Jan 20 19:09:47 host sshd[25520]: input_userauth_request: invalid user admin [preauth]
Jan 20 19:09:47 host sshd[25520]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 19:09:47 host sshd[25520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.28.237.64
Jan 20 19:09:49 host sshd[25520]: Failed password for invalid user admin from 59.28.237.64 port 51042 ssh2
Jan 20 19:09:50 host sshd[25520]: Failed password for invalid user admin from 59.28.237.64 port 51042 ssh2
Jan 20 19:09:51 host sshd[25520]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 19:09:53 host sshd[25520]: Failed password for invalid user admin from 59.28.237.64 port 51042 ssh2
Jan 20 19:09:54 host sshd[25520]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 19:09:55 host sshd[25520]: Failed password for invalid user admin from 59.28.237.64 port 51042 ssh2
Jan 20 19:09:56 host sshd[25520]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 19:09:58 host sshd[25520]: Failed password for invalid user admin from 59.28.237.64 port 51042 ssh2
Jan 20 19:10:25 host sshd[25651]: Invalid user admin from 41.224.246.247 port 56181
Jan 20 19:10:25 host sshd[25651]: input_userauth_request: invalid user admin [preauth]
Jan 20 19:10:25 host sshd[25651]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 19:10:25 host sshd[25651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.224.246.247
Jan 20 19:10:27 host sshd[25651]: Failed password for invalid user admin from 41.224.246.247 port 56181 ssh2
Jan 20 19:10:29 host sshd[25651]: Failed password for invalid user admin from 41.224.246.247 port 56181 ssh2
Jan 20 19:10:30 host sshd[25651]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 19:10:32 host sshd[25651]: Failed password for invalid user admin from 41.224.246.247 port 56181 ssh2
Jan 20 19:10:34 host sshd[25651]: Connection reset by 41.224.246.247 port 56181 [preauth]
Jan 20 19:10:34 host sshd[25651]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.224.246.247
Jan 20 19:18:06 host sshd[27056]: Invalid user zyfwp from 76.20.95.10 port 60130
Jan 20 19:18:06 host sshd[27056]: input_userauth_request: invalid user zyfwp [preauth]
Jan 20 19:18:06 host sshd[27056]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 19:18:06 host sshd[27056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=76.20.95.10
Jan 20 19:18:07 host sshd[27061]: Connection reset by 76.20.95.10 port 60142 [preauth]
Jan 20 19:18:09 host sshd[27056]: Failed password for invalid user zyfwp from 76.20.95.10 port 60130 ssh2
Jan 20 19:18:13 host sshd[27056]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 19:18:15 host sshd[27056]: Failed password for invalid user zyfwp from 76.20.95.10 port 60130 ssh2
Jan 20 19:18:17 host sshd[27056]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 19:18:19 host sshd[27056]: Failed password for invalid user zyfwp from 76.20.95.10 port 60130 ssh2
Jan 20 19:18:21 host sshd[27056]: Connection closed by 76.20.95.10 port 60130 [preauth]
Jan 20 19:18:21 host sshd[27056]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=76.20.95.10
Jan 20 19:19:31 host sshd[27495]: Invalid user ha from 194.110.203.109 port 39386
Jan 20 19:19:31 host sshd[27495]: input_userauth_request: invalid user ha [preauth]
Jan 20 19:19:31 host sshd[27495]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 19:19:31 host sshd[27495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 19:19:32 host sshd[27495]: Failed password for invalid user ha from 194.110.203.109 port 39386 ssh2
Jan 20 19:19:36 host sshd[27495]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 19:19:37 host sshd[27495]: Failed password for invalid user ha from 194.110.203.109 port 39386 ssh2
Jan 20 19:19:40 host sshd[27495]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 19:19:42 host sshd[27495]: Failed password for invalid user ha from 194.110.203.109 port 39386 ssh2
Jan 20 19:19:45 host sshd[27495]: Connection closed by 194.110.203.109 port 39386 [preauth]
Jan 20 19:19:45 host sshd[27495]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 19:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=pmcresources user-2=vfmassets user-3=wwwtestugo user-4=shalinijames user-5=wwwkapin user-6=woodpeck user-7=remysagr user-8=disposeat user-9=wwwkmaorg user-10=wwwnexidigital user-11=mrsclean user-12=gifterman user-13=palco123 user-14=kottayamcalldriv user-15=phmetals user-16=wwwletsstalkfood user-17=straightcurve user-18=bonifacegroup user-19=wwwevmhonda user-20=laundryboniface user-21=dartsimp user-22=a2zgroup user-23=wwwkaretakers user-24=cochintaxi user-25=wwwrmswll user-26=keralaholi user-27=wwwresourcehunte user-28=ugotscom user-29=travelboniface user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 19:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 19:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-iIdqD21m08ZPwyTd.~
Jan 20 19:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-iIdqD21m08ZPwyTd.~'
Jan 20 19:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-iIdqD21m08ZPwyTd.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 19:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 19:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 19:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 19:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 19:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 19:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 19:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 19:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 19:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 19:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 19:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 19:30:00 host sshd[29432]: User chrony from 205.185.113.129 not allowed because not listed in AllowUsers
Jan 20 19:30:00 host sshd[29432]: input_userauth_request: invalid user chrony [preauth]
Jan 20 19:30:00 host unix_chkpwd[29437]: password check failed for user (chrony)
Jan 20 19:30:00 host sshd[29432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129 user=chrony
Jan 20 19:30:00 host sshd[29432]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "chrony"
Jan 20 19:30:03 host sshd[29432]: Failed password for invalid user chrony from 205.185.113.129 port 48024 ssh2
Jan 20 19:30:03 host sshd[29432]: Connection closed by 205.185.113.129 port 48024 [preauth]
Jan 20 19:35:22 host sshd[30153]: Did not receive identification string from 109.244.96.74 port 41320
Jan 20 19:38:29 host sshd[30595]: Connection reset by 105.184.50.227 port 59800 [preauth]
Jan 20 19:38:30 host sshd[30597]: User ftp from 105.184.50.227 not allowed because not listed in AllowUsers
Jan 20 19:38:30 host sshd[30597]: input_userauth_request: invalid user ftp [preauth]
Jan 20 19:38:30 host unix_chkpwd[30623]: password check failed for user (ftp)
Jan 20 19:38:30 host sshd[30597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=105.184.50.227 user=ftp
Jan 20 19:38:30 host sshd[30597]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 20 19:38:32 host sshd[30597]: Failed password for invalid user ftp from 105.184.50.227 port 59822 ssh2
Jan 20 19:38:33 host unix_chkpwd[30629]: password check failed for user (ftp)
Jan 20 19:38:33 host sshd[30597]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 20 19:38:35 host sshd[30597]: Failed password for invalid user ftp from 105.184.50.227 port 59822 ssh2
Jan 20 19:38:37 host unix_chkpwd[30632]: password check failed for user (ftp)
Jan 20 19:38:37 host sshd[30597]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 20 19:38:39 host sshd[30597]: Failed password for invalid user ftp from 105.184.50.227 port 59822 ssh2
Jan 20 19:38:40 host sshd[30597]: Failed password for invalid user ftp from 105.184.50.227 port 59822 ssh2
Jan 20 19:38:41 host sshd[30597]: Connection reset by 105.184.50.227 port 59822 [preauth]
Jan 20 19:38:41 host sshd[30597]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=105.184.50.227 user=ftp
Jan 20 19:45:19 host sshd[31951]: Invalid user scanner from 31.41.244.124 port 37629
Jan 20 19:45:19 host sshd[31951]: input_userauth_request: invalid user scanner [preauth]
Jan 20 19:45:19 host sshd[31951]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 19:45:19 host sshd[31951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124
Jan 20 19:45:21 host sshd[31951]: Failed password for invalid user scanner from 31.41.244.124 port 37629 ssh2
Jan 20 19:45:21 host sshd[31951]: Received disconnect from 31.41.244.124 port 37629:11: Client disconnecting normally [preauth]
Jan 20 19:45:21 host sshd[31951]: Disconnected from 31.41.244.124 port 37629 [preauth]
Jan 20 19:54:44 host sshd[1231]: Invalid user admin from 221.160.19.77 port 63743
Jan 20 19:54:44 host sshd[1231]: input_userauth_request: invalid user admin [preauth]
Jan 20 19:54:44 host sshd[1231]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 19:54:44 host sshd[1231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.160.19.77
Jan 20 19:54:46 host sshd[1231]: Failed password for invalid user admin from 221.160.19.77 port 63743 ssh2
Jan 20 19:54:47 host sshd[1231]: Connection reset by 221.160.19.77 port 63743 [preauth]
Jan 20 20:03:48 host sshd[2456]: Invalid user hduser from 92.205.104.173 port 55256
Jan 20 20:03:48 host sshd[2456]: input_userauth_request: invalid user hduser [preauth]
Jan 20 20:03:48 host sshd[2456]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:03:48 host sshd[2456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.205.104.173
Jan 20 20:03:50 host sshd[2456]: Failed password for invalid user hduser from 92.205.104.173 port 55256 ssh2
Jan 20 20:03:50 host sshd[2456]: Received disconnect from 92.205.104.173 port 55256:11: Bye Bye [preauth]
Jan 20 20:03:50 host sshd[2456]: Disconnected from 92.205.104.173 port 55256 [preauth]
Jan 20 20:03:55 host sshd[2477]: Invalid user tadmin from 194.152.206.17 port 15856
Jan 20 20:03:55 host sshd[2477]: input_userauth_request: invalid user tadmin [preauth]
Jan 20 20:03:55 host sshd[2477]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:03:55 host sshd[2477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.152.206.17
Jan 20 20:03:57 host sshd[2477]: Failed password for invalid user tadmin from 194.152.206.17 port 15856 ssh2
Jan 20 20:03:57 host sshd[2477]: Received disconnect from 194.152.206.17 port 15856:11: Bye Bye [preauth]
Jan 20 20:03:57 host sshd[2477]: Disconnected from 194.152.206.17 port 15856 [preauth]
Jan 20 20:04:47 host sshd[2589]: Invalid user cistest from 34.126.78.62 port 55678
Jan 20 20:04:47 host sshd[2589]: input_userauth_request: invalid user cistest [preauth]
Jan 20 20:04:47 host sshd[2589]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:04:47 host sshd[2589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.126.78.62
Jan 20 20:04:48 host sshd[2589]: Failed password for invalid user cistest from 34.126.78.62 port 55678 ssh2
Jan 20 20:04:48 host sshd[2589]: Received disconnect from 34.126.78.62 port 55678:11: Bye Bye [preauth]
Jan 20 20:04:48 host sshd[2589]: Disconnected from 34.126.78.62 port 55678 [preauth]
Jan 20 20:06:39 host sshd[2945]: Invalid user cistest from 156.251.130.170 port 45878
Jan 20 20:06:39 host sshd[2945]: input_userauth_request: invalid user cistest [preauth]
Jan 20 20:06:39 host sshd[2945]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:06:39 host sshd[2945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.130.170
Jan 20 20:06:41 host sshd[2945]: Failed password for invalid user cistest from 156.251.130.170 port 45878 ssh2
Jan 20 20:06:41 host sshd[2945]: Received disconnect from 156.251.130.170 port 45878:11: Bye Bye [preauth]
Jan 20 20:06:41 host sshd[2945]: Disconnected from 156.251.130.170 port 45878 [preauth]
Jan 20 20:07:01 host sshd[2975]: Invalid user ubuntu from 190.64.136.124 port 30139
Jan 20 20:07:01 host sshd[2975]: input_userauth_request: invalid user ubuntu [preauth]
Jan 20 20:07:01 host sshd[2975]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:07:01 host sshd[2975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.64.136.124
Jan 20 20:07:03 host sshd[2975]: Failed password for invalid user ubuntu from 190.64.136.124 port 30139 ssh2
Jan 20 20:07:03 host sshd[2975]: Received disconnect from 190.64.136.124 port 30139:11: Bye Bye [preauth]
Jan 20 20:07:03 host sshd[2975]: Disconnected from 190.64.136.124 port 30139 [preauth]
Jan 20 20:07:05 host sshd[2992]: Invalid user bob from 46.8.19.64 port 51858
Jan 20 20:07:05 host sshd[2992]: input_userauth_request: invalid user bob [preauth]
Jan 20 20:07:05 host sshd[2992]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:07:05 host sshd[2992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.8.19.64
Jan 20 20:07:08 host sshd[2992]: Failed password for invalid user bob from 46.8.19.64 port 51858 ssh2
Jan 20 20:07:08 host sshd[2992]: Received disconnect from 46.8.19.64 port 51858:11: Bye Bye [preauth]
Jan 20 20:07:08 host sshd[2992]: Disconnected from 46.8.19.64 port 51858 [preauth]
Jan 20 20:07:09 host sshd[2998]: Invalid user ubuntu from 182.23.111.74 port 46568
Jan 20 20:07:09 host sshd[2998]: input_userauth_request: invalid user ubuntu [preauth]
Jan 20 20:07:09 host sshd[2998]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:07:09 host sshd[2998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.23.111.74
Jan 20 20:07:11 host sshd[2998]: Failed password for invalid user ubuntu from 182.23.111.74 port 46568 ssh2
Jan 20 20:07:11 host sshd[2998]: Received disconnect from 182.23.111.74 port 46568:11: Bye Bye [preauth]
Jan 20 20:07:11 host sshd[2998]: Disconnected from 182.23.111.74 port 46568 [preauth]
Jan 20 20:07:59 host sshd[3082]: Invalid user martin from 181.191.9.163 port 41110
Jan 20 20:07:59 host sshd[3082]: input_userauth_request: invalid user martin [preauth]
Jan 20 20:07:59 host sshd[3082]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:07:59 host sshd[3082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.191.9.163
Jan 20 20:08:02 host sshd[3082]: Failed password for invalid user martin from 181.191.9.163 port 41110 ssh2
Jan 20 20:08:02 host sshd[3082]: Received disconnect from 181.191.9.163 port 41110:11: Bye Bye [preauth]
Jan 20 20:08:02 host sshd[3082]: Disconnected from 181.191.9.163 port 41110 [preauth]
Jan 20 20:08:43 host sshd[3169]: Did not receive identification string from 63.250.59.203 port 33746
Jan 20 20:08:50 host sshd[3173]: User root from 63.250.59.203 not allowed because not listed in AllowUsers
Jan 20 20:08:50 host sshd[3173]: input_userauth_request: invalid user root [preauth]
Jan 20 20:08:50 host sshd[3178]: User root from 63.250.59.203 not allowed because not listed in AllowUsers
Jan 20 20:08:50 host sshd[3176]: Invalid user ubnt from 63.250.59.203 port 33872
Jan 20 20:08:50 host sshd[3178]: input_userauth_request: invalid user root [preauth]
Jan 20 20:08:50 host sshd[3179]: Invalid user admin from 63.250.59.203 port 33818
Jan 20 20:08:50 host sshd[3172]: Invalid user admin from 63.250.59.203 port 33946
Jan 20 20:08:50 host sshd[3187]: User root from 63.250.59.203 not allowed because not listed in AllowUsers
Jan 20 20:08:50 host sshd[3183]: Invalid user guest from 63.250.59.203 port 33960
Jan 20 20:08:50 host sshd[3182]: Invalid user steam from 63.250.59.203 port 34030
Jan 20 20:08:50 host sshd[3174]: Invalid user admin from 63.250.59.203 port 34046
Jan 20 20:08:50 host sshd[3184]: Invalid user testuser from 63.250.59.203 port 33830
Jan 20 20:08:50 host sshd[3170]: User root from 63.250.59.203 not allowed because not listed in AllowUsers
Jan 20 20:08:50 host sshd[3172]: input_userauth_request: invalid user admin [preauth]
Jan 20 20:08:50 host sshd[3171]: Invalid user vagrant from 63.250.59.203 port 33782
Jan 20 20:08:50 host sshd[3187]: input_userauth_request: invalid user root [preauth]
Jan 20 20:08:50 host sshd[3177]: Invalid user es from 63.250.59.203 port 33780
Jan 20 20:08:50 host sshd[3170]: input_userauth_request: invalid user root [preauth]
Jan 20 20:08:50 host sshd[3176]: input_userauth_request: invalid user ubnt [preauth]
Jan 20 20:08:50 host sshd[3189]: User root from 63.250.59.203 not allowed because not listed in AllowUsers
Jan 20 20:08:50 host sshd[3180]: Invalid user pi from 63.250.59.203 port 33858
Jan 20 20:08:50 host sshd[3181]: Invalid user esuser from 63.250.59.203 port 33878
Jan 20 20:08:50 host sshd[3174]: input_userauth_request: invalid user admin [preauth]
Jan 20 20:08:50 host sshd[3182]: input_userauth_request: invalid user steam [preauth]
Jan 20 20:08:50 host sshd[3175]: Invalid user vagrant from 63.250.59.203 port 33894
Jan 20 20:08:50 host sshd[3177]: input_userauth_request: invalid user es [preauth]
Jan 20 20:08:50 host sshd[3190]: Invalid user zjw from 63.250.59.203 port 33748
Jan 20 20:08:50 host sshd[3185]: Invalid user pi from 63.250.59.203 port 33766
Jan 20 20:08:50 host sshd[3179]: input_userauth_request: invalid user admin [preauth]
Jan 20 20:08:50 host sshd[3191]: Invalid user devops from 63.250.59.203 port 33856
Jan 20 20:08:50 host sshd[3189]: input_userauth_request: invalid user root [preauth]
Jan 20 20:08:50 host sshd[3185]: input_userauth_request: invalid user pi [preauth]
Jan 20 20:08:50 host sshd[3171]: input_userauth_request: invalid user vagrant [preauth]
Jan 20 20:08:50 host sshd[3183]: input_userauth_request: invalid user guest [preauth]
Jan 20 20:08:50 host sshd[3191]: input_userauth_request: invalid user devops [preauth]
Jan 20 20:08:50 host sshd[3188]: Invalid user ftpuser from 63.250.59.203 port 34050
Jan 20 20:08:50 host sshd[3193]: Invalid user pi from 63.250.59.203 port 33982
Jan 20 20:08:50 host sshd[3188]: input_userauth_request: invalid user ftpuser [preauth]
Jan 20 20:08:50 host sshd[3193]: input_userauth_request: invalid user pi [preauth]
Jan 20 20:08:50 host sshd[3181]: input_userauth_request: invalid user esuser [preauth]
Jan 20 20:08:50 host sshd[3184]: input_userauth_request: invalid user testuser [preauth]
Jan 20 20:08:50 host sshd[3175]: input_userauth_request: invalid user vagrant [preauth]
Jan 20 20:08:50 host sshd[3194]: Invalid user ansible from 63.250.59.203 port 33770
Jan 20 20:08:50 host sshd[3194]: input_userauth_request: invalid user ansible [preauth]
Jan 20 20:08:50 host sshd[3180]: input_userauth_request: invalid user pi [preauth]
Jan 20 20:08:50 host sshd[3190]: input_userauth_request: invalid user zjw [preauth]
Jan 20 20:08:50 host sshd[3192]: Invalid user guest from 63.250.59.203 port 33986
Jan 20 20:08:50 host sshd[3192]: input_userauth_request: invalid user guest [preauth]
Jan 20 20:08:50 host sshd[3195]: User root from 63.250.59.203 not allowed because not listed in AllowUsers
Jan 20 20:08:50 host sshd[3195]: input_userauth_request: invalid user root [preauth]
Jan 20 20:08:52 host sshd[3179]: Connection closed by 63.250.59.203 port 33818 [preauth]
Jan 20 20:08:52 host sshd[3177]: Connection closed by 63.250.59.203 port 33780 [preauth]
Jan 20 20:08:52 host sshd[3170]: Connection closed by 63.250.59.203 port 33774 [preauth]
Jan 20 20:08:52 host sshd[3171]: Connection closed by 63.250.59.203 port 33782 [preauth]
Jan 20 20:08:52 host sshd[3174]: Connection closed by 63.250.59.203 port 34046 [preauth]
Jan 20 20:08:52 host sshd[3173]: Connection closed by 63.250.59.203 port 34006 [preauth]
Jan 20 20:08:52 host sshd[3183]: Connection closed by 63.250.59.203 port 33960 [preauth]
Jan 20 20:08:52 host sshd[3187]: Connection closed by 63.250.59.203 port 33926 [preauth]
Jan 20 20:08:52 host sshd[3175]: Connection closed by 63.250.59.203 port 33894 [preauth]
Jan 20 20:08:52 host sshd[3181]: Connection closed by 63.250.59.203 port 33878 [preauth]
Jan 20 20:08:52 host sshd[3189]: Connection closed by 63.250.59.203 port 34018 [preauth]
Jan 20 20:08:52 host sshd[3184]: Connection closed by 63.250.59.203 port 33830 [preauth]
Jan 20 20:08:52 host sshd[3188]: Connection closed by 63.250.59.203 port 34050 [preauth]
Jan 20 20:08:52 host sshd[3191]: Connection closed by 63.250.59.203 port 33856 [preauth]
Jan 20 20:08:52 host sshd[3190]: Connection closed by 63.250.59.203 port 33748 [preauth]
Jan 20 20:08:52 host sshd[3182]: Connection closed by 63.250.59.203 port 34030 [preauth]
Jan 20 20:08:52 host sshd[3172]: Connection closed by 63.250.59.203 port 33946 [preauth]
Jan 20 20:08:52 host sshd[3192]: Connection closed by 63.250.59.203 port 33986 [preauth]
Jan 20 20:08:52 host sshd[3185]: Connection closed by 63.250.59.203 port 33766 [preauth]
Jan 20 20:08:52 host sshd[3180]: Connection closed by 63.250.59.203 port 33858 [preauth]
Jan 20 20:08:52 host sshd[3193]: Connection closed by 63.250.59.203 port 33982 [preauth]
Jan 20 20:08:52 host sshd[3176]: Connection closed by 63.250.59.203 port 33872 [preauth]
Jan 20 20:08:52 host sshd[3194]: Connection closed by 63.250.59.203 port 33770 [preauth]
Jan 20 20:08:52 host sshd[3195]: Connection closed by 63.250.59.203 port 33966 [preauth]
Jan 20 20:08:52 host sshd[3178]: Connection closed by 63.250.59.203 port 34002 [preauth]
Jan 20 20:09:17 host sshd[3307]: Invalid user vadmin from 92.205.104.173 port 55492
Jan 20 20:09:17 host sshd[3307]: input_userauth_request: invalid user vadmin [preauth]
Jan 20 20:09:17 host sshd[3307]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:09:17 host sshd[3307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.205.104.173
Jan 20 20:09:19 host sshd[3307]: Failed password for invalid user vadmin from 92.205.104.173 port 55492 ssh2
Jan 20 20:09:19 host sshd[3307]: Received disconnect from 92.205.104.173 port 55492:11: Bye Bye [preauth]
Jan 20 20:09:19 host sshd[3307]: Disconnected from 92.205.104.173 port 55492 [preauth]
Jan 20 20:09:30 host sshd[3347]: Invalid user bkpuser from 194.152.206.17 port 62858
Jan 20 20:09:30 host sshd[3347]: input_userauth_request: invalid user bkpuser [preauth]
Jan 20 20:09:30 host sshd[3347]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:09:30 host sshd[3347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.152.206.17
Jan 20 20:09:31 host sshd[3347]: Failed password for invalid user bkpuser from 194.152.206.17 port 62858 ssh2
Jan 20 20:09:32 host sshd[3347]: Received disconnect from 194.152.206.17 port 62858:11: Bye Bye [preauth]
Jan 20 20:09:32 host sshd[3347]: Disconnected from 194.152.206.17 port 62858 [preauth]
Jan 20 20:09:52 host sshd[3381]: Invalid user steam from 128.199.234.147 port 45534
Jan 20 20:09:52 host sshd[3381]: input_userauth_request: invalid user steam [preauth]
Jan 20 20:09:52 host sshd[3381]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:09:52 host sshd[3381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.234.147
Jan 20 20:09:53 host sshd[3381]: Failed password for invalid user steam from 128.199.234.147 port 45534 ssh2
Jan 20 20:09:53 host sshd[3381]: Received disconnect from 128.199.234.147 port 45534:11: Bye Bye [preauth]
Jan 20 20:09:53 host sshd[3381]: Disconnected from 128.199.234.147 port 45534 [preauth]
Jan 20 20:10:22 host sshd[3462]: Invalid user tadmin from 92.205.104.173 port 55592
Jan 20 20:10:22 host sshd[3462]: input_userauth_request: invalid user tadmin [preauth]
Jan 20 20:10:22 host sshd[3462]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:10:22 host sshd[3462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.205.104.173
Jan 20 20:10:25 host sshd[3462]: Failed password for invalid user tadmin from 92.205.104.173 port 55592 ssh2
Jan 20 20:10:29 host sshd[3502]: Invalid user admin from 182.23.111.74 port 46740
Jan 20 20:10:29 host sshd[3502]: input_userauth_request: invalid user admin [preauth]
Jan 20 20:10:29 host sshd[3502]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:10:29 host sshd[3502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.23.111.74
Jan 20 20:10:31 host sshd[3502]: Failed password for invalid user admin from 182.23.111.74 port 46740 ssh2
Jan 20 20:10:31 host sshd[3502]: Received disconnect from 182.23.111.74 port 46740:11: Bye Bye [preauth]
Jan 20 20:10:31 host sshd[3502]: Disconnected from 182.23.111.74 port 46740 [preauth]
Jan 20 20:10:33 host sshd[3531]: Invalid user admin from 34.126.78.62 port 50180
Jan 20 20:10:33 host sshd[3531]: input_userauth_request: invalid user admin [preauth]
Jan 20 20:10:33 host sshd[3531]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:10:33 host sshd[3531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.126.78.62
Jan 20 20:10:35 host sshd[3531]: Failed password for invalid user admin from 34.126.78.62 port 50180 ssh2
Jan 20 20:10:36 host sshd[3531]: Received disconnect from 34.126.78.62 port 50180:11: Bye Bye [preauth]
Jan 20 20:10:36 host sshd[3531]: Disconnected from 34.126.78.62 port 50180 [preauth]
Jan 20 20:10:36 host sshd[3541]: Invalid user maurice from 194.152.206.17 port 22296
Jan 20 20:10:36 host sshd[3541]: input_userauth_request: invalid user maurice [preauth]
Jan 20 20:10:36 host sshd[3541]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:10:36 host sshd[3541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.152.206.17
Jan 20 20:10:38 host sshd[3541]: Failed password for invalid user maurice from 194.152.206.17 port 22296 ssh2
Jan 20 20:10:39 host sshd[3541]: Received disconnect from 194.152.206.17 port 22296:11: Bye Bye [preauth]
Jan 20 20:10:39 host sshd[3541]: Disconnected from 194.152.206.17 port 22296 [preauth]
Jan 20 20:10:49 host sshd[3590]: Connection reset by 49.213.216.230 port 55285 [preauth]
Jan 20 20:10:56 host sshd[3611]: Invalid user esadmin from 46.8.19.64 port 59142
Jan 20 20:10:56 host sshd[3611]: input_userauth_request: invalid user esadmin [preauth]
Jan 20 20:10:56 host sshd[3611]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:10:56 host sshd[3611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.8.19.64
Jan 20 20:10:58 host sshd[3611]: Failed password for invalid user esadmin from 46.8.19.64 port 59142 ssh2
Jan 20 20:10:58 host sshd[3611]: Received disconnect from 46.8.19.64 port 59142:11: Bye Bye [preauth]
Jan 20 20:10:58 host sshd[3611]: Disconnected from 46.8.19.64 port 59142 [preauth]
Jan 20 20:11:00 host sshd[3619]: Invalid user webuser from 156.251.130.170 port 35282
Jan 20 20:11:00 host sshd[3619]: input_userauth_request: invalid user webuser [preauth]
Jan 20 20:11:00 host sshd[3619]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:11:00 host sshd[3619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.130.170
Jan 20 20:11:00 host sshd[3617]: Invalid user tadmin from 190.64.136.124 port 4345
Jan 20 20:11:00 host sshd[3617]: input_userauth_request: invalid user tadmin [preauth]
Jan 20 20:11:00 host sshd[3617]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:11:00 host sshd[3617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.64.136.124
Jan 20 20:11:03 host sshd[3619]: Failed password for invalid user webuser from 156.251.130.170 port 35282 ssh2
Jan 20 20:11:03 host sshd[3617]: Failed password for invalid user tadmin from 190.64.136.124 port 4345 ssh2
Jan 20 20:11:03 host sshd[3619]: Received disconnect from 156.251.130.170 port 35282:11: Bye Bye [preauth]
Jan 20 20:11:03 host sshd[3619]: Disconnected from 156.251.130.170 port 35282 [preauth]
Jan 20 20:11:03 host sshd[3617]: Received disconnect from 190.64.136.124 port 4345:11: Bye Bye [preauth]
Jan 20 20:11:03 host sshd[3617]: Disconnected from 190.64.136.124 port 4345 [preauth]
Jan 20 20:11:57 host sshd[3828]: Invalid user bitrix from 34.126.78.62 port 44492
Jan 20 20:11:57 host sshd[3828]: input_userauth_request: invalid user bitrix [preauth]
Jan 20 20:11:57 host sshd[3828]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:11:57 host sshd[3828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.126.78.62
Jan 20 20:11:58 host sshd[3832]: User centos from 128.199.234.147 not allowed because not listed in AllowUsers
Jan 20 20:11:58 host sshd[3832]: input_userauth_request: invalid user centos [preauth]
Jan 20 20:11:58 host unix_chkpwd[3840]: password check failed for user (centos)
Jan 20 20:11:58 host sshd[3832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.234.147 user=centos
Jan 20 20:12:00 host sshd[3828]: Failed password for invalid user bitrix from 34.126.78.62 port 44492 ssh2
Jan 20 20:12:01 host sshd[3832]: Failed password for invalid user centos from 128.199.234.147 port 45410 ssh2
Jan 20 20:12:01 host sshd[3832]: Received disconnect from 128.199.234.147 port 45410:11: Bye Bye [preauth]
Jan 20 20:12:01 host sshd[3832]: Disconnected from 128.199.234.147 port 45410 [preauth]
Jan 20 20:12:01 host sshd[3867]: Invalid user cfguser from 46.8.19.64 port 35556
Jan 20 20:12:01 host sshd[3867]: input_userauth_request: invalid user cfguser [preauth]
Jan 20 20:12:01 host sshd[3867]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:12:01 host sshd[3867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.8.19.64
Jan 20 20:12:03 host sshd[3867]: Failed password for invalid user cfguser from 46.8.19.64 port 35556 ssh2
Jan 20 20:12:03 host sshd[3867]: Received disconnect from 46.8.19.64 port 35556:11: Bye Bye [preauth]
Jan 20 20:12:03 host sshd[3867]: Disconnected from 46.8.19.64 port 35556 [preauth]
Jan 20 20:12:04 host sshd[3893]: Invalid user andy from 182.23.111.74 port 46874
Jan 20 20:12:04 host sshd[3893]: input_userauth_request: invalid user andy [preauth]
Jan 20 20:12:04 host sshd[3893]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:12:04 host sshd[3893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.23.111.74
Jan 20 20:12:07 host sshd[3893]: Failed password for invalid user andy from 182.23.111.74 port 46874 ssh2
Jan 20 20:12:07 host sshd[3893]: Received disconnect from 182.23.111.74 port 46874:11: Bye Bye [preauth]
Jan 20 20:12:07 host sshd[3893]: Disconnected from 182.23.111.74 port 46874 [preauth]
Jan 20 20:12:09 host sshd[3948]: Invalid user systest from 156.251.130.170 port 33942
Jan 20 20:12:09 host sshd[3948]: input_userauth_request: invalid user systest [preauth]
Jan 20 20:12:09 host sshd[3948]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:12:09 host sshd[3948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.251.130.170
Jan 20 20:12:11 host sshd[3948]: Failed password for invalid user systest from 156.251.130.170 port 33942 ssh2
Jan 20 20:12:11 host sshd[3948]: Received disconnect from 156.251.130.170 port 33942:11: Bye Bye [preauth]
Jan 20 20:12:11 host sshd[3948]: Disconnected from 156.251.130.170 port 33942 [preauth]
Jan 20 20:12:20 host sshd[4028]: Invalid user jenkins from 190.64.136.124 port 36927
Jan 20 20:12:20 host sshd[4028]: input_userauth_request: invalid user jenkins [preauth]
Jan 20 20:12:20 host sshd[4028]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:12:20 host sshd[4028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.64.136.124
Jan 20 20:12:21 host sshd[4028]: Failed password for invalid user jenkins from 190.64.136.124 port 36927 ssh2
Jan 20 20:12:21 host sshd[4028]: Received disconnect from 190.64.136.124 port 36927:11: Bye Bye [preauth]
Jan 20 20:12:21 host sshd[4028]: Disconnected from 190.64.136.124 port 36927 [preauth]
Jan 20 20:12:58 host sshd[4140]: Invalid user userguest from 181.191.9.163 port 52524
Jan 20 20:12:58 host sshd[4140]: input_userauth_request: invalid user userguest [preauth]
Jan 20 20:12:58 host sshd[4140]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:12:58 host sshd[4140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.191.9.163
Jan 20 20:13:00 host sshd[4140]: Failed password for invalid user userguest from 181.191.9.163 port 52524 ssh2
Jan 20 20:13:01 host sshd[4140]: Received disconnect from 181.191.9.163 port 52524:11: Bye Bye [preauth]
Jan 20 20:13:01 host sshd[4140]: Disconnected from 181.191.9.163 port 52524 [preauth]
Jan 20 20:13:03 host sshd[4164]: Invalid user testdev from 152.32.174.199 port 54864
Jan 20 20:13:03 host sshd[4164]: input_userauth_request: invalid user testdev [preauth]
Jan 20 20:13:03 host sshd[4164]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:13:03 host sshd[4164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.174.199
Jan 20 20:13:05 host sshd[4164]: Failed password for invalid user testdev from 152.32.174.199 port 54864 ssh2
Jan 20 20:13:05 host sshd[4164]: Received disconnect from 152.32.174.199 port 54864:11: Bye Bye [preauth]
Jan 20 20:13:05 host sshd[4164]: Disconnected from 152.32.174.199 port 54864 [preauth]
Jan 20 20:13:08 host sshd[4181]: Invalid user ericadmin from 167.172.246.83 port 35946
Jan 20 20:13:08 host sshd[4181]: input_userauth_request: invalid user ericadmin [preauth]
Jan 20 20:13:08 host sshd[4181]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:13:08 host sshd[4181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.246.83
Jan 20 20:13:10 host sshd[4181]: Failed password for invalid user ericadmin from 167.172.246.83 port 35946 ssh2
Jan 20 20:13:10 host sshd[4181]: Received disconnect from 167.172.246.83 port 35946:11: Bye Bye [preauth]
Jan 20 20:13:10 host sshd[4181]: Disconnected from 167.172.246.83 port 35946 [preauth]
Jan 20 20:14:11 host sshd[4284]: Invalid user sysadmin from 89.179.126.155 port 36380
Jan 20 20:14:11 host sshd[4284]: input_userauth_request: invalid user sysadmin [preauth]
Jan 20 20:14:11 host sshd[4284]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:14:11 host sshd[4284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.179.126.155
Jan 20 20:14:13 host sshd[4284]: Failed password for invalid user sysadmin from 89.179.126.155 port 36380 ssh2
Jan 20 20:14:13 host sshd[4284]: Received disconnect from 89.179.126.155 port 36380:11: Bye Bye [preauth]
Jan 20 20:14:13 host sshd[4284]: Disconnected from 89.179.126.155 port 36380 [preauth]
Jan 20 20:14:37 host sshd[4332]: Invalid user toor from 181.191.9.163 port 46648
Jan 20 20:14:37 host sshd[4332]: input_userauth_request: invalid user toor [preauth]
Jan 20 20:14:37 host sshd[4332]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:14:37 host sshd[4332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.191.9.163
Jan 20 20:14:40 host sshd[4332]: Failed password for invalid user toor from 181.191.9.163 port 46648 ssh2
Jan 20 20:14:54 host sshd[4381]: Invalid user admin from 204.48.17.233 port 51860
Jan 20 20:14:54 host sshd[4381]: input_userauth_request: invalid user admin [preauth]
Jan 20 20:14:54 host sshd[4381]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:14:54 host sshd[4381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=204.48.17.233
Jan 20 20:14:57 host sshd[4381]: Failed password for invalid user admin from 204.48.17.233 port 51860 ssh2
Jan 20 20:14:57 host sshd[4381]: Received disconnect from 204.48.17.233 port 51860:11: Bye Bye [preauth]
Jan 20 20:14:57 host sshd[4381]: Disconnected from 204.48.17.233 port 51860 [preauth]
Jan 20 20:16:33 host sshd[4604]: Invalid user ali from 14.97.235.186 port 53666
Jan 20 20:16:33 host sshd[4604]: input_userauth_request: invalid user ali [preauth]
Jan 20 20:16:33 host sshd[4604]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:16:33 host sshd[4604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.97.235.186
Jan 20 20:16:34 host sshd[4604]: Failed password for invalid user ali from 14.97.235.186 port 53666 ssh2
Jan 20 20:16:34 host sshd[4604]: Received disconnect from 14.97.235.186 port 53666:11: Bye Bye [preauth]
Jan 20 20:16:34 host sshd[4604]: Disconnected from 14.97.235.186 port 53666 [preauth]
Jan 20 20:16:42 host sshd[4615]: Invalid user ftpadmin from 5.141.81.226 port 46464
Jan 20 20:16:42 host sshd[4615]: input_userauth_request: invalid user ftpadmin [preauth]
Jan 20 20:16:42 host sshd[4615]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:16:42 host sshd[4615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.141.81.226
Jan 20 20:16:44 host sshd[4615]: Failed password for invalid user ftpadmin from 5.141.81.226 port 46464 ssh2
Jan 20 20:16:44 host sshd[4615]: Received disconnect from 5.141.81.226 port 46464:11: Bye Bye [preauth]
Jan 20 20:16:44 host sshd[4615]: Disconnected from 5.141.81.226 port 46464 [preauth]
Jan 20 20:17:45 host sshd[4820]: Invalid user list from 167.172.246.83 port 54908
Jan 20 20:17:45 host sshd[4820]: input_userauth_request: invalid user list [preauth]
Jan 20 20:17:45 host sshd[4820]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:17:45 host sshd[4820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.246.83
Jan 20 20:17:47 host sshd[4820]: Failed password for invalid user list from 167.172.246.83 port 54908 ssh2
Jan 20 20:17:47 host sshd[4820]: Received disconnect from 167.172.246.83 port 54908:11: Bye Bye [preauth]
Jan 20 20:17:47 host sshd[4820]: Disconnected from 167.172.246.83 port 54908 [preauth]
Jan 20 20:18:15 host sshd[4877]: Invalid user ediuser from 89.179.126.155 port 58061
Jan 20 20:18:15 host sshd[4877]: input_userauth_request: invalid user ediuser [preauth]
Jan 20 20:18:15 host sshd[4877]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:18:15 host sshd[4877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.179.126.155
Jan 20 20:18:17 host sshd[4877]: Failed password for invalid user ediuser from 89.179.126.155 port 58061 ssh2
Jan 20 20:18:17 host sshd[4877]: Received disconnect from 89.179.126.155 port 58061:11: Bye Bye [preauth]
Jan 20 20:18:17 host sshd[4877]: Disconnected from 89.179.126.155 port 58061 [preauth]
Jan 20 20:18:19 host sshd[4883]: Invalid user uftp from 14.97.235.186 port 8384
Jan 20 20:18:19 host sshd[4883]: input_userauth_request: invalid user uftp [preauth]
Jan 20 20:18:19 host sshd[4883]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:18:19 host sshd[4883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.97.235.186
Jan 20 20:18:22 host sshd[4883]: Failed password for invalid user uftp from 14.97.235.186 port 8384 ssh2
Jan 20 20:18:22 host sshd[4883]: Received disconnect from 14.97.235.186 port 8384:11: Bye Bye [preauth]
Jan 20 20:18:22 host sshd[4883]: Disconnected from 14.97.235.186 port 8384 [preauth]
Jan 20 20:18:47 host sshd[4944]: Invalid user administrativo from 167.172.246.83 port 51388
Jan 20 20:18:47 host sshd[4944]: input_userauth_request: invalid user administrativo [preauth]
Jan 20 20:18:47 host sshd[4944]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:18:47 host sshd[4944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.246.83
Jan 20 20:18:49 host sshd[4944]: Failed password for invalid user administrativo from 167.172.246.83 port 51388 ssh2
Jan 20 20:19:34 host sshd[5101]: Invalid user test from 89.179.126.155 port 43169
Jan 20 20:19:34 host sshd[5101]: input_userauth_request: invalid user test [preauth]
Jan 20 20:19:34 host sshd[5101]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:19:34 host sshd[5101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.179.126.155
Jan 20 20:19:35 host sshd[5106]: Invalid user www-data from 5.141.81.226 port 50580
Jan 20 20:19:35 host sshd[5106]: input_userauth_request: invalid user www-data [preauth]
Jan 20 20:19:35 host sshd[5106]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:19:35 host sshd[5106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.141.81.226
Jan 20 20:19:36 host sshd[5101]: Failed password for invalid user test from 89.179.126.155 port 43169 ssh2
Jan 20 20:19:36 host sshd[5101]: Received disconnect from 89.179.126.155 port 43169:11: Bye Bye [preauth]
Jan 20 20:19:36 host sshd[5101]: Disconnected from 89.179.126.155 port 43169 [preauth]
Jan 20 20:19:36 host sshd[5110]: Invalid user s from 14.97.235.186 port 49510
Jan 20 20:19:36 host sshd[5110]: input_userauth_request: invalid user s [preauth]
Jan 20 20:19:36 host sshd[5110]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:19:36 host sshd[5110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.97.235.186
Jan 20 20:19:37 host sshd[5106]: Failed password for invalid user www-data from 5.141.81.226 port 50580 ssh2
Jan 20 20:19:37 host sshd[5106]: Received disconnect from 5.141.81.226 port 50580:11: Bye Bye [preauth]
Jan 20 20:19:37 host sshd[5106]: Disconnected from 5.141.81.226 port 50580 [preauth]
Jan 20 20:19:39 host sshd[5110]: Failed password for invalid user s from 14.97.235.186 port 49510 ssh2
Jan 20 20:19:39 host sshd[5110]: Received disconnect from 14.97.235.186 port 49510:11: Bye Bye [preauth]
Jan 20 20:19:39 host sshd[5110]: Disconnected from 14.97.235.186 port 49510 [preauth]
Jan 20 20:20:05 host sshd[5237]: Invalid user server from 61.7.147.42 port 15580
Jan 20 20:20:05 host sshd[5237]: input_userauth_request: invalid user server [preauth]
Jan 20 20:20:05 host sshd[5237]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:20:05 host sshd[5237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.7.147.42
Jan 20 20:20:06 host sshd[5235]: Invalid user sebastien from 204.48.17.233 port 39348
Jan 20 20:20:06 host sshd[5235]: input_userauth_request: invalid user sebastien [preauth]
Jan 20 20:20:06 host sshd[5235]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:20:06 host sshd[5235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=204.48.17.233
Jan 20 20:20:07 host sshd[5237]: Failed password for invalid user server from 61.7.147.42 port 15580 ssh2
Jan 20 20:20:07 host sshd[5237]: Received disconnect from 61.7.147.42 port 15580:11: Bye Bye [preauth]
Jan 20 20:20:07 host sshd[5237]: Disconnected from 61.7.147.42 port 15580 [preauth]
Jan 20 20:20:08 host sshd[5235]: Failed password for invalid user sebastien from 204.48.17.233 port 39348 ssh2
Jan 20 20:20:08 host sshd[5235]: Received disconnect from 204.48.17.233 port 39348:11: Bye Bye [preauth]
Jan 20 20:20:08 host sshd[5235]: Disconnected from 204.48.17.233 port 39348 [preauth]
Jan 20 20:20:30 host sshd[5284]: Invalid user test from 152.32.174.199 port 52300
Jan 20 20:20:30 host sshd[5284]: input_userauth_request: invalid user test [preauth]
Jan 20 20:20:30 host sshd[5284]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:20:30 host sshd[5284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.174.199
Jan 20 20:20:32 host sshd[5284]: Failed password for invalid user test from 152.32.174.199 port 52300 ssh2
Jan 20 20:20:33 host sshd[5284]: Received disconnect from 152.32.174.199 port 52300:11: Bye Bye [preauth]
Jan 20 20:20:33 host sshd[5284]: Disconnected from 152.32.174.199 port 52300 [preauth]
Jan 20 20:20:34 host sshd[5289]: Invalid user james from 27.71.238.208 port 49422
Jan 20 20:20:34 host sshd[5289]: input_userauth_request: invalid user james [preauth]
Jan 20 20:20:34 host sshd[5289]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:20:34 host sshd[5289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.71.238.208
Jan 20 20:20:36 host sshd[5289]: Failed password for invalid user james from 27.71.238.208 port 49422 ssh2
Jan 20 20:20:37 host sshd[5289]: Received disconnect from 27.71.238.208 port 49422:11: Bye Bye [preauth]
Jan 20 20:20:37 host sshd[5289]: Disconnected from 27.71.238.208 port 49422 [preauth]
Jan 20 20:20:49 host sshd[5307]: Invalid user ipadmin from 5.141.81.226 port 44834
Jan 20 20:20:49 host sshd[5307]: input_userauth_request: invalid user ipadmin [preauth]
Jan 20 20:20:49 host sshd[5307]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:20:49 host sshd[5307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.141.81.226
Jan 20 20:20:51 host sshd[5307]: Failed password for invalid user ipadmin from 5.141.81.226 port 44834 ssh2
Jan 20 20:20:51 host sshd[5307]: Received disconnect from 5.141.81.226 port 44834:11: Bye Bye [preauth]
Jan 20 20:20:51 host sshd[5307]: Disconnected from 5.141.81.226 port 44834 [preauth]
Jan 20 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 20:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkaretakers user-2=cochintaxi user-3=laundryboniface user-4=dartsimp user-5=a2zgroup user-6=wwwpmcresource user-7=ugotscom user-8=wwwrmswll user-9=wwwresourcehunte user-10=keralaholi user-11=travelboniface user-12=wwwkapin user-13=woodpeck user-14=disposeat user-15=remysagr user-16=wwwkmaorg user-17=pmcresources user-18=wwwtestugo user-19=shalinijames user-20=vfmassets user-21=straightcurve user-22=wwwletsstalkfood user-23=wwwevmhonda user-24=bonifacegroup user-25=mrsclean user-26=wwwnexidigital user-27=kottayamcalldriv user-28=phmetals user-29=gifterman user-30=palco123 feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 20:21:07 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-LVC9PodaYI6ijOXA.~
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-LVC9PodaYI6ijOXA.~'
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-LVC9PodaYI6ijOXA.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 20:21:08 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 20:21:08 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 20:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 20:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 20:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 20:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 20:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 20:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 20:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 20:21:24 host sshd[5627]: Invalid user kodi from 204.48.17.233 port 33998
Jan 20 20:21:24 host sshd[5627]: input_userauth_request: invalid user kodi [preauth]
Jan 20 20:21:24 host sshd[5627]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:21:24 host sshd[5627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=204.48.17.233
Jan 20 20:21:26 host sshd[5627]: Failed password for invalid user kodi from 204.48.17.233 port 33998 ssh2
Jan 20 20:21:26 host sshd[5627]: Received disconnect from 204.48.17.233 port 33998:11: Bye Bye [preauth]
Jan 20 20:21:26 host sshd[5627]: Disconnected from 204.48.17.233 port 33998 [preauth]
Jan 20 20:22:06 host sshd[5733]: Invalid user django from 124.160.96.242 port 19882
Jan 20 20:22:06 host sshd[5733]: input_userauth_request: invalid user django [preauth]
Jan 20 20:22:06 host sshd[5733]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:22:06 host sshd[5733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.160.96.242
Jan 20 20:22:08 host sshd[5733]: Failed password for invalid user django from 124.160.96.242 port 19882 ssh2
Jan 20 20:22:09 host sshd[5733]: Received disconnect from 124.160.96.242 port 19882:11: Bye Bye [preauth]
Jan 20 20:22:09 host sshd[5733]: Disconnected from 124.160.96.242 port 19882 [preauth]
Jan 20 20:22:58 host sshd[5942]: Invalid user hpcadmin from 152.32.174.199 port 46946
Jan 20 20:22:58 host sshd[5942]: input_userauth_request: invalid user hpcadmin [preauth]
Jan 20 20:22:58 host sshd[5942]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:22:58 host sshd[5942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.174.199
Jan 20 20:22:59 host sshd[5942]: Failed password for invalid user hpcadmin from 152.32.174.199 port 46946 ssh2
Jan 20 20:23:24 host sshd[6025]: Invalid user manager from 27.71.238.208 port 47398
Jan 20 20:23:24 host sshd[6025]: input_userauth_request: invalid user manager [preauth]
Jan 20 20:23:24 host sshd[6025]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:23:24 host sshd[6025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.71.238.208
Jan 20 20:23:27 host sshd[6025]: Failed password for invalid user manager from 27.71.238.208 port 47398 ssh2
Jan 20 20:23:27 host sshd[6025]: Received disconnect from 27.71.238.208 port 47398:11: Bye Bye [preauth]
Jan 20 20:23:27 host sshd[6025]: Disconnected from 27.71.238.208 port 47398 [preauth]
Jan 20 20:25:38 host sshd[6314]: Invalid user test from 27.71.238.208 port 41696
Jan 20 20:25:38 host sshd[6314]: input_userauth_request: invalid user test [preauth]
Jan 20 20:25:38 host sshd[6314]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:25:38 host sshd[6314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.71.238.208
Jan 20 20:25:40 host sshd[6314]: Failed password for invalid user test from 27.71.238.208 port 41696 ssh2
Jan 20 20:30:59 host sshd[7052]: Invalid user s from 124.160.96.242 port 5984
Jan 20 20:30:59 host sshd[7052]: input_userauth_request: invalid user s [preauth]
Jan 20 20:30:59 host sshd[7052]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:30:59 host sshd[7052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.160.96.242
Jan 20 20:31:01 host sshd[7052]: Failed password for invalid user s from 124.160.96.242 port 5984 ssh2
Jan 20 20:31:02 host sshd[7052]: Received disconnect from 124.160.96.242 port 5984:11: Bye Bye [preauth]
Jan 20 20:31:02 host sshd[7052]: Disconnected from 124.160.96.242 port 5984 [preauth]
Jan 20 20:31:36 host sshd[7128]: Invalid user uftp from 124.160.96.242 port 55515
Jan 20 20:31:36 host sshd[7128]: input_userauth_request: invalid user uftp [preauth]
Jan 20 20:31:36 host sshd[7128]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:31:36 host sshd[7128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.160.96.242
Jan 20 20:31:38 host sshd[7128]: Failed password for invalid user uftp from 124.160.96.242 port 55515 ssh2
Jan 20 20:31:38 host sshd[7128]: Received disconnect from 124.160.96.242 port 55515:11: Bye Bye [preauth]
Jan 20 20:31:38 host sshd[7128]: Disconnected from 124.160.96.242 port 55515 [preauth]
Jan 20 20:38:59 host sshd[8052]: Invalid user ec2-user from 223.218.225.146 port 45858
Jan 20 20:38:59 host sshd[8052]: input_userauth_request: invalid user ec2-user [preauth]
Jan 20 20:38:59 host sshd[8052]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:38:59 host sshd[8052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.218.225.146
Jan 20 20:39:01 host sshd[8052]: Failed password for invalid user ec2-user from 223.218.225.146 port 45858 ssh2
Jan 20 20:39:01 host sshd[8052]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:39:03 host sshd[8052]: Failed password for invalid user ec2-user from 223.218.225.146 port 45858 ssh2
Jan 20 20:39:03 host sshd[8052]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:39:05 host sshd[8052]: Failed password for invalid user ec2-user from 223.218.225.146 port 45858 ssh2
Jan 20 20:39:13 host sshd[8052]: Connection reset by 223.218.225.146 port 45858 [preauth]
Jan 20 20:39:13 host sshd[8052]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.218.225.146
Jan 20 20:45:35 host sshd[8905]: Invalid user fileuser from 61.240.138.52 port 40783
Jan 20 20:45:35 host sshd[8905]: input_userauth_request: invalid user fileuser [preauth]
Jan 20 20:45:35 host sshd[8905]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:45:35 host sshd[8905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.240.138.52
Jan 20 20:45:36 host sshd[8905]: Failed password for invalid user fileuser from 61.240.138.52 port 40783 ssh2
Jan 20 20:45:37 host sshd[8905]: Received disconnect from 61.240.138.52 port 40783:11: Bye Bye [preauth]
Jan 20 20:45:37 host sshd[8905]: Disconnected from 61.240.138.52 port 40783 [preauth]
Jan 20 20:47:35 host sshd[9330]: Invalid user ftpuser from 128.199.182.19 port 39776
Jan 20 20:47:35 host sshd[9330]: input_userauth_request: invalid user ftpuser [preauth]
Jan 20 20:47:35 host sshd[9330]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:47:35 host sshd[9330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.182.19
Jan 20 20:47:37 host sshd[9330]: Failed password for invalid user ftpuser from 128.199.182.19 port 39776 ssh2
Jan 20 20:47:37 host sshd[9330]: Received disconnect from 128.199.182.19 port 39776:11: Bye Bye [preauth]
Jan 20 20:47:37 host sshd[9330]: Disconnected from 128.199.182.19 port 39776 [preauth]
Jan 20 20:48:54 host sshd[9499]: Invalid user jack from 139.59.16.31 port 53446
Jan 20 20:48:54 host sshd[9499]: input_userauth_request: invalid user jack [preauth]
Jan 20 20:48:54 host sshd[9499]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:48:54 host sshd[9499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.16.31
Jan 20 20:48:56 host sshd[9499]: Failed password for invalid user jack from 139.59.16.31 port 53446 ssh2
Jan 20 20:48:56 host sshd[9499]: Received disconnect from 139.59.16.31 port 53446:11: Bye Bye [preauth]
Jan 20 20:48:56 host sshd[9499]: Disconnected from 139.59.16.31 port 53446 [preauth]
Jan 20 20:49:05 host sshd[9539]: Invalid user adminuser from 144.24.128.31 port 27082
Jan 20 20:49:05 host sshd[9539]: input_userauth_request: invalid user adminuser [preauth]
Jan 20 20:49:05 host sshd[9539]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:49:05 host sshd[9539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.128.31
Jan 20 20:49:07 host sshd[9539]: Failed password for invalid user adminuser from 144.24.128.31 port 27082 ssh2
Jan 20 20:49:07 host sshd[9539]: Received disconnect from 144.24.128.31 port 27082:11: Bye Bye [preauth]
Jan 20 20:49:07 host sshd[9539]: Disconnected from 144.24.128.31 port 27082 [preauth]
Jan 20 20:50:36 host sshd[9815]: Invalid user user1 from 49.248.17.3 port 60658
Jan 20 20:50:36 host sshd[9815]: input_userauth_request: invalid user user1 [preauth]
Jan 20 20:50:36 host sshd[9815]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:50:36 host sshd[9815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.17.3
Jan 20 20:50:38 host sshd[9815]: Failed password for invalid user user1 from 49.248.17.3 port 60658 ssh2
Jan 20 20:50:38 host sshd[9815]: Received disconnect from 49.248.17.3 port 60658:11: Bye Bye [preauth]
Jan 20 20:50:38 host sshd[9815]: Disconnected from 49.248.17.3 port 60658 [preauth]
Jan 20 20:51:28 host sshd[10016]: Invalid user testphp from 103.163.189.18 port 3341
Jan 20 20:51:28 host sshd[10016]: input_userauth_request: invalid user testphp [preauth]
Jan 20 20:51:28 host sshd[10016]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:51:28 host sshd[10016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.163.189.18
Jan 20 20:51:30 host sshd[10016]: Failed password for invalid user testphp from 103.163.189.18 port 3341 ssh2
Jan 20 20:51:30 host sshd[10016]: Received disconnect from 103.163.189.18 port 3341:11: Bye Bye [preauth]
Jan 20 20:51:30 host sshd[10016]: Disconnected from 103.163.189.18 port 3341 [preauth]
Jan 20 20:52:38 host sshd[10143]: Invalid user admin from 183.99.143.30 port 58439
Jan 20 20:52:38 host sshd[10143]: input_userauth_request: invalid user admin [preauth]
Jan 20 20:52:38 host sshd[10143]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:52:38 host sshd[10143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.99.143.30
Jan 20 20:52:40 host sshd[10143]: Failed password for invalid user admin from 183.99.143.30 port 58439 ssh2
Jan 20 20:52:40 host sshd[10143]: Failed password for invalid user admin from 183.99.143.30 port 58439 ssh2
Jan 20 20:52:41 host sshd[10143]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:52:43 host sshd[10154]: Invalid user deamon from 128.199.182.19 port 59864
Jan 20 20:52:43 host sshd[10154]: input_userauth_request: invalid user deamon [preauth]
Jan 20 20:52:43 host sshd[10154]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:52:43 host sshd[10154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.182.19
Jan 20 20:52:43 host sshd[10143]: Failed password for invalid user admin from 183.99.143.30 port 58439 ssh2
Jan 20 20:52:44 host sshd[10143]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:52:46 host sshd[10154]: Failed password for invalid user deamon from 128.199.182.19 port 59864 ssh2
Jan 20 20:52:46 host sshd[10154]: Received disconnect from 128.199.182.19 port 59864:11: Bye Bye [preauth]
Jan 20 20:52:46 host sshd[10154]: Disconnected from 128.199.182.19 port 59864 [preauth]
Jan 20 20:52:46 host sshd[10143]: Failed password for invalid user admin from 183.99.143.30 port 58439 ssh2
Jan 20 20:52:46 host sshd[10160]: Invalid user username from 49.248.17.3 port 53794
Jan 20 20:52:46 host sshd[10160]: input_userauth_request: invalid user username [preauth]
Jan 20 20:52:46 host sshd[10160]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:52:46 host sshd[10160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.17.3
Jan 20 20:52:47 host sshd[10143]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:52:48 host sshd[10160]: Failed password for invalid user username from 49.248.17.3 port 53794 ssh2
Jan 20 20:52:48 host sshd[10160]: Received disconnect from 49.248.17.3 port 53794:11: Bye Bye [preauth]
Jan 20 20:52:48 host sshd[10160]: Disconnected from 49.248.17.3 port 53794 [preauth]
Jan 20 20:52:49 host sshd[10143]: Failed password for invalid user admin from 183.99.143.30 port 58439 ssh2
Jan 20 20:52:50 host sshd[10143]: Connection reset by 183.99.143.30 port 58439 [preauth]
Jan 20 20:52:50 host sshd[10143]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.99.143.30
Jan 20 20:52:50 host sshd[10143]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 20 20:53:03 host sshd[10224]: Invalid user doadmin from 139.59.16.31 port 39464
Jan 20 20:53:03 host sshd[10224]: input_userauth_request: invalid user doadmin [preauth]
Jan 20 20:53:03 host sshd[10224]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:53:03 host sshd[10224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.16.31
Jan 20 20:53:05 host sshd[10224]: Failed password for invalid user doadmin from 139.59.16.31 port 39464 ssh2
Jan 20 20:53:05 host sshd[10224]: Received disconnect from 139.59.16.31 port 39464:11: Bye Bye [preauth]
Jan 20 20:53:05 host sshd[10224]: Disconnected from 139.59.16.31 port 39464 [preauth]
Jan 20 20:53:12 host sshd[10234]: Invalid user jenkins2 from 103.163.189.18 port 11367
Jan 20 20:53:12 host sshd[10234]: input_userauth_request: invalid user jenkins2 [preauth]
Jan 20 20:53:12 host sshd[10234]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:53:12 host sshd[10234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.163.189.18
Jan 20 20:53:14 host sshd[10234]: Failed password for invalid user jenkins2 from 103.163.189.18 port 11367 ssh2
Jan 20 20:53:14 host sshd[10234]: Received disconnect from 103.163.189.18 port 11367:11: Bye Bye [preauth]
Jan 20 20:53:14 host sshd[10234]: Disconnected from 103.163.189.18 port 11367 [preauth]
Jan 20 20:53:21 host sshd[10245]: Invalid user teste from 144.24.128.31 port 15644
Jan 20 20:53:21 host sshd[10245]: input_userauth_request: invalid user teste [preauth]
Jan 20 20:53:21 host sshd[10245]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:53:21 host sshd[10245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.128.31
Jan 20 20:53:23 host sshd[10245]: Failed password for invalid user teste from 144.24.128.31 port 15644 ssh2
Jan 20 20:53:23 host sshd[10245]: Received disconnect from 144.24.128.31 port 15644:11: Bye Bye [preauth]
Jan 20 20:53:23 host sshd[10245]: Disconnected from 144.24.128.31 port 15644 [preauth]
Jan 20 20:53:49 host sshd[10313]: Invalid user test from 219.127.11.94 port 53857
Jan 20 20:53:49 host sshd[10313]: input_userauth_request: invalid user test [preauth]
Jan 20 20:53:49 host sshd[10313]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:53:49 host sshd[10313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.127.11.94
Jan 20 20:53:52 host sshd[10313]: Failed password for invalid user test from 219.127.11.94 port 53857 ssh2
Jan 20 20:53:52 host sshd[10313]: Received disconnect from 219.127.11.94 port 53857:11: Bye Bye [preauth]
Jan 20 20:53:52 host sshd[10313]: Disconnected from 219.127.11.94 port 53857 [preauth]
Jan 20 20:54:08 host sshd[10353]: Invalid user fileuser from 49.248.17.3 port 37856
Jan 20 20:54:08 host sshd[10353]: input_userauth_request: invalid user fileuser [preauth]
Jan 20 20:54:08 host sshd[10353]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:54:08 host sshd[10353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.17.3
Jan 20 20:54:10 host sshd[10353]: Failed password for invalid user fileuser from 49.248.17.3 port 37856 ssh2
Jan 20 20:54:10 host sshd[10353]: Received disconnect from 49.248.17.3 port 37856:11: Bye Bye [preauth]
Jan 20 20:54:10 host sshd[10353]: Disconnected from 49.248.17.3 port 37856 [preauth]
Jan 20 20:54:10 host sshd[10360]: Invalid user esuser from 128.199.182.19 port 54546
Jan 20 20:54:10 host sshd[10360]: input_userauth_request: invalid user esuser [preauth]
Jan 20 20:54:10 host sshd[10360]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:54:10 host sshd[10360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.182.19
Jan 20 20:54:11 host sshd[10360]: Failed password for invalid user esuser from 128.199.182.19 port 54546 ssh2
Jan 20 20:54:11 host sshd[10360]: Received disconnect from 128.199.182.19 port 54546:11: Bye Bye [preauth]
Jan 20 20:54:11 host sshd[10360]: Disconnected from 128.199.182.19 port 54546 [preauth]
Jan 20 20:54:31 host sshd[10469]: Invalid user vuser from 103.163.189.18 port 29939
Jan 20 20:54:31 host sshd[10469]: input_userauth_request: invalid user vuser [preauth]
Jan 20 20:54:31 host sshd[10469]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:54:31 host sshd[10469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.163.189.18
Jan 20 20:54:33 host sshd[10469]: Failed password for invalid user vuser from 103.163.189.18 port 29939 ssh2
Jan 20 20:54:33 host sshd[10469]: Received disconnect from 103.163.189.18 port 29939:11: Bye Bye [preauth]
Jan 20 20:54:33 host sshd[10469]: Disconnected from 103.163.189.18 port 29939 [preauth]
Jan 20 20:54:35 host sshd[10474]: Invalid user backups from 144.24.128.31 port 38470
Jan 20 20:54:35 host sshd[10474]: input_userauth_request: invalid user backups [preauth]
Jan 20 20:54:35 host sshd[10474]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:54:35 host sshd[10474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.128.31
Jan 20 20:54:36 host sshd[10535]: Invalid user pmuser from 139.59.16.31 port 37750
Jan 20 20:54:36 host sshd[10535]: input_userauth_request: invalid user pmuser [preauth]
Jan 20 20:54:36 host sshd[10535]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:54:36 host sshd[10535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.16.31
Jan 20 20:54:36 host sshd[10474]: Failed password for invalid user backups from 144.24.128.31 port 38470 ssh2
Jan 20 20:54:38 host sshd[10535]: Failed password for invalid user pmuser from 139.59.16.31 port 37750 ssh2
Jan 20 20:54:38 host sshd[10535]: Received disconnect from 139.59.16.31 port 37750:11: Bye Bye [preauth]
Jan 20 20:54:38 host sshd[10535]: Disconnected from 139.59.16.31 port 37750 [preauth]
Jan 20 20:56:06 host sshd[10865]: Invalid user adminuser from 61.240.138.52 port 54181
Jan 20 20:56:06 host sshd[10865]: input_userauth_request: invalid user adminuser [preauth]
Jan 20 20:56:06 host sshd[10865]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:56:06 host sshd[10865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.240.138.52
Jan 20 20:56:08 host sshd[10865]: Failed password for invalid user adminuser from 61.240.138.52 port 54181 ssh2
Jan 20 20:56:08 host sshd[10865]: Received disconnect from 61.240.138.52 port 54181:11: Bye Bye [preauth]
Jan 20 20:56:08 host sshd[10865]: Disconnected from 61.240.138.52 port 54181 [preauth]
Jan 20 20:56:15 host sshd[10877]: Invalid user webuser from 219.127.11.94 port 59196
Jan 20 20:56:15 host sshd[10877]: input_userauth_request: invalid user webuser [preauth]
Jan 20 20:56:15 host sshd[10877]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:56:15 host sshd[10877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.127.11.94
Jan 20 20:56:16 host sshd[10877]: Failed password for invalid user webuser from 219.127.11.94 port 59196 ssh2
Jan 20 20:56:16 host sshd[10877]: Received disconnect from 219.127.11.94 port 59196:11: Bye Bye [preauth]
Jan 20 20:56:16 host sshd[10877]: Disconnected from 219.127.11.94 port 59196 [preauth]
Jan 20 20:56:53 host sshd[10947]: Invalid user nginx from 61.240.138.52 port 60175
Jan 20 20:56:53 host sshd[10947]: input_userauth_request: invalid user nginx [preauth]
Jan 20 20:56:53 host sshd[10947]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:56:53 host sshd[10947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.240.138.52
Jan 20 20:56:55 host sshd[10947]: Failed password for invalid user nginx from 61.240.138.52 port 60175 ssh2
Jan 20 20:56:55 host sshd[10947]: Received disconnect from 61.240.138.52 port 60175:11: Bye Bye [preauth]
Jan 20 20:56:55 host sshd[10947]: Disconnected from 61.240.138.52 port 60175 [preauth]
Jan 20 20:57:12 host sshd[11025]: Invalid user gitlab-runner from 220.133.178.244 port 44125
Jan 20 20:57:12 host sshd[11025]: input_userauth_request: invalid user gitlab-runner [preauth]
Jan 20 20:57:12 host sshd[11025]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:57:12 host sshd[11025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.178.244
Jan 20 20:57:14 host sshd[11025]: Failed password for invalid user gitlab-runner from 220.133.178.244 port 44125 ssh2
Jan 20 20:57:15 host sshd[11025]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:57:17 host sshd[11025]: Failed password for invalid user gitlab-runner from 220.133.178.244 port 44125 ssh2
Jan 20 20:57:17 host sshd[11025]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:57:19 host sshd[11035]: Invalid user support from 221.153.108.222 port 55824
Jan 20 20:57:19 host sshd[11035]: input_userauth_request: invalid user support [preauth]
Jan 20 20:57:19 host sshd[11035]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:57:19 host sshd[11035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.153.108.222
Jan 20 20:57:20 host sshd[11025]: Failed password for invalid user gitlab-runner from 220.133.178.244 port 44125 ssh2
Jan 20 20:57:20 host sshd[11025]: Failed password for invalid user gitlab-runner from 220.133.178.244 port 44125 ssh2
Jan 20 20:57:21 host sshd[11025]: Connection closed by 220.133.178.244 port 44125 [preauth]
Jan 20 20:57:21 host sshd[11025]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.178.244
Jan 20 20:57:21 host sshd[11035]: Failed password for invalid user support from 221.153.108.222 port 55824 ssh2
Jan 20 20:57:21 host sshd[11035]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:57:23 host sshd[11035]: Failed password for invalid user support from 221.153.108.222 port 55824 ssh2
Jan 20 20:57:24 host sshd[11035]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:57:26 host sshd[11035]: Failed password for invalid user support from 221.153.108.222 port 55824 ssh2
Jan 20 20:57:27 host sshd[11035]: Failed password for invalid user support from 221.153.108.222 port 55824 ssh2
Jan 20 20:57:27 host sshd[11035]: Connection reset by 221.153.108.222 port 55824 [preauth]
Jan 20 20:57:27 host sshd[11035]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.153.108.222
Jan 20 20:58:04 host sshd[11182]: Invalid user appuser from 219.127.11.94 port 51474
Jan 20 20:58:04 host sshd[11182]: input_userauth_request: invalid user appuser [preauth]
Jan 20 20:58:04 host sshd[11182]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 20:58:04 host sshd[11182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.127.11.94
Jan 20 20:58:06 host sshd[11182]: Failed password for invalid user appuser from 219.127.11.94 port 51474 ssh2
Jan 20 20:58:15 host sshd[11232]: Did not receive identification string from 51.79.79.43 port 40454
Jan 20 21:04:40 host sshd[12110]: User root from 220.133.92.233 not allowed because not listed in AllowUsers
Jan 20 21:04:40 host sshd[12110]: input_userauth_request: invalid user root [preauth]
Jan 20 21:04:40 host unix_chkpwd[12113]: password check failed for user (root)
Jan 20 21:04:40 host sshd[12110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.92.233 user=root
Jan 20 21:04:40 host sshd[12110]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 21:04:42 host sshd[12110]: Failed password for invalid user root from 220.133.92.233 port 53669 ssh2
Jan 20 21:04:43 host sshd[12110]: Connection reset by 220.133.92.233 port 53669 [preauth]
Jan 20 21:08:20 host sshd[12658]: Invalid user hb from 194.110.203.109 port 56778
Jan 20 21:08:20 host sshd[12658]: input_userauth_request: invalid user hb [preauth]
Jan 20 21:08:20 host sshd[12658]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:08:20 host sshd[12658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 21:08:23 host sshd[12658]: Failed password for invalid user hb from 194.110.203.109 port 56778 ssh2
Jan 20 21:08:26 host sshd[12658]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:08:28 host sshd[12658]: Failed password for invalid user hb from 194.110.203.109 port 56778 ssh2
Jan 20 21:08:31 host sshd[12658]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:08:33 host sshd[12658]: Failed password for invalid user hb from 194.110.203.109 port 56778 ssh2
Jan 20 21:08:37 host sshd[12658]: Connection closed by 194.110.203.109 port 56778 [preauth]
Jan 20 21:08:37 host sshd[12658]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 21:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 21:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 21:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwevmhonda user-2=bonifacegroup user-3=wwwletsstalkfood user-4=straightcurve user-5=phmetals user-6=kottayamcalldriv user-7=palco123 user-8=gifterman user-9=wwwnexidigital user-10=mrsclean user-11=disposeat user-12=wwwkmaorg user-13=remysagr user-14=wwwkapin user-15=woodpeck user-16=shalinijames user-17=wwwtestugo user-18=vfmassets user-19=pmcresources user-20=wwwpmcresource user-21=travelboniface user-22=ugotscom user-23=keralaholi user-24=wwwresourcehunte user-25=wwwrmswll user-26=cochintaxi user-27=wwwkaretakers user-28=a2zgroup user-29=dartsimp user-30=laundryboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 21:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-7JcERHtPMn24vpBm.~
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-7JcERHtPMn24vpBm.~'
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-7JcERHtPMn24vpBm.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 21:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 21:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 21:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 21:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 21:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 21:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 21:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 21:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 21:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 21:24:08 host sshd[15352]: Invalid user user from 116.128.229.225 port 56280
Jan 20 21:24:08 host sshd[15352]: input_userauth_request: invalid user user [preauth]
Jan 20 21:24:09 host sshd[15352]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:24:09 host sshd[15352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.128.229.225
Jan 20 21:24:11 host sshd[15352]: Failed password for invalid user user from 116.128.229.225 port 56280 ssh2
Jan 20 21:24:12 host sshd[15352]: Received disconnect from 116.128.229.225 port 56280:11: Bye Bye [preauth]
Jan 20 21:24:12 host sshd[15352]: Disconnected from 116.128.229.225 port 56280 [preauth]
Jan 20 21:25:31 host sshd[15485]: User root from 211.196.120.196 not allowed because not listed in AllowUsers
Jan 20 21:25:31 host sshd[15485]: input_userauth_request: invalid user root [preauth]
Jan 20 21:25:31 host unix_chkpwd[15511]: password check failed for user (root)
Jan 20 21:25:31 host sshd[15485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.196.120.196 user=root
Jan 20 21:25:31 host sshd[15485]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 21:25:33 host sshd[15485]: Failed password for invalid user root from 211.196.120.196 port 33604 ssh2
Jan 20 21:25:34 host unix_chkpwd[15514]: password check failed for user (root)
Jan 20 21:25:34 host sshd[15485]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 21:25:36 host sshd[15485]: Failed password for invalid user root from 211.196.120.196 port 33604 ssh2
Jan 20 21:25:37 host sshd[15485]: Connection reset by 211.196.120.196 port 33604 [preauth]
Jan 20 21:25:37 host sshd[15485]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.196.120.196 user=root
Jan 20 21:25:44 host sshd[15522]: Invalid user admin from 83.29.41.96 port 52147
Jan 20 21:25:44 host sshd[15522]: input_userauth_request: invalid user admin [preauth]
Jan 20 21:25:44 host sshd[15522]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:25:44 host sshd[15522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.29.41.96
Jan 20 21:25:46 host sshd[15522]: Failed password for invalid user admin from 83.29.41.96 port 52147 ssh2
Jan 20 21:25:46 host sshd[15522]: Failed password for invalid user admin from 83.29.41.96 port 52147 ssh2
Jan 20 21:25:47 host sshd[15522]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:25:48 host sshd[15522]: Failed password for invalid user admin from 83.29.41.96 port 52147 ssh2
Jan 20 21:25:50 host sshd[15522]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:25:52 host sshd[15522]: Failed password for invalid user admin from 83.29.41.96 port 52147 ssh2
Jan 20 21:25:53 host sshd[15522]: Connection reset by 83.29.41.96 port 52147 [preauth]
Jan 20 21:25:53 host sshd[15522]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.29.41.96
Jan 20 21:29:15 host sshd[16086]: Invalid user anonymous from 62.233.50.248 port 11301
Jan 20 21:29:15 host sshd[16086]: input_userauth_request: invalid user anonymous [preauth]
Jan 20 21:29:15 host sshd[16086]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:29:15 host sshd[16086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248
Jan 20 21:29:17 host sshd[16086]: Failed password for invalid user anonymous from 62.233.50.248 port 11301 ssh2
Jan 20 21:29:17 host sshd[16086]: Received disconnect from 62.233.50.248 port 11301:11: Client disconnecting normally [preauth]
Jan 20 21:29:17 host sshd[16086]: Disconnected from 62.233.50.248 port 11301 [preauth]
Jan 20 21:37:19 host sshd[17289]: Invalid user mtest from 128.199.96.178 port 47628
Jan 20 21:37:19 host sshd[17289]: input_userauth_request: invalid user mtest [preauth]
Jan 20 21:37:19 host sshd[17289]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:37:19 host sshd[17289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.96.178
Jan 20 21:37:22 host sshd[17289]: Failed password for invalid user mtest from 128.199.96.178 port 47628 ssh2
Jan 20 21:37:22 host sshd[17289]: Received disconnect from 128.199.96.178 port 47628:11: Bye Bye [preauth]
Jan 20 21:37:22 host sshd[17289]: Disconnected from 128.199.96.178 port 47628 [preauth]
Jan 20 21:38:00 host sshd[17398]: Invalid user manager from 165.232.44.11 port 44106
Jan 20 21:38:00 host sshd[17398]: input_userauth_request: invalid user manager [preauth]
Jan 20 21:38:00 host sshd[17398]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:38:00 host sshd[17398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.232.44.11
Jan 20 21:38:03 host sshd[17398]: Failed password for invalid user manager from 165.232.44.11 port 44106 ssh2
Jan 20 21:38:03 host sshd[17398]: Received disconnect from 165.232.44.11 port 44106:11: Bye Bye [preauth]
Jan 20 21:38:03 host sshd[17398]: Disconnected from 165.232.44.11 port 44106 [preauth]
Jan 20 21:39:36 host sshd[17609]: invalid public DH value: >= p-1 [preauth]
Jan 20 21:39:36 host sshd[17609]: ssh_dispatch_run_fatal: Connection from 1.157.188.27 port 58795: incomplete message [preauth]
Jan 20 21:40:04 host sshd[17698]: Invalid user openvpn from 128.199.96.178 port 46752
Jan 20 21:40:04 host sshd[17698]: input_userauth_request: invalid user openvpn [preauth]
Jan 20 21:40:04 host sshd[17698]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:40:04 host sshd[17698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.96.178
Jan 20 21:40:06 host sshd[17698]: Failed password for invalid user openvpn from 128.199.96.178 port 46752 ssh2
Jan 20 21:40:06 host sshd[17698]: Received disconnect from 128.199.96.178 port 46752:11: Bye Bye [preauth]
Jan 20 21:40:06 host sshd[17698]: Disconnected from 128.199.96.178 port 46752 [preauth]
Jan 20 21:40:12 host sshd[17708]: Invalid user passadmin from 150.136.161.172 port 42348
Jan 20 21:40:12 host sshd[17708]: input_userauth_request: invalid user passadmin [preauth]
Jan 20 21:40:12 host sshd[17708]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:40:12 host sshd[17708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.136.161.172
Jan 20 21:40:14 host sshd[17708]: Failed password for invalid user passadmin from 150.136.161.172 port 42348 ssh2
Jan 20 21:40:15 host sshd[17708]: Received disconnect from 150.136.161.172 port 42348:11: Bye Bye [preauth]
Jan 20 21:40:15 host sshd[17708]: Disconnected from 150.136.161.172 port 42348 [preauth]
Jan 20 21:40:46 host sshd[17766]: Invalid user xuser from 128.199.96.178 port 38782
Jan 20 21:40:46 host sshd[17766]: input_userauth_request: invalid user xuser [preauth]
Jan 20 21:40:46 host sshd[17766]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:40:47 host sshd[17766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.96.178
Jan 20 21:40:48 host sshd[17766]: Failed password for invalid user xuser from 128.199.96.178 port 38782 ssh2
Jan 20 21:40:48 host sshd[17766]: Received disconnect from 128.199.96.178 port 38782:11: Bye Bye [preauth]
Jan 20 21:40:48 host sshd[17766]: Disconnected from 128.199.96.178 port 38782 [preauth]
Jan 20 21:41:56 host sshd[17918]: Did not receive identification string from 198.235.24.167 port 50195
Jan 20 21:43:29 host sshd[18108]: Invalid user cactiuser from 165.232.44.11 port 34220
Jan 20 21:43:29 host sshd[18108]: input_userauth_request: invalid user cactiuser [preauth]
Jan 20 21:43:29 host sshd[18108]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:43:29 host sshd[18108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.232.44.11
Jan 20 21:43:31 host sshd[18108]: Failed password for invalid user cactiuser from 165.232.44.11 port 34220 ssh2
Jan 20 21:43:31 host sshd[18108]: Received disconnect from 165.232.44.11 port 34220:11: Bye Bye [preauth]
Jan 20 21:43:31 host sshd[18108]: Disconnected from 165.232.44.11 port 34220 [preauth]
Jan 20 21:44:32 host sshd[18340]: Invalid user administrador from 165.232.44.11 port 49198
Jan 20 21:44:32 host sshd[18340]: input_userauth_request: invalid user administrador [preauth]
Jan 20 21:44:32 host sshd[18340]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:44:32 host sshd[18340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.232.44.11
Jan 20 21:44:35 host sshd[18340]: Failed password for invalid user administrador from 165.232.44.11 port 49198 ssh2
Jan 20 21:44:35 host sshd[18340]: Received disconnect from 165.232.44.11 port 49198:11: Bye Bye [preauth]
Jan 20 21:44:35 host sshd[18340]: Disconnected from 165.232.44.11 port 49198 [preauth]
Jan 20 21:45:24 host sshd[18466]: Invalid user adminuser from 157.231.35.151 port 63928
Jan 20 21:45:24 host sshd[18466]: input_userauth_request: invalid user adminuser [preauth]
Jan 20 21:45:24 host sshd[18466]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:45:24 host sshd[18466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.231.35.151
Jan 20 21:45:25 host sshd[18466]: Failed password for invalid user adminuser from 157.231.35.151 port 63928 ssh2
Jan 20 21:45:26 host sshd[18466]: Received disconnect from 157.231.35.151 port 63928:11: Bye Bye [preauth]
Jan 20 21:45:26 host sshd[18466]: Disconnected from 157.231.35.151 port 63928 [preauth]
Jan 20 21:46:48 host sshd[18677]: Invalid user student from 150.136.161.172 port 53634
Jan 20 21:46:48 host sshd[18677]: input_userauth_request: invalid user student [preauth]
Jan 20 21:46:48 host sshd[18677]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:46:48 host sshd[18677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.136.161.172
Jan 20 21:46:50 host sshd[18677]: Failed password for invalid user student from 150.136.161.172 port 53634 ssh2
Jan 20 21:46:50 host sshd[18677]: Received disconnect from 150.136.161.172 port 53634:11: Bye Bye [preauth]
Jan 20 21:46:50 host sshd[18677]: Disconnected from 150.136.161.172 port 53634 [preauth]
Jan 20 21:48:52 host sshd[18912]: Connection reset by 150.136.161.172 port 59940 [preauth]
Jan 20 21:53:28 host sshd[19603]: Invalid user soporte from 157.231.35.151 port 37678
Jan 20 21:53:28 host sshd[19603]: input_userauth_request: invalid user soporte [preauth]
Jan 20 21:53:28 host sshd[19603]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:53:28 host sshd[19603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.231.35.151
Jan 20 21:53:29 host sshd[19603]: Failed password for invalid user soporte from 157.231.35.151 port 37678 ssh2
Jan 20 21:53:30 host sshd[19603]: Received disconnect from 157.231.35.151 port 37678:11: Bye Bye [preauth]
Jan 20 21:53:30 host sshd[19603]: Disconnected from 157.231.35.151 port 37678 [preauth]
Jan 20 21:54:43 host sshd[19744]: Invalid user test001 from 150.136.161.172 port 50338
Jan 20 21:54:43 host sshd[19744]: input_userauth_request: invalid user test001 [preauth]
Jan 20 21:54:43 host sshd[19744]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 21:54:43 host sshd[19744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.136.161.172
Jan 20 21:54:45 host sshd[19744]: Failed password for invalid user test001 from 150.136.161.172 port 50338 ssh2
Jan 20 21:54:45 host sshd[19744]: Received disconnect from 150.136.161.172 port 50338:11: Bye Bye [preauth]
Jan 20 21:54:45 host sshd[19744]: Disconnected from 150.136.161.172 port 50338 [preauth]
Jan 20 22:00:35 host sshd[20703]: Connection closed by 157.231.35.151 port 50246 [preauth]
Jan 20 22:07:07 host sshd[21768]: Invalid user ubuntu from 157.231.35.151 port 49162
Jan 20 22:07:07 host sshd[21768]: input_userauth_request: invalid user ubuntu [preauth]
Jan 20 22:07:07 host sshd[21768]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 22:07:07 host sshd[21768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.231.35.151
Jan 20 22:07:09 host sshd[21768]: Failed password for invalid user ubuntu from 157.231.35.151 port 49162 ssh2
Jan 20 22:11:43 host sshd[22481]: Connection reset by 1.53.143.40 port 41511 [preauth]
Jan 20 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=mrsclean user-2=wwwnexidigital user-3=gifterman user-4=palco123 user-5=kottayamcalldriv user-6=phmetals user-7=straightcurve user-8=wwwletsstalkfood user-9=bonifacegroup user-10=wwwevmhonda user-11=pmcresources user-12=vfmassets user-13=wwwtestugo user-14=shalinijames user-15=woodpeck user-16=wwwkapin user-17=disposeat user-18=remysagr user-19=wwwkmaorg user-20=wwwrmswll user-21=wwwresourcehunte user-22=keralaholi user-23=ugotscom user-24=travelboniface user-25=wwwpmcresource user-26=laundryboniface user-27=dartsimp user-28=a2zgroup user-29=wwwkaretakers user-30=cochintaxi feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 22:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-LwzDVFIVcANaqfV7.~
Jan 20 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-LwzDVFIVcANaqfV7.~'
Jan 20 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-LwzDVFIVcANaqfV7.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 22:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 22:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 22:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 22:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 22:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 22:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 22:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 22:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 22:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 22:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 22:22:09 host sshd[24136]: User root from 195.34.205.118 not allowed because not listed in AllowUsers
Jan 20 22:22:09 host sshd[24136]: input_userauth_request: invalid user root [preauth]
Jan 20 22:22:09 host unix_chkpwd[24139]: password check failed for user (root)
Jan 20 22:22:09 host sshd[24136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.34.205.118 user=root
Jan 20 22:22:09 host sshd[24136]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 22:22:11 host sshd[24136]: Failed password for invalid user root from 195.34.205.118 port 50921 ssh2
Jan 20 22:22:11 host unix_chkpwd[24141]: password check failed for user (root)
Jan 20 22:22:11 host sshd[24136]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 22:22:13 host sshd[24136]: Failed password for invalid user root from 195.34.205.118 port 50921 ssh2
Jan 20 22:22:14 host unix_chkpwd[24145]: password check failed for user (root)
Jan 20 22:22:14 host sshd[24136]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 22:22:16 host sshd[24136]: Failed password for invalid user root from 195.34.205.118 port 50921 ssh2
Jan 20 22:22:16 host unix_chkpwd[24149]: password check failed for user (root)
Jan 20 22:22:16 host sshd[24136]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 22:22:18 host sshd[24136]: Failed password for invalid user root from 195.34.205.118 port 50921 ssh2
Jan 20 22:22:18 host unix_chkpwd[24157]: password check failed for user (root)
Jan 20 22:22:18 host sshd[24136]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 22:22:20 host sshd[24136]: Failed password for invalid user root from 195.34.205.118 port 50921 ssh2
Jan 20 22:48:17 host sshd[27608]: Invalid user shiny from 143.198.212.105 port 56000
Jan 20 22:48:17 host sshd[27608]: input_userauth_request: invalid user shiny [preauth]
Jan 20 22:48:17 host sshd[27608]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 22:48:17 host sshd[27608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.212.105
Jan 20 22:48:20 host sshd[27608]: Failed password for invalid user shiny from 143.198.212.105 port 56000 ssh2
Jan 20 22:48:20 host sshd[27608]: Received disconnect from 143.198.212.105 port 56000:11: Bye Bye [preauth]
Jan 20 22:48:20 host sshd[27608]: Disconnected from 143.198.212.105 port 56000 [preauth]
Jan 20 22:51:11 host sshd[28058]: Invalid user admin1 from 143.198.212.105 port 33742
Jan 20 22:51:11 host sshd[28058]: input_userauth_request: invalid user admin1 [preauth]
Jan 20 22:51:11 host sshd[28058]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 22:51:11 host sshd[28058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.212.105
Jan 20 22:51:13 host sshd[28058]: Failed password for invalid user admin1 from 143.198.212.105 port 33742 ssh2
Jan 20 22:51:13 host sshd[28058]: Received disconnect from 143.198.212.105 port 33742:11: Bye Bye [preauth]
Jan 20 22:51:13 host sshd[28058]: Disconnected from 143.198.212.105 port 33742 [preauth]
Jan 20 22:52:33 host sshd[28245]: Invalid user tacuser from 143.198.212.105 port 38590
Jan 20 22:52:33 host sshd[28245]: input_userauth_request: invalid user tacuser [preauth]
Jan 20 22:52:33 host sshd[28245]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 22:52:33 host sshd[28245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.212.105
Jan 20 22:52:36 host sshd[28245]: Failed password for invalid user tacuser from 143.198.212.105 port 38590 ssh2
Jan 20 22:53:15 host sshd[28332]: User root from 59.23.199.98 not allowed because not listed in AllowUsers
Jan 20 22:53:15 host sshd[28332]: input_userauth_request: invalid user root [preauth]
Jan 20 22:53:15 host unix_chkpwd[28336]: password check failed for user (root)
Jan 20 22:53:15 host sshd[28332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.23.199.98 user=root
Jan 20 22:53:15 host sshd[28332]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 22:53:18 host sshd[28332]: Failed password for invalid user root from 59.23.199.98 port 61858 ssh2
Jan 20 22:53:18 host sshd[28332]: Connection reset by 59.23.199.98 port 61858 [preauth]
Jan 20 22:56:16 host sshd[28775]: Invalid user hc from 194.110.203.109 port 55148
Jan 20 22:56:16 host sshd[28775]: input_userauth_request: invalid user hc [preauth]
Jan 20 22:56:16 host sshd[28775]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 22:56:16 host sshd[28775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 22:56:18 host sshd[28775]: Failed password for invalid user hc from 194.110.203.109 port 55148 ssh2
Jan 20 22:56:21 host sshd[28775]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 22:56:23 host sshd[28775]: Failed password for invalid user hc from 194.110.203.109 port 55148 ssh2
Jan 20 22:56:27 host sshd[28775]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 22:56:28 host sshd[28775]: Failed password for invalid user hc from 194.110.203.109 port 55148 ssh2
Jan 20 22:56:32 host sshd[28775]: Connection closed by 194.110.203.109 port 55148 [preauth]
Jan 20 22:56:32 host sshd[28775]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 20 23:07:15 host sshd[30312]: Invalid user username from 3.85.21.213 port 39680
Jan 20 23:07:15 host sshd[30312]: input_userauth_request: invalid user username [preauth]
Jan 20 23:07:15 host sshd[30312]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:07:15 host sshd[30312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.85.21.213
Jan 20 23:07:17 host sshd[30312]: Failed password for invalid user username from 3.85.21.213 port 39680 ssh2
Jan 20 23:07:17 host sshd[30312]: Connection closed by 3.85.21.213 port 39680 [preauth]
Jan 20 23:10:53 host sshd[30807]: Invalid user usr from 183.97.192.131 port 41879
Jan 20 23:10:53 host sshd[30807]: input_userauth_request: invalid user usr [preauth]
Jan 20 23:10:53 host sshd[30807]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:10:53 host sshd[30807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.97.192.131
Jan 20 23:10:55 host sshd[30807]: Failed password for invalid user usr from 183.97.192.131 port 41879 ssh2
Jan 20 23:10:56 host sshd[30807]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:10:58 host sshd[30807]: Failed password for invalid user usr from 183.97.192.131 port 41879 ssh2
Jan 20 23:10:58 host sshd[30807]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:11:00 host sshd[30807]: Failed password for invalid user usr from 183.97.192.131 port 41879 ssh2
Jan 20 23:11:02 host sshd[30807]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:11:04 host sshd[30807]: Failed password for invalid user usr from 183.97.192.131 port 41879 ssh2
Jan 20 23:11:28 host sshd[30900]: Invalid user Admin from 114.35.197.154 port 37723
Jan 20 23:11:28 host sshd[30900]: input_userauth_request: invalid user Admin [preauth]
Jan 20 23:11:28 host sshd[30900]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:11:28 host sshd[30900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.197.154
Jan 20 23:11:30 host sshd[30900]: Failed password for invalid user Admin from 114.35.197.154 port 37723 ssh2
Jan 20 23:11:30 host sshd[30900]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:11:32 host sshd[30900]: Failed password for invalid user Admin from 114.35.197.154 port 37723 ssh2
Jan 20 23:11:33 host sshd[30900]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:11:35 host sshd[30900]: Failed password for invalid user Admin from 114.35.197.154 port 37723 ssh2
Jan 20 23:11:36 host sshd[30900]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:11:38 host sshd[30900]: Failed password for invalid user Admin from 114.35.197.154 port 37723 ssh2
Jan 20 23:11:38 host sshd[30900]: Failed password for invalid user Admin from 114.35.197.154 port 37723 ssh2
Jan 20 23:11:39 host sshd[30900]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:11:41 host sshd[30900]: Failed password for invalid user Admin from 114.35.197.154 port 37723 ssh2
Jan 20 23:11:41 host sshd[30900]: error: maximum authentication attempts exceeded for invalid user Admin from 114.35.197.154 port 37723 ssh2 [preauth]
Jan 20 23:11:41 host sshd[30900]: Disconnecting: Too many authentication failures [preauth]
Jan 20 23:11:41 host sshd[30900]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.197.154
Jan 20 23:11:41 host sshd[30900]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 20 23:18:12 host sshd[31799]: Invalid user netopia from 205.185.113.129 port 34484
Jan 20 23:18:12 host sshd[31799]: input_userauth_request: invalid user netopia [preauth]
Jan 20 23:18:12 host sshd[31799]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:18:12 host sshd[31799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 20 23:18:13 host sshd[31799]: Failed password for invalid user netopia from 205.185.113.129 port 34484 ssh2
Jan 20 23:18:14 host sshd[31799]: Connection closed by 205.185.113.129 port 34484 [preauth]
Jan 20 23:19:04 host sshd[31903]: User root from 114.35.10.149 not allowed because not listed in AllowUsers
Jan 20 23:19:04 host sshd[31903]: input_userauth_request: invalid user root [preauth]
Jan 20 23:19:04 host unix_chkpwd[31910]: password check failed for user (root)
Jan 20 23:19:04 host sshd[31903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.10.149 user=root
Jan 20 23:19:04 host sshd[31903]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 23:19:06 host sshd[31903]: Failed password for invalid user root from 114.35.10.149 port 32880 ssh2
Jan 20 23:19:07 host unix_chkpwd[31913]: password check failed for user (root)
Jan 20 23:19:07 host sshd[31903]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 23:19:09 host sshd[31903]: Failed password for invalid user root from 114.35.10.149 port 32880 ssh2
Jan 20 23:19:10 host unix_chkpwd[31916]: password check failed for user (root)
Jan 20 23:19:10 host sshd[31903]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 23:19:12 host sshd[31903]: Failed password for invalid user root from 114.35.10.149 port 32880 ssh2
Jan 20 23:19:13 host sshd[31903]: Connection reset by 114.35.10.149 port 32880 [preauth]
Jan 20 23:19:13 host sshd[31903]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.10.149 user=root
Jan 20 23:20:09 host sshd[32173]: Invalid user user from 221.145.220.100 port 50687
Jan 20 23:20:09 host sshd[32173]: input_userauth_request: invalid user user [preauth]
Jan 20 23:20:09 host sshd[32173]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:20:09 host sshd[32173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.145.220.100
Jan 20 23:20:12 host sshd[32173]: Failed password for invalid user user from 221.145.220.100 port 50687 ssh2
Jan 20 23:20:13 host sshd[32173]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:20:15 host sshd[32173]: Failed password for invalid user user from 221.145.220.100 port 50687 ssh2
Jan 20 23:20:15 host sshd[32173]: Connection reset by 221.145.220.100 port 50687 [preauth]
Jan 20 23:20:15 host sshd[32173]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.145.220.100
Jan 20 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 20 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 20 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwletsstalkfood user-2=straightcurve user-3=bonifacegroup user-4=wwwevmhonda user-5=mrsclean user-6=wwwnexidigital user-7=gifterman user-8=palco123 user-9=phmetals user-10=kottayamcalldriv user-11=woodpeck user-12=wwwkapin user-13=wwwkmaorg user-14=disposeat user-15=remysagr user-16=pmcresources user-17=vfmassets user-18=wwwtestugo user-19=shalinijames user-20=wwwpmcresource user-21=wwwrmswll user-22=wwwresourcehunte user-23=keralaholi user-24=ugotscom user-25=travelboniface user-26=cochintaxi user-27=wwwkaretakers user-28=laundryboniface user-29=dartsimp user-30=a2zgroup feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 20 23:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-tA3dA2LVzZPrZx5F.~
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-tA3dA2LVzZPrZx5F.~'
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-tA3dA2LVzZPrZx5F.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 20 23:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 20 23:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 20 23:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 20 23:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 20 23:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 20 23:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 20 23:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 20 23:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 20 23:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 20 23:23:54 host sshd[420]: User root from 220.132.126.181 not allowed because not listed in AllowUsers
Jan 20 23:23:54 host sshd[420]: input_userauth_request: invalid user root [preauth]
Jan 20 23:23:54 host unix_chkpwd[425]: password check failed for user (root)
Jan 20 23:23:54 host sshd[420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.126.181 user=root
Jan 20 23:23:54 host sshd[420]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 23:23:56 host sshd[420]: Failed password for invalid user root from 220.132.126.181 port 54915 ssh2
Jan 20 23:23:57 host sshd[420]: Connection reset by 220.132.126.181 port 54915 [preauth]
Jan 20 23:28:01 host sshd[1142]: Invalid user admin from 220.133.144.238 port 50088
Jan 20 23:28:01 host sshd[1142]: input_userauth_request: invalid user admin [preauth]
Jan 20 23:28:01 host sshd[1142]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:28:01 host sshd[1142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.144.238
Jan 20 23:28:03 host sshd[1142]: Failed password for invalid user admin from 220.133.144.238 port 50088 ssh2
Jan 20 23:28:04 host sshd[1142]: Failed password for invalid user admin from 220.133.144.238 port 50088 ssh2
Jan 20 23:28:04 host sshd[1142]: Connection reset by 220.133.144.238 port 50088 [preauth]
Jan 20 23:33:58 host sshd[2327]: Did not receive identification string from 80.76.51.143 port 37398
Jan 20 23:36:00 host sshd[2646]: Invalid user jimchen from 106.10.122.53 port 42388
Jan 20 23:36:00 host sshd[2646]: input_userauth_request: invalid user jimchen [preauth]
Jan 20 23:36:01 host sshd[2646]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:36:01 host sshd[2646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 20 23:36:03 host sshd[2646]: Failed password for invalid user jimchen from 106.10.122.53 port 42388 ssh2
Jan 20 23:36:03 host sshd[2646]: Connection closed by 106.10.122.53 port 42388 [preauth]
Jan 20 23:38:01 host sshd[3060]: Invalid user admin from 122.117.98.206 port 39607
Jan 20 23:38:01 host sshd[3060]: input_userauth_request: invalid user admin [preauth]
Jan 20 23:38:01 host sshd[3060]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:38:01 host sshd[3060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.98.206
Jan 20 23:38:03 host sshd[3060]: Failed password for invalid user admin from 122.117.98.206 port 39607 ssh2
Jan 20 23:38:03 host sshd[3060]: Failed password for invalid user admin from 122.117.98.206 port 39607 ssh2
Jan 20 23:38:04 host sshd[3060]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:38:07 host sshd[3060]: Failed password for invalid user admin from 122.117.98.206 port 39607 ssh2
Jan 20 23:38:07 host sshd[3060]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:38:09 host sshd[3060]: Failed password for invalid user admin from 122.117.98.206 port 39607 ssh2
Jan 20 23:38:10 host sshd[3060]: Connection reset by 122.117.98.206 port 39607 [preauth]
Jan 20 23:38:10 host sshd[3060]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.98.206
Jan 20 23:38:33 host sshd[3167]: Did not receive identification string from 117.50.160.88 port 60316
Jan 20 23:38:35 host sshd[3168]: Invalid user ftpuser from 117.50.160.88 port 39482
Jan 20 23:38:35 host sshd[3168]: input_userauth_request: invalid user ftpuser [preauth]
Jan 20 23:38:35 host sshd[3176]: User root from 117.50.160.88 not allowed because not listed in AllowUsers
Jan 20 23:38:35 host sshd[3176]: input_userauth_request: invalid user root [preauth]
Jan 20 23:38:35 host sshd[3184]: Invalid user esuser from 117.50.160.88 port 39488
Jan 20 23:38:35 host sshd[3184]: input_userauth_request: invalid user esuser [preauth]
Jan 20 23:38:35 host sshd[3193]: User root from 117.50.160.88 not allowed because not listed in AllowUsers
Jan 20 23:38:35 host sshd[3193]: input_userauth_request: invalid user root [preauth]
Jan 20 23:38:36 host sshd[3192]: Invalid user web from 117.50.160.88 port 39454
Jan 20 23:38:36 host sshd[3192]: input_userauth_request: invalid user web [preauth]
Jan 20 23:38:36 host unix_chkpwd[3219]: password check failed for user (root)
Jan 20 23:38:36 host sshd[3193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.160.88 user=root
Jan 20 23:38:36 host sshd[3193]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 20 23:38:36 host sshd[3204]: User mysql from 117.50.160.88 not allowed because not listed in AllowUsers
Jan 20 23:38:36 host sshd[3204]: input_userauth_request: invalid user mysql [preauth]
Jan 20 23:38:36 host sshd[3192]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:38:36 host sshd[3192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.160.88
Jan 20 23:38:36 host unix_chkpwd[3227]: password check failed for user (mysql)
Jan 20 23:38:36 host sshd[3204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.160.88 user=mysql
Jan 20 23:38:36 host sshd[3204]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 20 23:38:36 host sshd[3168]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:38:36 host sshd[3168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.160.88
Jan 20 23:38:36 host sshd[3184]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:38:36 host sshd[3184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.160.88
Jan 20 23:38:36 host sshd[3173]: Invalid user user from 117.50.160.88 port 39476
Jan 20 23:38:36 host sshd[3173]: input_userauth_request: invalid user user [preauth]
Jan 20 23:38:36 host sshd[3172]: Invalid user hadoop from 117.50.160.88 port 39442
Jan 20 23:38:36 host sshd[3172]: input_userauth_request: invalid user hadoop [preauth]
Jan 20 23:38:36 host sshd[3180]: User root from 117.50.160.88 not allowed because not listed in AllowUsers
Jan 20 23:38:36 host sshd[3180]: input_userauth_request: invalid user root [preauth]
Jan 20 23:38:36 host sshd[3179]: User root from 117.50.160.88 not allowed because not listed in AllowUsers
Jan 20 23:38:36 host sshd[3179]: input_userauth_request: invalid user root [preauth]
Jan 20 23:38:36 host sshd[3211]: User root from 117.50.160.88 not allowed because not listed in AllowUsers
Jan 20 23:38:36 host sshd[3211]: input_userauth_request: invalid user root [preauth]
Jan 20 23:38:38 host sshd[3193]: Failed password for invalid user root from 117.50.160.88 port 39500 ssh2
Jan 20 23:38:38 host sshd[3192]: Failed password for invalid user web from 117.50.160.88 port 39454 ssh2
Jan 20 23:38:38 host sshd[3204]: Failed password for invalid user mysql from 117.50.160.88 port 39522 ssh2
Jan 20 23:38:38 host sshd[3168]: Failed password for invalid user ftpuser from 117.50.160.88 port 39482 ssh2
Jan 20 23:38:38 host sshd[3184]: Failed password for invalid user esuser from 117.50.160.88 port 39488 ssh2
Jan 20 23:45:59 host sshd[4192]: Invalid user dmdba from 27.254.159.123 port 37597
Jan 20 23:45:59 host sshd[4192]: input_userauth_request: invalid user dmdba [preauth]
Jan 20 23:45:59 host sshd[4192]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:45:59 host sshd[4192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.159.123
Jan 20 23:46:00 host sshd[4192]: Failed password for invalid user dmdba from 27.254.159.123 port 37597 ssh2
Jan 20 23:46:01 host sshd[4192]: Received disconnect from 27.254.159.123 port 37597:11: Bye Bye [preauth]
Jan 20 23:46:01 host sshd[4192]: Disconnected from 27.254.159.123 port 37597 [preauth]
Jan 20 23:46:02 host sshd[4216]: Invalid user vagrant from 68.178.167.86 port 51748
Jan 20 23:46:02 host sshd[4216]: input_userauth_request: invalid user vagrant [preauth]
Jan 20 23:46:02 host sshd[4216]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:46:02 host sshd[4216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.178.167.86
Jan 20 23:46:04 host sshd[4216]: Failed password for invalid user vagrant from 68.178.167.86 port 51748 ssh2
Jan 20 23:46:04 host sshd[4216]: Received disconnect from 68.178.167.86 port 51748:11: Bye Bye [preauth]
Jan 20 23:46:04 host sshd[4216]: Disconnected from 68.178.167.86 port 51748 [preauth]
Jan 20 23:46:20 host sshd[4242]: Invalid user ftpuser from 93.41.209.74 port 38998
Jan 20 23:46:20 host sshd[4242]: input_userauth_request: invalid user ftpuser [preauth]
Jan 20 23:46:20 host sshd[4242]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:46:20 host sshd[4242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.41.209.74
Jan 20 23:46:23 host sshd[4242]: Failed password for invalid user ftpuser from 93.41.209.74 port 38998 ssh2
Jan 20 23:46:23 host sshd[4242]: Received disconnect from 93.41.209.74 port 38998:11: Bye Bye [preauth]
Jan 20 23:46:23 host sshd[4242]: Disconnected from 93.41.209.74 port 38998 [preauth]
Jan 20 23:49:11 host sshd[4650]: Invalid user newuser from 43.133.229.111 port 40592
Jan 20 23:49:11 host sshd[4650]: input_userauth_request: invalid user newuser [preauth]
Jan 20 23:49:11 host sshd[4650]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:49:11 host sshd[4650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.133.229.111
Jan 20 23:49:12 host sshd[4650]: Failed password for invalid user newuser from 43.133.229.111 port 40592 ssh2
Jan 20 23:49:13 host sshd[4650]: Received disconnect from 43.133.229.111 port 40592:11: Bye Bye [preauth]
Jan 20 23:49:13 host sshd[4650]: Disconnected from 43.133.229.111 port 40592 [preauth]
Jan 20 23:50:27 host sshd[4807]: Invalid user teste from 146.190.55.221 port 35232
Jan 20 23:50:27 host sshd[4807]: input_userauth_request: invalid user teste [preauth]
Jan 20 23:50:27 host sshd[4807]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:50:27 host sshd[4807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.55.221
Jan 20 23:50:28 host sshd[4807]: Failed password for invalid user teste from 146.190.55.221 port 35232 ssh2
Jan 20 23:50:29 host sshd[4807]: Received disconnect from 146.190.55.221 port 35232:11: Bye Bye [preauth]
Jan 20 23:50:29 host sshd[4807]: Disconnected from 146.190.55.221 port 35232 [preauth]
Jan 20 23:52:54 host sshd[5117]: Invalid user ossuser from 146.190.55.221 port 49688
Jan 20 23:52:54 host sshd[5117]: input_userauth_request: invalid user ossuser [preauth]
Jan 20 23:52:54 host sshd[5117]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:52:54 host sshd[5117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.55.221
Jan 20 23:52:56 host sshd[5117]: Failed password for invalid user ossuser from 146.190.55.221 port 49688 ssh2
Jan 20 23:52:56 host sshd[5117]: Received disconnect from 146.190.55.221 port 49688:11: Bye Bye [preauth]
Jan 20 23:52:56 host sshd[5117]: Disconnected from 146.190.55.221 port 49688 [preauth]
Jan 20 23:53:17 host sshd[5174]: Invalid user synadmin from 68.178.167.86 port 54354
Jan 20 23:53:17 host sshd[5174]: input_userauth_request: invalid user synadmin [preauth]
Jan 20 23:53:17 host sshd[5174]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:53:17 host sshd[5174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.178.167.86
Jan 20 23:53:18 host sshd[5174]: Failed password for invalid user synadmin from 68.178.167.86 port 54354 ssh2
Jan 20 23:53:18 host sshd[5174]: Received disconnect from 68.178.167.86 port 54354:11: Bye Bye [preauth]
Jan 20 23:53:18 host sshd[5174]: Disconnected from 68.178.167.86 port 54354 [preauth]
Jan 20 23:53:45 host sshd[5244]: Invalid user pbsadmin from 27.254.159.123 port 39363
Jan 20 23:53:45 host sshd[5244]: input_userauth_request: invalid user pbsadmin [preauth]
Jan 20 23:53:45 host sshd[5244]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:53:45 host sshd[5244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.159.123
Jan 20 23:53:46 host sshd[5244]: Failed password for invalid user pbsadmin from 27.254.159.123 port 39363 ssh2
Jan 20 23:53:46 host sshd[5244]: Received disconnect from 27.254.159.123 port 39363:11: Bye Bye [preauth]
Jan 20 23:53:46 host sshd[5244]: Disconnected from 27.254.159.123 port 39363 [preauth]
Jan 20 23:53:48 host sshd[5249]: Invalid user sysadmin from 43.133.229.111 port 36050
Jan 20 23:53:48 host sshd[5249]: input_userauth_request: invalid user sysadmin [preauth]
Jan 20 23:53:48 host sshd[5249]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:53:48 host sshd[5249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.133.229.111
Jan 20 23:53:49 host sshd[5249]: Failed password for invalid user sysadmin from 43.133.229.111 port 36050 ssh2
Jan 20 23:53:49 host sshd[5249]: Received disconnect from 43.133.229.111 port 36050:11: Bye Bye [preauth]
Jan 20 23:53:49 host sshd[5249]: Disconnected from 43.133.229.111 port 36050 [preauth]
Jan 20 23:54:01 host sshd[5362]: Invalid user testy from 93.41.209.74 port 23637
Jan 20 23:54:01 host sshd[5362]: input_userauth_request: invalid user testy [preauth]
Jan 20 23:54:01 host sshd[5362]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:54:01 host sshd[5362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.41.209.74
Jan 20 23:54:02 host sshd[5365]: Invalid user ubuntu from 146.190.55.221 port 45950
Jan 20 23:54:02 host sshd[5365]: input_userauth_request: invalid user ubuntu [preauth]
Jan 20 23:54:02 host sshd[5365]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:54:02 host sshd[5365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.55.221
Jan 20 23:54:03 host sshd[5362]: Failed password for invalid user testy from 93.41.209.74 port 23637 ssh2
Jan 20 23:54:04 host sshd[5362]: Received disconnect from 93.41.209.74 port 23637:11: Bye Bye [preauth]
Jan 20 23:54:04 host sshd[5362]: Disconnected from 93.41.209.74 port 23637 [preauth]
Jan 20 23:54:04 host sshd[5365]: Failed password for invalid user ubuntu from 146.190.55.221 port 45950 ssh2
Jan 20 23:54:05 host sshd[5365]: Received disconnect from 146.190.55.221 port 45950:11: Bye Bye [preauth]
Jan 20 23:54:05 host sshd[5365]: Disconnected from 146.190.55.221 port 45950 [preauth]
Jan 20 23:54:54 host sshd[5493]: Invalid user git from 68.178.167.86 port 53730
Jan 20 23:54:54 host sshd[5493]: input_userauth_request: invalid user git [preauth]
Jan 20 23:54:54 host sshd[5493]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:54:54 host sshd[5493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.178.167.86
Jan 20 23:54:56 host sshd[5493]: Failed password for invalid user git from 68.178.167.86 port 53730 ssh2
Jan 20 23:54:56 host sshd[5493]: Received disconnect from 68.178.167.86 port 53730:11: Bye Bye [preauth]
Jan 20 23:54:56 host sshd[5493]: Disconnected from 68.178.167.86 port 53730 [preauth]
Jan 20 23:55:01 host sshd[5535]: Invalid user cpd from 43.133.229.111 port 35464
Jan 20 23:55:01 host sshd[5535]: input_userauth_request: invalid user cpd [preauth]
Jan 20 23:55:01 host sshd[5535]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:55:01 host sshd[5535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.133.229.111
Jan 20 23:55:03 host sshd[5535]: Failed password for invalid user cpd from 43.133.229.111 port 35464 ssh2
Jan 20 23:55:19 host sshd[5621]: Invalid user sshvpn from 93.41.209.74 port 35187
Jan 20 23:55:19 host sshd[5621]: input_userauth_request: invalid user sshvpn [preauth]
Jan 20 23:55:19 host sshd[5621]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:55:19 host sshd[5621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.41.209.74
Jan 20 23:55:21 host sshd[5621]: Failed password for invalid user sshvpn from 93.41.209.74 port 35187 ssh2
Jan 20 23:55:21 host sshd[5621]: Received disconnect from 93.41.209.74 port 35187:11: Bye Bye [preauth]
Jan 20 23:55:21 host sshd[5621]: Disconnected from 93.41.209.74 port 35187 [preauth]
Jan 20 23:55:23 host sshd[5665]: Invalid user test2 from 27.254.159.123 port 52542
Jan 20 23:55:23 host sshd[5665]: input_userauth_request: invalid user test2 [preauth]
Jan 20 23:55:23 host sshd[5665]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:55:23 host sshd[5665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.159.123
Jan 20 23:55:24 host sshd[5665]: Failed password for invalid user test2 from 27.254.159.123 port 52542 ssh2
Jan 20 23:55:25 host sshd[5665]: Received disconnect from 27.254.159.123 port 52542:11: Bye Bye [preauth]
Jan 20 23:55:25 host sshd[5665]: Disconnected from 27.254.159.123 port 52542 [preauth]
Jan 20 23:56:35 host sshd[5838]: Invalid user bradley from 107.189.30.59 port 36304
Jan 20 23:56:35 host sshd[5838]: input_userauth_request: invalid user bradley [preauth]
Jan 20 23:56:35 host sshd[5838]: pam_unix(sshd:auth): check pass; user unknown
Jan 20 23:56:35 host sshd[5838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 20 23:56:37 host sshd[5838]: Failed password for invalid user bradley from 107.189.30.59 port 36304 ssh2
Jan 20 23:56:38 host sshd[5838]: Connection closed by 107.189.30.59 port 36304 [preauth]
Jan 21 00:01:50 host sshd[6560]: Invalid user admin from 220.135.177.191 port 54376
Jan 21 00:01:50 host sshd[6560]: input_userauth_request: invalid user admin [preauth]
Jan 21 00:01:50 host sshd[6560]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:01:50 host sshd[6560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.177.191
Jan 21 00:01:52 host sshd[6560]: Failed password for invalid user admin from 220.135.177.191 port 54376 ssh2
Jan 21 00:01:55 host sshd[6560]: Connection closed by 220.135.177.191 port 54376 [preauth]
Jan 21 00:01:55 host sshd[6588]: Invalid user ONTUSER from 210.209.145.27 port 59237
Jan 21 00:01:55 host sshd[6588]: input_userauth_request: invalid user ONTUSER [preauth]
Jan 21 00:01:55 host sshd[6588]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:01:55 host sshd[6588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.209.145.27
Jan 21 00:01:57 host sshd[6588]: Failed password for invalid user ONTUSER from 210.209.145.27 port 59237 ssh2
Jan 21 00:01:59 host sshd[6588]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:02:00 host sshd[6588]: Failed password for invalid user ONTUSER from 210.209.145.27 port 59237 ssh2
Jan 21 00:02:01 host sshd[6588]: Failed password for invalid user ONTUSER from 210.209.145.27 port 59237 ssh2
Jan 21 00:02:02 host sshd[6588]: Connection closed by 210.209.145.27 port 59237 [preauth]
Jan 21 00:02:02 host sshd[6588]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.209.145.27
Jan 21 00:06:54 host sshd[7481]: Invalid user admin from 50.208.237.91 port 45750
Jan 21 00:06:54 host sshd[7481]: input_userauth_request: invalid user admin [preauth]
Jan 21 00:06:54 host sshd[7481]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:06:54 host sshd[7481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.208.237.91
Jan 21 00:06:56 host sshd[7487]: Invalid user ftptest from 188.166.236.29 port 48734
Jan 21 00:06:56 host sshd[7487]: input_userauth_request: invalid user ftptest [preauth]
Jan 21 00:06:56 host sshd[7487]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:06:56 host sshd[7487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.236.29
Jan 21 00:06:56 host sshd[7481]: Failed password for invalid user admin from 50.208.237.91 port 45750 ssh2
Jan 21 00:06:56 host sshd[7481]: Received disconnect from 50.208.237.91 port 45750:11: Bye Bye [preauth]
Jan 21 00:06:56 host sshd[7481]: Disconnected from 50.208.237.91 port 45750 [preauth]
Jan 21 00:06:58 host sshd[7487]: Failed password for invalid user ftptest from 188.166.236.29 port 48734 ssh2
Jan 21 00:06:58 host sshd[7487]: Received disconnect from 188.166.236.29 port 48734:11: Bye Bye [preauth]
Jan 21 00:06:58 host sshd[7487]: Disconnected from 188.166.236.29 port 48734 [preauth]
Jan 21 00:08:04 host sshd[7620]: Invalid user sstest from 133.130.89.210 port 39058
Jan 21 00:08:04 host sshd[7620]: input_userauth_request: invalid user sstest [preauth]
Jan 21 00:08:04 host sshd[7620]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:08:04 host sshd[7620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.130.89.210
Jan 21 00:08:06 host sshd[7620]: Failed password for invalid user sstest from 133.130.89.210 port 39058 ssh2
Jan 21 00:08:06 host sshd[7620]: Received disconnect from 133.130.89.210 port 39058:11: Bye Bye [preauth]
Jan 21 00:08:06 host sshd[7620]: Disconnected from 133.130.89.210 port 39058 [preauth]
Jan 21 00:08:19 host sshd[7638]: Invalid user wwwtest from 188.166.5.84 port 37736
Jan 21 00:08:19 host sshd[7638]: input_userauth_request: invalid user wwwtest [preauth]
Jan 21 00:08:19 host sshd[7638]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:08:19 host sshd[7638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.5.84
Jan 21 00:08:21 host sshd[7638]: Failed password for invalid user wwwtest from 188.166.5.84 port 37736 ssh2
Jan 21 00:08:21 host sshd[7638]: Received disconnect from 188.166.5.84 port 37736:11: Bye Bye [preauth]
Jan 21 00:08:21 host sshd[7638]: Disconnected from 188.166.5.84 port 37736 [preauth]
Jan 21 00:08:40 host sshd[7684]: Invalid user git1 from 46.101.5.100 port 39922
Jan 21 00:08:40 host sshd[7684]: input_userauth_request: invalid user git1 [preauth]
Jan 21 00:08:40 host sshd[7684]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:08:40 host sshd[7684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.5.100
Jan 21 00:08:42 host sshd[7684]: Failed password for invalid user git1 from 46.101.5.100 port 39922 ssh2
Jan 21 00:08:43 host sshd[7684]: Received disconnect from 46.101.5.100 port 39922:11: Bye Bye [preauth]
Jan 21 00:08:43 host sshd[7684]: Disconnected from 46.101.5.100 port 39922 [preauth]
Jan 21 00:08:54 host sshd[7699]: Invalid user admin from 159.89.233.162 port 54774
Jan 21 00:08:54 host sshd[7699]: input_userauth_request: invalid user admin [preauth]
Jan 21 00:08:54 host sshd[7699]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:08:54 host sshd[7699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.233.162
Jan 21 00:08:56 host sshd[7699]: Failed password for invalid user admin from 159.89.233.162 port 54774 ssh2
Jan 21 00:08:57 host sshd[7699]: Received disconnect from 159.89.233.162 port 54774:11: Bye Bye [preauth]
Jan 21 00:08:57 host sshd[7699]: Disconnected from 159.89.233.162 port 54774 [preauth]
Jan 21 00:09:44 host sshd[7806]: ssh_dispatch_run_fatal: Connection from 85.233.150.79 port 35209: bignum is negative [preauth]
Jan 21 00:10:05 host sshd[7938]: User ftp from 213.215.140.6 not allowed because not listed in AllowUsers
Jan 21 00:10:05 host sshd[7938]: input_userauth_request: invalid user ftp [preauth]
Jan 21 00:10:05 host unix_chkpwd[7984]: password check failed for user (ftp)
Jan 21 00:10:05 host sshd[7938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.215.140.6 user=ftp
Jan 21 00:10:05 host sshd[7938]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 21 00:10:07 host sshd[7938]: Failed password for invalid user ftp from 213.215.140.6 port 33358 ssh2
Jan 21 00:10:07 host sshd[7938]: Received disconnect from 213.215.140.6 port 33358:11: Bye Bye [preauth]
Jan 21 00:10:07 host sshd[7938]: Disconnected from 213.215.140.6 port 33358 [preauth]
Jan 21 00:10:50 host sshd[8076]: Invalid user bdadmin from 139.59.68.67 port 33060
Jan 21 00:10:50 host sshd[8076]: input_userauth_request: invalid user bdadmin [preauth]
Jan 21 00:10:50 host sshd[8076]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:10:50 host sshd[8076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.68.67
Jan 21 00:10:52 host sshd[8076]: Failed password for invalid user bdadmin from 139.59.68.67 port 33060 ssh2
Jan 21 00:10:52 host sshd[8076]: Received disconnect from 139.59.68.67 port 33060:11: Bye Bye [preauth]
Jan 21 00:10:52 host sshd[8076]: Disconnected from 139.59.68.67 port 33060 [preauth]
Jan 21 00:11:13 host sshd[8119]: Invalid user admin from 124.156.2.182 port 50600
Jan 21 00:11:13 host sshd[8119]: input_userauth_request: invalid user admin [preauth]
Jan 21 00:11:13 host sshd[8119]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:11:13 host sshd[8119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.156.2.182
Jan 21 00:11:15 host sshd[8119]: Failed password for invalid user admin from 124.156.2.182 port 50600 ssh2
Jan 21 00:11:15 host sshd[8119]: Received disconnect from 124.156.2.182 port 50600:11: Bye Bye [preauth]
Jan 21 00:11:15 host sshd[8119]: Disconnected from 124.156.2.182 port 50600 [preauth]
Jan 21 00:11:28 host sshd[8139]: Invalid user pi from 175.208.179.9 port 63896
Jan 21 00:11:28 host sshd[8139]: input_userauth_request: invalid user pi [preauth]
Jan 21 00:11:28 host sshd[8139]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:11:28 host sshd[8139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.208.179.9
Jan 21 00:11:30 host sshd[8139]: Failed password for invalid user pi from 175.208.179.9 port 63896 ssh2
Jan 21 00:11:31 host sshd[8139]: Connection reset by 175.208.179.9 port 63896 [preauth]
Jan 21 00:12:11 host sshd[8231]: Invalid user master from 61.76.169.138 port 30961
Jan 21 00:12:11 host sshd[8231]: input_userauth_request: invalid user master [preauth]
Jan 21 00:12:11 host sshd[8231]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:12:11 host sshd[8231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.169.138
Jan 21 00:12:12 host sshd[8231]: Failed password for invalid user master from 61.76.169.138 port 30961 ssh2
Jan 21 00:12:13 host sshd[8231]: Received disconnect from 61.76.169.138 port 30961:11: Bye Bye [preauth]
Jan 21 00:12:13 host sshd[8231]: Disconnected from 61.76.169.138 port 30961 [preauth]
Jan 21 00:12:26 host sshd[8246]: Invalid user tadmin from 46.101.5.100 port 56754
Jan 21 00:12:26 host sshd[8246]: input_userauth_request: invalid user tadmin [preauth]
Jan 21 00:12:26 host sshd[8246]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:12:26 host sshd[8246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.5.100
Jan 21 00:12:28 host sshd[8246]: Failed password for invalid user tadmin from 46.101.5.100 port 56754 ssh2
Jan 21 00:12:29 host sshd[8246]: Received disconnect from 46.101.5.100 port 56754:11: Bye Bye [preauth]
Jan 21 00:12:29 host sshd[8246]: Disconnected from 46.101.5.100 port 56754 [preauth]
Jan 21 00:12:37 host sshd[8280]: Invalid user phptest from 50.208.237.91 port 48424
Jan 21 00:12:37 host sshd[8280]: input_userauth_request: invalid user phptest [preauth]
Jan 21 00:12:37 host sshd[8280]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:12:37 host sshd[8280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.208.237.91
Jan 21 00:12:39 host sshd[8280]: Failed password for invalid user phptest from 50.208.237.91 port 48424 ssh2
Jan 21 00:12:39 host sshd[8280]: Received disconnect from 50.208.237.91 port 48424:11: Bye Bye [preauth]
Jan 21 00:12:39 host sshd[8280]: Disconnected from 50.208.237.91 port 48424 [preauth]
Jan 21 00:12:44 host sshd[8288]: Invalid user tech from 213.215.140.6 port 42552
Jan 21 00:12:44 host sshd[8288]: input_userauth_request: invalid user tech [preauth]
Jan 21 00:12:44 host sshd[8288]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:12:44 host sshd[8288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.215.140.6
Jan 21 00:12:46 host sshd[8288]: Failed password for invalid user tech from 213.215.140.6 port 42552 ssh2
Jan 21 00:12:47 host sshd[8288]: Received disconnect from 213.215.140.6 port 42552:11: Bye Bye [preauth]
Jan 21 00:12:47 host sshd[8288]: Disconnected from 213.215.140.6 port 42552 [preauth]
Jan 21 00:13:05 host sshd[8358]: Invalid user kodi from 188.166.5.84 port 56656
Jan 21 00:13:05 host sshd[8358]: input_userauth_request: invalid user kodi [preauth]
Jan 21 00:13:05 host sshd[8358]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:13:05 host sshd[8358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.5.84
Jan 21 00:13:06 host sshd[8358]: Failed password for invalid user kodi from 188.166.5.84 port 56656 ssh2
Jan 21 00:13:06 host sshd[8358]: Received disconnect from 188.166.5.84 port 56656:11: Bye Bye [preauth]
Jan 21 00:13:06 host sshd[8358]: Disconnected from 188.166.5.84 port 56656 [preauth]
Jan 21 00:13:30 host sshd[8416]: Invalid user sarah from 46.101.5.100 port 55516
Jan 21 00:13:30 host sshd[8416]: input_userauth_request: invalid user sarah [preauth]
Jan 21 00:13:30 host sshd[8416]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:13:30 host sshd[8416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.5.100
Jan 21 00:13:32 host sshd[8416]: Failed password for invalid user sarah from 46.101.5.100 port 55516 ssh2
Jan 21 00:13:32 host sshd[8416]: Received disconnect from 46.101.5.100 port 55516:11: Bye Bye [preauth]
Jan 21 00:13:32 host sshd[8416]: Disconnected from 46.101.5.100 port 55516 [preauth]
Jan 21 00:13:41 host sshd[8460]: Invalid user aceuser from 159.89.233.162 port 50302
Jan 21 00:13:41 host sshd[8460]: input_userauth_request: invalid user aceuser [preauth]
Jan 21 00:13:41 host sshd[8460]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:13:41 host sshd[8460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.233.162
Jan 21 00:13:43 host sshd[8460]: Failed password for invalid user aceuser from 159.89.233.162 port 50302 ssh2
Jan 21 00:13:43 host sshd[8460]: Received disconnect from 159.89.233.162 port 50302:11: Bye Bye [preauth]
Jan 21 00:13:43 host sshd[8460]: Disconnected from 159.89.233.162 port 50302 [preauth]
Jan 21 00:13:49 host sshd[8475]: Invalid user steam from 139.59.68.67 port 38906
Jan 21 00:13:49 host sshd[8475]: input_userauth_request: invalid user steam [preauth]
Jan 21 00:13:49 host sshd[8475]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:13:49 host sshd[8475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.68.67
Jan 21 00:13:50 host sshd[8477]: Invalid user admin from 50.208.237.91 port 47398
Jan 21 00:13:50 host sshd[8477]: input_userauth_request: invalid user admin [preauth]
Jan 21 00:13:50 host sshd[8477]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:13:50 host sshd[8477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.208.237.91
Jan 21 00:13:51 host sshd[8475]: Failed password for invalid user steam from 139.59.68.67 port 38906 ssh2
Jan 21 00:13:51 host sshd[8475]: Received disconnect from 139.59.68.67 port 38906:11: Bye Bye [preauth]
Jan 21 00:13:51 host sshd[8475]: Disconnected from 139.59.68.67 port 38906 [preauth]
Jan 21 00:13:52 host sshd[8477]: Failed password for invalid user admin from 50.208.237.91 port 47398 ssh2
Jan 21 00:13:52 host sshd[8477]: Received disconnect from 50.208.237.91 port 47398:11: Bye Bye [preauth]
Jan 21 00:13:52 host sshd[8477]: Disconnected from 50.208.237.91 port 47398 [preauth]
Jan 21 00:14:03 host sshd[8535]: Invalid user ldapuser from 188.166.5.84 port 50876
Jan 21 00:14:03 host sshd[8535]: input_userauth_request: invalid user ldapuser [preauth]
Jan 21 00:14:03 host sshd[8535]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:14:03 host sshd[8535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.5.84
Jan 21 00:14:05 host sshd[8535]: Failed password for invalid user ldapuser from 188.166.5.84 port 50876 ssh2
Jan 21 00:14:10 host sshd[8621]: Invalid user admin from 188.166.236.29 port 38006
Jan 21 00:14:10 host sshd[8621]: input_userauth_request: invalid user admin [preauth]
Jan 21 00:14:10 host sshd[8621]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:14:10 host sshd[8621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.236.29
Jan 21 00:14:11 host sshd[8621]: Failed password for invalid user admin from 188.166.236.29 port 38006 ssh2
Jan 21 00:14:12 host sshd[8621]: Received disconnect from 188.166.236.29 port 38006:11: Bye Bye [preauth]
Jan 21 00:14:12 host sshd[8621]: Disconnected from 188.166.236.29 port 38006 [preauth]
Jan 21 00:14:27 host sshd[8671]: Invalid user shadow from 200.73.134.13 port 50750
Jan 21 00:14:27 host sshd[8671]: input_userauth_request: invalid user shadow [preauth]
Jan 21 00:14:27 host sshd[8671]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:14:27 host sshd[8671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.73.134.13
Jan 21 00:14:29 host sshd[8702]: Invalid user django from 133.130.89.210 port 36020
Jan 21 00:14:29 host sshd[8702]: input_userauth_request: invalid user django [preauth]
Jan 21 00:14:29 host sshd[8702]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:14:29 host sshd[8702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.130.89.210
Jan 21 00:14:29 host sshd[8671]: Failed password for invalid user shadow from 200.73.134.13 port 50750 ssh2
Jan 21 00:14:30 host sshd[8714]: Invalid user tech from 124.156.2.182 port 58492
Jan 21 00:14:30 host sshd[8714]: input_userauth_request: invalid user tech [preauth]
Jan 21 00:14:30 host sshd[8714]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:14:30 host sshd[8714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.156.2.182
Jan 21 00:14:30 host sshd[8702]: Failed password for invalid user django from 133.130.89.210 port 36020 ssh2
Jan 21 00:14:30 host sshd[8702]: Received disconnect from 133.130.89.210 port 36020:11: Bye Bye [preauth]
Jan 21 00:14:30 host sshd[8702]: Disconnected from 133.130.89.210 port 36020 [preauth]
Jan 21 00:14:30 host sshd[8671]: Received disconnect from 200.73.134.13 port 50750:11: Bye Bye [preauth]
Jan 21 00:14:30 host sshd[8671]: Disconnected from 200.73.134.13 port 50750 [preauth]
Jan 21 00:14:31 host sshd[8714]: Failed password for invalid user tech from 124.156.2.182 port 58492 ssh2
Jan 21 00:14:31 host sshd[8714]: Received disconnect from 124.156.2.182 port 58492:11: Bye Bye [preauth]
Jan 21 00:14:31 host sshd[8714]: Disconnected from 124.156.2.182 port 58492 [preauth]
Jan 21 00:14:46 host sshd[8770]: Invalid user admin from 159.89.233.162 port 49038
Jan 21 00:14:46 host sshd[8770]: input_userauth_request: invalid user admin [preauth]
Jan 21 00:14:46 host sshd[8770]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:14:46 host sshd[8770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.233.162
Jan 21 00:14:48 host sshd[8775]: Invalid user robert from 1.179.157.230 port 50806
Jan 21 00:14:48 host sshd[8775]: input_userauth_request: invalid user robert [preauth]
Jan 21 00:14:48 host sshd[8775]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:14:48 host sshd[8775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.179.157.230
Jan 21 00:14:48 host sshd[8770]: Failed password for invalid user admin from 159.89.233.162 port 49038 ssh2
Jan 21 00:14:50 host sshd[8775]: Failed password for invalid user robert from 1.179.157.230 port 50806 ssh2
Jan 21 00:14:50 host sshd[8775]: Received disconnect from 1.179.157.230 port 50806:11: Bye Bye [preauth]
Jan 21 00:14:50 host sshd[8775]: Disconnected from 1.179.157.230 port 50806 [preauth]
Jan 21 00:15:09 host sshd[8884]: Invalid user zookeeper from 61.76.169.138 port 19802
Jan 21 00:15:09 host sshd[8884]: input_userauth_request: invalid user zookeeper [preauth]
Jan 21 00:15:09 host sshd[8884]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:15:09 host sshd[8884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.169.138
Jan 21 00:15:11 host sshd[8884]: Failed password for invalid user zookeeper from 61.76.169.138 port 19802 ssh2
Jan 21 00:15:12 host sshd[8884]: Received disconnect from 61.76.169.138 port 19802:11: Bye Bye [preauth]
Jan 21 00:15:12 host sshd[8884]: Disconnected from 61.76.169.138 port 19802 [preauth]
Jan 21 00:15:12 host sshd[8899]: Invalid user libadmin from 139.59.68.67 port 33602
Jan 21 00:15:12 host sshd[8899]: input_userauth_request: invalid user libadmin [preauth]
Jan 21 00:15:12 host sshd[8899]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:15:12 host sshd[8899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.68.67
Jan 21 00:15:13 host sshd[8899]: Failed password for invalid user libadmin from 139.59.68.67 port 33602 ssh2
Jan 21 00:15:36 host sshd[9290]: Invalid user arkserver from 188.166.236.29 port 52940
Jan 21 00:15:36 host sshd[9290]: input_userauth_request: invalid user arkserver [preauth]
Jan 21 00:15:36 host sshd[9290]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:15:36 host sshd[9290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.236.29
Jan 21 00:15:38 host sshd[9290]: Failed password for invalid user arkserver from 188.166.236.29 port 52940 ssh2
Jan 21 00:15:38 host sshd[9290]: Received disconnect from 188.166.236.29 port 52940:11: Bye Bye [preauth]
Jan 21 00:15:38 host sshd[9290]: Disconnected from 188.166.236.29 port 52940 [preauth]
Jan 21 00:15:43 host sshd[9456]: Invalid user itmuser from 124.156.2.182 port 53010
Jan 21 00:15:43 host sshd[9456]: input_userauth_request: invalid user itmuser [preauth]
Jan 21 00:15:43 host sshd[9456]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:15:43 host sshd[9456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.156.2.182
Jan 21 00:15:45 host sshd[9456]: Failed password for invalid user itmuser from 124.156.2.182 port 53010 ssh2
Jan 21 00:15:45 host sshd[9456]: Received disconnect from 124.156.2.182 port 53010:11: Bye Bye [preauth]
Jan 21 00:15:45 host sshd[9456]: Disconnected from 124.156.2.182 port 53010 [preauth]
Jan 21 00:16:08 host sshd[9890]: Invalid user testing from 133.130.89.210 port 34468
Jan 21 00:16:08 host sshd[9890]: input_userauth_request: invalid user testing [preauth]
Jan 21 00:16:08 host sshd[9890]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:16:08 host sshd[9890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=133.130.89.210
Jan 21 00:16:11 host sshd[9890]: Failed password for invalid user testing from 133.130.89.210 port 34468 ssh2
Jan 21 00:16:11 host sshd[9890]: Received disconnect from 133.130.89.210 port 34468:11: Bye Bye [preauth]
Jan 21 00:16:11 host sshd[9890]: Disconnected from 133.130.89.210 port 34468 [preauth]
Jan 21 00:16:37 host sshd[10031]: Invalid user ftptest from 61.76.169.138 port 2826
Jan 21 00:16:37 host sshd[10031]: input_userauth_request: invalid user ftptest [preauth]
Jan 21 00:16:37 host sshd[10031]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:16:37 host sshd[10031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.76.169.138
Jan 21 00:16:38 host sshd[10031]: Failed password for invalid user ftptest from 61.76.169.138 port 2826 ssh2
Jan 21 00:17:56 host sshd[10185]: Invalid user vncuser from 200.73.134.13 port 43744
Jan 21 00:17:56 host sshd[10185]: input_userauth_request: invalid user vncuser [preauth]
Jan 21 00:17:56 host sshd[10185]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:17:56 host sshd[10185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.73.134.13
Jan 21 00:17:58 host sshd[10185]: Failed password for invalid user vncuser from 200.73.134.13 port 43744 ssh2
Jan 21 00:17:59 host sshd[10185]: Received disconnect from 200.73.134.13 port 43744:11: Bye Bye [preauth]
Jan 21 00:17:59 host sshd[10185]: Disconnected from 200.73.134.13 port 43744 [preauth]
Jan 21 00:18:48 host sshd[10300]: Invalid user super from 1.179.157.230 port 42236
Jan 21 00:18:48 host sshd[10300]: input_userauth_request: invalid user super [preauth]
Jan 21 00:18:48 host sshd[10300]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:18:48 host sshd[10300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.179.157.230
Jan 21 00:18:50 host sshd[10300]: Failed password for invalid user super from 1.179.157.230 port 42236 ssh2
Jan 21 00:18:50 host sshd[10300]: Received disconnect from 1.179.157.230 port 42236:11: Bye Bye [preauth]
Jan 21 00:18:50 host sshd[10300]: Disconnected from 1.179.157.230 port 42236 [preauth]
Jan 21 00:19:26 host sshd[10362]: Invalid user dnsekakf2$$ from 108.6.214.115 port 57523
Jan 21 00:19:26 host sshd[10362]: input_userauth_request: invalid user dnsekakf2$$ [preauth]
Jan 21 00:19:26 host sshd[10362]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:19:26 host sshd[10362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.6.214.115
Jan 21 00:19:27 host sshd[10362]: Failed password for invalid user dnsekakf2$$ from 108.6.214.115 port 57523 ssh2
Jan 21 00:19:28 host sshd[10362]: Failed password for invalid user dnsekakf2$$ from 108.6.214.115 port 57523 ssh2
Jan 21 00:19:28 host sshd[10362]: Connection closed by 108.6.214.115 port 57523 [preauth]
Jan 21 00:19:33 host sshd[10374]: Invalid user admin from 200.73.134.13 port 53868
Jan 21 00:19:33 host sshd[10374]: input_userauth_request: invalid user admin [preauth]
Jan 21 00:19:33 host sshd[10374]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:19:33 host sshd[10374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.73.134.13
Jan 21 00:19:35 host sshd[10374]: Failed password for invalid user admin from 200.73.134.13 port 53868 ssh2
Jan 21 00:20:44 host sshd[10692]: Invalid user sonar from 104.248.92.191 port 54588
Jan 21 00:20:44 host sshd[10692]: input_userauth_request: invalid user sonar [preauth]
Jan 21 00:20:44 host sshd[10692]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:20:44 host sshd[10692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.92.191
Jan 21 00:20:45 host sshd[10695]: Invalid user test from 1.179.157.230 port 59014
Jan 21 00:20:45 host sshd[10695]: input_userauth_request: invalid user test [preauth]
Jan 21 00:20:45 host sshd[10695]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:20:45 host sshd[10695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.179.157.230
Jan 21 00:20:46 host sshd[10692]: Failed password for invalid user sonar from 104.248.92.191 port 54588 ssh2
Jan 21 00:20:46 host sshd[10692]: Received disconnect from 104.248.92.191 port 54588:11: Bye Bye [preauth]
Jan 21 00:20:46 host sshd[10692]: Disconnected from 104.248.92.191 port 54588 [preauth]
Jan 21 00:20:47 host sshd[10695]: Failed password for invalid user test from 1.179.157.230 port 59014 ssh2
Jan 21 00:20:47 host sshd[10695]: Received disconnect from 1.179.157.230 port 59014:11: Bye Bye [preauth]
Jan 21 00:20:47 host sshd[10695]: Disconnected from 1.179.157.230 port 59014 [preauth]
Jan 21 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 00:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=mrsclean user-2=wwwnexidigital user-3=palco123 user-4=gifterman user-5=kottayamcalldriv user-6=phmetals user-7=wwwletsstalkfood user-8=straightcurve user-9=bonifacegroup user-10=wwwevmhonda user-11=pmcresources user-12=vfmassets user-13=shalinijames user-14=wwwtestugo user-15=woodpeck user-16=wwwkapin user-17=disposeat user-18=remysagr user-19=wwwkmaorg user-20=wwwresourcehunte user-21=keralaholi user-22=wwwrmswll user-23=ugotscom user-24=travelboniface user-25=wwwpmcresource user-26=laundryboniface user-27=a2zgroup user-28=dartsimp user-29=wwwkaretakers user-30=cochintaxi feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 00:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vJ7hh4aSMtQnkn7A.~
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vJ7hh4aSMtQnkn7A.~'
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vJ7hh4aSMtQnkn7A.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 00:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 00:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 00:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 00:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 00:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 00:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 00:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 00:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 00:23:09 host sshd[11219]: Invalid user es from 43.159.52.230 port 33962
Jan 21 00:23:09 host sshd[11219]: input_userauth_request: invalid user es [preauth]
Jan 21 00:23:09 host sshd[11219]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:23:09 host sshd[11219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.52.230
Jan 21 00:23:12 host sshd[11219]: Failed password for invalid user es from 43.159.52.230 port 33962 ssh2
Jan 21 00:23:12 host sshd[11219]: Received disconnect from 43.159.52.230 port 33962:11: Bye Bye [preauth]
Jan 21 00:23:12 host sshd[11219]: Disconnected from 43.159.52.230 port 33962 [preauth]
Jan 21 00:24:47 host sshd[11435]: Invalid user test from 202.179.191.68 port 57952
Jan 21 00:24:47 host sshd[11435]: input_userauth_request: invalid user test [preauth]
Jan 21 00:24:47 host sshd[11435]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:24:47 host sshd[11435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.191.68
Jan 21 00:24:48 host sshd[11435]: Failed password for invalid user test from 202.179.191.68 port 57952 ssh2
Jan 21 00:24:48 host sshd[11435]: Received disconnect from 202.179.191.68 port 57952:11: Bye Bye [preauth]
Jan 21 00:24:48 host sshd[11435]: Disconnected from 202.179.191.68 port 57952 [preauth]
Jan 21 00:26:27 host sshd[11610]: Invalid user etluser from 159.89.85.209 port 60384
Jan 21 00:26:27 host sshd[11610]: input_userauth_request: invalid user etluser [preauth]
Jan 21 00:26:27 host sshd[11610]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:26:27 host sshd[11610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.85.209
Jan 21 00:26:28 host sshd[11610]: Failed password for invalid user etluser from 159.89.85.209 port 60384 ssh2
Jan 21 00:26:29 host sshd[11610]: Received disconnect from 159.89.85.209 port 60384:11: Bye Bye [preauth]
Jan 21 00:26:29 host sshd[11610]: Disconnected from 159.89.85.209 port 60384 [preauth]
Jan 21 00:26:43 host sshd[11657]: Connection closed by 45.79.181.251 port 2624 [preauth]
Jan 21 00:26:45 host sshd[11669]: Connection closed by 45.79.181.251 port 2638 [preauth]
Jan 21 00:26:48 host sshd[11673]: Connection closed by 45.79.181.251 port 2652 [preauth]
Jan 21 00:26:48 host sshd[11677]: Invalid user postgres from 43.134.176.134 port 40438
Jan 21 00:26:48 host sshd[11677]: input_userauth_request: invalid user postgres [preauth]
Jan 21 00:26:48 host sshd[11677]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:26:48 host sshd[11677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.176.134
Jan 21 00:26:50 host sshd[11677]: Failed password for invalid user postgres from 43.134.176.134 port 40438 ssh2
Jan 21 00:26:50 host sshd[11677]: Received disconnect from 43.134.176.134 port 40438:11: Bye Bye [preauth]
Jan 21 00:26:50 host sshd[11677]: Disconnected from 43.134.176.134 port 40438 [preauth]
Jan 21 00:26:55 host sshd[11686]: Invalid user benjamin from 104.248.92.191 port 60262
Jan 21 00:26:55 host sshd[11686]: input_userauth_request: invalid user benjamin [preauth]
Jan 21 00:26:55 host sshd[11686]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:26:55 host sshd[11686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.92.191
Jan 21 00:26:57 host sshd[11686]: Failed password for invalid user benjamin from 104.248.92.191 port 60262 ssh2
Jan 21 00:26:57 host sshd[11686]: Received disconnect from 104.248.92.191 port 60262:11: Bye Bye [preauth]
Jan 21 00:26:57 host sshd[11686]: Disconnected from 104.248.92.191 port 60262 [preauth]
Jan 21 00:27:47 host sshd[11905]: Invalid user server from 202.179.191.68 port 42162
Jan 21 00:27:47 host sshd[11905]: input_userauth_request: invalid user server [preauth]
Jan 21 00:27:47 host sshd[11905]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:27:47 host sshd[11905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.191.68
Jan 21 00:27:49 host sshd[11905]: Failed password for invalid user server from 202.179.191.68 port 42162 ssh2
Jan 21 00:27:49 host sshd[11905]: Received disconnect from 202.179.191.68 port 42162:11: Bye Bye [preauth]
Jan 21 00:27:49 host sshd[11905]: Disconnected from 202.179.191.68 port 42162 [preauth]
Jan 21 00:27:56 host sshd[11919]: Invalid user invoices from 104.248.92.191 port 60316
Jan 21 00:27:56 host sshd[11919]: input_userauth_request: invalid user invoices [preauth]
Jan 21 00:27:56 host sshd[11919]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:27:56 host sshd[11919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.92.191
Jan 21 00:27:58 host sshd[11919]: Failed password for invalid user invoices from 104.248.92.191 port 60316 ssh2
Jan 21 00:27:59 host sshd[11956]: Invalid user ec2-user from 43.159.52.230 port 41500
Jan 21 00:27:59 host sshd[11956]: input_userauth_request: invalid user ec2-user [preauth]
Jan 21 00:27:59 host sshd[11956]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:27:59 host sshd[11956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.52.230
Jan 21 00:28:01 host sshd[11956]: Failed password for invalid user ec2-user from 43.159.52.230 port 41500 ssh2
Jan 21 00:28:01 host sshd[11956]: Received disconnect from 43.159.52.230 port 41500:11: Bye Bye [preauth]
Jan 21 00:28:01 host sshd[11956]: Disconnected from 43.159.52.230 port 41500 [preauth]
Jan 21 00:28:07 host sshd[11980]: Invalid user maxadmin from 159.89.85.209 port 51996
Jan 21 00:28:07 host sshd[11980]: input_userauth_request: invalid user maxadmin [preauth]
Jan 21 00:28:07 host sshd[11980]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:28:07 host sshd[11980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.85.209
Jan 21 00:28:09 host sshd[11980]: Failed password for invalid user maxadmin from 159.89.85.209 port 51996 ssh2
Jan 21 00:28:09 host sshd[11980]: Received disconnect from 159.89.85.209 port 51996:11: Bye Bye [preauth]
Jan 21 00:28:09 host sshd[11980]: Disconnected from 159.89.85.209 port 51996 [preauth]
Jan 21 00:28:58 host sshd[12069]: Invalid user test from 43.134.176.134 port 54722
Jan 21 00:28:58 host sshd[12069]: input_userauth_request: invalid user test [preauth]
Jan 21 00:28:58 host sshd[12069]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:28:58 host sshd[12069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.176.134
Jan 21 00:29:00 host sshd[12069]: Failed password for invalid user test from 43.134.176.134 port 54722 ssh2
Jan 21 00:29:00 host sshd[12069]: Received disconnect from 43.134.176.134 port 54722:11: Bye Bye [preauth]
Jan 21 00:29:00 host sshd[12069]: Disconnected from 43.134.176.134 port 54722 [preauth]
Jan 21 00:29:08 host sshd[12102]: Invalid user test_qpfs from 202.179.191.68 port 54666
Jan 21 00:29:08 host sshd[12102]: input_userauth_request: invalid user test_qpfs [preauth]
Jan 21 00:29:08 host sshd[12102]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:29:08 host sshd[12102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.191.68
Jan 21 00:29:09 host sshd[12094]: Invalid user sockduser from 159.89.85.209 port 42736
Jan 21 00:29:09 host sshd[12094]: input_userauth_request: invalid user sockduser [preauth]
Jan 21 00:29:09 host sshd[12094]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:29:09 host sshd[12094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.85.209
Jan 21 00:29:11 host sshd[12094]: Failed password for invalid user sockduser from 159.89.85.209 port 42736 ssh2
Jan 21 00:29:11 host sshd[12102]: Failed password for invalid user test_qpfs from 202.179.191.68 port 54666 ssh2
Jan 21 00:29:11 host sshd[12102]: Received disconnect from 202.179.191.68 port 54666:11: Bye Bye [preauth]
Jan 21 00:29:11 host sshd[12102]: Disconnected from 202.179.191.68 port 54666 [preauth]
Jan 21 00:29:11 host sshd[12094]: Received disconnect from 159.89.85.209 port 42736:11: Bye Bye [preauth]
Jan 21 00:29:11 host sshd[12094]: Disconnected from 159.89.85.209 port 42736 [preauth]
Jan 21 00:29:26 host sshd[12202]: Invalid user linux from 43.159.52.230 port 40258
Jan 21 00:29:26 host sshd[12202]: input_userauth_request: invalid user linux [preauth]
Jan 21 00:29:26 host sshd[12202]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:29:26 host sshd[12202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.52.230
Jan 21 00:29:28 host sshd[12202]: Failed password for invalid user linux from 43.159.52.230 port 40258 ssh2
Jan 21 00:30:20 host sshd[12360]: Invalid user eyftpuser from 43.134.176.134 port 50780
Jan 21 00:30:20 host sshd[12360]: input_userauth_request: invalid user eyftpuser [preauth]
Jan 21 00:30:20 host sshd[12360]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:30:20 host sshd[12360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.134.176.134
Jan 21 00:30:22 host sshd[12360]: Failed password for invalid user eyftpuser from 43.134.176.134 port 50780 ssh2
Jan 21 00:30:22 host sshd[12360]: Received disconnect from 43.134.176.134 port 50780:11: Bye Bye [preauth]
Jan 21 00:30:22 host sshd[12360]: Disconnected from 43.134.176.134 port 50780 [preauth]
Jan 21 00:44:47 host sshd[14198]: Invalid user hd from 194.110.203.109 port 60434
Jan 21 00:44:47 host sshd[14198]: input_userauth_request: invalid user hd [preauth]
Jan 21 00:44:47 host sshd[14198]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:44:47 host sshd[14198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 00:44:49 host sshd[14198]: Failed password for invalid user hd from 194.110.203.109 port 60434 ssh2
Jan 21 00:44:52 host sshd[14198]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:44:54 host sshd[14198]: Failed password for invalid user hd from 194.110.203.109 port 60434 ssh2
Jan 21 00:44:57 host sshd[14198]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:45:00 host sshd[14198]: Failed password for invalid user hd from 194.110.203.109 port 60434 ssh2
Jan 21 00:45:03 host sshd[14198]: Connection closed by 194.110.203.109 port 60434 [preauth]
Jan 21 00:45:03 host sshd[14198]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 00:48:43 host sshd[14767]: Invalid user service from 31.41.244.124 port 28203
Jan 21 00:48:43 host sshd[14767]: input_userauth_request: invalid user service [preauth]
Jan 21 00:48:43 host sshd[14767]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:48:43 host sshd[14767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124
Jan 21 00:48:45 host sshd[14767]: Failed password for invalid user service from 31.41.244.124 port 28203 ssh2
Jan 21 00:48:45 host sshd[14767]: Received disconnect from 31.41.244.124 port 28203:11: Client disconnecting normally [preauth]
Jan 21 00:48:45 host sshd[14767]: Disconnected from 31.41.244.124 port 28203 [preauth]
Jan 21 00:54:35 host sshd[15557]: Invalid user postgres from 116.15.64.17 port 60843
Jan 21 00:54:35 host sshd[15557]: input_userauth_request: invalid user postgres [preauth]
Jan 21 00:54:35 host sshd[15557]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:54:35 host sshd[15557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.15.64.17
Jan 21 00:54:37 host sshd[15557]: Failed password for invalid user postgres from 116.15.64.17 port 60843 ssh2
Jan 21 00:54:37 host sshd[15557]: Connection reset by 116.15.64.17 port 60843 [preauth]
Jan 21 00:54:37 host sshd[15561]: Invalid user default from 220.134.3.80 port 52343
Jan 21 00:54:37 host sshd[15561]: input_userauth_request: invalid user default [preauth]
Jan 21 00:54:37 host sshd[15561]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:54:37 host sshd[15561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.3.80
Jan 21 00:54:39 host sshd[15561]: Failed password for invalid user default from 220.134.3.80 port 52343 ssh2
Jan 21 00:54:39 host sshd[15561]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:54:41 host sshd[15561]: Failed password for invalid user default from 220.134.3.80 port 52343 ssh2
Jan 21 00:54:42 host sshd[15561]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:54:44 host sshd[15561]: Failed password for invalid user default from 220.134.3.80 port 52343 ssh2
Jan 21 00:54:45 host sshd[15561]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:54:47 host sshd[15561]: Failed password for invalid user default from 220.134.3.80 port 52343 ssh2
Jan 21 00:54:48 host sshd[15561]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 00:54:50 host sshd[15561]: Failed password for invalid user default from 220.134.3.80 port 52343 ssh2
Jan 21 00:58:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 00:58:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 00:58:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:01:41 host sshd[16608]: Did not receive identification string from 192.241.230.17 port 39448
Jan 21 01:01:42 host sshd[16718]: Did not receive identification string from 43.138.17.106 port 34984
Jan 21 01:01:43 host sshd[16719]: Invalid user dockeradmin from 43.138.17.106 port 41128
Jan 21 01:01:43 host sshd[16719]: input_userauth_request: invalid user dockeradmin [preauth]
Jan 21 01:01:43 host sshd[16720]: Invalid user tester from 43.138.17.106 port 41092
Jan 21 01:01:43 host sshd[16720]: input_userauth_request: invalid user tester [preauth]
Jan 21 01:01:43 host sshd[16721]: Invalid user web from 43.138.17.106 port 41130
Jan 21 01:01:43 host sshd[16721]: input_userauth_request: invalid user web [preauth]
Jan 21 01:01:43 host sshd[16722]: User root from 43.138.17.106 not allowed because not listed in AllowUsers
Jan 21 01:01:43 host sshd[16722]: input_userauth_request: invalid user root [preauth]
Jan 21 01:01:43 host sshd[16724]: User root from 43.138.17.106 not allowed because not listed in AllowUsers
Jan 21 01:01:43 host sshd[16724]: input_userauth_request: invalid user root [preauth]
Jan 21 01:01:43 host sshd[16729]: User root from 43.138.17.106 not allowed because not listed in AllowUsers
Jan 21 01:01:43 host sshd[16729]: input_userauth_request: invalid user root [preauth]
Jan 21 01:01:43 host sshd[16723]: Invalid user oracle from 43.138.17.106 port 41106
Jan 21 01:01:43 host sshd[16723]: input_userauth_request: invalid user oracle [preauth]
Jan 21 01:01:43 host sshd[16727]: User root from 43.138.17.106 not allowed because not listed in AllowUsers
Jan 21 01:01:43 host sshd[16727]: input_userauth_request: invalid user root [preauth]
Jan 21 01:01:43 host sshd[16733]: User root from 43.138.17.106 not allowed because not listed in AllowUsers
Jan 21 01:01:43 host sshd[16733]: input_userauth_request: invalid user root [preauth]
Jan 21 01:01:43 host sshd[16725]: Invalid user admin from 43.138.17.106 port 41100
Jan 21 01:01:43 host sshd[16725]: input_userauth_request: invalid user admin [preauth]
Jan 21 01:01:43 host sshd[16730]: Invalid user dockeradmin from 43.138.17.106 port 41104
Jan 21 01:01:43 host sshd[16730]: input_userauth_request: invalid user dockeradmin [preauth]
Jan 21 01:01:43 host sshd[16734]: Invalid user oracle from 43.138.17.106 port 41140
Jan 21 01:01:43 host sshd[16734]: input_userauth_request: invalid user oracle [preauth]
Jan 21 01:01:43 host sshd[16736]: User mysql from 43.138.17.106 not allowed because not listed in AllowUsers
Jan 21 01:01:43 host sshd[16736]: input_userauth_request: invalid user mysql [preauth]
Jan 21 01:01:43 host sshd[16728]: Invalid user emqx from 43.138.17.106 port 41156
Jan 21 01:01:43 host sshd[16728]: input_userauth_request: invalid user emqx [preauth]
Jan 21 01:01:43 host sshd[16735]: User root from 43.138.17.106 not allowed because not listed in AllowUsers
Jan 21 01:01:43 host sshd[16735]: input_userauth_request: invalid user root [preauth]
Jan 21 01:01:43 host sshd[16737]: Invalid user ansible from 43.138.17.106 port 41122
Jan 21 01:01:43 host sshd[16737]: input_userauth_request: invalid user ansible [preauth]
Jan 21 01:01:43 host sshd[16739]: Invalid user oracle from 43.138.17.106 port 41154
Jan 21 01:01:43 host sshd[16739]: input_userauth_request: invalid user oracle [preauth]
Jan 21 01:01:43 host sshd[16738]: User root from 43.138.17.106 not allowed because not listed in AllowUsers
Jan 21 01:01:43 host sshd[16738]: input_userauth_request: invalid user root [preauth]
Jan 21 01:01:43 host sshd[16743]: User root from 43.138.17.106 not allowed because not listed in AllowUsers
Jan 21 01:01:43 host sshd[16743]: input_userauth_request: invalid user root [preauth]
Jan 21 01:01:43 host sshd[16741]: Invalid user dmdba from 43.138.17.106 port 41110
Jan 21 01:01:43 host sshd[16741]: input_userauth_request: invalid user dmdba [preauth]
Jan 21 01:01:43 host sshd[16744]: User root from 43.138.17.106 not allowed because not listed in AllowUsers
Jan 21 01:01:43 host sshd[16744]: input_userauth_request: invalid user root [preauth]
Jan 21 01:01:43 host sshd[16745]: Invalid user esuser from 43.138.17.106 port 41116
Jan 21 01:01:43 host sshd[16745]: input_userauth_request: invalid user esuser [preauth]
Jan 21 01:01:43 host sshd[16747]: User root from 43.138.17.106 not allowed because not listed in AllowUsers
Jan 21 01:01:43 host sshd[16747]: input_userauth_request: invalid user root [preauth]
Jan 21 01:01:44 host sshd[16719]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:01:44 host sshd[16719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106
Jan 21 01:01:44 host sshd[16720]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:01:44 host sshd[16720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106
Jan 21 01:01:44 host sshd[16721]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:01:44 host sshd[16721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106
Jan 21 01:01:44 host sshd[16723]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:01:44 host sshd[16723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106
Jan 21 01:01:44 host sshd[16730]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:01:44 host sshd[16730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106
Jan 21 01:01:44 host sshd[16725]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:01:44 host sshd[16725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106
Jan 21 01:01:44 host sshd[16728]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:01:44 host sshd[16728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106
Jan 21 01:01:44 host sshd[16734]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:01:44 host sshd[16734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106
Jan 21 01:01:44 host unix_chkpwd[16782]: password check failed for user (root)
Jan 21 01:01:44 host sshd[16722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106 user=root
Jan 21 01:01:44 host sshd[16722]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:01:44 host unix_chkpwd[16783]: password check failed for user (root)
Jan 21 01:01:44 host unix_chkpwd[16785]: password check failed for user (root)
Jan 21 01:01:44 host sshd[16729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106 user=root
Jan 21 01:01:44 host sshd[16729]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:01:44 host sshd[16724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106 user=root
Jan 21 01:01:44 host sshd[16724]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:01:44 host unix_chkpwd[16786]: password check failed for user (root)
Jan 21 01:01:44 host sshd[16727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106 user=root
Jan 21 01:01:44 host sshd[16727]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:01:44 host unix_chkpwd[16787]: password check failed for user (root)
Jan 21 01:01:44 host sshd[16733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106 user=root
Jan 21 01:01:44 host sshd[16733]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:01:44 host unix_chkpwd[16784]: password check failed for user (root)
Jan 21 01:01:44 host sshd[16738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106 user=root
Jan 21 01:01:44 host sshd[16738]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:01:44 host unix_chkpwd[16788]: password check failed for user (root)
Jan 21 01:01:44 host sshd[16735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.138.17.106 user=root
Jan 21 01:01:44 host sshd[16735]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:01:44 host sshd[16726]: Invalid user ubuntu from 43.138.17.106 port 41152
Jan 21 01:01:44 host sshd[16726]: input_userauth_request: invalid user ubuntu [preauth]
Jan 21 01:01:46 host sshd[16719]: Failed password for invalid user dockeradmin from 43.138.17.106 port 41128 ssh2
Jan 21 01:01:46 host sshd[16720]: Failed password for invalid user tester from 43.138.17.106 port 41092 ssh2
Jan 21 01:01:46 host sshd[16721]: Failed password for invalid user web from 43.138.17.106 port 41130 ssh2
Jan 21 01:01:46 host sshd[16723]: Failed password for invalid user oracle from 43.138.17.106 port 41106 ssh2
Jan 21 01:01:46 host sshd[16730]: Failed password for invalid user dockeradmin from 43.138.17.106 port 41104 ssh2
Jan 21 01:01:46 host sshd[16725]: Failed password for invalid user admin from 43.138.17.106 port 41100 ssh2
Jan 21 01:01:46 host sshd[16728]: Failed password for invalid user emqx from 43.138.17.106 port 41156 ssh2
Jan 21 01:01:46 host sshd[16734]: Failed password for invalid user oracle from 43.138.17.106 port 41140 ssh2
Jan 21 01:01:46 host sshd[16722]: Failed password for invalid user root from 43.138.17.106 port 41142 ssh2
Jan 21 01:01:46 host sshd[16729]: Failed password for invalid user root from 43.138.17.106 port 41138 ssh2
Jan 21 01:01:46 host sshd[16724]: Failed password for invalid user root from 43.138.17.106 port 41094 ssh2
Jan 21 01:01:46 host sshd[16727]: Failed password for invalid user root from 43.138.17.106 port 41144 ssh2
Jan 21 01:01:46 host sshd[16733]: Failed password for invalid user root from 43.138.17.106 port 41146 ssh2
Jan 21 01:01:46 host sshd[16738]: Failed password for invalid user root from 43.138.17.106 port 41120 ssh2
Jan 21 01:01:46 host sshd[16735]: Failed password for invalid user root from 43.138.17.106 port 41096 ssh2
Jan 21 01:01:52 host sshd[16821]: Invalid user admin from 45.55.43.92 port 58172
Jan 21 01:01:52 host sshd[16821]: input_userauth_request: invalid user admin [preauth]
Jan 21 01:01:53 host sshd[16821]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:01:53 host sshd[16821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.43.92
Jan 21 01:01:55 host sshd[16821]: Failed password for invalid user admin from 45.55.43.92 port 58172 ssh2
Jan 21 01:01:55 host sshd[16821]: Connection closed by 45.55.43.92 port 58172 [preauth]
Jan 21 01:08:01 host sshd[17571]: User root from 45.55.43.92 not allowed because not listed in AllowUsers
Jan 21 01:08:01 host sshd[17571]: input_userauth_request: invalid user root [preauth]
Jan 21 01:08:01 host unix_chkpwd[17584]: password check failed for user (root)
Jan 21 01:08:01 host sshd[17571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.43.92 user=root
Jan 21 01:08:01 host sshd[17571]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:08:04 host sshd[17571]: Failed password for invalid user root from 45.55.43.92 port 53604 ssh2
Jan 21 01:08:04 host sshd[17571]: Connection closed by 45.55.43.92 port 53604 [preauth]
Jan 21 01:16:04 host sshd[18573]: Did not receive identification string from 149.129.220.222 port 61000
Jan 21 01:16:57 host sshd[18663]: Invalid user hikvision from 173.19.61.250 port 34064
Jan 21 01:16:57 host sshd[18663]: input_userauth_request: invalid user hikvision [preauth]
Jan 21 01:16:57 host sshd[18663]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:16:57 host sshd[18663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.19.61.250
Jan 21 01:16:59 host sshd[18663]: Failed password for invalid user hikvision from 173.19.61.250 port 34064 ssh2
Jan 21 01:16:59 host sshd[18663]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:17:01 host sshd[18663]: Failed password for invalid user hikvision from 173.19.61.250 port 34064 ssh2
Jan 21 01:17:02 host sshd[18663]: Failed password for invalid user hikvision from 173.19.61.250 port 34064 ssh2
Jan 21 01:17:02 host sshd[18663]: Connection closed by 173.19.61.250 port 34064 [preauth]
Jan 21 01:17:02 host sshd[18663]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.19.61.250
Jan 21 01:17:36 host sshd[18738]: Invalid user support from 211.107.136.97 port 62111
Jan 21 01:17:36 host sshd[18738]: input_userauth_request: invalid user support [preauth]
Jan 21 01:17:36 host sshd[18738]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:17:36 host sshd[18738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.107.136.97
Jan 21 01:17:38 host sshd[18738]: Failed password for invalid user support from 211.107.136.97 port 62111 ssh2
Jan 21 01:17:39 host sshd[18738]: Connection reset by 211.107.136.97 port 62111 [preauth]
Jan 21 01:19:10 host sshd[18894]: Invalid user nginx from 123.241.250.118 port 38882
Jan 21 01:19:10 host sshd[18894]: input_userauth_request: invalid user nginx [preauth]
Jan 21 01:19:10 host sshd[18894]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:19:10 host sshd[18894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.241.250.118
Jan 21 01:19:12 host sshd[18894]: Failed password for invalid user nginx from 123.241.250.118 port 38882 ssh2
Jan 21 01:19:12 host sshd[18894]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:19:14 host sshd[18894]: Failed password for invalid user nginx from 123.241.250.118 port 38882 ssh2
Jan 21 01:19:14 host sshd[18894]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:19:16 host sshd[18894]: Failed password for invalid user nginx from 123.241.250.118 port 38882 ssh2
Jan 21 01:19:16 host sshd[18894]: Failed password for invalid user nginx from 123.241.250.118 port 38882 ssh2
Jan 21 01:19:16 host sshd[18894]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:19:18 host sshd[18894]: Failed password for invalid user nginx from 123.241.250.118 port 38882 ssh2
Jan 21 01:19:18 host sshd[18894]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:19:20 host sshd[18894]: Failed password for invalid user nginx from 123.241.250.118 port 38882 ssh2
Jan 21 01:19:20 host sshd[18894]: error: maximum authentication attempts exceeded for invalid user nginx from 123.241.250.118 port 38882 ssh2 [preauth]
Jan 21 01:19:20 host sshd[18894]: Disconnecting: Too many authentication failures [preauth]
Jan 21 01:19:20 host sshd[18894]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.241.250.118
Jan 21 01:19:20 host sshd[18894]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 21 01:19:49 host sshd[19090]: invalid public DH value: >= p-1 [preauth]
Jan 21 01:19:49 host sshd[19090]: ssh_dispatch_run_fatal: Connection from 124.11.82.91 port 55221: incomplete message [preauth]
Jan 21 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 01:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 01:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwnexidigital user-2=mrsclean user-3=gifterman user-4=palco123 user-5=kottayamcalldriv user-6=phmetals user-7=straightcurve user-8=wwwletsstalkfood user-9=bonifacegroup user-10=wwwevmhonda user-11=pmcresources user-12=vfmassets user-13=wwwtestugo user-14=shalinijames user-15=woodpeck user-16=wwwkapin user-17=remysagr user-18=disposeat user-19=wwwkmaorg user-20=wwwrmswll user-21=wwwresourcehunte user-22=keralaholi user-23=ugotscom user-24=travelboniface user-25=wwwpmcresource user-26=laundryboniface user-27=dartsimp user-28=a2zgroup user-29=wwwkaretakers user-30=cochintaxi feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 01:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-j2PyD0A5a9BezEoh.~
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-j2PyD0A5a9BezEoh.~'
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-j2PyD0A5a9BezEoh.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 01:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 01:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 01:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 01:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 01:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 01:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 01:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 01:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 01:24:06 host sshd[19792]: Invalid user weblogic from 209.141.55.27 port 50976
Jan 21 01:24:06 host sshd[19792]: input_userauth_request: invalid user weblogic [preauth]
Jan 21 01:24:06 host sshd[19792]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:24:06 host sshd[19792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.55.27
Jan 21 01:24:08 host sshd[19792]: Failed password for invalid user weblogic from 209.141.55.27 port 50976 ssh2
Jan 21 01:24:09 host sshd[19792]: Received disconnect from 209.141.55.27 port 50976:11: Normal Shutdown, Thank you for playing [preauth]
Jan 21 01:24:09 host sshd[19792]: Disconnected from 209.141.55.27 port 50976 [preauth]
Jan 21 01:31:38 host sshd[20897]: User root from 183.103.201.115 not allowed because not listed in AllowUsers
Jan 21 01:31:38 host sshd[20897]: input_userauth_request: invalid user root [preauth]
Jan 21 01:31:38 host unix_chkpwd[20902]: password check failed for user (root)
Jan 21 01:31:38 host sshd[20897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.103.201.115 user=root
Jan 21 01:31:38 host sshd[20897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:31:40 host sshd[20897]: Failed password for invalid user root from 183.103.201.115 port 47757 ssh2
Jan 21 01:31:41 host unix_chkpwd[20909]: password check failed for user (root)
Jan 21 01:31:41 host sshd[20897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:31:43 host sshd[20897]: Failed password for invalid user root from 183.103.201.115 port 47757 ssh2
Jan 21 01:31:44 host unix_chkpwd[20913]: password check failed for user (root)
Jan 21 01:31:44 host sshd[20897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:31:46 host sshd[20897]: Failed password for invalid user root from 183.103.201.115 port 47757 ssh2
Jan 21 01:31:47 host unix_chkpwd[20919]: password check failed for user (root)
Jan 21 01:31:47 host sshd[20897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:31:49 host sshd[20897]: Failed password for invalid user root from 183.103.201.115 port 47757 ssh2
Jan 21 01:31:50 host unix_chkpwd[20930]: password check failed for user (root)
Jan 21 01:31:50 host sshd[20897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:31:52 host sshd[20897]: Failed password for invalid user root from 183.103.201.115 port 47757 ssh2
Jan 21 01:35:08 host sshd[21367]: User root from 220.132.173.74 not allowed because not listed in AllowUsers
Jan 21 01:35:08 host sshd[21367]: input_userauth_request: invalid user root [preauth]
Jan 21 01:35:08 host unix_chkpwd[21371]: password check failed for user (root)
Jan 21 01:35:08 host sshd[21367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.173.74 user=root
Jan 21 01:35:08 host sshd[21367]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:35:09 host sshd[21367]: Failed password for invalid user root from 220.132.173.74 port 42339 ssh2
Jan 21 01:35:10 host unix_chkpwd[21385]: password check failed for user (root)
Jan 21 01:35:10 host sshd[21367]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:35:12 host sshd[21367]: Failed password for invalid user root from 220.132.173.74 port 42339 ssh2
Jan 21 01:35:13 host unix_chkpwd[21390]: password check failed for user (root)
Jan 21 01:35:13 host sshd[21367]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:35:14 host sshd[21367]: Failed password for invalid user root from 220.132.173.74 port 42339 ssh2
Jan 21 01:35:15 host sshd[21367]: Connection reset by 220.132.173.74 port 42339 [preauth]
Jan 21 01:35:15 host sshd[21367]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.132.173.74 user=root
Jan 21 01:36:10 host sshd[21640]: ssh_dispatch_run_fatal: Connection from 122.117.159.2 port 60129: bignum is negative [preauth]
Jan 21 01:42:00 host sshd[22607]: Bad protocol version identification 'GET / HTTP/1.1' from 157.245.96.51 port 38034
Jan 21 01:42:32 host sshd[22653]: Connection closed by 157.245.96.51 port 39136 [preauth]
Jan 21 01:45:17 host sshd[23239]: Did not receive identification string from 121.4.132.245 port 41880
Jan 21 01:45:19 host sshd[23243]: Invalid user testuser from 121.4.132.245 port 46184
Jan 21 01:45:19 host sshd[23243]: input_userauth_request: invalid user testuser [preauth]
Jan 21 01:45:19 host sshd[23249]: Invalid user admin from 121.4.132.245 port 46110
Jan 21 01:45:19 host sshd[23249]: input_userauth_request: invalid user admin [preauth]
Jan 21 01:45:19 host sshd[23246]: Invalid user pi from 121.4.132.245 port 46136
Jan 21 01:45:19 host sshd[23246]: input_userauth_request: invalid user pi [preauth]
Jan 21 01:45:19 host sshd[23245]: Invalid user test from 121.4.132.245 port 46126
Jan 21 01:45:19 host sshd[23245]: input_userauth_request: invalid user test [preauth]
Jan 21 01:45:19 host sshd[23247]: Invalid user ubnt from 121.4.132.245 port 46132
Jan 21 01:45:19 host sshd[23247]: input_userauth_request: invalid user ubnt [preauth]
Jan 21 01:45:19 host sshd[23251]: Invalid user admin from 121.4.132.245 port 46118
Jan 21 01:45:19 host sshd[23251]: input_userauth_request: invalid user admin [preauth]
Jan 21 01:45:19 host sshd[23250]: Invalid user oracle from 121.4.132.245 port 46138
Jan 21 01:45:19 host sshd[23250]: input_userauth_request: invalid user oracle [preauth]
Jan 21 01:45:19 host sshd[23254]: Invalid user ftpuser from 121.4.132.245 port 46186
Jan 21 01:45:19 host sshd[23254]: input_userauth_request: invalid user ftpuser [preauth]
Jan 21 01:45:19 host sshd[23256]: User root from 121.4.132.245 not allowed because not listed in AllowUsers
Jan 21 01:45:19 host sshd[23258]: Invalid user test from 121.4.132.245 port 46176
Jan 21 01:45:19 host sshd[23256]: input_userauth_request: invalid user root [preauth]
Jan 21 01:45:19 host sshd[23258]: input_userauth_request: invalid user test [preauth]
Jan 21 01:45:19 host sshd[23262]: Invalid user steam from 121.4.132.245 port 46160
Jan 21 01:45:19 host sshd[23262]: input_userauth_request: invalid user steam [preauth]
Jan 21 01:45:19 host sshd[23263]: Invalid user bot from 121.4.132.245 port 46182
Jan 21 01:45:19 host sshd[23263]: input_userauth_request: invalid user bot [preauth]
Jan 21 01:45:19 host sshd[23260]: Invalid user dev from 121.4.132.245 port 46142
Jan 21 01:45:19 host sshd[23260]: input_userauth_request: invalid user dev [preauth]
Jan 21 01:45:19 host sshd[23270]: User root from 121.4.132.245 not allowed because not listed in AllowUsers
Jan 21 01:45:19 host sshd[23270]: input_userauth_request: invalid user root [preauth]
Jan 21 01:45:20 host sshd[23243]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host sshd[23246]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host sshd[23241]: Invalid user git from 121.4.132.245 port 46108
Jan 21 01:45:20 host sshd[23241]: input_userauth_request: invalid user git [preauth]
Jan 21 01:45:20 host sshd[23250]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host sshd[23251]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host sshd[23262]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host sshd[23263]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host sshd[23260]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host unix_chkpwd[23303]: password check failed for user (root)
Jan 21 01:45:20 host sshd[23270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245 user=root
Jan 21 01:45:20 host sshd[23270]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:45:20 host sshd[23244]: Invalid user ec2-user from 121.4.132.245 port 46144
Jan 21 01:45:20 host sshd[23244]: input_userauth_request: invalid user ec2-user [preauth]
Jan 21 01:45:20 host sshd[23248]: Invalid user vagrant from 121.4.132.245 port 46180
Jan 21 01:45:20 host sshd[23248]: input_userauth_request: invalid user vagrant [preauth]
Jan 21 01:45:20 host sshd[23261]: Invalid user teamspeak from 121.4.132.245 port 46154
Jan 21 01:45:20 host sshd[23261]: input_userauth_request: invalid user teamspeak [preauth]
Jan 21 01:45:20 host sshd[23264]: Invalid user admin from 121.4.132.245 port 46146
Jan 21 01:45:20 host sshd[23264]: input_userauth_request: invalid user admin [preauth]
Jan 21 01:45:20 host sshd[23289]: Invalid user guest from 121.4.132.245 port 46124
Jan 21 01:45:20 host sshd[23289]: input_userauth_request: invalid user guest [preauth]
Jan 21 01:45:20 host sshd[23241]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host sshd[23244]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host sshd[23257]: Invalid user vagrant from 121.4.132.245 port 46158
Jan 21 01:45:20 host sshd[23257]: input_userauth_request: invalid user vagrant [preauth]
Jan 21 01:45:20 host sshd[23248]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host sshd[23265]: User root from 121.4.132.245 not allowed because not listed in AllowUsers
Jan 21 01:45:20 host sshd[23265]: input_userauth_request: invalid user root [preauth]
Jan 21 01:45:20 host sshd[23261]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host sshd[23269]: User root from 121.4.132.245 not allowed because not listed in AllowUsers
Jan 21 01:45:20 host sshd[23269]: input_userauth_request: invalid user root [preauth]
Jan 21 01:45:20 host sshd[23266]: Invalid user steam from 121.4.132.245 port 46148
Jan 21 01:45:20 host sshd[23266]: input_userauth_request: invalid user steam [preauth]
Jan 21 01:45:20 host sshd[23264]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host sshd[23289]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host sshd[23249]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host sshd[23245]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:20 host sshd[23247]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:20 host sshd[23247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:21 host sshd[23258]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:21 host sshd[23258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:21 host sshd[23254]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:21 host sshd[23254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:21 host unix_chkpwd[23314]: password check failed for user (root)
Jan 21 01:45:21 host sshd[23256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245 user=root
Jan 21 01:45:21 host sshd[23256]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:45:21 host sshd[23257]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:21 host sshd[23257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:21 host unix_chkpwd[23317]: password check failed for user (root)
Jan 21 01:45:21 host sshd[23265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245 user=root
Jan 21 01:45:21 host sshd[23265]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:45:21 host sshd[23281]: Invalid user ubuntu from 121.4.132.245 port 46140
Jan 21 01:45:21 host sshd[23281]: input_userauth_request: invalid user ubuntu [preauth]
Jan 21 01:45:21 host unix_chkpwd[23318]: password check failed for user (root)
Jan 21 01:45:21 host sshd[23269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245 user=root
Jan 21 01:45:21 host sshd[23269]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:45:21 host sshd[23281]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 01:45:21 host sshd[23281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.4.132.245
Jan 21 01:45:21 host sshd[23243]: Failed password for invalid user testuser from 121.4.132.245 port 46184 ssh2
Jan 21 01:45:21 host sshd[23246]: Failed password for invalid user pi from 121.4.132.245 port 46136 ssh2
Jan 21 01:45:21 host sshd[23251]: Failed password for invalid user admin from 121.4.132.245 port 46118 ssh2
Jan 21 01:45:21 host sshd[23250]: Failed password for invalid user oracle from 121.4.132.245 port 46138 ssh2
Jan 21 01:45:21 host sshd[23262]: Failed password for invalid user steam from 121.4.132.245 port 46160 ssh2
Jan 21 01:45:21 host sshd[23263]: Failed password for invalid user bot from 121.4.132.245 port 46182 ssh2
Jan 21 01:45:21 host sshd[23260]: Failed password for invalid user dev from 121.4.132.245 port 46142 ssh2
Jan 21 01:45:22 host sshd[23270]: Failed password for invalid user root from 121.4.132.245 port 46168 ssh2
Jan 21 01:45:22 host sshd[23241]: Failed password for invalid user git from 121.4.132.245 port 46108 ssh2
Jan 21 01:45:22 host sshd[23244]: Failed password for invalid user ec2-user from 121.4.132.245 port 46144 ssh2
Jan 21 01:45:22 host sshd[23248]: Failed password for invalid user vagrant from 121.4.132.245 port 46180 ssh2
Jan 21 01:45:22 host sshd[23261]: Failed password for invalid user teamspeak from 121.4.132.245 port 46154 ssh2
Jan 21 01:45:22 host sshd[23264]: Failed password for invalid user admin from 121.4.132.245 port 46146 ssh2
Jan 21 01:45:22 host sshd[23289]: Failed password for invalid user guest from 121.4.132.245 port 46124 ssh2
Jan 21 01:45:22 host sshd[23249]: Failed password for invalid user admin from 121.4.132.245 port 46110 ssh2
Jan 21 01:45:22 host sshd[23245]: Failed password for invalid user test from 121.4.132.245 port 46126 ssh2
Jan 21 01:45:22 host sshd[23247]: Failed password for invalid user ubnt from 121.4.132.245 port 46132 ssh2
Jan 21 01:45:23 host sshd[23258]: Failed password for invalid user test from 121.4.132.245 port 46176 ssh2
Jan 21 01:45:23 host sshd[23254]: Failed password for invalid user ftpuser from 121.4.132.245 port 46186 ssh2
Jan 21 01:45:23 host sshd[23256]: Failed password for invalid user root from 121.4.132.245 port 46170 ssh2
Jan 21 01:45:23 host sshd[23257]: Failed password for invalid user vagrant from 121.4.132.245 port 46158 ssh2
Jan 21 01:45:23 host sshd[23265]: Failed password for invalid user root from 121.4.132.245 port 46164 ssh2
Jan 21 01:45:23 host sshd[23269]: Failed password for invalid user root from 121.4.132.245 port 46120 ssh2
Jan 21 01:45:23 host sshd[23281]: Failed password for invalid user ubuntu from 121.4.132.245 port 46140 ssh2
Jan 21 01:55:53 host sshd[24934]: User root from 175.194.174.75 not allowed because not listed in AllowUsers
Jan 21 01:55:53 host sshd[24934]: input_userauth_request: invalid user root [preauth]
Jan 21 01:55:53 host unix_chkpwd[24938]: password check failed for user (root)
Jan 21 01:55:53 host sshd[24934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.194.174.75 user=root
Jan 21 01:55:53 host sshd[24934]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:55:55 host sshd[24934]: Failed password for invalid user root from 175.194.174.75 port 61613 ssh2
Jan 21 01:55:56 host unix_chkpwd[24942]: password check failed for user (root)
Jan 21 01:55:56 host sshd[24934]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 01:55:58 host sshd[24934]: Failed password for invalid user root from 175.194.174.75 port 61613 ssh2
Jan 21 01:55:59 host sshd[24934]: Connection reset by 175.194.174.75 port 61613 [preauth]
Jan 21 01:55:59 host sshd[24934]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.194.174.75 user=root
Jan 21 02:05:06 host sshd[26216]: User root from 114.33.16.186 not allowed because not listed in AllowUsers
Jan 21 02:05:06 host sshd[26216]: input_userauth_request: invalid user root [preauth]
Jan 21 02:05:06 host unix_chkpwd[26220]: password check failed for user (root)
Jan 21 02:05:06 host sshd[26216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.16.186 user=root
Jan 21 02:05:06 host sshd[26216]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:05:08 host sshd[26216]: Failed password for invalid user root from 114.33.16.186 port 44025 ssh2
Jan 21 02:05:09 host unix_chkpwd[26223]: password check failed for user (root)
Jan 21 02:05:09 host sshd[26216]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:05:11 host sshd[26216]: Failed password for invalid user root from 114.33.16.186 port 44025 ssh2
Jan 21 02:05:12 host unix_chkpwd[26298]: password check failed for user (root)
Jan 21 02:05:12 host sshd[26216]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:05:14 host sshd[26216]: Failed password for invalid user root from 114.33.16.186 port 44025 ssh2
Jan 21 02:05:14 host unix_chkpwd[26314]: password check failed for user (root)
Jan 21 02:05:14 host sshd[26216]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:05:16 host sshd[26216]: Failed password for invalid user root from 114.33.16.186 port 44025 ssh2
Jan 21 02:07:23 host sshd[26583]: Connection reset by 91.92.127.190 port 49822 [preauth]
Jan 21 02:08:24 host sshd[26713]: ssh_dispatch_run_fatal: Connection from 50.250.34.202 port 52789: bignum is negative [preauth]
Jan 21 02:09:18 host sshd[26817]: Connection reset by 121.146.70.126 port 59310 [preauth]
Jan 21 02:14:43 host sshd[27731]: User root from 195.226.194.142 not allowed because not listed in AllowUsers
Jan 21 02:14:43 host sshd[27731]: input_userauth_request: invalid user root [preauth]
Jan 21 02:14:44 host unix_chkpwd[27734]: password check failed for user (root)
Jan 21 02:14:44 host sshd[27731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142 user=root
Jan 21 02:14:44 host sshd[27731]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:14:45 host sshd[27731]: Failed password for invalid user root from 195.226.194.142 port 43526 ssh2
Jan 21 02:14:45 host sshd[27731]: Received disconnect from 195.226.194.142 port 43526:11: Bye Bye [preauth]
Jan 21 02:14:45 host sshd[27731]: Disconnected from 195.226.194.142 port 43526 [preauth]
Jan 21 02:17:29 host sshd[28184]: Did not receive identification string from 51.15.3.135 port 49686
Jan 21 02:17:29 host sshd[28187]: Invalid user admin from 51.15.3.135 port 51170
Jan 21 02:17:29 host sshd[28187]: input_userauth_request: invalid user admin [preauth]
Jan 21 02:17:29 host sshd[28188]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:29 host sshd[28188]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:29 host sshd[28195]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:29 host sshd[28195]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:29 host sshd[28189]: Invalid user admin from 51.15.3.135 port 51156
Jan 21 02:17:29 host sshd[28189]: input_userauth_request: invalid user admin [preauth]
Jan 21 02:17:29 host sshd[28186]: Invalid user www from 51.15.3.135 port 50992
Jan 21 02:17:29 host sshd[28186]: input_userauth_request: invalid user www [preauth]
Jan 21 02:17:29 host sshd[28191]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:29 host sshd[28191]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:29 host sshd[28194]: Invalid user pi from 51.15.3.135 port 51224
Jan 21 02:17:29 host sshd[28194]: input_userauth_request: invalid user pi [preauth]
Jan 21 02:17:29 host sshd[28190]: Invalid user student from 51.15.3.135 port 51086
Jan 21 02:17:29 host sshd[28190]: input_userauth_request: invalid user student [preauth]
Jan 21 02:17:29 host sshd[28192]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:29 host sshd[28192]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:29 host sshd[28197]: Invalid user guest from 51.15.3.135 port 51116
Jan 21 02:17:29 host sshd[28197]: input_userauth_request: invalid user guest [preauth]
Jan 21 02:17:29 host sshd[28199]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:29 host sshd[28199]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:29 host sshd[28198]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:29 host sshd[28198]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:29 host sshd[28200]: Invalid user admin from 51.15.3.135 port 51142
Jan 21 02:17:29 host sshd[28200]: input_userauth_request: invalid user admin [preauth]
Jan 21 02:17:29 host sshd[28204]: Invalid user git from 51.15.3.135 port 51250
Jan 21 02:17:29 host sshd[28196]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:29 host sshd[28204]: input_userauth_request: invalid user git [preauth]
Jan 21 02:17:29 host sshd[28196]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:29 host sshd[28206]: Invalid user teamspeak from 51.15.3.135 port 51210
Jan 21 02:17:29 host sshd[28207]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:29 host sshd[28206]: input_userauth_request: invalid user teamspeak [preauth]
Jan 21 02:17:29 host sshd[28207]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:29 host sshd[28202]: Invalid user oracle from 51.15.3.135 port 51220
Jan 21 02:17:29 host sshd[28202]: input_userauth_request: invalid user oracle [preauth]
Jan 21 02:17:29 host sshd[28203]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:29 host sshd[28193]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:29 host sshd[28193]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:29 host sshd[28203]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:29 host sshd[28201]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:29 host sshd[28201]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:29 host sshd[28209]: Invalid user admin from 51.15.3.135 port 51262
Jan 21 02:17:29 host sshd[28209]: input_userauth_request: invalid user admin [preauth]
Jan 21 02:17:29 host sshd[28208]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:29 host sshd[28208]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:29 host sshd[28205]: Invalid user student from 51.15.3.135 port 51076
Jan 21 02:17:29 host sshd[28205]: input_userauth_request: invalid user student [preauth]
Jan 21 02:17:29 host sshd[28216]: Invalid user devops from 51.15.3.135 port 51206
Jan 21 02:17:29 host sshd[28216]: input_userauth_request: invalid user devops [preauth]
Jan 21 02:17:29 host sshd[28213]: Invalid user www from 51.15.3.135 port 51148
Jan 21 02:17:29 host sshd[28213]: input_userauth_request: invalid user www [preauth]
Jan 21 02:17:29 host sshd[28210]: Invalid user ubnt from 51.15.3.135 port 51106
Jan 21 02:17:29 host sshd[28210]: input_userauth_request: invalid user ubnt [preauth]
Jan 21 02:17:29 host sshd[28217]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:29 host sshd[28217]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:29 host sshd[28218]: Invalid user hadoop from 51.15.3.135 port 51244
Jan 21 02:17:29 host sshd[28218]: input_userauth_request: invalid user hadoop [preauth]
Jan 21 02:17:29 host sshd[28187]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host sshd[28189]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host sshd[28186]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host sshd[28194]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host unix_chkpwd[28244]: password check failed for user (root)
Jan 21 02:17:30 host sshd[28188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:30 host sshd[28188]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:30 host unix_chkpwd[28245]: password check failed for user (root)
Jan 21 02:17:30 host sshd[28195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:30 host sshd[28195]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:30 host unix_chkpwd[28246]: password check failed for user (root)
Jan 21 02:17:30 host sshd[28191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:30 host sshd[28191]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:30 host sshd[28190]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host sshd[28197]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host unix_chkpwd[28247]: password check failed for user (root)
Jan 21 02:17:30 host sshd[28192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:30 host sshd[28192]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:30 host sshd[28200]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host sshd[28204]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host sshd[28206]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host sshd[28202]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host unix_chkpwd[28250]: password check failed for user (root)
Jan 21 02:17:30 host unix_chkpwd[28248]: password check failed for user (root)
Jan 21 02:17:30 host sshd[28196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:30 host sshd[28196]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:30 host sshd[28199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:30 host sshd[28199]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:30 host sshd[28209]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host unix_chkpwd[28249]: password check failed for user (root)
Jan 21 02:17:30 host sshd[28198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:30 host sshd[28198]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:30 host unix_chkpwd[28251]: password check failed for user (root)
Jan 21 02:17:30 host sshd[28201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:30 host sshd[28201]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:30 host sshd[28205]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host unix_chkpwd[28253]: password check failed for user (root)
Jan 21 02:17:30 host sshd[28207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:30 host sshd[28207]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:30 host unix_chkpwd[28252]: password check failed for user (root)
Jan 21 02:17:30 host sshd[28203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:30 host sshd[28203]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:30 host unix_chkpwd[28255]: password check failed for user (root)
Jan 21 02:17:30 host sshd[28208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:30 host sshd[28208]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:30 host sshd[28216]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host sshd[28213]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host unix_chkpwd[28254]: password check failed for user (root)
Jan 21 02:17:30 host sshd[28193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:30 host sshd[28193]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:30 host sshd[28218]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host sshd[28210]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:30 host sshd[28210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:30 host unix_chkpwd[28256]: password check failed for user (root)
Jan 21 02:17:30 host sshd[28217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:30 host sshd[28217]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:30 host sshd[28258]: Invalid user admin from 51.15.3.135 port 51138
Jan 21 02:17:30 host sshd[28258]: input_userauth_request: invalid user admin [preauth]
Jan 21 02:17:30 host sshd[28257]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:30 host sshd[28257]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:30 host sshd[28259]: User root from 51.15.3.135 not allowed because not listed in AllowUsers
Jan 21 02:17:30 host sshd[28259]: input_userauth_request: invalid user root [preauth]
Jan 21 02:17:31 host sshd[28258]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:17:31 host sshd[28258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135
Jan 21 02:17:31 host unix_chkpwd[28264]: password check failed for user (root)
Jan 21 02:17:31 host sshd[28257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:31 host sshd[28257]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:31 host unix_chkpwd[28265]: password check failed for user (root)
Jan 21 02:17:31 host sshd[28259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.3.135 user=root
Jan 21 02:17:31 host sshd[28259]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:17:31 host sshd[28189]: Failed password for invalid user admin from 51.15.3.135 port 51156 ssh2
Jan 21 02:17:31 host sshd[28186]: Failed password for invalid user www from 51.15.3.135 port 50992 ssh2
Jan 21 02:17:31 host sshd[28194]: Failed password for invalid user pi from 51.15.3.135 port 51224 ssh2
Jan 21 02:17:31 host sshd[28195]: Failed password for invalid user root from 51.15.3.135 port 51216 ssh2
Jan 21 02:17:31 host sshd[28191]: Failed password for invalid user root from 51.15.3.135 port 51178 ssh2
Jan 21 02:17:31 host sshd[28190]: Failed password for invalid user student from 51.15.3.135 port 51086 ssh2
Jan 21 02:17:31 host sshd[28197]: Failed password for invalid user guest from 51.15.3.135 port 51116 ssh2
Jan 21 02:17:31 host sshd[28192]: Failed password for invalid user root from 51.15.3.135 port 51226 ssh2
Jan 21 02:17:31 host sshd[28200]: Failed password for invalid user admin from 51.15.3.135 port 51142 ssh2
Jan 21 02:17:31 host sshd[28204]: Failed password for invalid user git from 51.15.3.135 port 51250 ssh2
Jan 21 02:17:31 host sshd[28206]: Failed password for invalid user teamspeak from 51.15.3.135 port 51210 ssh2
Jan 21 02:17:31 host sshd[28202]: Failed password for invalid user oracle from 51.15.3.135 port 51220 ssh2
Jan 21 02:17:31 host sshd[28196]: Failed password for invalid user root from 51.15.3.135 port 51132 ssh2
Jan 21 02:17:31 host sshd[28199]: Failed password for invalid user root from 51.15.3.135 port 51122 ssh2
Jan 21 02:17:31 host sshd[28209]: Failed password for invalid user admin from 51.15.3.135 port 51262 ssh2
Jan 21 02:17:31 host sshd[28198]: Failed password for invalid user root from 51.15.3.135 port 51096 ssh2
Jan 21 02:17:31 host sshd[28201]: Failed password for invalid user root from 51.15.3.135 port 51214 ssh2
Jan 21 02:17:31 host sshd[28205]: Failed password for invalid user student from 51.15.3.135 port 51076 ssh2
Jan 21 02:17:31 host sshd[28207]: Failed password for invalid user root from 51.15.3.135 port 51208 ssh2
Jan 21 02:17:31 host sshd[28203]: Failed password for invalid user root from 51.15.3.135 port 51102 ssh2
Jan 21 02:17:31 host sshd[28208]: Failed password for invalid user root from 51.15.3.135 port 51260 ssh2
Jan 21 02:17:31 host sshd[28216]: Failed password for invalid user devops from 51.15.3.135 port 51206 ssh2
Jan 21 02:17:31 host sshd[28213]: Failed password for invalid user www from 51.15.3.135 port 51148 ssh2
Jan 21 02:17:31 host sshd[28193]: Failed password for invalid user root from 51.15.3.135 port 51110 ssh2
Jan 21 02:17:31 host sshd[28189]: Connection closed by 51.15.3.135 port 51156 [preauth]
Jan 21 02:17:31 host sshd[28218]: Failed password for invalid user hadoop from 51.15.3.135 port 51244 ssh2
Jan 21 02:17:31 host sshd[28186]: Connection closed by 51.15.3.135 port 50992 [preauth]
Jan 21 02:17:31 host sshd[28194]: Connection closed by 51.15.3.135 port 51224 [preauth]
Jan 21 02:17:31 host sshd[28195]: Connection closed by 51.15.3.135 port 51216 [preauth]
Jan 21 02:17:31 host sshd[28210]: Failed password for invalid user ubnt from 51.15.3.135 port 51106 ssh2
Jan 21 02:17:31 host sshd[28191]: Connection closed by 51.15.3.135 port 51178 [preauth]
Jan 21 02:17:31 host sshd[28190]: Connection closed by 51.15.3.135 port 51086 [preauth]
Jan 21 02:17:31 host sshd[28197]: Connection closed by 51.15.3.135 port 51116 [preauth]
Jan 21 02:17:31 host sshd[28217]: Failed password for invalid user root from 51.15.3.135 port 51166 ssh2
Jan 21 02:17:31 host sshd[28192]: Connection closed by 51.15.3.135 port 51226 [preauth]
Jan 21 02:17:31 host sshd[28204]: Connection closed by 51.15.3.135 port 51250 [preauth]
Jan 21 02:17:31 host sshd[28200]: Connection closed by 51.15.3.135 port 51142 [preauth]
Jan 21 02:17:31 host sshd[28206]: Connection closed by 51.15.3.135 port 51210 [preauth]
Jan 21 02:17:31 host sshd[28202]: Connection closed by 51.15.3.135 port 51220 [preauth]
Jan 21 02:17:31 host sshd[28199]: Connection closed by 51.15.3.135 port 51122 [preauth]
Jan 21 02:17:31 host sshd[28196]: Connection closed by 51.15.3.135 port 51132 [preauth]
Jan 21 02:17:31 host sshd[28198]: Connection closed by 51.15.3.135 port 51096 [preauth]
Jan 21 02:17:31 host sshd[28209]: Connection closed by 51.15.3.135 port 51262 [preauth]
Jan 21 02:17:31 host sshd[28201]: Connection closed by 51.15.3.135 port 51214 [preauth]
Jan 21 02:17:31 host sshd[28205]: Connection closed by 51.15.3.135 port 51076 [preauth]
Jan 21 02:17:31 host sshd[28207]: Connection closed by 51.15.3.135 port 51208 [preauth]
Jan 21 02:17:31 host sshd[28208]: Connection closed by 51.15.3.135 port 51260 [preauth]
Jan 21 02:17:31 host sshd[28203]: Connection closed by 51.15.3.135 port 51102 [preauth]
Jan 21 02:17:31 host sshd[28216]: Connection closed by 51.15.3.135 port 51206 [preauth]
Jan 21 02:17:31 host sshd[28193]: Connection closed by 51.15.3.135 port 51110 [preauth]
Jan 21 02:17:32 host sshd[28213]: Connection closed by 51.15.3.135 port 51148 [preauth]
Jan 21 02:17:32 host sshd[28218]: Connection closed by 51.15.3.135 port 51244 [preauth]
Jan 21 02:17:32 host sshd[28210]: Connection closed by 51.15.3.135 port 51106 [preauth]
Jan 21 02:17:32 host sshd[28217]: Connection closed by 51.15.3.135 port 51166 [preauth]
Jan 21 02:17:32 host sshd[28187]: Failed password for invalid user admin from 51.15.3.135 port 51170 ssh2
Jan 21 02:17:32 host sshd[28188]: Failed password for invalid user root from 51.15.3.135 port 51128 ssh2
Jan 21 02:17:33 host sshd[28258]: Failed password for invalid user admin from 51.15.3.135 port 51138 ssh2
Jan 21 02:17:33 host sshd[28257]: Failed password for invalid user root from 51.15.3.135 port 51162 ssh2
Jan 21 02:17:33 host sshd[28259]: Failed password for invalid user root from 51.15.3.135 port 51080 ssh2
Jan 21 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=cochintaxi user-2=wwwkaretakers user-3=a2zgroup user-4=dartsimp user-5=laundryboniface user-6=wwwpmcresource user-7=travelboniface user-8=ugotscom user-9=keralaholi user-10=wwwresourcehunte user-11=wwwrmswll user-12=disposeat user-13=remysagr user-14=wwwkmaorg user-15=wwwkapin user-16=woodpeck user-17=shalinijames user-18=wwwtestugo user-19=vfmassets user-20=pmcresources user-21=wwwevmhonda user-22=bonifacegroup user-23=wwwletsstalkfood user-24=straightcurve user-25=phmetals user-26=kottayamcalldriv user-27=palco123 user-28=gifterman user-29=wwwnexidigital user-30=mrsclean feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 02:21:04 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-fPdHXYUUOEwBeTwf.~
Jan 21 02:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-fPdHXYUUOEwBeTwf.~'
Jan 21 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-fPdHXYUUOEwBeTwf.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 02:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 02:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 02:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 02:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 02:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 02:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 02:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 02:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 02:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:24:33 host sshd[29448]: User root from 42.200.237.165 not allowed because not listed in AllowUsers
Jan 21 02:24:33 host sshd[29448]: input_userauth_request: invalid user root [preauth]
Jan 21 02:24:33 host unix_chkpwd[29451]: password check failed for user (root)
Jan 21 02:24:33 host sshd[29448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.200.237.165 user=root
Jan 21 02:24:33 host sshd[29448]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:24:36 host sshd[29448]: Failed password for invalid user root from 42.200.237.165 port 45779 ssh2
Jan 21 02:24:36 host sshd[29448]: Connection reset by 42.200.237.165 port 45779 [preauth]
Jan 21 02:28:55 host sshd[30068]: Did not receive identification string from 82.157.194.152 port 41532
Jan 21 02:28:57 host sshd[30070]: User root from 82.157.194.152 not allowed because not listed in AllowUsers
Jan 21 02:28:57 host sshd[30071]: Invalid user steam from 82.157.194.152 port 43810
Jan 21 02:28:57 host sshd[30070]: input_userauth_request: invalid user root [preauth]
Jan 21 02:28:57 host sshd[30071]: input_userauth_request: invalid user steam [preauth]
Jan 21 02:28:57 host sshd[30072]: Invalid user postgres from 82.157.194.152 port 43850
Jan 21 02:28:57 host sshd[30072]: input_userauth_request: invalid user postgres [preauth]
Jan 21 02:28:57 host sshd[30073]: Invalid user admin from 82.157.194.152 port 43858
Jan 21 02:28:57 host sshd[30073]: input_userauth_request: invalid user admin [preauth]
Jan 21 02:28:57 host sshd[30069]: Invalid user postgres from 82.157.194.152 port 43808
Jan 21 02:28:57 host sshd[30069]: input_userauth_request: invalid user postgres [preauth]
Jan 21 02:28:57 host sshd[30081]: User mysql from 82.157.194.152 not allowed because not listed in AllowUsers
Jan 21 02:28:57 host sshd[30074]: Invalid user vagrant from 82.157.194.152 port 43800
Jan 21 02:28:57 host sshd[30081]: input_userauth_request: invalid user mysql [preauth]
Jan 21 02:28:57 host sshd[30074]: input_userauth_request: invalid user vagrant [preauth]
Jan 21 02:28:57 host sshd[30079]: Invalid user oracle from 82.157.194.152 port 43826
Jan 21 02:28:57 host sshd[30079]: input_userauth_request: invalid user oracle [preauth]
Jan 21 02:28:57 host sshd[30077]: Invalid user admin from 82.157.194.152 port 43796
Jan 21 02:28:57 host sshd[30077]: input_userauth_request: invalid user admin [preauth]
Jan 21 02:28:57 host sshd[30082]: Invalid user zjw from 82.157.194.152 port 43816
Jan 21 02:28:57 host sshd[30082]: input_userauth_request: invalid user zjw [preauth]
Jan 21 02:28:57 host sshd[30076]: Invalid user postgres from 82.157.194.152 port 43794
Jan 21 02:28:57 host sshd[30076]: input_userauth_request: invalid user postgres [preauth]
Jan 21 02:28:57 host sshd[30087]: User root from 82.157.194.152 not allowed because not listed in AllowUsers
Jan 21 02:28:57 host sshd[30087]: input_userauth_request: invalid user root [preauth]
Jan 21 02:28:57 host sshd[30083]: User root from 82.157.194.152 not allowed because not listed in AllowUsers
Jan 21 02:28:57 host sshd[30083]: input_userauth_request: invalid user root [preauth]
Jan 21 02:28:57 host sshd[30089]: Invalid user bot from 82.157.194.152 port 43866
Jan 21 02:28:57 host sshd[30089]: input_userauth_request: invalid user bot [preauth]
Jan 21 02:28:57 host sshd[30088]: User root from 82.157.194.152 not allowed because not listed in AllowUsers
Jan 21 02:28:57 host sshd[30088]: input_userauth_request: invalid user root [preauth]
Jan 21 02:28:57 host sshd[30091]: Invalid user steam from 82.157.194.152 port 43842
Jan 21 02:28:57 host sshd[30091]: input_userauth_request: invalid user steam [preauth]
Jan 21 02:28:57 host sshd[30094]: Invalid user dmdba from 82.157.194.152 port 43864
Jan 21 02:28:57 host sshd[30094]: input_userauth_request: invalid user dmdba [preauth]
Jan 21 02:28:57 host sshd[30096]: Invalid user postgres from 82.157.194.152 port 43862
Jan 21 02:28:57 host sshd[30096]: input_userauth_request: invalid user postgres [preauth]
Jan 21 02:28:57 host sshd[30095]: Invalid user student from 82.157.194.152 port 43836
Jan 21 02:28:57 host sshd[30095]: input_userauth_request: invalid user student [preauth]
Jan 21 02:28:57 host sshd[30097]: Invalid user ubuntu from 82.157.194.152 port 43830
Jan 21 02:28:57 host sshd[30097]: input_userauth_request: invalid user ubuntu [preauth]
Jan 21 02:28:57 host sshd[30098]: Invalid user admin from 82.157.194.152 port 43838
Jan 21 02:28:57 host sshd[30098]: input_userauth_request: invalid user admin [preauth]
Jan 21 02:28:57 host sshd[30100]: Invalid user pi from 82.157.194.152 port 43792
Jan 21 02:28:57 host sshd[30100]: input_userauth_request: invalid user pi [preauth]
Jan 21 02:28:57 host sshd[30071]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:57 host sshd[30069]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:57 host unix_chkpwd[30123]: password check failed for user (root)
Jan 21 02:28:57 host sshd[30070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152 user=root
Jan 21 02:28:57 host sshd[30070]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:28:57 host sshd[30074]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:57 host sshd[30079]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:57 host sshd[30077]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:57 host unix_chkpwd[30124]: password check failed for user (mysql)
Jan 21 02:28:57 host sshd[30081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152 user=mysql
Jan 21 02:28:57 host sshd[30081]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 21 02:28:57 host sshd[30082]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:57 host sshd[30076]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:57 host sshd[30089]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:57 host unix_chkpwd[30125]: password check failed for user (root)
Jan 21 02:28:57 host sshd[30087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152 user=root
Jan 21 02:28:57 host sshd[30087]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:28:57 host unix_chkpwd[30126]: password check failed for user (root)
Jan 21 02:28:57 host sshd[30083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152 user=root
Jan 21 02:28:57 host sshd[30083]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:28:57 host sshd[30091]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:57 host unix_chkpwd[30127]: password check failed for user (root)
Jan 21 02:28:57 host sshd[30088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152 user=root
Jan 21 02:28:57 host sshd[30088]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:28:57 host sshd[30094]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:57 host sshd[30096]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:57 host sshd[30095]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:57 host sshd[30097]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:57 host sshd[30098]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:57 host sshd[30100]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:57 host sshd[30100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:58 host sshd[30086]: Invalid user postgres from 82.157.194.152 port 43804
Jan 21 02:28:58 host sshd[30086]: input_userauth_request: invalid user postgres [preauth]
Jan 21 02:28:58 host sshd[30078]: Invalid user oracle from 82.157.194.152 port 43832
Jan 21 02:28:58 host sshd[30078]: input_userauth_request: invalid user oracle [preauth]
Jan 21 02:28:58 host sshd[30080]: Invalid user ubnt from 82.157.194.152 port 43806
Jan 21 02:28:58 host sshd[30080]: input_userauth_request: invalid user ubnt [preauth]
Jan 21 02:28:58 host sshd[30090]: Invalid user halo from 82.157.194.152 port 43868
Jan 21 02:28:58 host sshd[30090]: input_userauth_request: invalid user halo [preauth]
Jan 21 02:28:58 host sshd[30072]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:58 host sshd[30072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:58 host sshd[30073]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:58 host sshd[30073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:58 host sshd[30086]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:58 host sshd[30086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:58 host sshd[30090]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:58 host sshd[30090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:58 host sshd[30080]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:28:58 host sshd[30080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:28:59 host sshd[30071]: Failed password for invalid user steam from 82.157.194.152 port 43810 ssh2
Jan 21 02:28:59 host sshd[30069]: Failed password for invalid user postgres from 82.157.194.152 port 43808 ssh2
Jan 21 02:28:59 host sshd[30070]: Failed password for invalid user root from 82.157.194.152 port 43848 ssh2
Jan 21 02:28:59 host sshd[30074]: Failed password for invalid user vagrant from 82.157.194.152 port 43800 ssh2
Jan 21 02:28:59 host sshd[30079]: Failed password for invalid user oracle from 82.157.194.152 port 43826 ssh2
Jan 21 02:28:59 host sshd[30077]: Failed password for invalid user admin from 82.157.194.152 port 43796 ssh2
Jan 21 02:28:59 host sshd[30081]: Failed password for invalid user mysql from 82.157.194.152 port 43860 ssh2
Jan 21 02:28:59 host sshd[30082]: Failed password for invalid user zjw from 82.157.194.152 port 43816 ssh2
Jan 21 02:28:59 host sshd[30076]: Failed password for invalid user postgres from 82.157.194.152 port 43794 ssh2
Jan 21 02:28:59 host sshd[30089]: Failed password for invalid user bot from 82.157.194.152 port 43866 ssh2
Jan 21 02:28:59 host sshd[30087]: Failed password for invalid user root from 82.157.194.152 port 43854 ssh2
Jan 21 02:28:59 host sshd[30083]: Failed password for invalid user root from 82.157.194.152 port 43820 ssh2
Jan 21 02:28:59 host sshd[30091]: Failed password for invalid user steam from 82.157.194.152 port 43842 ssh2
Jan 21 02:28:59 host sshd[30088]: Failed password for invalid user root from 82.157.194.152 port 43818 ssh2
Jan 21 02:28:59 host sshd[30094]: Failed password for invalid user dmdba from 82.157.194.152 port 43864 ssh2
Jan 21 02:28:59 host sshd[30096]: Failed password for invalid user postgres from 82.157.194.152 port 43862 ssh2
Jan 21 02:28:59 host sshd[30095]: Failed password for invalid user student from 82.157.194.152 port 43836 ssh2
Jan 21 02:28:59 host sshd[30097]: Failed password for invalid user ubuntu from 82.157.194.152 port 43830 ssh2
Jan 21 02:28:59 host sshd[30098]: Failed password for invalid user admin from 82.157.194.152 port 43838 ssh2
Jan 21 02:28:59 host sshd[30100]: Failed password for invalid user pi from 82.157.194.152 port 43792 ssh2
Jan 21 02:28:59 host sshd[30071]: Connection closed by 82.157.194.152 port 43810 [preauth]
Jan 21 02:29:00 host sshd[30069]: Connection closed by 82.157.194.152 port 43808 [preauth]
Jan 21 02:29:00 host sshd[30070]: Connection closed by 82.157.194.152 port 43848 [preauth]
Jan 21 02:29:00 host sshd[30074]: Connection closed by 82.157.194.152 port 43800 [preauth]
Jan 21 02:29:00 host sshd[30078]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:29:00 host sshd[30078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.157.194.152
Jan 21 02:29:00 host sshd[30079]: Connection closed by 82.157.194.152 port 43826 [preauth]
Jan 21 02:29:00 host sshd[30081]: Connection closed by 82.157.194.152 port 43860 [preauth]
Jan 21 02:29:00 host sshd[30077]: Connection closed by 82.157.194.152 port 43796 [preauth]
Jan 21 02:29:00 host sshd[30082]: Connection closed by 82.157.194.152 port 43816 [preauth]
Jan 21 02:29:00 host sshd[30076]: Connection closed by 82.157.194.152 port 43794 [preauth]
Jan 21 02:29:00 host sshd[30089]: Connection closed by 82.157.194.152 port 43866 [preauth]
Jan 21 02:29:00 host sshd[30087]: Connection closed by 82.157.194.152 port 43854 [preauth]
Jan 21 02:29:00 host sshd[30083]: Connection closed by 82.157.194.152 port 43820 [preauth]
Jan 21 02:29:00 host sshd[30091]: Connection closed by 82.157.194.152 port 43842 [preauth]
Jan 21 02:29:00 host sshd[30088]: Connection closed by 82.157.194.152 port 43818 [preauth]
Jan 21 02:29:00 host sshd[30094]: Connection closed by 82.157.194.152 port 43864 [preauth]
Jan 21 02:29:00 host sshd[30096]: Connection closed by 82.157.194.152 port 43862 [preauth]
Jan 21 02:29:00 host sshd[30095]: Connection closed by 82.157.194.152 port 43836 [preauth]
Jan 21 02:29:00 host sshd[30097]: Connection closed by 82.157.194.152 port 43830 [preauth]
Jan 21 02:29:00 host sshd[30098]: Connection closed by 82.157.194.152 port 43838 [preauth]
Jan 21 02:29:00 host sshd[30100]: Connection closed by 82.157.194.152 port 43792 [preauth]
Jan 21 02:29:00 host sshd[30072]: Failed password for invalid user postgres from 82.157.194.152 port 43850 ssh2
Jan 21 02:29:00 host sshd[30073]: Failed password for invalid user admin from 82.157.194.152 port 43858 ssh2
Jan 21 02:29:00 host sshd[30086]: Failed password for invalid user postgres from 82.157.194.152 port 43804 ssh2
Jan 21 02:29:01 host sshd[30090]: Failed password for invalid user halo from 82.157.194.152 port 43868 ssh2
Jan 21 02:29:01 host sshd[30080]: Failed password for invalid user ubnt from 82.157.194.152 port 43806 ssh2
Jan 21 02:29:01 host sshd[30090]: Connection closed by 82.157.194.152 port 43868 [preauth]
Jan 21 02:29:01 host sshd[30080]: Connection closed by 82.157.194.152 port 43806 [preauth]
Jan 21 02:29:01 host sshd[30078]: Failed password for invalid user oracle from 82.157.194.152 port 43832 ssh2
Jan 21 02:29:01 host sshd[30086]: Connection closed by 82.157.194.152 port 43804 [preauth]
Jan 21 02:29:02 host sshd[30078]: Connection closed by 82.157.194.152 port 43832 [preauth]
Jan 21 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 02:29:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=travelboniface user-3=keralaholi user-4=wwwresourcehunte user-5=wwwrmswll user-6=ugotscom user-7=wwwkaretakers user-8=cochintaxi user-9=a2zgroup user-10=dartsimp user-11=laundryboniface user-12=bonifacegroup user-13=wwwevmhonda user-14=straightcurve user-15=wwwletsstalkfood user-16=palco123 user-17=gifterman user-18=kottayamcalldriv user-19=phmetals user-20=mrsclean user-21=wwwnexidigital user-22=disposeat user-23=wwwkmaorg user-24=remysagr user-25=wwwkapin user-26=woodpeck user-27=vfmassets user-28=shalinijames user-29=wwwtestugo user-30=pmcresources feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 02:29:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 02:29:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwevmhonda --output=json
Jan 21 02:29:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/sh -c cd /home/wwwevmhonda/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 21 02:29:10 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 21 02:29:10 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 21 02:29:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwevmhonda LangPHP php_get_vhost_versions --output=json
Jan 21 02:29:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 package_manager_get_package_info package-0=ea-php72 --output=json
Jan 21 02:29:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwletsstalkfood --output=json
Jan 21 02:29:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:12 host sshd[30272]: Invalid user he from 194.110.203.109 port 51166
Jan 21 02:29:12 host sshd[30272]: input_userauth_request: invalid user he [preauth]
Jan 21 02:29:12 host sshd[30272]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:29:12 host sshd[30272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 02:29:14 host sshd[30272]: Failed password for invalid user he from 194.110.203.109 port 51166 ssh2
Jan 21 02:29:17 host sshd[30272]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:29:20 host sshd[30272]: Failed password for invalid user he from 194.110.203.109 port 51166 ssh2
Jan 21 02:29:23 host sshd[30272]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:29:25 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/sh -c cd /home/wwwletsstalkfood/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 21 02:29:25 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 21 02:29:25 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 21 02:29:25 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood LangPHP php_get_vhost_versions --output=json
Jan 21 02:29:25 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:25 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:26 host sshd[30272]: Failed password for invalid user he from 194.110.203.109 port 51166 ssh2
Jan 21 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood DomainInfo single_domain_data domain=letsstalkfood.com return_https_redirect_status=1 --output=json
Jan 21 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 fetch_vhost_ssl_components --output=json
Jan 21 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 fetch_ssl_vhosts --output=json
Jan 21 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood Mime list_redirects --output=json
Jan 21 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:27 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:29 host sshd[30272]: Connection closed by 194.110.203.109 port 51166 [preauth]
Jan 21 02:29:29 host sshd[30272]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 02:29:40 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood DirectoryPrivacy is_directory_protected dir=/home/wwwletsstalkfood/public_html --output=json
Jan 21 02:29:40 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:40 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:42 host sshd[30485]: Invalid user bigipuser3 from 74.89.19.182 port 46082
Jan 21 02:29:42 host sshd[30485]: input_userauth_request: invalid user bigipuser3 [preauth]
Jan 21 02:29:42 host sshd[30485]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:29:42 host sshd[30485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.89.19.182
Jan 21 02:29:44 host sshd[30485]: Failed password for invalid user bigipuser3 from 74.89.19.182 port 46082 ssh2
Jan 21 02:29:45 host sshd[30485]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:29:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=mrsclean --output=json
Jan 21 02:29:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean DomainInfo single_domain_data domain=mrsclean.co.in return_https_redirect_status=1 --output=json
Jan 21 02:29:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:46 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean Mime list_redirects --output=json
Jan 21 02:29:46 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:46 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/sh -c cd /home/mrsclean/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 21 02:29:46 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 21 02:29:46 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 21 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean LangPHP php_get_vhost_versions --output=json
Jan 21 02:29:46 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:46 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 02:29:46 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 02:29:46 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/sh -c cd /home/mrsclean/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 21 02:29:46 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 21 02:29:46 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 21 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=shalinijames --output=json
Jan 21 02:29:46 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:47 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:47 host sshd[30485]: Failed password for invalid user bigipuser3 from 74.89.19.182 port 46082 ssh2
Jan 21 02:29:48 host sshd[30485]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:29:49 host sshd[30485]: Failed password for invalid user bigipuser3 from 74.89.19.182 port 46082 ssh2
Jan 21 02:29:50 host sshd[30485]: Failed password for invalid user bigipuser3 from 74.89.19.182 port 46082 ssh2
Jan 21 02:29:50 host sshd[30485]: Connection closed by 74.89.19.182 port 46082 [preauth]
Jan 21 02:29:50 host sshd[30485]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.89.19.182
Jan 21 02:29:55 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/sh -c cd /home/shalinijames/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 21 02:29:55 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 21 02:29:55 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 21 02:29:55 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames LangPHP php_get_vhost_versions --output=json
Jan 21 02:29:55 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:55 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:55 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames DomainInfo single_domain_data domain=shalinijames.com return_https_redirect_status=1 --output=json
Jan 21 02:29:55 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:56 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:29:56 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames Mime list_redirects --output=json
Jan 21 02:29:56 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:29:56 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:30:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames DirectoryPrivacy is_directory_protected dir=/home/shalinijames/public_html --output=json
Jan 21 02:30:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:30:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:30:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwtestugo --output=json
Jan 21 02:30:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:30:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:30:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 21 02:30:15 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 21 02:30:15 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 21 02:30:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo LangPHP php_get_vhost_versions --output=json
Jan 21 02:30:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:30:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:30:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DomainInfo single_domain_data domain=testugo.in return_https_redirect_status=1 --output=json
Jan 21 02:30:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:30:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:30:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo Mime list_redirects --output=json
Jan 21 02:30:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:30:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:30:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/tt1 --output=json
Jan 21 02:30:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:30:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:30:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 21 02:30:31 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 21 02:30:31 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 21 02:30:37 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/tt --output=json
Jan 21 02:30:37 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:30:38 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:30:47 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 21 02:30:47 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 21 02:30:47 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 21 02:30:54 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/HYPE --output=json
Jan 21 02:30:54 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:30:54 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:30:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=ugotscom --output=json
Jan 21 02:30:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:30:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:30:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DomainInfo single_domain_data domain=ugotechnologies.com return_https_redirect_status=1 --output=json
Jan 21 02:30:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:30:58 host sshd[31830]: Invalid user Admin from 61.57.145.23 port 45185
Jan 21 02:30:58 host sshd[31830]: input_userauth_request: invalid user Admin [preauth]
Jan 21 02:30:58 host sshd[31830]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:30:58 host sshd[31830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.57.145.23
Jan 21 02:30:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:30:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom Mime list_redirects --output=json
Jan 21 02:30:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:30:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:30:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 21 02:30:59 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 02:30:59 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 02:30:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom LangPHP php_get_vhost_versions --output=json
Jan 21 02:30:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:30:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:31:00 host sshd[31830]: Failed password for invalid user Admin from 61.57.145.23 port 45185 ssh2
Jan 21 02:31:02 host sshd[31830]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:31:04 host sshd[31830]: Failed password for invalid user Admin from 61.57.145.23 port 45185 ssh2
Jan 21 02:31:05 host sshd[31830]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:31:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 21 02:31:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 02:31:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 02:31:07 host sshd[31830]: Failed password for invalid user Admin from 61.57.145.23 port 45185 ssh2
Jan 21 02:31:08 host sshd[31830]: Connection reset by 61.57.145.23 port 45185 [preauth]
Jan 21 02:31:08 host sshd[31830]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.57.145.23
Jan 21 02:31:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DirectoryPrivacy is_directory_protected dir=/home/ugotscom/public_html/old/UGOCRM/ugo_blg --output=json
Jan 21 02:31:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:31:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:31:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 21 02:31:23 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 02:31:23 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 02:31:27 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DirectoryPrivacy is_directory_protected dir=/home/ugotscom/public_html/old/site --output=json
Jan 21 02:31:27 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:31:27 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:31:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=woodpeck --output=json
Jan 21 02:31:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:31:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:31:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck DomainInfo single_domain_data domain=woodpeckerindia.com return_https_redirect_status=1 --output=json
Jan 21 02:31:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:31:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:31:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck Mime list_redirects --output=json
Jan 21 02:31:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:31:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:31:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/sh -c cd /home/woodpeck/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 21 02:31:31 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 21 02:31:31 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 21 02:31:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck LangPHP php_get_vhost_versions --output=json
Jan 21 02:31:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:31:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:31:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=palco123 --output=json
Jan 21 02:31:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:31:32 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:31:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/sh -c cd /home/palco123/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 21 02:31:45 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 21 02:31:45 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 21 02:31:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 LangPHP php_get_vhost_versions --output=json
Jan 21 02:31:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:31:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:31:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 DomainInfo single_domain_data domain=panlys.com return_https_redirect_status=1 --output=json
Jan 21 02:31:46 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:31:47 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:31:47 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 Mime list_redirects --output=json
Jan 21 02:31:47 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:31:47 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:31:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 DirectoryPrivacy is_directory_protected dir=/home/palco123/public_html --output=json
Jan 21 02:31:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:00 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwresourcehunte --output=json
Jan 21 02:32:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/sh -c cd /home/wwwresourcehunte/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 21 02:32:11 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 21 02:32:11 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 21 02:32:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte LangPHP php_get_vhost_versions --output=json
Jan 21 02:32:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte DomainInfo single_domain_data domain=resourcehunters.com return_https_redirect_status=1 --output=json
Jan 21 02:32:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte Mime list_redirects --output=json
Jan 21 02:32:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:19 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte DirectoryPrivacy is_directory_protected dir=/home/wwwresourcehunte/public_html --output=json
Jan 21 02:32:19 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:19 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwpmcresource WpToolkitNotification send_admin_auto_updates_notification available_updates_text= available_updates_list= installed_updates_text= installed_updates_list= 'failure_updates_text=Updates were not installed for the following items:<br/><br/>' 'failure_updates_list=1. Website "EVM Honda Cochin" (http://www.evmhonda.com): Failed to reset cache for the instance #1: Fatal error: Uncaught Error: Call to undefined function cardealer_is_wpml_active() in /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-options.php:1041#012Stack trace:#012#0 /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-init.php(22): require_once()#012#1 /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/cardealer-helper-library.php(183):
Jan 21 02:32:22 host sudo: wp-toolkit : (command continued) require_once('"'"'/home/wwwevmhon...'"'"')#012#2 /home/wwwevmhonda/public_html/wp-includes/class-wp-hook.php(287): cdhl_include_admin_files('"'"''"'"')#012#3 /home/wwwevmhonda/public_html/wp-includes/class-wp-hook.php(311): WP_Hook->apply_filters(NULL, Array)#012#4 /home/wwwevmhonda/public_html/wp-includes/plugin.php(478): WP_Hook->do_action(Array)#012#5 /home/wwwevmhonda/public_html/wp-settings.php(546): do_action('"'"'init'"'"')#012#6 /usr/local/cpanel/3rdparty/wp-toolkit/plib/vendor/wp-cli/vendor/wp-cli/wp-cli/php/WP_CLI/Runner.php(1356): require('"'"'/home/wwwevmhon...'"'"')#012#7 /usr/local/cpanel/3rdparty/wp-toolkit/plib/ve in /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-options.php on line 1041#012Error: There has been a critical error on your website.Learn more about debugging in WordPress. There has been a critical error on your website.#012[error]FailedToExecuteWpCliCommand:
Jan 21 02:32:22 host sudo: wp-toolkit : (command continued) exit status 1[/error]#012<br/><br/>2. Website "/home/mrsclean/public_html/backup" (http://mrsclean.co.in/backup): Failed to reset cache for the instance #5: Error: Error establishing a database connection. This either means that the username and password information in your `wp-config.php` file is incorrect or we can’t contact the database server at `localhost`. This could mean your host’s database server is down.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>3. Website "/home/mrsclean/public_html/blog" (http://mrsclean.co.in/blog): Failed to reset cache for the instance #6: Error: Error establishing a database connection. This either means that the username and password information in your `wp-config.php` file is incorrect or we can’t contact the database server at `localhost`. This could mean your host’s database server is down.#012[error]FailedToExecuteWpCliCommand: exit status
Jan 21 02:32:22 host sudo: wp-toolkit : (command continued) 1[/error]#012<br/><br/>4. Website "/home/ugotscom/public_html/boniface/blog" (http://ugotechnologies.com/boniface/blog): Failed to reset cache for the instance #13: Error: Error establishing a database connection.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>5. Website "/home/woodpeck/public_html/wp" (http://woodpeckerindia.com/wp): Failed to reset cache for the instance #16: [error]FailedToExecuteWpCliCommand: chdir /home/woodpeck/public_html/wp: no such file or directory[/error]#012<br/><br/>' --output=json
Jan 21 02:32:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c httpd -v
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:29 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:29 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/palco123/panlys.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/palco123/panlys.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/palco123/panlys.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/palco123/panlys.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:30 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:30 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:32:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 21 02:32:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 02:32:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 02:33:39 host sshd[1089]: Invalid user cuser from 43.153.65.72 port 46094
Jan 21 02:33:39 host sshd[1089]: input_userauth_request: invalid user cuser [preauth]
Jan 21 02:33:39 host sshd[1089]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:33:39 host sshd[1089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.65.72
Jan 21 02:33:42 host sshd[1089]: Failed password for invalid user cuser from 43.153.65.72 port 46094 ssh2
Jan 21 02:33:42 host sshd[1089]: Received disconnect from 43.153.65.72 port 46094:11: Bye Bye [preauth]
Jan 21 02:33:42 host sshd[1089]: Disconnected from 43.153.65.72 port 46094 [preauth]
Jan 21 02:33:46 host sshd[1098]: Invalid user nginx from 114.33.75.166 port 54002
Jan 21 02:33:46 host sshd[1098]: input_userauth_request: invalid user nginx [preauth]
Jan 21 02:33:46 host sshd[1098]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:33:46 host sshd[1098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.75.166
Jan 21 02:33:48 host sshd[1098]: Failed password for invalid user nginx from 114.33.75.166 port 54002 ssh2
Jan 21 02:33:48 host sshd[1098]: Connection reset by 114.33.75.166 port 54002 [preauth]
Jan 21 02:34:16 host sshd[1142]: Connection closed by 198.199.102.221 port 36520 [preauth]
Jan 21 02:36:43 host sshd[1454]: invalid public DH value: >= p-1 [preauth]
Jan 21 02:36:43 host sshd[1454]: ssh_dispatch_run_fatal: Connection from 61.238.242.222 port 43007: incomplete message [preauth]
Jan 21 02:37:26 host sshd[1630]: User mysql from 62.233.50.248 not allowed because not listed in AllowUsers
Jan 21 02:37:26 host sshd[1630]: input_userauth_request: invalid user mysql [preauth]
Jan 21 02:37:26 host unix_chkpwd[1633]: password check failed for user (mysql)
Jan 21 02:37:26 host sshd[1630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248 user=mysql
Jan 21 02:37:26 host sshd[1630]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 21 02:37:28 host sshd[1630]: Failed password for invalid user mysql from 62.233.50.248 port 31976 ssh2
Jan 21 02:37:28 host sshd[1630]: Received disconnect from 62.233.50.248 port 31976:11: Client disconnecting normally [preauth]
Jan 21 02:37:28 host sshd[1630]: Disconnected from 62.233.50.248 port 31976 [preauth]
Jan 21 02:40:17 host sshd[2004]: Invalid user ubuntuftp from 43.153.65.72 port 41100
Jan 21 02:40:17 host sshd[2004]: input_userauth_request: invalid user ubuntuftp [preauth]
Jan 21 02:40:17 host sshd[2004]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:40:17 host sshd[2004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.65.72
Jan 21 02:40:18 host sshd[2004]: Failed password for invalid user ubuntuftp from 43.153.65.72 port 41100 ssh2
Jan 21 02:40:19 host sshd[2004]: Received disconnect from 43.153.65.72 port 41100:11: Bye Bye [preauth]
Jan 21 02:40:19 host sshd[2004]: Disconnected from 43.153.65.72 port 41100 [preauth]
Jan 21 02:41:48 host sshd[2190]: Invalid user web-user from 43.153.65.72 port 39450
Jan 21 02:41:48 host sshd[2190]: input_userauth_request: invalid user web-user [preauth]
Jan 21 02:41:48 host sshd[2190]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:41:48 host sshd[2190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.65.72
Jan 21 02:41:50 host sshd[2190]: Failed password for invalid user web-user from 43.153.65.72 port 39450 ssh2
Jan 21 02:41:51 host sshd[2190]: Received disconnect from 43.153.65.72 port 39450:11: Bye Bye [preauth]
Jan 21 02:41:51 host sshd[2190]: Disconnected from 43.153.65.72 port 39450 [preauth]
Jan 21 02:47:11 host sshd[3004]: Did not receive identification string from 198.23.174.250 port 40298
Jan 21 02:49:14 host sshd[3243]: User root from 1.34.76.249 not allowed because not listed in AllowUsers
Jan 21 02:49:14 host sshd[3243]: input_userauth_request: invalid user root [preauth]
Jan 21 02:49:14 host unix_chkpwd[3252]: password check failed for user (root)
Jan 21 02:49:14 host sshd[3243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.76.249 user=root
Jan 21 02:49:14 host sshd[3243]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 02:49:17 host sshd[3243]: Failed password for invalid user root from 1.34.76.249 port 53645 ssh2
Jan 21 02:49:18 host sshd[3243]: Connection reset by 1.34.76.249 port 53645 [preauth]
Jan 21 02:49:56 host sshd[3317]: Invalid user magento from 68.183.56.198 port 39146
Jan 21 02:49:56 host sshd[3317]: input_userauth_request: invalid user magento [preauth]
Jan 21 02:49:56 host sshd[3317]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:49:56 host sshd[3317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.56.198
Jan 21 02:49:59 host sshd[3317]: Failed password for invalid user magento from 68.183.56.198 port 39146 ssh2
Jan 21 02:49:59 host sshd[3317]: Received disconnect from 68.183.56.198 port 39146:11: Bye Bye [preauth]
Jan 21 02:49:59 host sshd[3317]: Disconnected from 68.183.56.198 port 39146 [preauth]
Jan 21 02:50:38 host sshd[3548]: User ftp from 59.126.192.53 not allowed because not listed in AllowUsers
Jan 21 02:50:38 host sshd[3548]: input_userauth_request: invalid user ftp [preauth]
Jan 21 02:50:38 host unix_chkpwd[3553]: password check failed for user (ftp)
Jan 21 02:50:38 host sshd[3548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.192.53 user=ftp
Jan 21 02:50:38 host sshd[3548]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 21 02:50:40 host sshd[3548]: Failed password for invalid user ftp from 59.126.192.53 port 35905 ssh2
Jan 21 02:50:40 host sshd[3548]: Connection reset by 59.126.192.53 port 35905 [preauth]
Jan 21 02:52:21 host sshd[3771]: User nobody from 43.243.165.203 not allowed because not listed in AllowUsers
Jan 21 02:52:21 host sshd[3771]: input_userauth_request: invalid user nobody [preauth]
Jan 21 02:52:21 host unix_chkpwd[3774]: password check failed for user (nobody)
Jan 21 02:52:21 host sshd[3771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.243.165.203 user=nobody
Jan 21 02:52:21 host sshd[3771]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "nobody"
Jan 21 02:52:23 host sshd[3771]: Failed password for invalid user nobody from 43.243.165.203 port 58978 ssh2
Jan 21 02:52:23 host sshd[3771]: Received disconnect from 43.243.165.203 port 58978:11: Bye Bye [preauth]
Jan 21 02:52:23 host sshd[3771]: Disconnected from 43.243.165.203 port 58978 [preauth]
Jan 21 02:52:26 host sshd[3778]: Invalid user ark from 58.27.95.2 port 55208
Jan 21 02:52:26 host sshd[3778]: input_userauth_request: invalid user ark [preauth]
Jan 21 02:52:26 host sshd[3778]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:52:26 host sshd[3778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.27.95.2
Jan 21 02:52:27 host sshd[3778]: Failed password for invalid user ark from 58.27.95.2 port 55208 ssh2
Jan 21 02:52:28 host sshd[3778]: Received disconnect from 58.27.95.2 port 55208:11: Bye Bye [preauth]
Jan 21 02:52:28 host sshd[3778]: Disconnected from 58.27.95.2 port 55208 [preauth]
Jan 21 02:53:54 host sshd[3924]: Invalid user docker from 189.18.12.201 port 55966
Jan 21 02:53:54 host sshd[3924]: input_userauth_request: invalid user docker [preauth]
Jan 21 02:53:54 host sshd[3924]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:53:54 host sshd[3924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.18.12.201
Jan 21 02:53:56 host sshd[3924]: Failed password for invalid user docker from 189.18.12.201 port 55966 ssh2
Jan 21 02:53:59 host sshd[3924]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:54:01 host sshd[3924]: Failed password for invalid user docker from 189.18.12.201 port 55966 ssh2
Jan 21 02:54:04 host sshd[3924]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:54:06 host sshd[3924]: Failed password for invalid user docker from 189.18.12.201 port 55966 ssh2
Jan 21 02:54:07 host sshd[3924]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:54:09 host sshd[3924]: Failed password for invalid user docker from 189.18.12.201 port 55966 ssh2
Jan 21 02:54:10 host sshd[3924]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:54:13 host sshd[3924]: Failed password for invalid user docker from 189.18.12.201 port 55966 ssh2
Jan 21 02:54:35 host sshd[4046]: Invalid user tempuser from 68.183.56.198 port 34160
Jan 21 02:54:35 host sshd[4046]: input_userauth_request: invalid user tempuser [preauth]
Jan 21 02:54:35 host sshd[4046]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:54:35 host sshd[4046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.56.198
Jan 21 02:54:37 host sshd[4046]: Failed password for invalid user tempuser from 68.183.56.198 port 34160 ssh2
Jan 21 02:54:37 host sshd[4046]: Received disconnect from 68.183.56.198 port 34160:11: Bye Bye [preauth]
Jan 21 02:54:37 host sshd[4046]: Disconnected from 68.183.56.198 port 34160 [preauth]
Jan 21 02:54:40 host sshd[4051]: Invalid user deployer from 41.138.60.187 port 60918
Jan 21 02:54:40 host sshd[4051]: input_userauth_request: invalid user deployer [preauth]
Jan 21 02:54:40 host sshd[4051]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:54:40 host sshd[4051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.138.60.187
Jan 21 02:54:41 host sshd[4064]: Invalid user testupload from 43.243.165.203 port 36968
Jan 21 02:54:41 host sshd[4064]: input_userauth_request: invalid user testupload [preauth]
Jan 21 02:54:41 host sshd[4064]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:54:41 host sshd[4064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.243.165.203
Jan 21 02:54:42 host sshd[4051]: Failed password for invalid user deployer from 41.138.60.187 port 60918 ssh2
Jan 21 02:54:42 host sshd[4051]: Received disconnect from 41.138.60.187 port 60918:11: Bye Bye [preauth]
Jan 21 02:54:42 host sshd[4051]: Disconnected from 41.138.60.187 port 60918 [preauth]
Jan 21 02:54:43 host sshd[4064]: Failed password for invalid user testupload from 43.243.165.203 port 36968 ssh2
Jan 21 02:54:43 host sshd[4064]: Received disconnect from 43.243.165.203 port 36968:11: Bye Bye [preauth]
Jan 21 02:54:43 host sshd[4064]: Disconnected from 43.243.165.203 port 36968 [preauth]
Jan 21 02:54:47 host sshd[4073]: Invalid user devops from 186.96.156.73 port 46506
Jan 21 02:54:47 host sshd[4073]: input_userauth_request: invalid user devops [preauth]
Jan 21 02:54:47 host sshd[4073]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:54:47 host sshd[4073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.156.73
Jan 21 02:54:48 host sshd[4073]: Failed password for invalid user devops from 186.96.156.73 port 46506 ssh2
Jan 21 02:54:48 host sshd[4073]: Received disconnect from 186.96.156.73 port 46506:11: Bye Bye [preauth]
Jan 21 02:54:48 host sshd[4073]: Disconnected from 186.96.156.73 port 46506 [preauth]
Jan 21 02:54:55 host sshd[4113]: User centos from 58.27.95.2 not allowed because not listed in AllowUsers
Jan 21 02:54:55 host sshd[4113]: input_userauth_request: invalid user centos [preauth]
Jan 21 02:54:55 host unix_chkpwd[4115]: password check failed for user (centos)
Jan 21 02:54:55 host sshd[4113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.27.95.2 user=centos
Jan 21 02:54:57 host sshd[4113]: Failed password for invalid user centos from 58.27.95.2 port 52006 ssh2
Jan 21 02:54:57 host sshd[4113]: Received disconnect from 58.27.95.2 port 52006:11: Bye Bye [preauth]
Jan 21 02:54:57 host sshd[4113]: Disconnected from 58.27.95.2 port 52006 [preauth]
Jan 21 02:55:42 host sshd[4353]: Invalid user testdummy from 68.183.56.198 port 33064
Jan 21 02:55:42 host sshd[4353]: input_userauth_request: invalid user testdummy [preauth]
Jan 21 02:55:42 host sshd[4353]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:55:42 host sshd[4353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.56.198
Jan 21 02:55:45 host sshd[4353]: Failed password for invalid user testdummy from 68.183.56.198 port 33064 ssh2
Jan 21 02:56:17 host sshd[4447]: Invalid user ssh-user from 41.138.60.187 port 46272
Jan 21 02:56:17 host sshd[4447]: input_userauth_request: invalid user ssh-user [preauth]
Jan 21 02:56:17 host sshd[4447]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:56:17 host sshd[4447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.138.60.187
Jan 21 02:56:19 host sshd[4447]: Failed password for invalid user ssh-user from 41.138.60.187 port 46272 ssh2
Jan 21 02:56:19 host sshd[4447]: Received disconnect from 41.138.60.187 port 46272:11: Bye Bye [preauth]
Jan 21 02:56:19 host sshd[4447]: Disconnected from 41.138.60.187 port 46272 [preauth]
Jan 21 02:56:22 host sshd[4453]: Invalid user deployer from 186.96.156.73 port 46876
Jan 21 02:56:22 host sshd[4453]: input_userauth_request: invalid user deployer [preauth]
Jan 21 02:56:22 host sshd[4453]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:56:22 host sshd[4453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.156.73
Jan 21 02:56:24 host sshd[4453]: Failed password for invalid user deployer from 186.96.156.73 port 46876 ssh2
Jan 21 02:56:25 host sshd[4453]: Received disconnect from 186.96.156.73 port 46876:11: Bye Bye [preauth]
Jan 21 02:56:25 host sshd[4453]: Disconnected from 186.96.156.73 port 46876 [preauth]
Jan 21 02:57:44 host sshd[4601]: Invalid user eyftpuser from 186.96.156.73 port 46024
Jan 21 02:57:44 host sshd[4601]: input_userauth_request: invalid user eyftpuser [preauth]
Jan 21 02:57:45 host sshd[4601]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:57:45 host sshd[4601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.156.73
Jan 21 02:57:47 host sshd[4601]: Failed password for invalid user eyftpuser from 186.96.156.73 port 46024 ssh2
Jan 21 02:57:47 host sshd[4601]: Received disconnect from 186.96.156.73 port 46024:11: Bye Bye [preauth]
Jan 21 02:57:47 host sshd[4601]: Disconnected from 186.96.156.73 port 46024 [preauth]
Jan 21 02:57:48 host sshd[4606]: Invalid user mark from 41.138.60.187 port 52456
Jan 21 02:57:48 host sshd[4606]: input_userauth_request: invalid user mark [preauth]
Jan 21 02:57:48 host sshd[4606]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 02:57:48 host sshd[4606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.138.60.187
Jan 21 02:57:49 host sshd[4606]: Failed password for invalid user mark from 41.138.60.187 port 52456 ssh2
Jan 21 02:57:49 host sshd[4606]: Received disconnect from 41.138.60.187 port 52456:11: Bye Bye [preauth]
Jan 21 02:57:49 host sshd[4606]: Disconnected from 41.138.60.187 port 52456 [preauth]
Jan 21 03:05:57 host sshd[5885]: Invalid user digitalizacion from 103.212.211.133 port 44126
Jan 21 03:05:57 host sshd[5885]: input_userauth_request: invalid user digitalizacion [preauth]
Jan 21 03:05:57 host sshd[5885]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:05:57 host sshd[5885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.212.211.133
Jan 21 03:05:59 host sshd[5885]: Failed password for invalid user digitalizacion from 103.212.211.133 port 44126 ssh2
Jan 21 03:06:00 host sshd[5885]: Received disconnect from 103.212.211.133 port 44126:11: Bye Bye [preauth]
Jan 21 03:06:00 host sshd[5885]: Disconnected from 103.212.211.133 port 44126 [preauth]
Jan 21 03:06:25 host sshd[5955]: Invalid user admin from 175.205.33.61 port 60099
Jan 21 03:06:25 host sshd[5955]: input_userauth_request: invalid user admin [preauth]
Jan 21 03:06:25 host sshd[5955]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:06:25 host sshd[5955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.205.33.61
Jan 21 03:06:27 host sshd[5955]: Failed password for invalid user admin from 175.205.33.61 port 60099 ssh2
Jan 21 03:06:28 host sshd[5955]: Failed password for invalid user admin from 175.205.33.61 port 60099 ssh2
Jan 21 03:06:28 host sshd[5955]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:06:30 host sshd[5955]: Failed password for invalid user admin from 175.205.33.61 port 60099 ssh2
Jan 21 03:06:31 host sshd[5955]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:06:33 host sshd[5955]: Failed password for invalid user admin from 175.205.33.61 port 60099 ssh2
Jan 21 03:06:33 host sshd[5955]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:06:35 host sshd[5955]: Failed password for invalid user admin from 175.205.33.61 port 60099 ssh2
Jan 21 03:09:31 host sshd[6403]: Invalid user pi from 14.50.121.131 port 57141
Jan 21 03:09:31 host sshd[6403]: input_userauth_request: invalid user pi [preauth]
Jan 21 03:09:31 host sshd[6403]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:09:31 host sshd[6403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.50.121.131
Jan 21 03:09:33 host sshd[6403]: Failed password for invalid user pi from 14.50.121.131 port 57141 ssh2
Jan 21 03:09:35 host sshd[6403]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:09:37 host sshd[6403]: Failed password for invalid user pi from 14.50.121.131 port 57141 ssh2
Jan 21 03:09:38 host sshd[6403]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:09:40 host sshd[6403]: Failed password for invalid user pi from 14.50.121.131 port 57141 ssh2
Jan 21 03:09:49 host sshd[6431]: Invalid user celery from 103.212.211.133 port 47410
Jan 21 03:09:49 host sshd[6431]: input_userauth_request: invalid user celery [preauth]
Jan 21 03:09:49 host sshd[6431]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:09:49 host sshd[6431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.212.211.133
Jan 21 03:09:51 host sshd[6431]: Failed password for invalid user celery from 103.212.211.133 port 47410 ssh2
Jan 21 03:09:51 host sshd[6431]: Received disconnect from 103.212.211.133 port 47410:11: Bye Bye [preauth]
Jan 21 03:09:51 host sshd[6431]: Disconnected from 103.212.211.133 port 47410 [preauth]
Jan 21 03:10:12 host sshd[6484]: Invalid user celery from 43.156.7.128 port 37246
Jan 21 03:10:12 host sshd[6484]: input_userauth_request: invalid user celery [preauth]
Jan 21 03:10:12 host sshd[6484]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:10:12 host sshd[6484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.7.128
Jan 21 03:10:15 host sshd[6484]: Failed password for invalid user celery from 43.156.7.128 port 37246 ssh2
Jan 21 03:10:15 host sshd[6484]: Received disconnect from 43.156.7.128 port 37246:11: Bye Bye [preauth]
Jan 21 03:10:15 host sshd[6484]: Disconnected from 43.156.7.128 port 37246 [preauth]
Jan 21 03:11:05 host sshd[6702]: Invalid user adminuser from 103.212.211.133 port 37408
Jan 21 03:11:05 host sshd[6702]: input_userauth_request: invalid user adminuser [preauth]
Jan 21 03:11:05 host sshd[6702]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:11:05 host sshd[6702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.212.211.133
Jan 21 03:11:08 host sshd[6702]: Failed password for invalid user adminuser from 103.212.211.133 port 37408 ssh2
Jan 21 03:11:08 host sshd[6702]: Received disconnect from 103.212.211.133 port 37408:11: Bye Bye [preauth]
Jan 21 03:11:08 host sshd[6702]: Disconnected from 103.212.211.133 port 37408 [preauth]
Jan 21 03:11:35 host sshd[6803]: User root from 121.170.183.246 not allowed because not listed in AllowUsers
Jan 21 03:11:35 host sshd[6803]: input_userauth_request: invalid user root [preauth]
Jan 21 03:11:35 host unix_chkpwd[6807]: password check failed for user (root)
Jan 21 03:11:35 host sshd[6803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.170.183.246 user=root
Jan 21 03:11:35 host sshd[6803]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 03:11:37 host sshd[6803]: Failed password for invalid user root from 121.170.183.246 port 61546 ssh2
Jan 21 03:11:37 host unix_chkpwd[6810]: password check failed for user (root)
Jan 21 03:11:37 host sshd[6803]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 03:11:38 host sshd[6803]: Failed password for invalid user root from 121.170.183.246 port 61546 ssh2
Jan 21 03:11:39 host unix_chkpwd[6815]: password check failed for user (root)
Jan 21 03:11:39 host sshd[6803]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 03:11:41 host sshd[6803]: Failed password for invalid user root from 121.170.183.246 port 61546 ssh2
Jan 21 03:11:41 host unix_chkpwd[6818]: password check failed for user (root)
Jan 21 03:11:41 host sshd[6803]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 03:11:43 host sshd[6803]: Failed password for invalid user root from 121.170.183.246 port 61546 ssh2
Jan 21 03:12:07 host sshd[6893]: Invalid user steam from 43.156.7.128 port 37370
Jan 21 03:12:07 host sshd[6893]: input_userauth_request: invalid user steam [preauth]
Jan 21 03:12:07 host sshd[6893]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:12:07 host sshd[6893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.7.128
Jan 21 03:12:09 host sshd[6893]: Failed password for invalid user steam from 43.156.7.128 port 37370 ssh2
Jan 21 03:12:09 host sshd[6893]: Received disconnect from 43.156.7.128 port 37370:11: Bye Bye [preauth]
Jan 21 03:12:09 host sshd[6893]: Disconnected from 43.156.7.128 port 37370 [preauth]
Jan 21 03:13:42 host sshd[7069]: Invalid user adminuser from 43.156.7.128 port 35826
Jan 21 03:13:42 host sshd[7069]: input_userauth_request: invalid user adminuser [preauth]
Jan 21 03:13:42 host sshd[7069]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:13:42 host sshd[7069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.7.128
Jan 21 03:13:44 host sshd[7069]: Failed password for invalid user adminuser from 43.156.7.128 port 35826 ssh2
Jan 21 03:13:44 host sshd[7069]: Received disconnect from 43.156.7.128 port 35826:11: Bye Bye [preauth]
Jan 21 03:13:44 host sshd[7069]: Disconnected from 43.156.7.128 port 35826 [preauth]
Jan 21 03:15:33 host sshd[7559]: User root from 195.226.194.142 not allowed because not listed in AllowUsers
Jan 21 03:15:33 host sshd[7559]: input_userauth_request: invalid user root [preauth]
Jan 21 03:15:33 host unix_chkpwd[7563]: password check failed for user (root)
Jan 21 03:15:33 host sshd[7559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142 user=root
Jan 21 03:15:33 host sshd[7559]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 03:15:35 host sshd[7559]: Failed password for invalid user root from 195.226.194.142 port 33504 ssh2
Jan 21 03:15:35 host sshd[7559]: Received disconnect from 195.226.194.142 port 33504:11: Bye Bye [preauth]
Jan 21 03:15:35 host sshd[7559]: Disconnected from 195.226.194.142 port 33504 [preauth]
Jan 21 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 03:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 03:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=disposeat user-2=wwwkmaorg user-3=remysagr user-4=wwwkapin user-5=woodpeck user-6=vfmassets user-7=shalinijames user-8=wwwtestugo user-9=pmcresources user-10=bonifacegroup user-11=wwwevmhonda user-12=straightcurve user-13=wwwletsstalkfood user-14=palco123 user-15=gifterman user-16=phmetals user-17=kottayamcalldriv user-18=mrsclean user-19=wwwnexidigital user-20=wwwkaretakers user-21=cochintaxi user-22=a2zgroup user-23=dartsimp user-24=laundryboniface user-25=wwwpmcresource user-26=travelboniface user-27=wwwresourcehunte user-28=keralaholi user-29=wwwrmswll user-30=ugotscom feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 03:21:10 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-NHIVsuud9rynZAex.~
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-NHIVsuud9rynZAex.~'
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-NHIVsuud9rynZAex.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 03:21:11 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 03:21:11 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 03:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 03:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 03:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 03:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 03:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 03:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 03:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 03:28:23 host sshd[9954]: User root from 219.78.122.29 not allowed because not listed in AllowUsers
Jan 21 03:28:23 host sshd[9954]: input_userauth_request: invalid user root [preauth]
Jan 21 03:28:23 host unix_chkpwd[9959]: password check failed for user (root)
Jan 21 03:28:23 host sshd[9954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.78.122.29 user=root
Jan 21 03:28:23 host sshd[9954]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 03:28:25 host sshd[9954]: Failed password for invalid user root from 219.78.122.29 port 36148 ssh2
Jan 21 03:28:25 host sshd[9954]: Received disconnect from 219.78.122.29 port 36148:11: Bye Bye [preauth]
Jan 21 03:28:25 host sshd[9954]: Disconnected from 219.78.122.29 port 36148 [preauth]
Jan 21 03:28:26 host sshd[9965]: Invalid user apc from 219.78.122.29 port 36243
Jan 21 03:28:26 host sshd[9965]: input_userauth_request: invalid user apc [preauth]
Jan 21 03:28:26 host sshd[9965]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:28:26 host sshd[9965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.78.122.29
Jan 21 03:28:28 host sshd[9965]: Failed password for invalid user apc from 219.78.122.29 port 36243 ssh2
Jan 21 03:28:28 host sshd[9965]: Received disconnect from 219.78.122.29 port 36243:11: Bye Bye [preauth]
Jan 21 03:28:28 host sshd[9965]: Disconnected from 219.78.122.29 port 36243 [preauth]
Jan 21 03:28:29 host sshd[9992]: Invalid user cloudera from 219.78.122.29 port 36277
Jan 21 03:28:29 host sshd[9992]: input_userauth_request: invalid user cloudera [preauth]
Jan 21 03:28:29 host sshd[9992]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:28:29 host sshd[9992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.78.122.29
Jan 21 03:28:31 host sshd[9992]: Failed password for invalid user cloudera from 219.78.122.29 port 36277 ssh2
Jan 21 03:36:13 host sshd[11582]: Invalid user ubnt from 68.111.155.156 port 45642
Jan 21 03:36:13 host sshd[11582]: input_userauth_request: invalid user ubnt [preauth]
Jan 21 03:36:13 host sshd[11582]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 03:36:13 host sshd[11582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.111.155.156
Jan 21 03:36:15 host sshd[11582]: Failed password for invalid user ubnt from 68.111.155.156 port 45642 ssh2
Jan 21 03:36:15 host sshd[11582]: Connection reset by 68.111.155.156 port 45642 [preauth]
Jan 21 03:42:01 host sshd[12780]: User root from 220.134.100.175 not allowed because not listed in AllowUsers
Jan 21 03:42:01 host sshd[12780]: input_userauth_request: invalid user root [preauth]
Jan 21 03:42:01 host unix_chkpwd[12814]: password check failed for user (root)
Jan 21 03:42:01 host sshd[12780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.100.175 user=root
Jan 21 03:42:01 host sshd[12780]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 03:42:04 host sshd[12780]: Failed password for invalid user root from 220.134.100.175 port 42706 ssh2
Jan 21 03:42:04 host sshd[12780]: Connection reset by 220.134.100.175 port 42706 [preauth]
Jan 21 03:45:29 host sshd[13380]: User root from 195.226.194.142 not allowed because not listed in AllowUsers
Jan 21 03:45:29 host sshd[13380]: input_userauth_request: invalid user root [preauth]
Jan 21 03:45:30 host unix_chkpwd[13386]: password check failed for user (root)
Jan 21 03:45:30 host sshd[13380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.142 user=root
Jan 21 03:45:30 host sshd[13380]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 03:45:31 host sshd[13380]: Failed password for invalid user root from 195.226.194.142 port 61168 ssh2
Jan 21 03:45:31 host sshd[13380]: Received disconnect from 195.226.194.142 port 61168:11: Bye Bye [preauth]
Jan 21 03:45:31 host sshd[13380]: Disconnected from 195.226.194.142 port 61168 [preauth]
Jan 21 03:48:10 host sshd[13795]: Invalid user from 64.62.197.180 port 24085
Jan 21 03:48:10 host sshd[13795]: input_userauth_request: invalid user [preauth]
Jan 21 03:48:13 host sshd[13795]: Connection closed by 64.62.197.180 port 24085 [preauth]
Jan 21 03:50:50 host sshd[14144]: invalid public DH value: >= p-1 [preauth]
Jan 21 03:50:50 host sshd[14144]: ssh_dispatch_run_fatal: Connection from 125.228.212.253 port 60464: incomplete message [preauth]
Jan 21 04:02:34 host sshd[15738]: Invalid user spark from 186.103.146.180 port 40010
Jan 21 04:02:34 host sshd[15738]: input_userauth_request: invalid user spark [preauth]
Jan 21 04:02:34 host sshd[15738]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:02:34 host sshd[15738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.103.146.180
Jan 21 04:02:35 host sshd[15738]: Failed password for invalid user spark from 186.103.146.180 port 40010 ssh2
Jan 21 04:02:36 host sshd[15738]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:02:38 host sshd[15738]: Failed password for invalid user spark from 186.103.146.180 port 40010 ssh2
Jan 21 04:02:39 host sshd[15738]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:02:41 host sshd[15738]: Failed password for invalid user spark from 186.103.146.180 port 40010 ssh2
Jan 21 04:02:43 host sshd[15738]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:02:45 host sshd[15738]: Failed password for invalid user spark from 186.103.146.180 port 40010 ssh2
Jan 21 04:02:46 host sshd[15738]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:02:47 host sshd[15738]: Failed password for invalid user spark from 186.103.146.180 port 40010 ssh2
Jan 21 04:04:15 host sshd[15960]: Invalid user ibmuser from 161.82.233.183 port 55112
Jan 21 04:04:15 host sshd[15960]: input_userauth_request: invalid user ibmuser [preauth]
Jan 21 04:04:15 host sshd[15960]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:04:15 host sshd[15960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.233.183
Jan 21 04:04:18 host sshd[15960]: Failed password for invalid user ibmuser from 161.82.233.183 port 55112 ssh2
Jan 21 04:04:18 host sshd[15960]: Received disconnect from 161.82.233.183 port 55112:11: Bye Bye [preauth]
Jan 21 04:04:18 host sshd[15960]: Disconnected from 161.82.233.183 port 55112 [preauth]
Jan 21 04:07:19 host sshd[16441]: Invalid user developer from 144.217.90.5 port 44462
Jan 21 04:07:19 host sshd[16441]: input_userauth_request: invalid user developer [preauth]
Jan 21 04:07:19 host sshd[16441]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:07:19 host sshd[16441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.217.90.5
Jan 21 04:07:21 host sshd[16441]: Failed password for invalid user developer from 144.217.90.5 port 44462 ssh2
Jan 21 04:07:21 host sshd[16441]: Received disconnect from 144.217.90.5 port 44462:11: Bye Bye [preauth]
Jan 21 04:07:21 host sshd[16441]: Disconnected from 144.217.90.5 port 44462 [preauth]
Jan 21 04:07:42 host sshd[16489]: Invalid user ubuntu from 195.19.97.157 port 57588
Jan 21 04:07:42 host sshd[16489]: input_userauth_request: invalid user ubuntu [preauth]
Jan 21 04:07:42 host sshd[16489]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:07:42 host sshd[16489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.97.157
Jan 21 04:07:44 host sshd[16489]: Failed password for invalid user ubuntu from 195.19.97.157 port 57588 ssh2
Jan 21 04:07:44 host sshd[16489]: Received disconnect from 195.19.97.157 port 57588:11: Bye Bye [preauth]
Jan 21 04:07:44 host sshd[16489]: Disconnected from 195.19.97.157 port 57588 [preauth]
Jan 21 04:08:55 host sshd[16600]: Invalid user ubuntu from 159.203.10.59 port 45998
Jan 21 04:08:55 host sshd[16600]: input_userauth_request: invalid user ubuntu [preauth]
Jan 21 04:08:55 host sshd[16600]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:08:55 host sshd[16600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.10.59
Jan 21 04:08:57 host sshd[16600]: Failed password for invalid user ubuntu from 159.203.10.59 port 45998 ssh2
Jan 21 04:08:57 host sshd[16600]: Received disconnect from 159.203.10.59 port 45998:11: Bye Bye [preauth]
Jan 21 04:08:57 host sshd[16600]: Disconnected from 159.203.10.59 port 45998 [preauth]
Jan 21 04:10:05 host sshd[16737]: Invalid user ubuntu from 144.217.90.5 port 44678
Jan 21 04:10:05 host sshd[16737]: input_userauth_request: invalid user ubuntu [preauth]
Jan 21 04:10:05 host sshd[16737]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:10:05 host sshd[16737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.217.90.5
Jan 21 04:10:06 host sshd[16737]: Failed password for invalid user ubuntu from 144.217.90.5 port 44678 ssh2
Jan 21 04:10:07 host sshd[16737]: Received disconnect from 144.217.90.5 port 44678:11: Bye Bye [preauth]
Jan 21 04:10:07 host sshd[16737]: Disconnected from 144.217.90.5 port 44678 [preauth]
Jan 21 04:10:58 host sshd[16829]: Invalid user eacsaci from 144.217.90.5 port 57394
Jan 21 04:10:58 host sshd[16829]: input_userauth_request: invalid user eacsaci [preauth]
Jan 21 04:10:58 host sshd[16829]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:10:58 host sshd[16829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.217.90.5
Jan 21 04:11:01 host sshd[16829]: Failed password for invalid user eacsaci from 144.217.90.5 port 57394 ssh2
Jan 21 04:11:06 host sshd[16989]: Invalid user toto from 161.82.233.183 port 38420
Jan 21 04:11:06 host sshd[16989]: input_userauth_request: invalid user toto [preauth]
Jan 21 04:11:06 host sshd[16989]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:11:06 host sshd[16989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.233.183
Jan 21 04:11:08 host sshd[16989]: Failed password for invalid user toto from 161.82.233.183 port 38420 ssh2
Jan 21 04:11:08 host sshd[16989]: Received disconnect from 161.82.233.183 port 38420:11: Bye Bye [preauth]
Jan 21 04:11:08 host sshd[16989]: Disconnected from 161.82.233.183 port 38420 [preauth]
Jan 21 04:11:15 host sshd[17000]: Invalid user admin from 220.135.21.25 port 36468
Jan 21 04:11:15 host sshd[17000]: input_userauth_request: invalid user admin [preauth]
Jan 21 04:11:15 host sshd[17000]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:11:15 host sshd[17000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.21.25
Jan 21 04:11:17 host sshd[17000]: Failed password for invalid user admin from 220.135.21.25 port 36468 ssh2
Jan 21 04:11:18 host sshd[17000]: Failed password for invalid user admin from 220.135.21.25 port 36468 ssh2
Jan 21 04:11:19 host sshd[17000]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:11:21 host sshd[17000]: Failed password for invalid user admin from 220.135.21.25 port 36468 ssh2
Jan 21 04:11:22 host sshd[17000]: Connection reset by 220.135.21.25 port 36468 [preauth]
Jan 21 04:11:22 host sshd[17000]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.21.25
Jan 21 04:11:28 host sshd[17022]: Invalid user developer from 159.203.10.59 port 48512
Jan 21 04:11:28 host sshd[17022]: input_userauth_request: invalid user developer [preauth]
Jan 21 04:11:28 host sshd[17022]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:11:28 host sshd[17022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.10.59
Jan 21 04:11:30 host sshd[17022]: Failed password for invalid user developer from 159.203.10.59 port 48512 ssh2
Jan 21 04:11:31 host sshd[17022]: Received disconnect from 159.203.10.59 port 48512:11: Bye Bye [preauth]
Jan 21 04:11:31 host sshd[17022]: Disconnected from 159.203.10.59 port 48512 [preauth]
Jan 21 04:11:43 host sshd[17069]: Invalid user test9 from 195.19.97.157 port 39844
Jan 21 04:11:43 host sshd[17069]: input_userauth_request: invalid user test9 [preauth]
Jan 21 04:11:43 host sshd[17069]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:11:43 host sshd[17069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.97.157
Jan 21 04:11:45 host sshd[17069]: Failed password for invalid user test9 from 195.19.97.157 port 39844 ssh2
Jan 21 04:11:45 host sshd[17069]: Received disconnect from 195.19.97.157 port 39844:11: Bye Bye [preauth]
Jan 21 04:11:45 host sshd[17069]: Disconnected from 195.19.97.157 port 39844 [preauth]
Jan 21 04:12:25 host sshd[17132]: Invalid user dmdba from 161.82.233.183 port 41952
Jan 21 04:12:25 host sshd[17132]: input_userauth_request: invalid user dmdba [preauth]
Jan 21 04:12:25 host sshd[17132]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:12:25 host sshd[17132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.82.233.183
Jan 21 04:12:27 host sshd[17132]: Failed password for invalid user dmdba from 161.82.233.183 port 41952 ssh2
Jan 21 04:12:42 host sshd[17200]: Invalid user shareuser from 159.203.10.59 port 55956
Jan 21 04:12:42 host sshd[17200]: input_userauth_request: invalid user shareuser [preauth]
Jan 21 04:12:42 host sshd[17200]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:12:42 host sshd[17200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.10.59
Jan 21 04:12:44 host sshd[17200]: Failed password for invalid user shareuser from 159.203.10.59 port 55956 ssh2
Jan 21 04:12:44 host sshd[17200]: Received disconnect from 159.203.10.59 port 55956:11: Bye Bye [preauth]
Jan 21 04:12:44 host sshd[17200]: Disconnected from 159.203.10.59 port 55956 [preauth]
Jan 21 04:12:59 host sshd[17258]: Invalid user vpn from 195.19.97.157 port 34192
Jan 21 04:12:59 host sshd[17258]: input_userauth_request: invalid user vpn [preauth]
Jan 21 04:12:59 host sshd[17258]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:12:59 host sshd[17258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.19.97.157
Jan 21 04:13:01 host sshd[17258]: Failed password for invalid user vpn from 195.19.97.157 port 34192 ssh2
Jan 21 04:17:49 host sshd[17809]: Invalid user hf from 194.110.203.109 port 51902
Jan 21 04:17:49 host sshd[17809]: input_userauth_request: invalid user hf [preauth]
Jan 21 04:17:49 host sshd[17809]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:17:49 host sshd[17809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 04:17:51 host sshd[17809]: Failed password for invalid user hf from 194.110.203.109 port 51902 ssh2
Jan 21 04:17:54 host sshd[17809]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:17:56 host sshd[17809]: Failed password for invalid user hf from 194.110.203.109 port 51902 ssh2
Jan 21 04:18:00 host sshd[17809]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:18:01 host sshd[17809]: Failed password for invalid user hf from 194.110.203.109 port 51902 ssh2
Jan 21 04:18:04 host sshd[17809]: Connection closed by 194.110.203.109 port 51902 [preauth]
Jan 21 04:18:04 host sshd[17809]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 04:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 04:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=travelboniface user-2=wwwrmswll user-3=keralaholi user-4=wwwresourcehunte user-5=ugotscom user-6=wwwpmcresource user-7=dartsimp user-8=a2zgroup user-9=laundryboniface user-10=wwwkaretakers user-11=cochintaxi user-12=gifterman user-13=palco123 user-14=phmetals user-15=kottayamcalldriv user-16=mrsclean user-17=wwwnexidigital user-18=bonifacegroup user-19=wwwevmhonda user-20=straightcurve user-21=wwwletsstalkfood user-22=vfmassets user-23=wwwtestugo user-24=shalinijames user-25=pmcresources user-26=wwwkmaorg user-27=disposeat user-28=remysagr user-29=woodpeck user-30=wwwkapin feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 04:21:07 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-jXF5BGZ2yhHOONba.~
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-jXF5BGZ2yhHOONba.~'
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-jXF5BGZ2yhHOONba.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 04:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 04:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 04:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 04:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 04:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 04:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 04:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 04:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 04:28:17 host sshd[19450]: Invalid user zyfwp from 211.51.73.64 port 62531
Jan 21 04:28:17 host sshd[19450]: input_userauth_request: invalid user zyfwp [preauth]
Jan 21 04:28:17 host sshd[19450]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:28:17 host sshd[19450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.51.73.64
Jan 21 04:28:19 host sshd[19450]: Failed password for invalid user zyfwp from 211.51.73.64 port 62531 ssh2
Jan 21 04:28:20 host sshd[19450]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:28:21 host sshd[19450]: Failed password for invalid user zyfwp from 211.51.73.64 port 62531 ssh2
Jan 21 04:28:22 host sshd[19450]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:28:24 host sshd[19450]: Failed password for invalid user zyfwp from 211.51.73.64 port 62531 ssh2
Jan 21 04:39:20 host sshd[21065]: Invalid user postgres from 112.160.9.96 port 61568
Jan 21 04:39:20 host sshd[21065]: input_userauth_request: invalid user postgres [preauth]
Jan 21 04:39:20 host sshd[21065]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:39:20 host sshd[21065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.160.9.96
Jan 21 04:39:22 host sshd[21065]: Failed password for invalid user postgres from 112.160.9.96 port 61568 ssh2
Jan 21 04:39:23 host sshd[21065]: Connection reset by 112.160.9.96 port 61568 [preauth]
Jan 21 04:45:39 host sshd[22077]: Invalid user jesus from 107.189.30.59 port 50996
Jan 21 04:45:39 host sshd[22077]: input_userauth_request: invalid user jesus [preauth]
Jan 21 04:45:39 host sshd[22077]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 04:45:39 host sshd[22077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 21 04:45:41 host sshd[22077]: Failed password for invalid user jesus from 107.189.30.59 port 50996 ssh2
Jan 21 04:45:42 host sshd[22077]: Connection closed by 107.189.30.59 port 50996 [preauth]
Jan 21 04:46:52 host sshd[22243]: Bad protocol version identification '\003' from 80.66.76.59 port 28842
Jan 21 04:46:53 host sshd[22244]: Bad protocol version identification '\003' from 80.66.76.59 port 29613
Jan 21 05:01:38 host sshd[24447]: ssh_dispatch_run_fatal: Connection from 152.249.207.123 port 49790: bignum is negative [preauth]
Jan 21 05:09:37 host sshd[25535]: Invalid user admin from 211.114.224.97 port 62269
Jan 21 05:09:37 host sshd[25535]: input_userauth_request: invalid user admin [preauth]
Jan 21 05:09:37 host sshd[25535]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:09:37 host sshd[25535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.114.224.97
Jan 21 05:09:39 host sshd[25535]: Failed password for invalid user admin from 211.114.224.97 port 62269 ssh2
Jan 21 05:09:40 host sshd[25535]: Failed password for invalid user admin from 211.114.224.97 port 62269 ssh2
Jan 21 05:09:40 host sshd[25535]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:09:43 host sshd[25535]: Failed password for invalid user admin from 211.114.224.97 port 62269 ssh2
Jan 21 05:09:43 host sshd[25535]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:09:45 host sshd[25535]: Failed password for invalid user admin from 211.114.224.97 port 62269 ssh2
Jan 21 05:09:46 host sshd[25535]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:09:49 host sshd[25535]: Failed password for invalid user admin from 211.114.224.97 port 62269 ssh2
Jan 21 05:14:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 05:14:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:14:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:14:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 05:14:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:14:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:14:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 05:14:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:14:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:14:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 05:14:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:14:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:14:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 05:14:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:14:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:14:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 05:14:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:14:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:14:01 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 05:14:01 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:14:01 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 05:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=vfmassets user-2=shalinijames user-3=wwwtestugo user-4=pmcresources user-5=disposeat user-6=wwwkmaorg user-7=remysagr user-8=woodpeck user-9=wwwkapin user-10=palco123 user-11=gifterman user-12=kottayamcalldriv user-13=phmetals user-14=wwwnexidigital user-15=mrsclean user-16=bonifacegroup user-17=wwwevmhonda user-18=straightcurve user-19=wwwletsstalkfood user-20=a2zgroup user-21=dartsimp user-22=laundryboniface user-23=wwwkaretakers user-24=cochintaxi user-25=travelboniface user-26=keralaholi user-27=wwwresourcehunte user-28=wwwrmswll user-29=ugotscom user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 05:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 05:21:05 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 05:21:05 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=evmhonda.com --output=json
Jan 21 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/test -e /home/wwwevmhonda/wordpress-backups
Jan 21 05:21:05 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 21 05:21:05 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 21 05:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=letsstalkfood.com --output=json
Jan 21 05:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/test -e /home/wwwletsstalkfood/wordpress-backups
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 21 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=mrsclean.co.in --output=json
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/test -e /home/mrsclean/wordpress-backups
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 21 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/test -e /home/mrsclean/wordpress-backups
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 21 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=shalinijames.com --output=json
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/test -e /home/shalinijames/wordpress-backups
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 21 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=testugo.in --output=json
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 21 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 21 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/test -e /home/wwwtestugo/wordpress-backups
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 21 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=ugotechnologies.com --output=json
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 05:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 05:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/test -e /home/ugotscom/wordpress-backups
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=woodpeckerindia.com --output=json
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/test -e /home/woodpeck/wordpress-backups
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=panlys.com --output=json
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/test -e /home/palco123/wordpress-backups
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 domainuserdata domain=resourcehunters.com --output=json
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/test -e /home/wwwresourcehunte/wordpress-backups
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /var/cpanel/licenseid_credentials.json
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=vfmassets ; COMMAND=/bin/cat /home/vfmassets/.wp-toolkit-identifier
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user vfmassets by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user vfmassets
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/cat /home/shalinijames/.wp-toolkit-identifier
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/cat /home/wwwtestugo/.wp-toolkit-identifier
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=pmcresources ; COMMAND=/bin/cat /home/pmcresources/.wp-toolkit-identifier
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user pmcresources by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user pmcresources
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=disposeat ; COMMAND=/bin/cat /home/disposeat/.wp-toolkit-identifier
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user disposeat by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user disposeat
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkmaorg ; COMMAND=/bin/cat /home/wwwkmaorg/.wp-toolkit-identifier
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwkmaorg by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwkmaorg
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=remysagr ; COMMAND=/bin/cat /home/remysagr/.wp-toolkit-identifier
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user remysagr by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user remysagr
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/cat /home/woodpeck/.wp-toolkit-identifier
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkapin ; COMMAND=/bin/cat /home/wwwkapin/.wp-toolkit-identifier
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user wwwkapin by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user wwwkapin
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/cat /home/palco123/.wp-toolkit-identifier
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 21 05:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=gifterman ; COMMAND=/bin/cat /home/gifterman/.wp-toolkit-identifier
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session opened for user gifterman by (uid=0)
Jan 21 05:21:07 host sudo: pam_unix(sudo:session): session closed for user gifterman
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=kottayamcalldriv ; COMMAND=/bin/cat /home/kottayamcalldriv/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user kottayamcalldriv by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user kottayamcalldriv
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=phmetals ; COMMAND=/bin/cat /home/phmetals/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user phmetals by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user phmetals
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwnexidigital ; COMMAND=/bin/cat /home/wwwnexidigital/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwnexidigital by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwnexidigital
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/cat /home/mrsclean/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=bonifacegroup ; COMMAND=/bin/cat /home/bonifacegroup/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user bonifacegroup by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user bonifacegroup
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/cat /home/wwwevmhonda/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=straightcurve ; COMMAND=/bin/cat /home/straightcurve/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user straightcurve by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user straightcurve
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/cat /home/wwwletsstalkfood/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=a2zgroup ; COMMAND=/bin/cat /home/a2zgroup/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user a2zgroup by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user a2zgroup
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=dartsimp ; COMMAND=/bin/cat /home/dartsimp/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user dartsimp by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user dartsimp
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=laundryboniface ; COMMAND=/bin/cat /home/laundryboniface/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user laundryboniface by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user laundryboniface
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwkaretakers ; COMMAND=/bin/cat /home/wwwkaretakers/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwkaretakers by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwkaretakers
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=cochintaxi ; COMMAND=/bin/cat /home/cochintaxi/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user cochintaxi by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user cochintaxi
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=travelboniface ; COMMAND=/bin/cat /home/travelboniface/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user travelboniface by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user travelboniface
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/cat /home/keralaholi/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -f /home/keralaholi/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -e /home/keralaholi/-wpt-tmp-Kgb6IfTRCyEWwGEb.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/sh -c cat > /home/keralaholi/-wpt-tmp-Kgb6IfTRCyEWwGEb.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/cat /home/wwwresourcehunte/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwrmswll ; COMMAND=/bin/cat /home/wwwrmswll/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwrmswll by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwrmswll
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwpmcresource ; COMMAND=/bin/cat /home/wwwpmcresource/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user wwwpmcresource by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user wwwpmcresource
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/cat /home/keralaholi/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -f /home/keralaholi/.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/test -e /home/keralaholi/-wpt-tmp-Ux3kd1tgJ6rVoQy8.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 21 05:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=keralaholi ; COMMAND=/bin/sh -c cat > /home/keralaholi/-wpt-tmp-Ux3kd1tgJ6rVoQy8.wp-toolkit-identifier
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session opened for user keralaholi by (uid=0)
Jan 21 05:21:08 host sudo: pam_unix(sudo:session): session closed for user keralaholi
Jan 21 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_shared_ip --output=json
Jan 21 05:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_public_ip ip=167.71.234.10 --output=json
Jan 21 05:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-jUPM2Dhyn1qVtJ0B.~
Jan 21 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-jUPM2Dhyn1qVtJ0B.~'
Jan 21 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-jUPM2Dhyn1qVtJ0B.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 05:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 05:21:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:21:14 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 05:21:14 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 05:21:14 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 05:30:05 host sshd[29517]: Invalid user postgresql from 188.166.102.71 port 55986
Jan 21 05:30:05 host sshd[29517]: input_userauth_request: invalid user postgresql [preauth]
Jan 21 05:30:05 host sshd[29517]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:30:05 host sshd[29517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.102.71
Jan 21 05:30:07 host sshd[29517]: Failed password for invalid user postgresql from 188.166.102.71 port 55986 ssh2
Jan 21 05:30:07 host sshd[29517]: Received disconnect from 188.166.102.71 port 55986:11: Bye Bye [preauth]
Jan 21 05:30:07 host sshd[29517]: Disconnected from 188.166.102.71 port 55986 [preauth]
Jan 21 05:31:11 host sshd[29780]: Invalid user system from 139.59.255.59 port 40530
Jan 21 05:31:11 host sshd[29780]: input_userauth_request: invalid user system [preauth]
Jan 21 05:31:11 host sshd[29780]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:31:11 host sshd[29780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.255.59
Jan 21 05:31:12 host sshd[29780]: Failed password for invalid user system from 139.59.255.59 port 40530 ssh2
Jan 21 05:31:12 host sshd[29780]: Received disconnect from 139.59.255.59 port 40530:11: Bye Bye [preauth]
Jan 21 05:31:12 host sshd[29780]: Disconnected from 139.59.255.59 port 40530 [preauth]
Jan 21 05:31:18 host sshd[29787]: Invalid user test1 from 201.17.131.43 port 56339
Jan 21 05:31:18 host sshd[29787]: input_userauth_request: invalid user test1 [preauth]
Jan 21 05:31:18 host sshd[29787]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:31:18 host sshd[29787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.17.131.43
Jan 21 05:31:19 host sshd[29787]: Failed password for invalid user test1 from 201.17.131.43 port 56339 ssh2
Jan 21 05:31:20 host sshd[29787]: Received disconnect from 201.17.131.43 port 56339:11: Bye Bye [preauth]
Jan 21 05:31:20 host sshd[29787]: Disconnected from 201.17.131.43 port 56339 [preauth]
Jan 21 05:31:45 host sshd[29854]: Invalid user user from 43.153.63.151 port 50768
Jan 21 05:31:45 host sshd[29854]: input_userauth_request: invalid user user [preauth]
Jan 21 05:31:45 host sshd[29854]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:31:45 host sshd[29854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.63.151
Jan 21 05:31:48 host sshd[29854]: Failed password for invalid user user from 43.153.63.151 port 50768 ssh2
Jan 21 05:31:48 host sshd[29854]: Received disconnect from 43.153.63.151 port 50768:11: Bye Bye [preauth]
Jan 21 05:31:48 host sshd[29854]: Disconnected from 43.153.63.151 port 50768 [preauth]
Jan 21 05:31:55 host sshd[29863]: Invalid user Test from 164.77.119.34 port 21355
Jan 21 05:31:55 host sshd[29863]: input_userauth_request: invalid user Test [preauth]
Jan 21 05:31:55 host sshd[29863]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:31:55 host sshd[29863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.77.119.34
Jan 21 05:31:56 host sshd[29863]: Failed password for invalid user Test from 164.77.119.34 port 21355 ssh2
Jan 21 05:31:57 host sshd[29863]: Received disconnect from 164.77.119.34 port 21355:11: Bye Bye [preauth]
Jan 21 05:31:57 host sshd[29863]: Disconnected from 164.77.119.34 port 21355 [preauth]
Jan 21 05:32:56 host sshd[29993]: User sshd from 194.169.175.102 not allowed because not listed in AllowUsers
Jan 21 05:32:56 host sshd[29993]: input_userauth_request: invalid user sshd [preauth]
Jan 21 05:32:56 host unix_chkpwd[29996]: password check failed for user (sshd)
Jan 21 05:32:56 host sshd[29993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 user=sshd
Jan 21 05:32:56 host sshd[29993]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd"
Jan 21 05:32:58 host sshd[29993]: Failed password for invalid user sshd from 194.169.175.102 port 49349 ssh2
Jan 21 05:32:58 host sshd[29993]: Received disconnect from 194.169.175.102 port 49349:11: Client disconnecting normally [preauth]
Jan 21 05:32:58 host sshd[29993]: Disconnected from 194.169.175.102 port 49349 [preauth]
Jan 21 05:33:07 host sshd[30021]: Invalid user nexus from 51.158.175.97 port 57594
Jan 21 05:33:07 host sshd[30021]: input_userauth_request: invalid user nexus [preauth]
Jan 21 05:33:07 host sshd[30021]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:33:07 host sshd[30021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.158.175.97
Jan 21 05:33:09 host sshd[30021]: Failed password for invalid user nexus from 51.158.175.97 port 57594 ssh2
Jan 21 05:33:09 host sshd[30021]: Received disconnect from 51.158.175.97 port 57594:11: Bye Bye [preauth]
Jan 21 05:33:09 host sshd[30021]: Disconnected from 51.158.175.97 port 57594 [preauth]
Jan 21 05:35:58 host sshd[30545]: Invalid user ftpadmin from 188.166.102.71 port 35490
Jan 21 05:35:58 host sshd[30545]: input_userauth_request: invalid user ftpadmin [preauth]
Jan 21 05:35:58 host sshd[30545]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:35:58 host sshd[30545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.102.71
Jan 21 05:36:00 host sshd[30545]: Failed password for invalid user ftpadmin from 188.166.102.71 port 35490 ssh2
Jan 21 05:36:00 host sshd[30545]: Received disconnect from 188.166.102.71 port 35490:11: Bye Bye [preauth]
Jan 21 05:36:00 host sshd[30545]: Disconnected from 188.166.102.71 port 35490 [preauth]
Jan 21 05:36:22 host sshd[30661]: Invalid user User from 51.83.72.156 port 38806
Jan 21 05:36:22 host sshd[30661]: input_userauth_request: invalid user User [preauth]
Jan 21 05:36:22 host sshd[30661]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:36:22 host sshd[30661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.72.156
Jan 21 05:36:24 host sshd[30661]: Failed password for invalid user User from 51.83.72.156 port 38806 ssh2
Jan 21 05:36:24 host sshd[30661]: Received disconnect from 51.83.72.156 port 38806:11: Bye Bye [preauth]
Jan 21 05:36:24 host sshd[30661]: Disconnected from 51.83.72.156 port 38806 [preauth]
Jan 21 05:37:04 host sshd[30763]: Invalid user user from 188.166.102.71 port 55238
Jan 21 05:37:04 host sshd[30763]: input_userauth_request: invalid user user [preauth]
Jan 21 05:37:04 host sshd[30763]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:37:04 host sshd[30763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.102.71
Jan 21 05:37:06 host sshd[30763]: Failed password for invalid user user from 188.166.102.71 port 55238 ssh2
Jan 21 05:37:06 host sshd[30763]: Received disconnect from 188.166.102.71 port 55238:11: Bye Bye [preauth]
Jan 21 05:37:06 host sshd[30763]: Disconnected from 188.166.102.71 port 55238 [preauth]
Jan 21 05:37:09 host sshd[30790]: User tomcat from 51.158.175.97 not allowed because not listed in AllowUsers
Jan 21 05:37:09 host sshd[30790]: input_userauth_request: invalid user tomcat [preauth]
Jan 21 05:37:09 host unix_chkpwd[30804]: password check failed for user (tomcat)
Jan 21 05:37:09 host sshd[30790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.158.175.97 user=tomcat
Jan 21 05:37:09 host sshd[30790]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "tomcat"
Jan 21 05:37:11 host sshd[30790]: Failed password for invalid user tomcat from 51.158.175.97 port 44440 ssh2
Jan 21 05:37:11 host sshd[30790]: Received disconnect from 51.158.175.97 port 44440:11: Bye Bye [preauth]
Jan 21 05:37:11 host sshd[30790]: Disconnected from 51.158.175.97 port 44440 [preauth]
Jan 21 05:37:11 host sshd[30807]: Invalid user ftest from 139.59.255.59 port 41408
Jan 21 05:37:11 host sshd[30807]: input_userauth_request: invalid user ftest [preauth]
Jan 21 05:37:11 host sshd[30807]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:37:11 host sshd[30807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.255.59
Jan 21 05:37:13 host sshd[30807]: Failed password for invalid user ftest from 139.59.255.59 port 41408 ssh2
Jan 21 05:37:13 host sshd[30807]: Received disconnect from 139.59.255.59 port 41408:11: Bye Bye [preauth]
Jan 21 05:37:13 host sshd[30807]: Disconnected from 139.59.255.59 port 41408 [preauth]
Jan 21 05:37:58 host sshd[30924]: Invalid user ftptest from 51.83.72.156 port 36688
Jan 21 05:37:58 host sshd[30924]: input_userauth_request: invalid user ftptest [preauth]
Jan 21 05:37:58 host sshd[30924]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:37:58 host sshd[30924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.72.156
Jan 21 05:37:58 host sshd[30927]: Invalid user ftp_user1 from 62.89.5.174 port 36608
Jan 21 05:37:58 host sshd[30927]: input_userauth_request: invalid user ftp_user1 [preauth]
Jan 21 05:37:58 host sshd[30927]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:37:58 host sshd[30927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.89.5.174
Jan 21 05:37:59 host sshd[30922]: Invalid user httpadmin from 164.77.119.34 port 13974
Jan 21 05:37:59 host sshd[30922]: input_userauth_request: invalid user httpadmin [preauth]
Jan 21 05:37:59 host sshd[30922]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:37:59 host sshd[30922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.77.119.34
Jan 21 05:37:59 host sshd[30924]: Failed password for invalid user ftptest from 51.83.72.156 port 36688 ssh2
Jan 21 05:37:59 host sshd[30924]: Received disconnect from 51.83.72.156 port 36688:11: Bye Bye [preauth]
Jan 21 05:37:59 host sshd[30924]: Disconnected from 51.83.72.156 port 36688 [preauth]
Jan 21 05:38:00 host sshd[30927]: Failed password for invalid user ftp_user1 from 62.89.5.174 port 36608 ssh2
Jan 21 05:38:00 host sshd[30927]: Received disconnect from 62.89.5.174 port 36608:11: Bye Bye [preauth]
Jan 21 05:38:00 host sshd[30927]: Disconnected from 62.89.5.174 port 36608 [preauth]
Jan 21 05:38:01 host sshd[30922]: Failed password for invalid user httpadmin from 164.77.119.34 port 13974 ssh2
Jan 21 05:38:02 host sshd[30922]: Received disconnect from 164.77.119.34 port 13974:11: Bye Bye [preauth]
Jan 21 05:38:02 host sshd[30922]: Disconnected from 164.77.119.34 port 13974 [preauth]
Jan 21 05:38:25 host sshd[30980]: Invalid user nsuser from 164.132.49.218 port 55748
Jan 21 05:38:25 host sshd[30980]: input_userauth_request: invalid user nsuser [preauth]
Jan 21 05:38:25 host sshd[30980]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:38:25 host sshd[30980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.49.218
Jan 21 05:38:27 host sshd[30980]: Failed password for invalid user nsuser from 164.132.49.218 port 55748 ssh2
Jan 21 05:38:28 host sshd[30980]: Received disconnect from 164.132.49.218 port 55748:11: Bye Bye [preauth]
Jan 21 05:38:28 host sshd[30980]: Disconnected from 164.132.49.218 port 55748 [preauth]
Jan 21 05:38:38 host sshd[31013]: Invalid user wcsuser from 139.59.255.59 port 40136
Jan 21 05:38:38 host sshd[31013]: input_userauth_request: invalid user wcsuser [preauth]
Jan 21 05:38:38 host sshd[31013]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:38:38 host sshd[31013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.255.59
Jan 21 05:38:40 host sshd[31013]: Failed password for invalid user wcsuser from 139.59.255.59 port 40136 ssh2
Jan 21 05:38:40 host sshd[31013]: Received disconnect from 139.59.255.59 port 40136:11: Bye Bye [preauth]
Jan 21 05:38:40 host sshd[31013]: Disconnected from 139.59.255.59 port 40136 [preauth]
Jan 21 05:38:53 host sshd[31064]: Invalid user jet from 104.244.74.6 port 55796
Jan 21 05:38:53 host sshd[31064]: input_userauth_request: invalid user jet [preauth]
Jan 21 05:38:53 host sshd[31064]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:38:53 host sshd[31064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 21 05:38:55 host sshd[31064]: Failed password for invalid user jet from 104.244.74.6 port 55796 ssh2
Jan 21 05:38:56 host sshd[31064]: Connection closed by 104.244.74.6 port 55796 [preauth]
Jan 21 05:38:59 host sshd[31071]: Invalid user users from 205.185.123.158 port 50728
Jan 21 05:38:59 host sshd[31071]: input_userauth_request: invalid user users [preauth]
Jan 21 05:38:59 host sshd[31071]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:38:59 host sshd[31071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.123.158
Jan 21 05:39:01 host sshd[31074]: Invalid user FTPUser from 201.17.131.43 port 33749
Jan 21 05:39:01 host sshd[31074]: input_userauth_request: invalid user FTPUser [preauth]
Jan 21 05:39:01 host sshd[31074]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:39:01 host sshd[31074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.17.131.43
Jan 21 05:39:01 host sshd[31071]: Failed password for invalid user users from 205.185.123.158 port 50728 ssh2
Jan 21 05:39:01 host sshd[31077]: Invalid user userbot from 51.83.72.156 port 59456
Jan 21 05:39:01 host sshd[31077]: input_userauth_request: invalid user userbot [preauth]
Jan 21 05:39:01 host sshd[31077]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:39:01 host sshd[31077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.72.156
Jan 21 05:39:01 host sshd[31071]: Received disconnect from 205.185.123.158 port 50728:11: Bye Bye [preauth]
Jan 21 05:39:01 host sshd[31071]: Disconnected from 205.185.123.158 port 50728 [preauth]
Jan 21 05:39:02 host sshd[31074]: Failed password for invalid user FTPUser from 201.17.131.43 port 33749 ssh2
Jan 21 05:39:03 host sshd[31077]: Failed password for invalid user userbot from 51.83.72.156 port 59456 ssh2
Jan 21 05:39:03 host sshd[31074]: Received disconnect from 201.17.131.43 port 33749:11: Bye Bye [preauth]
Jan 21 05:39:03 host sshd[31074]: Disconnected from 201.17.131.43 port 33749 [preauth]
Jan 21 05:39:03 host sshd[31077]: Received disconnect from 51.83.72.156 port 59456:11: Bye Bye [preauth]
Jan 21 05:39:03 host sshd[31077]: Disconnected from 51.83.72.156 port 59456 [preauth]
Jan 21 05:39:32 host sshd[31192]: Invalid user testik from 185.186.147.60 port 59040
Jan 21 05:39:32 host sshd[31192]: input_userauth_request: invalid user testik [preauth]
Jan 21 05:39:32 host sshd[31192]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:39:32 host sshd[31192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.147.60
Jan 21 05:39:35 host sshd[31192]: Failed password for invalid user testik from 185.186.147.60 port 59040 ssh2
Jan 21 05:39:35 host sshd[31192]: Received disconnect from 185.186.147.60 port 59040:11: Bye Bye [preauth]
Jan 21 05:39:35 host sshd[31192]: Disconnected from 185.186.147.60 port 59040 [preauth]
Jan 21 05:39:46 host sshd[31231]: Invalid user tempadmin from 164.77.119.34 port 27447
Jan 21 05:39:46 host sshd[31231]: input_userauth_request: invalid user tempadmin [preauth]
Jan 21 05:39:46 host sshd[31231]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:39:46 host sshd[31231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.77.119.34
Jan 21 05:39:48 host sshd[31231]: Failed password for invalid user tempadmin from 164.77.119.34 port 27447 ssh2
Jan 21 05:39:49 host sshd[31231]: Received disconnect from 164.77.119.34 port 27447:11: Bye Bye [preauth]
Jan 21 05:39:49 host sshd[31231]: Disconnected from 164.77.119.34 port 27447 [preauth]
Jan 21 05:40:38 host sshd[31408]: Invalid user postgres from 201.17.131.43 port 54090
Jan 21 05:40:38 host sshd[31408]: input_userauth_request: invalid user postgres [preauth]
Jan 21 05:40:38 host sshd[31408]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:40:38 host sshd[31408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.17.131.43
Jan 21 05:40:39 host sshd[31408]: Failed password for invalid user postgres from 201.17.131.43 port 54090 ssh2
Jan 21 05:40:50 host sshd[31562]: Invalid user gitlab-runner from 164.132.49.218 port 35782
Jan 21 05:40:50 host sshd[31562]: input_userauth_request: invalid user gitlab-runner [preauth]
Jan 21 05:40:50 host sshd[31562]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:40:50 host sshd[31562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.49.218
Jan 21 05:40:52 host sshd[31562]: Failed password for invalid user gitlab-runner from 164.132.49.218 port 35782 ssh2
Jan 21 05:40:52 host sshd[31562]: Received disconnect from 164.132.49.218 port 35782:11: Bye Bye [preauth]
Jan 21 05:40:52 host sshd[31562]: Disconnected from 164.132.49.218 port 35782 [preauth]
Jan 21 05:41:39 host sshd[31675]: Invalid user abc from 62.89.5.174 port 47266
Jan 21 05:41:39 host sshd[31675]: input_userauth_request: invalid user abc [preauth]
Jan 21 05:41:39 host sshd[31675]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:41:39 host sshd[31675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.89.5.174
Jan 21 05:41:42 host sshd[31675]: Failed password for invalid user abc from 62.89.5.174 port 47266 ssh2
Jan 21 05:41:42 host sshd[31675]: Received disconnect from 62.89.5.174 port 47266:11: Bye Bye [preauth]
Jan 21 05:41:42 host sshd[31675]: Disconnected from 62.89.5.174 port 47266 [preauth]
Jan 21 05:41:59 host sshd[31705]: Invalid user winadmin from 164.132.49.218 port 35466
Jan 21 05:41:59 host sshd[31705]: input_userauth_request: invalid user winadmin [preauth]
Jan 21 05:41:59 host sshd[31705]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:41:59 host sshd[31705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.49.218
Jan 21 05:42:01 host sshd[31705]: Failed password for invalid user winadmin from 164.132.49.218 port 35466 ssh2
Jan 21 05:42:01 host sshd[31705]: Received disconnect from 164.132.49.218 port 35466:11: Bye Bye [preauth]
Jan 21 05:42:01 host sshd[31705]: Disconnected from 164.132.49.218 port 35466 [preauth]
Jan 21 05:42:06 host sshd[31757]: Invalid user admin from 205.185.123.158 port 58928
Jan 21 05:42:06 host sshd[31757]: input_userauth_request: invalid user admin [preauth]
Jan 21 05:42:06 host sshd[31757]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:42:06 host sshd[31757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.123.158
Jan 21 05:42:08 host sshd[31757]: Failed password for invalid user admin from 205.185.123.158 port 58928 ssh2
Jan 21 05:42:08 host sshd[31757]: Received disconnect from 205.185.123.158 port 58928:11: Bye Bye [preauth]
Jan 21 05:42:08 host sshd[31757]: Disconnected from 205.185.123.158 port 58928 [preauth]
Jan 21 05:42:34 host sshd[31817]: Invalid user mike from 185.186.147.60 port 37112
Jan 21 05:42:34 host sshd[31817]: input_userauth_request: invalid user mike [preauth]
Jan 21 05:42:34 host sshd[31817]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:42:34 host sshd[31817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.147.60
Jan 21 05:42:37 host sshd[31817]: Failed password for invalid user mike from 185.186.147.60 port 37112 ssh2
Jan 21 05:42:37 host sshd[31817]: Received disconnect from 185.186.147.60 port 37112:11: Bye Bye [preauth]
Jan 21 05:42:37 host sshd[31817]: Disconnected from 185.186.147.60 port 37112 [preauth]
Jan 21 05:42:50 host sshd[31836]: Invalid user daniel from 62.89.5.174 port 41872
Jan 21 05:42:50 host sshd[31836]: input_userauth_request: invalid user daniel [preauth]
Jan 21 05:42:50 host sshd[31836]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:42:50 host sshd[31836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.89.5.174
Jan 21 05:42:52 host sshd[31836]: Failed password for invalid user daniel from 62.89.5.174 port 41872 ssh2
Jan 21 05:42:52 host sshd[31836]: Received disconnect from 62.89.5.174 port 41872:11: Bye Bye [preauth]
Jan 21 05:42:52 host sshd[31836]: Disconnected from 62.89.5.174 port 41872 [preauth]
Jan 21 05:44:03 host sshd[32050]: Invalid user admins from 43.153.63.151 port 44630
Jan 21 05:44:03 host sshd[32050]: input_userauth_request: invalid user admins [preauth]
Jan 21 05:44:03 host sshd[32050]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:44:03 host sshd[32050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.63.151
Jan 21 05:44:05 host sshd[32050]: Failed password for invalid user admins from 43.153.63.151 port 44630 ssh2
Jan 21 05:44:06 host sshd[32050]: Received disconnect from 43.153.63.151 port 44630:11: Bye Bye [preauth]
Jan 21 05:44:06 host sshd[32050]: Disconnected from 43.153.63.151 port 44630 [preauth]
Jan 21 05:44:10 host sshd[32059]: Invalid user factorio from 185.186.147.60 port 36086
Jan 21 05:44:10 host sshd[32059]: input_userauth_request: invalid user factorio [preauth]
Jan 21 05:44:10 host sshd[32059]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:44:10 host sshd[32059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.147.60
Jan 21 05:44:12 host sshd[32059]: Failed password for invalid user factorio from 185.186.147.60 port 36086 ssh2
Jan 21 05:44:12 host sshd[32059]: Received disconnect from 185.186.147.60 port 36086:11: Bye Bye [preauth]
Jan 21 05:44:12 host sshd[32059]: Disconnected from 185.186.147.60 port 36086 [preauth]
Jan 21 05:44:27 host sshd[32114]: Invalid user mongouser from 205.185.123.158 port 52850
Jan 21 05:44:27 host sshd[32114]: input_userauth_request: invalid user mongouser [preauth]
Jan 21 05:44:27 host sshd[32114]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:44:27 host sshd[32114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.123.158
Jan 21 05:44:28 host sshd[32114]: Failed password for invalid user mongouser from 205.185.123.158 port 52850 ssh2
Jan 21 05:44:29 host sshd[32114]: Received disconnect from 205.185.123.158 port 52850:11: Bye Bye [preauth]
Jan 21 05:44:29 host sshd[32114]: Disconnected from 205.185.123.158 port 52850 [preauth]
Jan 21 05:45:26 host sshd[32263]: Invalid user mpiuser from 43.155.101.206 port 59406
Jan 21 05:45:26 host sshd[32263]: input_userauth_request: invalid user mpiuser [preauth]
Jan 21 05:45:26 host sshd[32263]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:45:26 host sshd[32263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.155.101.206
Jan 21 05:45:28 host sshd[32263]: Failed password for invalid user mpiuser from 43.155.101.206 port 59406 ssh2
Jan 21 05:45:28 host sshd[32263]: Received disconnect from 43.155.101.206 port 59406:11: Bye Bye [preauth]
Jan 21 05:45:28 host sshd[32263]: Disconnected from 43.155.101.206 port 59406 [preauth]
Jan 21 05:46:38 host sshd[32410]: Invalid user wp-admin from 43.153.63.151 port 42110
Jan 21 05:46:38 host sshd[32410]: input_userauth_request: invalid user wp-admin [preauth]
Jan 21 05:46:38 host sshd[32410]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:46:38 host sshd[32410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.63.151
Jan 21 05:46:40 host sshd[32410]: Failed password for invalid user wp-admin from 43.153.63.151 port 42110 ssh2
Jan 21 05:48:36 host sshd[311]: Invalid user Sujan from 31.41.244.124 port 42554
Jan 21 05:48:36 host sshd[311]: input_userauth_request: invalid user Sujan [preauth]
Jan 21 05:48:36 host sshd[311]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:48:36 host sshd[311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124
Jan 21 05:48:39 host sshd[311]: Failed password for invalid user Sujan from 31.41.244.124 port 42554 ssh2
Jan 21 05:48:39 host sshd[311]: Received disconnect from 31.41.244.124 port 42554:11: Client disconnecting normally [preauth]
Jan 21 05:48:39 host sshd[311]: Disconnected from 31.41.244.124 port 42554 [preauth]
Jan 21 05:50:10 host sshd[506]: Did not receive identification string from 4.224.22.134 port 46308
Jan 21 05:50:10 host sshd[513]: Invalid user admin from 4.224.22.134 port 48262
Jan 21 05:50:10 host sshd[513]: input_userauth_request: invalid user admin [preauth]
Jan 21 05:50:10 host sshd[508]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[508]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[509]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[509]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[513]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host sshd[512]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[512]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[507]: Invalid user www from 4.224.22.134 port 48208
Jan 21 05:50:10 host sshd[511]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[507]: input_userauth_request: invalid user www [preauth]
Jan 21 05:50:10 host sshd[511]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[510]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[510]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[524]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[524]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[507]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host sshd[542]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[542]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[515]: Invalid user admin from 4.224.22.134 port 48210
Jan 21 05:50:10 host sshd[515]: input_userauth_request: invalid user admin [preauth]
Jan 21 05:50:10 host sshd[522]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[522]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[536]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[536]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[530]: Invalid user pi from 4.224.22.134 port 48246
Jan 21 05:50:10 host sshd[519]: Invalid user pi from 4.224.22.134 port 48196
Jan 21 05:50:10 host sshd[530]: input_userauth_request: invalid user pi [preauth]
Jan 21 05:50:10 host unix_chkpwd[582]: password check failed for user (root)
Jan 21 05:50:10 host unix_chkpwd[583]: password check failed for user (root)
Jan 21 05:50:10 host sshd[512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[519]: input_userauth_request: invalid user pi [preauth]
Jan 21 05:50:10 host sshd[512]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host sshd[514]: Invalid user ubuntu from 4.224.22.134 port 48112
Jan 21 05:50:10 host sshd[514]: input_userauth_request: invalid user ubuntu [preauth]
Jan 21 05:50:10 host sshd[515]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host sshd[509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[509]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host unix_chkpwd[584]: password check failed for user (root)
Jan 21 05:50:10 host sshd[510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[510]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host sshd[532]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[539]: Invalid user pi from 4.224.22.134 port 48266
Jan 21 05:50:10 host sshd[532]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[539]: input_userauth_request: invalid user pi [preauth]
Jan 21 05:50:10 host sshd[531]: Invalid user admin from 4.224.22.134 port 48268
Jan 21 05:50:10 host sshd[521]: Invalid user admin from 4.224.22.134 port 48198
Jan 21 05:50:10 host unix_chkpwd[580]: password check failed for user (root)
Jan 21 05:50:10 host sshd[531]: input_userauth_request: invalid user admin [preauth]
Jan 21 05:50:10 host sshd[508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[508]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host sshd[546]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[546]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[521]: input_userauth_request: invalid user admin [preauth]
Jan 21 05:50:10 host sshd[541]: Invalid user pi from 4.224.22.134 port 48228
Jan 21 05:50:10 host sshd[540]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[540]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[548]: Invalid user zjw from 4.224.22.134 port 48256
Jan 21 05:50:10 host sshd[548]: input_userauth_request: invalid user zjw [preauth]
Jan 21 05:50:10 host sshd[520]: Invalid user admin from 4.224.22.134 port 48206
Jan 21 05:50:10 host sshd[549]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[537]: Invalid user admin from 4.224.22.134 port 48250
Jan 21 05:50:10 host sshd[526]: Invalid user steam from 4.224.22.134 port 48240
Jan 21 05:50:10 host sshd[549]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[518]: User centos from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[541]: input_userauth_request: invalid user pi [preauth]
Jan 21 05:50:10 host sshd[525]: User centos from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[547]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[514]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host sshd[529]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[545]: User centos from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[516]: Invalid user ansadmin from 4.224.22.134 port 48202
Jan 21 05:50:10 host sshd[516]: input_userauth_request: invalid user ansadmin [preauth]
Jan 21 05:50:10 host sshd[545]: input_userauth_request: invalid user centos [preauth]
Jan 21 05:50:10 host sshd[526]: input_userauth_request: invalid user steam [preauth]
Jan 21 05:50:10 host sshd[530]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host sshd[527]: Invalid user steam from 4.224.22.134 port 48230
Jan 21 05:50:10 host sshd[520]: input_userauth_request: invalid user admin [preauth]
Jan 21 05:50:10 host sshd[529]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[518]: input_userauth_request: invalid user centos [preauth]
Jan 21 05:50:10 host sshd[527]: input_userauth_request: invalid user steam [preauth]
Jan 21 05:50:10 host sshd[547]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[519]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host sshd[525]: input_userauth_request: invalid user centos [preauth]
Jan 21 05:50:10 host sshd[537]: input_userauth_request: invalid user admin [preauth]
Jan 21 05:50:10 host unix_chkpwd[587]: password check failed for user (root)
Jan 21 05:50:10 host sshd[531]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host sshd[543]: User root from 4.224.22.134 not allowed because not listed in AllowUsers
Jan 21 05:50:10 host sshd[521]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host sshd[543]: input_userauth_request: invalid user root [preauth]
Jan 21 05:50:10 host sshd[542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[542]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host sshd[539]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host unix_chkpwd[586]: password check failed for user (root)
Jan 21 05:50:10 host sshd[541]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host sshd[524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[524]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host sshd[537]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host sshd[526]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host sshd[520]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host unix_chkpwd[585]: password check failed for user (root)
Jan 21 05:50:10 host sshd[511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[511]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host sshd[533]: Invalid user pi from 4.224.22.134 port 48232
Jan 21 05:50:10 host sshd[548]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host sshd[516]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host sshd[533]: input_userauth_request: invalid user pi [preauth]
Jan 21 05:50:10 host sshd[527]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host unix_chkpwd[588]: password check failed for user (root)
Jan 21 05:50:10 host sshd[522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[522]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host unix_chkpwd[589]: password check failed for user (root)
Jan 21 05:50:10 host sshd[536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[536]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host sshd[533]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:50:10 host sshd[533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134
Jan 21 05:50:10 host unix_chkpwd[604]: password check failed for user (centos)
Jan 21 05:50:10 host sshd[525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=centos
Jan 21 05:50:10 host unix_chkpwd[593]: password check failed for user (centos)
Jan 21 05:50:10 host sshd[518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=centos
Jan 21 05:50:10 host unix_chkpwd[603]: password check failed for user (root)
Jan 21 05:50:10 host unix_chkpwd[596]: password check failed for user (root)
Jan 21 05:50:10 host sshd[549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[549]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host sshd[547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[547]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host unix_chkpwd[590]: password check failed for user (root)
Jan 21 05:50:10 host unix_chkpwd[592]: password check failed for user (root)
Jan 21 05:50:10 host sshd[546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[546]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host sshd[540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[540]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host unix_chkpwd[595]: password check failed for user (centos)
Jan 21 05:50:10 host sshd[545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=centos
Jan 21 05:50:10 host unix_chkpwd[606]: password check failed for user (root)
Jan 21 05:50:10 host sshd[543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[543]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host unix_chkpwd[591]: password check failed for user (root)
Jan 21 05:50:10 host sshd[532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[532]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:10 host unix_chkpwd[594]: password check failed for user (root)
Jan 21 05:50:10 host sshd[529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.224.22.134 user=root
Jan 21 05:50:10 host sshd[529]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 05:50:12 host sshd[513]: Failed password for invalid user admin from 4.224.22.134 port 48262 ssh2
Jan 21 05:50:12 host sshd[507]: Failed password for invalid user www from 4.224.22.134 port 48208 ssh2
Jan 21 05:50:12 host sshd[512]: Failed password for invalid user root from 4.224.22.134 port 48254 ssh2
Jan 21 05:50:12 host sshd[515]: Failed password for invalid user admin from 4.224.22.134 port 48210 ssh2
Jan 21 05:50:12 host sshd[509]: Failed password for invalid user root from 4.224.22.134 port 48212 ssh2
Jan 21 05:50:12 host sshd[510]: Failed password for invalid user root from 4.224.22.134 port 48242 ssh2
Jan 21 05:50:12 host sshd[508]: Failed password for invalid user root from 4.224.22.134 port 48194 ssh2
Jan 21 05:50:12 host sshd[514]: Failed password for invalid user ubuntu from 4.224.22.134 port 48112 ssh2
Jan 21 05:50:12 host sshd[530]: Failed password for invalid user pi from 4.224.22.134 port 48246 ssh2
Jan 21 05:50:12 host sshd[519]: Failed password for invalid user pi from 4.224.22.134 port 48196 ssh2
Jan 21 05:50:12 host sshd[531]: Failed password for invalid user admin from 4.224.22.134 port 48268 ssh2
Jan 21 05:50:12 host sshd[521]: Failed password for invalid user admin from 4.224.22.134 port 48198 ssh2
Jan 21 05:50:12 host sshd[542]: Failed password for invalid user root from 4.224.22.134 port 48226 ssh2
Jan 21 05:50:12 host sshd[539]: Failed password for invalid user pi from 4.224.22.134 port 48266 ssh2
Jan 21 05:50:12 host sshd[541]: Failed password for invalid user pi from 4.224.22.134 port 48228 ssh2
Jan 21 05:50:12 host sshd[524]: Failed password for invalid user root from 4.224.22.134 port 48218 ssh2
Jan 21 05:50:12 host sshd[526]: Failed password for invalid user steam from 4.224.22.134 port 48240 ssh2
Jan 21 05:50:12 host sshd[537]: Failed password for invalid user admin from 4.224.22.134 port 48250 ssh2
Jan 21 05:50:12 host sshd[520]: Failed password for invalid user admin from 4.224.22.134 port 48206 ssh2
Jan 21 05:50:12 host sshd[511]: Failed password for invalid user root from 4.224.22.134 port 48234 ssh2
Jan 21 05:50:12 host sshd[548]: Failed password for invalid user zjw from 4.224.22.134 port 48256 ssh2
Jan 21 05:50:12 host sshd[516]: Failed password for invalid user ansadmin from 4.224.22.134 port 48202 ssh2
Jan 21 05:50:12 host sshd[527]: Failed password for invalid user steam from 4.224.22.134 port 48230 ssh2
Jan 21 05:50:12 host sshd[522]: Failed password for invalid user root from 4.224.22.134 port 48216 ssh2
Jan 21 05:50:12 host sshd[536]: Failed password for invalid user root from 4.224.22.134 port 48238 ssh2
Jan 21 05:50:12 host sshd[533]: Failed password for invalid user pi from 4.224.22.134 port 48232 ssh2
Jan 21 05:50:12 host sshd[525]: Failed password for invalid user centos from 4.224.22.134 port 48220 ssh2
Jan 21 05:50:12 host sshd[518]: Failed password for invalid user centos from 4.224.22.134 port 48200 ssh2
Jan 21 05:50:12 host sshd[549]: Failed password for invalid user root from 4.224.22.134 port 48260 ssh2
Jan 21 05:50:12 host sshd[547]: Failed password for invalid user root from 4.224.22.134 port 48222 ssh2
Jan 21 05:50:12 host sshd[513]: Connection closed by 4.224.22.134 port 48262 [preauth]
Jan 21 05:50:12 host sshd[507]: Connection closed by 4.224.22.134 port 48208 [preauth]
Jan 21 05:50:12 host sshd[546]: Failed password for invalid user root from 4.224.22.134 port 48264 ssh2
Jan 21 05:50:12 host sshd[540]: Failed password for invalid user root from 4.224.22.134 port 48204 ssh2
Jan 21 05:50:12 host sshd[545]: Failed password for invalid user centos from 4.224.22.134 port 48214 ssh2
Jan 21 05:50:12 host sshd[509]: Connection closed by 4.224.22.134 port 48212 [preauth]
Jan 21 05:50:12 host sshd[543]: Failed password for invalid user root from 4.224.22.134 port 48252 ssh2
Jan 21 05:50:12 host sshd[512]: Connection closed by 4.224.22.134 port 48254 [preauth]
Jan 21 05:50:12 host sshd[532]: Failed password for invalid user root from 4.224.22.134 port 48258 ssh2
Jan 21 05:50:12 host sshd[529]: Failed password for invalid user root from 4.224.22.134 port 48224 ssh2
Jan 21 05:50:12 host sshd[515]: Connection closed by 4.224.22.134 port 48210 [preauth]
Jan 21 05:50:12 host sshd[510]: Connection closed by 4.224.22.134 port 48242 [preauth]
Jan 21 05:50:12 host sshd[508]: Connection closed by 4.224.22.134 port 48194 [preauth]
Jan 21 05:50:12 host sshd[511]: Connection closed by 4.224.22.134 port 48234 [preauth]
Jan 21 05:50:12 host sshd[530]: Connection closed by 4.224.22.134 port 48246 [preauth]
Jan 21 05:50:12 host sshd[539]: Connection closed by 4.224.22.134 port 48266 [preauth]
Jan 21 05:50:12 host sshd[514]: Connection closed by 4.224.22.134 port 48112 [preauth]
Jan 21 05:50:12 host sshd[542]: Connection closed by 4.224.22.134 port 48226 [preauth]
Jan 21 05:50:12 host sshd[531]: Connection closed by 4.224.22.134 port 48268 [preauth]
Jan 21 05:50:12 host sshd[521]: Connection closed by 4.224.22.134 port 48198 [preauth]
Jan 21 05:50:12 host sshd[527]: Connection closed by 4.224.22.134 port 48230 [preauth]
Jan 21 05:50:12 host sshd[519]: Connection closed by 4.224.22.134 port 48196 [preauth]
Jan 21 05:50:12 host sshd[520]: Connection closed by 4.224.22.134 port 48206 [preauth]
Jan 21 05:50:12 host sshd[548]: Connection closed by 4.224.22.134 port 48256 [preauth]
Jan 21 05:50:12 host sshd[526]: Connection closed by 4.224.22.134 port 48240 [preauth]
Jan 21 05:50:12 host sshd[541]: Connection closed by 4.224.22.134 port 48228 [preauth]
Jan 21 05:50:12 host sshd[537]: Connection closed by 4.224.22.134 port 48250 [preauth]
Jan 21 05:50:12 host sshd[516]: Connection closed by 4.224.22.134 port 48202 [preauth]
Jan 21 05:50:12 host sshd[524]: Connection closed by 4.224.22.134 port 48218 [preauth]
Jan 21 05:50:12 host sshd[536]: Connection closed by 4.224.22.134 port 48238 [preauth]
Jan 21 05:50:12 host sshd[525]: Connection closed by 4.224.22.134 port 48220 [preauth]
Jan 21 05:50:13 host sshd[533]: Connection closed by 4.224.22.134 port 48232 [preauth]
Jan 21 05:50:13 host sshd[522]: Connection closed by 4.224.22.134 port 48216 [preauth]
Jan 21 05:50:13 host sshd[547]: Connection closed by 4.224.22.134 port 48222 [preauth]
Jan 21 05:50:13 host sshd[549]: Connection closed by 4.224.22.134 port 48260 [preauth]
Jan 21 05:50:13 host sshd[518]: Connection closed by 4.224.22.134 port 48200 [preauth]
Jan 21 05:50:13 host sshd[546]: Connection closed by 4.224.22.134 port 48264 [preauth]
Jan 21 05:50:13 host sshd[540]: Connection closed by 4.224.22.134 port 48204 [preauth]
Jan 21 05:50:13 host sshd[529]: Connection closed by 4.224.22.134 port 48224 [preauth]
Jan 21 05:50:13 host sshd[545]: Connection closed by 4.224.22.134 port 48214 [preauth]
Jan 21 05:50:13 host sshd[532]: Connection closed by 4.224.22.134 port 48258 [preauth]
Jan 21 05:50:13 host sshd[543]: Connection closed by 4.224.22.134 port 48252 [preauth]
Jan 21 05:54:55 host sshd[1234]: Invalid user ble from 43.155.101.206 port 32794
Jan 21 05:54:55 host sshd[1234]: input_userauth_request: invalid user ble [preauth]
Jan 21 05:54:55 host sshd[1234]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:54:55 host sshd[1234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.155.101.206
Jan 21 05:54:57 host sshd[1234]: Failed password for invalid user ble from 43.155.101.206 port 32794 ssh2
Jan 21 05:54:57 host sshd[1234]: Received disconnect from 43.155.101.206 port 32794:11: Bye Bye [preauth]
Jan 21 05:54:57 host sshd[1234]: Disconnected from 43.155.101.206 port 32794 [preauth]
Jan 21 05:57:02 host sshd[1619]: Invalid user test3 from 43.155.101.206 port 60374
Jan 21 05:57:02 host sshd[1619]: input_userauth_request: invalid user test3 [preauth]
Jan 21 05:57:02 host sshd[1619]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:57:02 host sshd[1619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.155.101.206
Jan 21 05:57:04 host sshd[1619]: Failed password for invalid user test3 from 43.155.101.206 port 60374 ssh2
Jan 21 05:57:04 host sshd[1619]: Received disconnect from 43.155.101.206 port 60374:11: Bye Bye [preauth]
Jan 21 05:57:04 host sshd[1619]: Disconnected from 43.155.101.206 port 60374 [preauth]
Jan 21 05:59:53 host sshd[2005]: Invalid user hg from 194.110.203.109 port 48462
Jan 21 05:59:53 host sshd[2005]: input_userauth_request: invalid user hg [preauth]
Jan 21 05:59:53 host sshd[2005]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 05:59:53 host sshd[2005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 05:59:56 host sshd[2005]: Failed password for invalid user hg from 194.110.203.109 port 48462 ssh2
Jan 21 05:59:59 host sshd[2005]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:00:01 host sshd[2005]: Failed password for invalid user hg from 194.110.203.109 port 48462 ssh2
Jan 21 06:00:04 host sshd[2005]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:00:06 host sshd[2005]: Failed password for invalid user hg from 194.110.203.109 port 48462 ssh2
Jan 21 06:00:09 host sshd[2005]: Connection closed by 194.110.203.109 port 48462 [preauth]
Jan 21 06:00:09 host sshd[2005]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 06:02:46 host sshd[2536]: Invalid user vadmin from 78.193.208.86 port 48708
Jan 21 06:02:46 host sshd[2536]: input_userauth_request: invalid user vadmin [preauth]
Jan 21 06:02:46 host sshd[2536]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:02:46 host sshd[2536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.193.208.86
Jan 21 06:02:49 host sshd[2536]: Failed password for invalid user vadmin from 78.193.208.86 port 48708 ssh2
Jan 21 06:02:49 host sshd[2536]: Connection reset by 78.193.208.86 port 48708 [preauth]
Jan 21 06:05:16 host sshd[2874]: Invalid user usr from 114.35.33.33 port 38835
Jan 21 06:05:16 host sshd[2874]: input_userauth_request: invalid user usr [preauth]
Jan 21 06:05:16 host sshd[2874]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:05:16 host sshd[2874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.33.33
Jan 21 06:05:18 host sshd[2874]: Failed password for invalid user usr from 114.35.33.33 port 38835 ssh2
Jan 21 06:05:18 host sshd[2874]: Connection reset by 114.35.33.33 port 38835 [preauth]
Jan 21 06:16:16 host sshd[4569]: Invalid user ansibleuser from 91.205.128.170 port 44322
Jan 21 06:16:16 host sshd[4569]: input_userauth_request: invalid user ansibleuser [preauth]
Jan 21 06:16:16 host sshd[4569]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:16:16 host sshd[4569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.128.170
Jan 21 06:16:19 host sshd[4569]: Failed password for invalid user ansibleuser from 91.205.128.170 port 44322 ssh2
Jan 21 06:16:19 host sshd[4569]: Received disconnect from 91.205.128.170 port 44322:11: Bye Bye [preauth]
Jan 21 06:16:19 host sshd[4569]: Disconnected from 91.205.128.170 port 44322 [preauth]
Jan 21 06:16:33 host sshd[4622]: Invalid user admin from 69.55.54.65 port 58000
Jan 21 06:16:33 host sshd[4622]: input_userauth_request: invalid user admin [preauth]
Jan 21 06:16:33 host sshd[4622]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:16:33 host sshd[4622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.55.54.65
Jan 21 06:16:35 host sshd[4622]: Failed password for invalid user admin from 69.55.54.65 port 58000 ssh2
Jan 21 06:16:36 host sshd[4622]: Received disconnect from 69.55.54.65 port 58000:11: Bye Bye [preauth]
Jan 21 06:16:36 host sshd[4622]: Disconnected from 69.55.54.65 port 58000 [preauth]
Jan 21 06:17:30 host sshd[4779]: Invalid user anne from 103.164.221.210 port 48844
Jan 21 06:17:30 host sshd[4779]: input_userauth_request: invalid user anne [preauth]
Jan 21 06:17:30 host sshd[4779]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:17:30 host sshd[4779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.164.221.210
Jan 21 06:17:31 host sshd[4779]: Failed password for invalid user anne from 103.164.221.210 port 48844 ssh2
Jan 21 06:17:32 host sshd[4779]: Received disconnect from 103.164.221.210 port 48844:11: Bye Bye [preauth]
Jan 21 06:17:32 host sshd[4779]: Disconnected from 103.164.221.210 port 48844 [preauth]
Jan 21 06:20:24 host sshd[5397]: Invalid user elk from 165.22.242.64 port 37254
Jan 21 06:20:24 host sshd[5397]: input_userauth_request: invalid user elk [preauth]
Jan 21 06:20:24 host sshd[5397]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:20:24 host sshd[5397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.242.64
Jan 21 06:20:26 host sshd[5397]: Failed password for invalid user elk from 165.22.242.64 port 37254 ssh2
Jan 21 06:20:26 host sshd[5397]: Received disconnect from 165.22.242.64 port 37254:11: Bye Bye [preauth]
Jan 21 06:20:26 host sshd[5397]: Disconnected from 165.22.242.64 port 37254 [preauth]
Jan 21 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 06:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkapin user-2=woodpeck user-3=wwwkmaorg user-4=disposeat user-5=remysagr user-6=pmcresources user-7=vfmassets user-8=shalinijames user-9=wwwtestugo user-10=straightcurve user-11=wwwletsstalkfood user-12=bonifacegroup user-13=wwwevmhonda user-14=mrsclean user-15=wwwnexidigital user-16=palco123 user-17=gifterman user-18=kottayamcalldriv user-19=phmetals user-20=cochintaxi user-21=wwwkaretakers user-22=laundryboniface user-23=a2zgroup user-24=dartsimp user-25=wwwpmcresource user-26=wwwresourcehunte user-27=keralaholi user-28=wwwrmswll user-29=ugotscom user-30=travelboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 06:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-xPJpSJ2ZMFaCKARu.~
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-xPJpSJ2ZMFaCKARu.~'
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-xPJpSJ2ZMFaCKARu.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 06:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 06:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 06:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 06:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 06:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 06:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 06:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 06:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 06:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 06:22:54 host sshd[5992]: Invalid user share from 91.205.128.170 port 46362
Jan 21 06:22:54 host sshd[5992]: input_userauth_request: invalid user share [preauth]
Jan 21 06:22:54 host sshd[5992]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:22:54 host sshd[5992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.128.170
Jan 21 06:22:56 host sshd[5992]: Failed password for invalid user share from 91.205.128.170 port 46362 ssh2
Jan 21 06:22:56 host sshd[5992]: Received disconnect from 91.205.128.170 port 46362:11: Bye Bye [preauth]
Jan 21 06:22:56 host sshd[5992]: Disconnected from 91.205.128.170 port 46362 [preauth]
Jan 21 06:23:33 host sshd[6178]: Invalid user rancher from 69.55.54.65 port 59448
Jan 21 06:23:33 host sshd[6178]: input_userauth_request: invalid user rancher [preauth]
Jan 21 06:23:33 host sshd[6178]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:23:33 host sshd[6178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.55.54.65
Jan 21 06:23:35 host sshd[6178]: Failed password for invalid user rancher from 69.55.54.65 port 59448 ssh2
Jan 21 06:23:35 host sshd[6178]: Received disconnect from 69.55.54.65 port 59448:11: Bye Bye [preauth]
Jan 21 06:23:35 host sshd[6178]: Disconnected from 69.55.54.65 port 59448 [preauth]
Jan 21 06:23:37 host sshd[6209]: Invalid user remote from 165.22.242.64 port 48340
Jan 21 06:23:37 host sshd[6209]: input_userauth_request: invalid user remote [preauth]
Jan 21 06:23:37 host sshd[6209]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:23:37 host sshd[6209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.242.64
Jan 21 06:23:38 host sshd[6209]: Failed password for invalid user remote from 165.22.242.64 port 48340 ssh2
Jan 21 06:23:38 host sshd[6209]: Received disconnect from 165.22.242.64 port 48340:11: Bye Bye [preauth]
Jan 21 06:23:38 host sshd[6209]: Disconnected from 165.22.242.64 port 48340 [preauth]
Jan 21 06:23:59 host sshd[6258]: Invalid user halo from 103.164.221.210 port 46150
Jan 21 06:23:59 host sshd[6258]: input_userauth_request: invalid user halo [preauth]
Jan 21 06:23:59 host sshd[6258]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:23:59 host sshd[6258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.164.221.210
Jan 21 06:24:01 host sshd[6258]: Failed password for invalid user halo from 103.164.221.210 port 46150 ssh2
Jan 21 06:24:01 host sshd[6258]: Received disconnect from 103.164.221.210 port 46150:11: Bye Bye [preauth]
Jan 21 06:24:01 host sshd[6258]: Disconnected from 103.164.221.210 port 46150 [preauth]
Jan 21 06:24:09 host sshd[6286]: Invalid user download from 91.205.128.170 port 40778
Jan 21 06:24:09 host sshd[6286]: input_userauth_request: invalid user download [preauth]
Jan 21 06:24:09 host sshd[6286]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:24:09 host sshd[6286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.128.170
Jan 21 06:24:11 host sshd[6286]: Failed password for invalid user download from 91.205.128.170 port 40778 ssh2
Jan 21 06:24:17 host sshd[6338]: Did not receive identification string from 45.79.181.104 port 7598
Jan 21 06:24:20 host sshd[6341]: Connection closed by 45.79.181.104 port 7600 [preauth]
Jan 21 06:24:21 host sshd[6351]: Did not receive identification string from 45.79.181.104 port 56086
Jan 21 06:24:24 host sshd[6355]: Invalid user default from 122.117.101.117 port 43056
Jan 21 06:24:24 host sshd[6355]: input_userauth_request: invalid user default [preauth]
Jan 21 06:24:24 host sshd[6355]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:24:24 host sshd[6355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.101.117
Jan 21 06:24:26 host sshd[6355]: Failed password for invalid user default from 122.117.101.117 port 43056 ssh2
Jan 21 06:24:26 host sshd[6355]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:24:28 host sshd[6355]: Failed password for invalid user default from 122.117.101.117 port 43056 ssh2
Jan 21 06:24:29 host sshd[6355]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:24:31 host sshd[6355]: Failed password for invalid user default from 122.117.101.117 port 43056 ssh2
Jan 21 06:24:32 host sshd[6355]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:24:34 host sshd[6355]: Failed password for invalid user default from 122.117.101.117 port 43056 ssh2
Jan 21 06:24:34 host sshd[6355]: Connection reset by 122.117.101.117 port 43056 [preauth]
Jan 21 06:24:34 host sshd[6355]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.101.117
Jan 21 06:24:34 host sshd[6355]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 21 06:24:41 host sshd[6419]: Invalid user gitlab-psql from 69.55.54.65 port 53898
Jan 21 06:24:41 host sshd[6419]: input_userauth_request: invalid user gitlab-psql [preauth]
Jan 21 06:24:41 host sshd[6419]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:24:41 host sshd[6419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.55.54.65
Jan 21 06:24:43 host sshd[6419]: Failed password for invalid user gitlab-psql from 69.55.54.65 port 53898 ssh2
Jan 21 06:24:44 host sshd[6419]: Received disconnect from 69.55.54.65 port 53898:11: Bye Bye [preauth]
Jan 21 06:24:44 host sshd[6419]: Disconnected from 69.55.54.65 port 53898 [preauth]
Jan 21 06:25:01 host sshd[6525]: Invalid user testmail1 from 165.22.242.64 port 46948
Jan 21 06:25:01 host sshd[6525]: input_userauth_request: invalid user testmail1 [preauth]
Jan 21 06:25:01 host sshd[6525]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:25:01 host sshd[6525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.242.64
Jan 21 06:25:03 host sshd[6525]: Failed password for invalid user testmail1 from 165.22.242.64 port 46948 ssh2
Jan 21 06:25:03 host sshd[6525]: Received disconnect from 165.22.242.64 port 46948:11: Bye Bye [preauth]
Jan 21 06:25:03 host sshd[6525]: Disconnected from 165.22.242.64 port 46948 [preauth]
Jan 21 06:25:26 host sshd[6642]: Invalid user testlab from 103.164.221.210 port 52390
Jan 21 06:25:26 host sshd[6642]: input_userauth_request: invalid user testlab [preauth]
Jan 21 06:25:26 host sshd[6642]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:25:26 host sshd[6642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.164.221.210
Jan 21 06:25:28 host sshd[6642]: Failed password for invalid user testlab from 103.164.221.210 port 52390 ssh2
Jan 21 06:25:28 host sshd[6642]: Received disconnect from 103.164.221.210 port 52390:11: Bye Bye [preauth]
Jan 21 06:25:28 host sshd[6642]: Disconnected from 103.164.221.210 port 52390 [preauth]
Jan 21 06:26:05 host sshd[6876]: Invalid user jet from 104.244.74.6 port 47862
Jan 21 06:26:05 host sshd[6876]: input_userauth_request: invalid user jet [preauth]
Jan 21 06:26:05 host sshd[6876]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:26:05 host sshd[6876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 21 06:26:08 host sshd[6876]: Failed password for invalid user jet from 104.244.74.6 port 47862 ssh2
Jan 21 06:26:08 host sshd[6876]: Connection closed by 104.244.74.6 port 47862 [preauth]
Jan 21 06:28:13 host sshd[7137]: User root from 166.90.116.109 not allowed because not listed in AllowUsers
Jan 21 06:28:13 host sshd[7137]: input_userauth_request: invalid user root [preauth]
Jan 21 06:28:13 host unix_chkpwd[7146]: password check failed for user (root)
Jan 21 06:28:13 host sshd[7137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.90.116.109 user=root
Jan 21 06:28:13 host sshd[7137]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 06:28:15 host sshd[7137]: Failed password for invalid user root from 166.90.116.109 port 45817 ssh2
Jan 21 06:28:18 host unix_chkpwd[7152]: password check failed for user (root)
Jan 21 06:28:18 host sshd[7137]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 06:28:20 host sshd[7137]: Failed password for invalid user root from 166.90.116.109 port 45817 ssh2
Jan 21 06:28:23 host unix_chkpwd[7166]: password check failed for user (root)
Jan 21 06:28:23 host sshd[7137]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 06:28:25 host sshd[7137]: Failed password for invalid user root from 166.90.116.109 port 45817 ssh2
Jan 21 06:37:51 host sshd[8702]: Invalid user jet from 104.244.74.6 port 40908
Jan 21 06:37:51 host sshd[8702]: input_userauth_request: invalid user jet [preauth]
Jan 21 06:37:51 host sshd[8702]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:37:51 host sshd[8702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.74.6
Jan 21 06:37:52 host sshd[8702]: Failed password for invalid user jet from 104.244.74.6 port 40908 ssh2
Jan 21 06:37:53 host sshd[8702]: Connection closed by 104.244.74.6 port 40908 [preauth]
Jan 21 06:45:28 host sshd[9931]: Invalid user pingpang from 102.68.141.170 port 58520
Jan 21 06:45:28 host sshd[9931]: input_userauth_request: invalid user pingpang [preauth]
Jan 21 06:45:29 host sshd[9931]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 06:45:29 host sshd[9931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.141.170
Jan 21 06:45:31 host sshd[9931]: Failed password for invalid user pingpang from 102.68.141.170 port 58520 ssh2
Jan 21 06:45:31 host sshd[9931]: Connection closed by 102.68.141.170 port 58520 [preauth]
Jan 21 06:50:26 host sshd[10743]: User root from 59.25.72.10 not allowed because not listed in AllowUsers
Jan 21 06:50:26 host sshd[10743]: input_userauth_request: invalid user root [preauth]
Jan 21 06:50:26 host unix_chkpwd[10753]: password check failed for user (root)
Jan 21 06:50:26 host sshd[10743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.25.72.10 user=root
Jan 21 06:50:26 host sshd[10743]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 06:50:28 host sshd[10743]: Failed password for invalid user root from 59.25.72.10 port 39057 ssh2
Jan 21 07:12:52 host sshd[14294]: ssh_dispatch_run_fatal: Connection from 220.132.132.19 port 41995: bignum is negative [preauth]
Jan 21 07:18:01 host sshd[15212]: Invalid user admin from 114.32.250.42 port 36643
Jan 21 07:18:01 host sshd[15212]: input_userauth_request: invalid user admin [preauth]
Jan 21 07:18:01 host sshd[15212]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 07:18:01 host sshd[15212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.250.42
Jan 21 07:18:03 host sshd[15212]: Failed password for invalid user admin from 114.32.250.42 port 36643 ssh2
Jan 21 07:18:04 host sshd[15212]: Failed password for invalid user admin from 114.32.250.42 port 36643 ssh2
Jan 21 07:18:04 host sshd[15212]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 07:18:07 host sshd[15212]: Failed password for invalid user admin from 114.32.250.42 port 36643 ssh2
Jan 21 07:18:07 host sshd[15212]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 07:18:10 host sshd[15212]: Failed password for invalid user admin from 114.32.250.42 port 36643 ssh2
Jan 21 07:18:10 host sshd[15212]: Connection reset by 114.32.250.42 port 36643 [preauth]
Jan 21 07:18:10 host sshd[15212]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.250.42
Jan 21 07:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 07:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 07:21:02 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:02 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=palco123 user-2=gifterman user-3=kottayamcalldriv user-4=phmetals user-5=wwwnexidigital user-6=mrsclean user-7=bonifacegroup user-8=wwwevmhonda user-9=straightcurve user-10=wwwletsstalkfood user-11=vfmassets user-12=shalinijames user-13=wwwtestugo user-14=pmcresources user-15=wwwkmaorg user-16=disposeat user-17=remysagr user-18=wwwkapin user-19=woodpeck user-20=travelboniface user-21=wwwresourcehunte user-22=keralaholi user-23=wwwrmswll user-24=ugotscom user-25=wwwpmcresource user-26=a2zgroup user-27=dartsimp user-28=laundryboniface user-29=cochintaxi user-30=wwwkaretakers feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 07:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-OOCwX4OnDxlcBuKu.~
Jan 21 07:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-OOCwX4OnDxlcBuKu.~'
Jan 21 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-OOCwX4OnDxlcBuKu.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 07:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 07:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 07:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 07:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 07:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 07:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 07:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 07:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 07:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 07:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 07:30:24 host sshd[17472]: Invalid user yangyi from 106.10.122.53 port 47948
Jan 21 07:30:24 host sshd[17472]: input_userauth_request: invalid user yangyi [preauth]
Jan 21 07:30:24 host sshd[17472]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 07:30:24 host sshd[17472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 21 07:30:26 host sshd[17472]: Failed password for invalid user yangyi from 106.10.122.53 port 47948 ssh2
Jan 21 07:30:26 host sshd[17472]: Connection closed by 106.10.122.53 port 47948 [preauth]
Jan 21 07:34:25 host sshd[17981]: Invalid user uucpadm from 205.185.113.129 port 35636
Jan 21 07:34:25 host sshd[17981]: input_userauth_request: invalid user uucpadm [preauth]
Jan 21 07:34:25 host sshd[17981]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 07:34:25 host sshd[17981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 21 07:34:27 host sshd[17981]: Failed password for invalid user uucpadm from 205.185.113.129 port 35636 ssh2
Jan 21 07:34:28 host sshd[17981]: Connection closed by 205.185.113.129 port 35636 [preauth]
Jan 21 07:38:30 host sshd[18455]: Bad packet length 3613523697. [preauth]
Jan 21 07:38:30 host sshd[18455]: ssh_dispatch_run_fatal: Connection from 211.109.181.11 port 59278: message authentication code incorrect [preauth]
Jan 21 07:39:01 host sshd[18521]: Invalid user admin from 220.94.5.121 port 61667
Jan 21 07:39:01 host sshd[18521]: input_userauth_request: invalid user admin [preauth]
Jan 21 07:39:01 host sshd[18521]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 07:39:01 host sshd[18521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.94.5.121
Jan 21 07:39:03 host sshd[18521]: Failed password for invalid user admin from 220.94.5.121 port 61667 ssh2
Jan 21 07:39:04 host sshd[18521]: Connection reset by 220.94.5.121 port 61667 [preauth]
Jan 21 07:43:13 host sshd[19192]: Invalid user remote from 62.233.50.248 port 6118
Jan 21 07:43:13 host sshd[19192]: input_userauth_request: invalid user remote [preauth]
Jan 21 07:43:14 host sshd[19192]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 07:43:14 host sshd[19192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248
Jan 21 07:43:16 host sshd[19192]: Failed password for invalid user remote from 62.233.50.248 port 6118 ssh2
Jan 21 07:43:16 host sshd[19192]: Received disconnect from 62.233.50.248 port 6118:11: Client disconnecting normally [preauth]
Jan 21 07:43:16 host sshd[19192]: Disconnected from 62.233.50.248 port 6118 [preauth]
Jan 21 07:48:22 host sshd[20218]: Invalid user pi from 122.117.99.202 port 48313
Jan 21 07:48:22 host sshd[20218]: input_userauth_request: invalid user pi [preauth]
Jan 21 07:48:22 host sshd[20218]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 07:48:22 host sshd[20218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.99.202
Jan 21 07:48:25 host sshd[20218]: Failed password for invalid user pi from 122.117.99.202 port 48313 ssh2
Jan 21 07:48:26 host sshd[20218]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 07:48:28 host sshd[20218]: Failed password for invalid user pi from 122.117.99.202 port 48313 ssh2
Jan 21 07:48:28 host sshd[20218]: Connection reset by 122.117.99.202 port 48313 [preauth]
Jan 21 07:48:28 host sshd[20218]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.99.202
Jan 21 07:48:59 host sshd[20315]: Invalid user hh from 194.110.203.109 port 45524
Jan 21 07:48:59 host sshd[20315]: input_userauth_request: invalid user hh [preauth]
Jan 21 07:48:59 host sshd[20315]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 07:48:59 host sshd[20315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 07:49:01 host sshd[20315]: Failed password for invalid user hh from 194.110.203.109 port 45524 ssh2
Jan 21 07:49:04 host sshd[20315]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 07:49:07 host sshd[20315]: Failed password for invalid user hh from 194.110.203.109 port 45524 ssh2
Jan 21 07:49:10 host sshd[20315]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 07:49:12 host sshd[20315]: Failed password for invalid user hh from 194.110.203.109 port 45524 ssh2
Jan 21 07:49:15 host sshd[20315]: Connection closed by 194.110.203.109 port 45524 [preauth]
Jan 21 07:49:15 host sshd[20315]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 08:01:08 host sshd[22307]: Did not receive identification string from 92.255.85.115 port 58258
Jan 21 08:09:51 host sshd[23737]: Invalid user Yukako from 162.218.126.136 port 33486
Jan 21 08:09:51 host sshd[23737]: input_userauth_request: invalid user Yukako [preauth]
Jan 21 08:09:51 host sshd[23737]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:09:51 host sshd[23737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.218.126.136
Jan 21 08:09:52 host sshd[23737]: Failed password for invalid user Yukako from 162.218.126.136 port 33486 ssh2
Jan 21 08:09:53 host sshd[23737]: Connection closed by 162.218.126.136 port 33486 [preauth]
Jan 21 08:10:57 host sshd[23973]: Invalid user admin from 92.255.85.115 port 60367
Jan 21 08:10:57 host sshd[23973]: input_userauth_request: invalid user admin [preauth]
Jan 21 08:10:57 host sshd[23973]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:10:57 host sshd[23973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.255.85.115
Jan 21 08:10:59 host sshd[23973]: Failed password for invalid user admin from 92.255.85.115 port 60367 ssh2
Jan 21 08:10:59 host sshd[23973]: Connection reset by 92.255.85.115 port 60367 [preauth]
Jan 21 08:17:24 host sshd[24907]: Invalid user support from 92.255.85.115 port 56643
Jan 21 08:17:24 host sshd[24907]: input_userauth_request: invalid user support [preauth]
Jan 21 08:17:25 host sshd[24907]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:17:25 host sshd[24907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.255.85.115
Jan 21 08:17:26 host sshd[24907]: Failed password for invalid user support from 92.255.85.115 port 56643 ssh2
Jan 21 08:17:26 host sshd[24907]: Connection reset by 92.255.85.115 port 56643 [preauth]
Jan 21 08:18:15 host sshd[25136]: Invalid user pi from 118.34.209.108 port 37803
Jan 21 08:18:15 host sshd[25136]: input_userauth_request: invalid user pi [preauth]
Jan 21 08:18:15 host sshd[25136]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:18:15 host sshd[25136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.34.209.108
Jan 21 08:18:16 host sshd[25136]: Failed password for invalid user pi from 118.34.209.108 port 37803 ssh2
Jan 21 08:18:20 host sshd[25136]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:18:22 host sshd[25136]: Failed password for invalid user pi from 118.34.209.108 port 37803 ssh2
Jan 21 08:18:23 host sshd[25136]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:18:25 host sshd[25136]: Failed password for invalid user pi from 118.34.209.108 port 37803 ssh2
Jan 21 08:18:27 host sshd[25136]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:18:28 host sshd[25136]: Failed password for invalid user pi from 118.34.209.108 port 37803 ssh2
Jan 21 08:18:29 host sshd[25136]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:18:31 host sshd[25136]: Failed password for invalid user pi from 118.34.209.108 port 37803 ssh2
Jan 21 08:18:33 host sshd[25136]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:18:35 host sshd[25136]: Failed password for invalid user pi from 118.34.209.108 port 37803 ssh2
Jan 21 08:18:35 host sshd[25136]: error: maximum authentication attempts exceeded for invalid user pi from 118.34.209.108 port 37803 ssh2 [preauth]
Jan 21 08:18:35 host sshd[25136]: Disconnecting: Too many authentication failures [preauth]
Jan 21 08:18:35 host sshd[25136]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.34.209.108
Jan 21 08:18:35 host sshd[25136]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 21 08:19:00 host sshd[25271]: User ftp from 112.173.157.225 not allowed because not listed in AllowUsers
Jan 21 08:19:00 host sshd[25271]: input_userauth_request: invalid user ftp [preauth]
Jan 21 08:19:00 host unix_chkpwd[25274]: password check failed for user (ftp)
Jan 21 08:19:00 host sshd[25271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.173.157.225 user=ftp
Jan 21 08:19:00 host sshd[25271]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 21 08:19:01 host sshd[25271]: Failed password for invalid user ftp from 112.173.157.225 port 62045 ssh2
Jan 21 08:19:02 host unix_chkpwd[25287]: password check failed for user (ftp)
Jan 21 08:19:02 host sshd[25271]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 21 08:19:05 host sshd[25271]: Failed password for invalid user ftp from 112.173.157.225 port 62045 ssh2
Jan 21 08:19:05 host unix_chkpwd[25291]: password check failed for user (ftp)
Jan 21 08:19:05 host sshd[25271]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 21 08:19:07 host sshd[25271]: Failed password for invalid user ftp from 112.173.157.225 port 62045 ssh2
Jan 21 08:19:08 host sshd[25271]: Failed password for invalid user ftp from 112.173.157.225 port 62045 ssh2
Jan 21 08:19:08 host unix_chkpwd[25319]: password check failed for user (ftp)
Jan 21 08:19:08 host sshd[25271]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 21 08:19:10 host sshd[25271]: Failed password for invalid user ftp from 112.173.157.225 port 62045 ssh2
Jan 21 08:19:49 host sshd[25434]: Invalid user ibmuser from 139.59.105.82 port 49102
Jan 21 08:19:49 host sshd[25434]: input_userauth_request: invalid user ibmuser [preauth]
Jan 21 08:19:49 host sshd[25434]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:19:49 host sshd[25434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.105.82
Jan 21 08:19:51 host sshd[25434]: Failed password for invalid user ibmuser from 139.59.105.82 port 49102 ssh2
Jan 21 08:19:52 host sshd[25434]: Received disconnect from 139.59.105.82 port 49102:11: Bye Bye [preauth]
Jan 21 08:19:52 host sshd[25434]: Disconnected from 139.59.105.82 port 49102 [preauth]
Jan 21 08:20:28 host sshd[25537]: Invalid user test8 from 188.235.137.135 port 48452
Jan 21 08:20:28 host sshd[25537]: input_userauth_request: invalid user test8 [preauth]
Jan 21 08:20:28 host sshd[25537]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:20:28 host sshd[25537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.137.135
Jan 21 08:20:31 host sshd[25537]: Failed password for invalid user test8 from 188.235.137.135 port 48452 ssh2
Jan 21 08:20:31 host sshd[25537]: Received disconnect from 188.235.137.135 port 48452:11: Bye Bye [preauth]
Jan 21 08:20:31 host sshd[25537]: Disconnected from 188.235.137.135 port 48452 [preauth]
Jan 21 08:21:02 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=remysagr user-2=disposeat user-3=wwwkmaorg user-4=woodpeck user-5=wwwkapin user-6=shalinijames user-7=wwwtestugo user-8=vfmassets user-9=pmcresources user-10=wwwevmhonda user-11=bonifacegroup user-12=wwwletsstalkfood user-13=straightcurve user-14=phmetals user-15=kottayamcalldriv user-16=palco123 user-17=gifterman user-18=wwwnexidigital user-19=mrsclean user-20=cochintaxi user-21=wwwkaretakers user-22=a2zgroup user-23=dartsimp user-24=laundryboniface user-25=wwwpmcresource user-26=travelboniface user-27=ugotscom user-28=wwwresourcehunte user-29=keralaholi user-30=wwwrmswll feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 08:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-3tCl6Jj482QiCBKI.~
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-3tCl6Jj482QiCBKI.~'
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-3tCl6Jj482QiCBKI.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 08:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 08:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 08:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 08:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 08:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 08:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 08:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 08:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 08:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 08:21:30 host sshd[25916]: Invalid user postgres from 222.119.64.11 port 38700
Jan 21 08:21:30 host sshd[25916]: input_userauth_request: invalid user postgres [preauth]
Jan 21 08:21:30 host sshd[25916]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:21:30 host sshd[25916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.119.64.11
Jan 21 08:21:32 host sshd[25916]: Failed password for invalid user postgres from 222.119.64.11 port 38700 ssh2
Jan 21 08:21:32 host sshd[25916]: Received disconnect from 222.119.64.11 port 38700:11: Bye Bye [preauth]
Jan 21 08:21:32 host sshd[25916]: Disconnected from 222.119.64.11 port 38700 [preauth]
Jan 21 08:21:44 host sshd[25937]: Invalid user labuser from 128.199.210.191 port 56568
Jan 21 08:21:44 host sshd[25937]: input_userauth_request: invalid user labuser [preauth]
Jan 21 08:21:44 host sshd[25937]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:21:44 host sshd[25937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.210.191
Jan 21 08:21:46 host sshd[25937]: Failed password for invalid user labuser from 128.199.210.191 port 56568 ssh2
Jan 21 08:21:46 host sshd[25937]: Received disconnect from 128.199.210.191 port 56568:11: Bye Bye [preauth]
Jan 21 08:21:46 host sshd[25937]: Disconnected from 128.199.210.191 port 56568 [preauth]
Jan 21 08:23:00 host sshd[26193]: Invalid user ansibleuser from 139.59.127.178 port 33640
Jan 21 08:23:00 host sshd[26193]: input_userauth_request: invalid user ansibleuser [preauth]
Jan 21 08:23:00 host sshd[26193]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:23:00 host sshd[26193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.127.178
Jan 21 08:23:02 host sshd[26193]: Failed password for invalid user ansibleuser from 139.59.127.178 port 33640 ssh2
Jan 21 08:23:02 host sshd[26193]: Received disconnect from 139.59.127.178 port 33640:11: Bye Bye [preauth]
Jan 21 08:23:02 host sshd[26193]: Disconnected from 139.59.127.178 port 33640 [preauth]
Jan 21 08:23:14 host sshd[26231]: Invalid user devel from 139.59.229.85 port 48358
Jan 21 08:23:14 host sshd[26231]: input_userauth_request: invalid user devel [preauth]
Jan 21 08:23:14 host sshd[26231]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:23:14 host sshd[26231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.229.85
Jan 21 08:23:16 host sshd[26231]: Failed password for invalid user devel from 139.59.229.85 port 48358 ssh2
Jan 21 08:23:16 host sshd[26231]: Received disconnect from 139.59.229.85 port 48358:11: Bye Bye [preauth]
Jan 21 08:23:16 host sshd[26231]: Disconnected from 139.59.229.85 port 48358 [preauth]
Jan 21 08:25:23 host sshd[26488]: Invalid user ansibleuser from 139.59.105.82 port 54836
Jan 21 08:25:23 host sshd[26488]: input_userauth_request: invalid user ansibleuser [preauth]
Jan 21 08:25:23 host sshd[26488]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:25:23 host sshd[26488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.105.82
Jan 21 08:25:26 host sshd[26488]: Failed password for invalid user ansibleuser from 139.59.105.82 port 54836 ssh2
Jan 21 08:25:26 host sshd[26488]: Received disconnect from 139.59.105.82 port 54836:11: Bye Bye [preauth]
Jan 21 08:25:26 host sshd[26488]: Disconnected from 139.59.105.82 port 54836 [preauth]
Jan 21 08:25:45 host sshd[26535]: Invalid user admin from 98.59.154.71 port 41808
Jan 21 08:25:45 host sshd[26535]: input_userauth_request: invalid user admin [preauth]
Jan 21 08:25:45 host sshd[26535]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:25:45 host sshd[26535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.59.154.71
Jan 21 08:25:47 host sshd[26535]: Failed password for invalid user admin from 98.59.154.71 port 41808 ssh2
Jan 21 08:25:47 host sshd[26535]: Connection reset by 98.59.154.71 port 41808 [preauth]
Jan 21 08:25:55 host sshd[26550]: Invalid user admin from 128.199.210.191 port 58296
Jan 21 08:25:55 host sshd[26550]: input_userauth_request: invalid user admin [preauth]
Jan 21 08:25:55 host sshd[26550]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:25:55 host sshd[26550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.210.191
Jan 21 08:25:56 host sshd[26550]: Failed password for invalid user admin from 128.199.210.191 port 58296 ssh2
Jan 21 08:25:56 host sshd[26550]: Received disconnect from 128.199.210.191 port 58296:11: Bye Bye [preauth]
Jan 21 08:25:56 host sshd[26550]: Disconnected from 128.199.210.191 port 58296 [preauth]
Jan 21 08:26:21 host sshd[26589]: Invalid user testuser from 222.119.64.11 port 55236
Jan 21 08:26:21 host sshd[26589]: input_userauth_request: invalid user testuser [preauth]
Jan 21 08:26:21 host sshd[26589]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:26:21 host sshd[26589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.119.64.11
Jan 21 08:26:22 host sshd[26594]: Invalid user testuser from 139.59.127.178 port 40914
Jan 21 08:26:22 host sshd[26594]: input_userauth_request: invalid user testuser [preauth]
Jan 21 08:26:22 host sshd[26594]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:26:22 host sshd[26594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.127.178
Jan 21 08:26:23 host sshd[26589]: Failed password for invalid user testuser from 222.119.64.11 port 55236 ssh2
Jan 21 08:26:24 host sshd[26589]: Received disconnect from 222.119.64.11 port 55236:11: Bye Bye [preauth]
Jan 21 08:26:24 host sshd[26589]: Disconnected from 222.119.64.11 port 55236 [preauth]
Jan 21 08:26:24 host sshd[26594]: Failed password for invalid user testuser from 139.59.127.178 port 40914 ssh2
Jan 21 08:26:24 host sshd[26594]: Received disconnect from 139.59.127.178 port 40914:11: Bye Bye [preauth]
Jan 21 08:26:24 host sshd[26594]: Disconnected from 139.59.127.178 port 40914 [preauth]
Jan 21 08:26:33 host sshd[26637]: Invalid user wordpress from 139.59.229.85 port 37162
Jan 21 08:26:33 host sshd[26637]: input_userauth_request: invalid user wordpress [preauth]
Jan 21 08:26:33 host sshd[26637]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:26:33 host sshd[26637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.229.85
Jan 21 08:26:35 host sshd[26637]: Failed password for invalid user wordpress from 139.59.229.85 port 37162 ssh2
Jan 21 08:26:35 host sshd[26637]: Received disconnect from 139.59.229.85 port 37162:11: Bye Bye [preauth]
Jan 21 08:26:35 host sshd[26637]: Disconnected from 139.59.229.85 port 37162 [preauth]
Jan 21 08:26:41 host sshd[26649]: Invalid user ts3user from 139.59.105.82 port 40684
Jan 21 08:26:41 host sshd[26649]: input_userauth_request: invalid user ts3user [preauth]
Jan 21 08:26:41 host sshd[26649]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:26:41 host sshd[26649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.105.82
Jan 21 08:26:43 host sshd[26649]: Failed password for invalid user ts3user from 139.59.105.82 port 40684 ssh2
Jan 21 08:27:16 host sshd[26749]: Invalid user testdummy from 128.199.210.191 port 56654
Jan 21 08:27:16 host sshd[26749]: input_userauth_request: invalid user testdummy [preauth]
Jan 21 08:27:16 host sshd[26749]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:27:16 host sshd[26749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.210.191
Jan 21 08:27:18 host sshd[26749]: Failed password for invalid user testdummy from 128.199.210.191 port 56654 ssh2
Jan 21 08:27:18 host sshd[26749]: Received disconnect from 128.199.210.191 port 56654:11: Bye Bye [preauth]
Jan 21 08:27:18 host sshd[26749]: Disconnected from 128.199.210.191 port 56654 [preauth]
Jan 21 08:27:39 host sshd[26840]: Invalid user sftpadmin from 139.59.127.178 port 35332
Jan 21 08:27:39 host sshd[26840]: input_userauth_request: invalid user sftpadmin [preauth]
Jan 21 08:27:39 host sshd[26840]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:27:39 host sshd[26840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.127.178
Jan 21 08:27:41 host sshd[26840]: Failed password for invalid user sftpadmin from 139.59.127.178 port 35332 ssh2
Jan 21 08:27:41 host sshd[26840]: Received disconnect from 139.59.127.178 port 35332:11: Bye Bye [preauth]
Jan 21 08:27:41 host sshd[26840]: Disconnected from 139.59.127.178 port 35332 [preauth]
Jan 21 08:27:59 host sshd[26988]: Invalid user ttuser from 222.119.64.11 port 53762
Jan 21 08:27:59 host sshd[26988]: input_userauth_request: invalid user ttuser [preauth]
Jan 21 08:27:59 host sshd[26988]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:27:59 host sshd[26988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.119.64.11
Jan 21 08:28:00 host sshd[26988]: Failed password for invalid user ttuser from 222.119.64.11 port 53762 ssh2
Jan 21 08:28:00 host sshd[26988]: Received disconnect from 222.119.64.11 port 53762:11: Bye Bye [preauth]
Jan 21 08:28:00 host sshd[26988]: Disconnected from 222.119.64.11 port 53762 [preauth]
Jan 21 08:28:04 host sshd[27030]: Invalid user ubuntu from 188.235.137.135 port 39811
Jan 21 08:28:04 host sshd[27030]: input_userauth_request: invalid user ubuntu [preauth]
Jan 21 08:28:04 host sshd[27030]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:28:04 host sshd[27030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.137.135
Jan 21 08:28:07 host sshd[27030]: Failed password for invalid user ubuntu from 188.235.137.135 port 39811 ssh2
Jan 21 08:28:07 host sshd[27030]: Received disconnect from 188.235.137.135 port 39811:11: Bye Bye [preauth]
Jan 21 08:28:07 host sshd[27030]: Disconnected from 188.235.137.135 port 39811 [preauth]
Jan 21 08:28:07 host sshd[27046]: Invalid user sysop from 139.59.229.85 port 48660
Jan 21 08:28:07 host sshd[27046]: input_userauth_request: invalid user sysop [preauth]
Jan 21 08:28:07 host sshd[27046]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:28:07 host sshd[27046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.229.85
Jan 21 08:28:09 host sshd[27046]: Failed password for invalid user sysop from 139.59.229.85 port 48660 ssh2
Jan 21 08:29:39 host sshd[27252]: Invalid user postgres from 188.235.137.135 port 33105
Jan 21 08:29:39 host sshd[27252]: input_userauth_request: invalid user postgres [preauth]
Jan 21 08:29:39 host sshd[27252]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:29:39 host sshd[27252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.137.135
Jan 21 08:29:40 host sshd[27252]: Failed password for invalid user postgres from 188.235.137.135 port 33105 ssh2
Jan 21 08:29:41 host sshd[27252]: Received disconnect from 188.235.137.135 port 33105:11: Bye Bye [preauth]
Jan 21 08:29:41 host sshd[27252]: Disconnected from 188.235.137.135 port 33105 [preauth]
Jan 21 08:44:04 host sshd[29335]: ssh_dispatch_run_fatal: Connection from 220.132.56.146 port 52372: bignum is negative [preauth]
Jan 21 08:52:02 host sshd[31116]: Invalid user admin from 220.135.149.5 port 58200
Jan 21 08:52:02 host sshd[31116]: input_userauth_request: invalid user admin [preauth]
Jan 21 08:52:02 host sshd[31116]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:52:02 host sshd[31116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.149.5
Jan 21 08:52:05 host sshd[31116]: Failed password for invalid user admin from 220.135.149.5 port 58200 ssh2
Jan 21 08:52:05 host sshd[31116]: Failed password for invalid user admin from 220.135.149.5 port 58200 ssh2
Jan 21 08:52:07 host sshd[31116]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:52:09 host sshd[31116]: Failed password for invalid user admin from 220.135.149.5 port 58200 ssh2
Jan 21 08:52:10 host sshd[31116]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:52:12 host sshd[31116]: Failed password for invalid user admin from 220.135.149.5 port 58200 ssh2
Jan 21 08:52:13 host sshd[31116]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:52:15 host sshd[31116]: Failed password for invalid user admin from 220.135.149.5 port 58200 ssh2
Jan 21 08:53:50 host sshd[31341]: Invalid user testugo from 141.98.11.150 port 46194
Jan 21 08:53:50 host sshd[31341]: input_userauth_request: invalid user testugo [preauth]
Jan 21 08:53:50 host sshd[31341]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 08:53:50 host sshd[31341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.11.150
Jan 21 08:53:53 host sshd[31341]: Failed password for invalid user testugo from 141.98.11.150 port 46194 ssh2
Jan 21 08:53:54 host sshd[31341]: Received disconnect from 141.98.11.150 port 46194:11: Normal Shutdown, Thank you for playing [preauth]
Jan 21 08:53:54 host sshd[31341]: Disconnected from 141.98.11.150 port 46194 [preauth]
Jan 21 08:57:05 host sshd[31813]: Connection reset by 67.176.136.119 port 63408 [preauth]
Jan 21 09:00:22 host sshd[32189]: Invalid user testugo from 141.98.11.150 port 35584
Jan 21 09:00:22 host sshd[32189]: input_userauth_request: invalid user testugo [preauth]
Jan 21 09:00:22 host sshd[32189]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:00:22 host sshd[32189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.11.150
Jan 21 09:00:24 host sshd[32189]: Failed password for invalid user testugo from 141.98.11.150 port 35584 ssh2
Jan 21 09:00:24 host sshd[32189]: Received disconnect from 141.98.11.150 port 35584:11: Normal Shutdown, Thank you for playing [preauth]
Jan 21 09:00:24 host sshd[32189]: Disconnected from 141.98.11.150 port 35584 [preauth]
Jan 21 09:07:02 host sshd[698]: Invalid user testugo from 141.98.11.150 port 53942
Jan 21 09:07:02 host sshd[698]: input_userauth_request: invalid user testugo [preauth]
Jan 21 09:07:02 host sshd[698]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:07:02 host sshd[698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.11.150
Jan 21 09:07:04 host sshd[698]: Failed password for invalid user testugo from 141.98.11.150 port 53942 ssh2
Jan 21 09:07:04 host sshd[698]: Received disconnect from 141.98.11.150 port 53942:11: Normal Shutdown, Thank you for playing [preauth]
Jan 21 09:07:04 host sshd[698]: Disconnected from 141.98.11.150 port 53942 [preauth]
Jan 21 09:13:55 host sshd[1631]: Did not receive identification string from 8.219.76.192 port 61000
Jan 21 09:19:45 host sshd[2275]: Invalid user user from 168.235.165.209 port 40408
Jan 21 09:19:45 host sshd[2275]: input_userauth_request: invalid user user [preauth]
Jan 21 09:19:45 host sshd[2275]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:19:45 host sshd[2275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.235.165.209
Jan 21 09:19:47 host sshd[2275]: Failed password for invalid user user from 168.235.165.209 port 40408 ssh2
Jan 21 09:19:48 host sshd[2275]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:19:50 host sshd[2275]: Failed password for invalid user user from 168.235.165.209 port 40408 ssh2
Jan 21 09:19:51 host sshd[2275]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:19:53 host sshd[2275]: Failed password for invalid user user from 168.235.165.209 port 40408 ssh2
Jan 21 09:19:54 host sshd[2275]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:19:56 host sshd[2275]: Failed password for invalid user user from 168.235.165.209 port 40408 ssh2
Jan 21 09:19:56 host sshd[2275]: Connection reset by 168.235.165.209 port 40408 [preauth]
Jan 21 09:19:56 host sshd[2275]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.235.165.209
Jan 21 09:19:56 host sshd[2275]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 21 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwnexidigital user-2=mrsclean user-3=gifterman user-4=palco123 user-5=kottayamcalldriv user-6=phmetals user-7=straightcurve user-8=wwwletsstalkfood user-9=bonifacegroup user-10=wwwevmhonda user-11=pmcresources user-12=vfmassets user-13=wwwtestugo user-14=shalinijames user-15=woodpeck user-16=wwwkapin user-17=wwwkmaorg user-18=disposeat user-19=remysagr user-20=wwwrmswll user-21=keralaholi user-22=wwwresourcehunte user-23=ugotscom user-24=travelboniface user-25=wwwpmcresource user-26=laundryboniface user-27=dartsimp user-28=a2zgroup user-29=wwwkaretakers user-30=cochintaxi feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 09:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 09:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-87u27aLLU23ooX90.~
Jan 21 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-87u27aLLU23ooX90.~'
Jan 21 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-87u27aLLU23ooX90.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 09:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 09:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 09:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 09:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 09:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 09:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 09:24:46 host sshd[3249]: User root from 100.37.189.176 not allowed because not listed in AllowUsers
Jan 21 09:24:46 host sshd[3249]: input_userauth_request: invalid user root [preauth]
Jan 21 09:24:46 host unix_chkpwd[3252]: password check failed for user (root)
Jan 21 09:24:46 host sshd[3249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=100.37.189.176 user=root
Jan 21 09:24:46 host sshd[3249]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 09:24:47 host sshd[3249]: Failed password for invalid user root from 100.37.189.176 port 61335 ssh2
Jan 21 09:24:48 host sshd[3249]: Connection reset by 100.37.189.176 port 61335 [preauth]
Jan 21 09:26:25 host sshd[3558]: Invalid user uda from 212.220.204.3 port 40339
Jan 21 09:26:25 host sshd[3558]: input_userauth_request: invalid user uda [preauth]
Jan 21 09:26:25 host sshd[3558]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:26:25 host sshd[3558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.220.204.3
Jan 21 09:26:27 host sshd[3558]: Failed password for invalid user uda from 212.220.204.3 port 40339 ssh2
Jan 21 09:26:27 host sshd[3558]: Connection closed by 212.220.204.3 port 40339 [preauth]
Jan 21 09:32:34 host sshd[4406]: Invalid user lighthouse from 31.210.211.114 port 37843
Jan 21 09:32:34 host sshd[4406]: input_userauth_request: invalid user lighthouse [preauth]
Jan 21 09:32:34 host sshd[4406]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:32:34 host sshd[4406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.210.211.114
Jan 21 09:32:35 host sshd[4406]: Failed password for invalid user lighthouse from 31.210.211.114 port 37843 ssh2
Jan 21 09:32:36 host sshd[4406]: Received disconnect from 31.210.211.114 port 37843:11: Bye Bye [preauth]
Jan 21 09:32:36 host sshd[4406]: Disconnected from 31.210.211.114 port 37843 [preauth]
Jan 21 09:33:47 host sshd[4559]: Invalid user tempadmin from 159.65.53.91 port 56638
Jan 21 09:33:47 host sshd[4559]: input_userauth_request: invalid user tempadmin [preauth]
Jan 21 09:33:47 host sshd[4559]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:33:47 host sshd[4559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.53.91
Jan 21 09:33:48 host sshd[4559]: Failed password for invalid user tempadmin from 159.65.53.91 port 56638 ssh2
Jan 21 09:33:49 host sshd[4559]: Received disconnect from 159.65.53.91 port 56638:11: Bye Bye [preauth]
Jan 21 09:33:49 host sshd[4559]: Disconnected from 159.65.53.91 port 56638 [preauth]
Jan 21 09:34:39 host sshd[4658]: Invalid user apitest from 107.175.221.233 port 42766
Jan 21 09:34:39 host sshd[4658]: input_userauth_request: invalid user apitest [preauth]
Jan 21 09:34:39 host sshd[4658]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:34:39 host sshd[4658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.221.233
Jan 21 09:34:41 host sshd[4658]: Failed password for invalid user apitest from 107.175.221.233 port 42766 ssh2
Jan 21 09:34:41 host sshd[4658]: Received disconnect from 107.175.221.233 port 42766:11: Bye Bye [preauth]
Jan 21 09:34:41 host sshd[4658]: Disconnected from 107.175.221.233 port 42766 [preauth]
Jan 21 09:36:39 host sshd[4915]: Invalid user mytest from 159.65.53.91 port 40914
Jan 21 09:36:39 host sshd[4915]: input_userauth_request: invalid user mytest [preauth]
Jan 21 09:36:39 host sshd[4915]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:36:39 host sshd[4915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.53.91
Jan 21 09:36:41 host sshd[4915]: Failed password for invalid user mytest from 159.65.53.91 port 40914 ssh2
Jan 21 09:36:41 host sshd[4915]: Received disconnect from 159.65.53.91 port 40914:11: Bye Bye [preauth]
Jan 21 09:36:41 host sshd[4915]: Disconnected from 159.65.53.91 port 40914 [preauth]
Jan 21 09:36:44 host sshd[4925]: Invalid user oracle from 98.243.72.196 port 35464
Jan 21 09:36:44 host sshd[4925]: input_userauth_request: invalid user oracle [preauth]
Jan 21 09:36:44 host sshd[4925]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:36:44 host sshd[4925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.243.72.196
Jan 21 09:36:47 host sshd[4925]: Failed password for invalid user oracle from 98.243.72.196 port 35464 ssh2
Jan 21 09:36:47 host sshd[4925]: Received disconnect from 98.243.72.196 port 35464:11: Bye Bye [preauth]
Jan 21 09:36:47 host sshd[4925]: Disconnected from 98.243.72.196 port 35464 [preauth]
Jan 21 09:37:10 host sshd[4969]: Invalid user node from 103.150.60.6 port 37776
Jan 21 09:37:10 host sshd[4969]: input_userauth_request: invalid user node [preauth]
Jan 21 09:37:10 host sshd[4969]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:37:10 host sshd[4969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.150.60.6
Jan 21 09:37:12 host sshd[4969]: Failed password for invalid user node from 103.150.60.6 port 37776 ssh2
Jan 21 09:37:12 host sshd[4969]: Received disconnect from 103.150.60.6 port 37776:11: Bye Bye [preauth]
Jan 21 09:37:12 host sshd[4969]: Disconnected from 103.150.60.6 port 37776 [preauth]
Jan 21 09:37:28 host sshd[4995]: Invalid user admini from 31.210.211.114 port 42272
Jan 21 09:37:28 host sshd[4995]: input_userauth_request: invalid user admini [preauth]
Jan 21 09:37:28 host sshd[4995]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:37:28 host sshd[4995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.210.211.114
Jan 21 09:37:30 host sshd[4995]: Failed password for invalid user admini from 31.210.211.114 port 42272 ssh2
Jan 21 09:37:30 host sshd[4995]: Received disconnect from 31.210.211.114 port 42272:11: Bye Bye [preauth]
Jan 21 09:37:30 host sshd[4995]: Disconnected from 31.210.211.114 port 42272 [preauth]
Jan 21 09:37:47 host sshd[5151]: Invalid user adminrig from 159.65.53.91 port 39626
Jan 21 09:37:47 host sshd[5151]: input_userauth_request: invalid user adminrig [preauth]
Jan 21 09:37:47 host sshd[5151]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:37:47 host sshd[5151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.53.91
Jan 21 09:37:49 host sshd[5151]: Failed password for invalid user adminrig from 159.65.53.91 port 39626 ssh2
Jan 21 09:37:49 host sshd[5151]: Received disconnect from 159.65.53.91 port 39626:11: Bye Bye [preauth]
Jan 21 09:37:49 host sshd[5151]: Disconnected from 159.65.53.91 port 39626 [preauth]
Jan 21 09:38:06 host sshd[5221]: Invalid user guestuser from 98.243.72.196 port 35572
Jan 21 09:38:06 host sshd[5221]: input_userauth_request: invalid user guestuser [preauth]
Jan 21 09:38:06 host sshd[5221]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:38:06 host sshd[5221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.243.72.196
Jan 21 09:38:09 host sshd[5221]: Failed password for invalid user guestuser from 98.243.72.196 port 35572 ssh2
Jan 21 09:38:09 host sshd[5221]: Received disconnect from 98.243.72.196 port 35572:11: Bye Bye [preauth]
Jan 21 09:38:09 host sshd[5221]: Disconnected from 98.243.72.196 port 35572 [preauth]
Jan 21 09:38:58 host sshd[5316]: Invalid user arkserver from 31.210.211.114 port 36877
Jan 21 09:38:58 host sshd[5316]: input_userauth_request: invalid user arkserver [preauth]
Jan 21 09:38:58 host sshd[5316]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:38:58 host sshd[5316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.210.211.114
Jan 21 09:38:59 host sshd[5316]: Failed password for invalid user arkserver from 31.210.211.114 port 36877 ssh2
Jan 21 09:38:59 host sshd[5316]: Received disconnect from 31.210.211.114 port 36877:11: Bye Bye [preauth]
Jan 21 09:38:59 host sshd[5316]: Disconnected from 31.210.211.114 port 36877 [preauth]
Jan 21 09:39:18 host sshd[5392]: Invalid user dspace from 98.243.72.196 port 35674
Jan 21 09:39:18 host sshd[5392]: input_userauth_request: invalid user dspace [preauth]
Jan 21 09:39:18 host sshd[5392]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:39:18 host sshd[5392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.243.72.196
Jan 21 09:39:21 host sshd[5392]: Failed password for invalid user dspace from 98.243.72.196 port 35674 ssh2
Jan 21 09:39:32 host sshd[5472]: Invalid user dev from 103.150.60.6 port 38142
Jan 21 09:39:32 host sshd[5472]: input_userauth_request: invalid user dev [preauth]
Jan 21 09:39:32 host sshd[5472]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:39:32 host sshd[5472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.150.60.6
Jan 21 09:39:34 host sshd[5472]: Failed password for invalid user dev from 103.150.60.6 port 38142 ssh2
Jan 21 09:39:34 host sshd[5472]: Received disconnect from 103.150.60.6 port 38142:11: Bye Bye [preauth]
Jan 21 09:39:34 host sshd[5472]: Disconnected from 103.150.60.6 port 38142 [preauth]
Jan 21 09:39:41 host sshd[5487]: Invalid user hi from 194.110.203.109 port 46086
Jan 21 09:39:41 host sshd[5487]: input_userauth_request: invalid user hi [preauth]
Jan 21 09:39:41 host sshd[5487]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:39:41 host sshd[5487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 09:39:43 host sshd[5487]: Failed password for invalid user hi from 194.110.203.109 port 46086 ssh2
Jan 21 09:39:46 host sshd[5487]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:39:48 host sshd[5487]: Failed password for invalid user hi from 194.110.203.109 port 46086 ssh2
Jan 21 09:39:51 host sshd[5487]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:39:53 host sshd[5487]: Failed password for invalid user hi from 194.110.203.109 port 46086 ssh2
Jan 21 09:39:56 host sshd[5487]: Connection closed by 194.110.203.109 port 46086 [preauth]
Jan 21 09:39:56 host sshd[5487]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 09:40:05 host sshd[5549]: Invalid user herbert from 107.189.30.59 port 37456
Jan 21 09:40:05 host sshd[5549]: input_userauth_request: invalid user herbert [preauth]
Jan 21 09:40:05 host sshd[5549]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:40:05 host sshd[5549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 21 09:40:07 host sshd[5549]: Failed password for invalid user herbert from 107.189.30.59 port 37456 ssh2
Jan 21 09:40:08 host sshd[5549]: Connection closed by 107.189.30.59 port 37456 [preauth]
Jan 21 09:40:49 host sshd[5641]: Invalid user dnsadmin from 107.175.221.233 port 41952
Jan 21 09:40:49 host sshd[5641]: input_userauth_request: invalid user dnsadmin [preauth]
Jan 21 09:40:49 host sshd[5641]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:40:49 host sshd[5641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.221.233
Jan 21 09:40:50 host sshd[5641]: Failed password for invalid user dnsadmin from 107.175.221.233 port 41952 ssh2
Jan 21 09:40:51 host sshd[5641]: Received disconnect from 107.175.221.233 port 41952:11: Bye Bye [preauth]
Jan 21 09:40:51 host sshd[5641]: Disconnected from 107.175.221.233 port 41952 [preauth]
Jan 21 09:40:51 host sshd[5646]: Invalid user mailuser from 103.150.60.6 port 60804
Jan 21 09:40:51 host sshd[5646]: input_userauth_request: invalid user mailuser [preauth]
Jan 21 09:40:51 host sshd[5646]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:40:51 host sshd[5646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.150.60.6
Jan 21 09:40:53 host sshd[5646]: Failed password for invalid user mailuser from 103.150.60.6 port 60804 ssh2
Jan 21 09:40:53 host sshd[5646]: Received disconnect from 103.150.60.6 port 60804:11: Bye Bye [preauth]
Jan 21 09:40:53 host sshd[5646]: Disconnected from 103.150.60.6 port 60804 [preauth]
Jan 21 09:43:18 host sshd[5963]: Invalid user phpmyadmin from 107.175.221.233 port 41650
Jan 21 09:43:18 host sshd[5963]: input_userauth_request: invalid user phpmyadmin [preauth]
Jan 21 09:43:18 host sshd[5963]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:43:18 host sshd[5963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.221.233
Jan 21 09:43:20 host sshd[5963]: Failed password for invalid user phpmyadmin from 107.175.221.233 port 41650 ssh2
Jan 21 09:43:21 host sshd[5963]: Received disconnect from 107.175.221.233 port 41650:11: Bye Bye [preauth]
Jan 21 09:43:21 host sshd[5963]: Disconnected from 107.175.221.233 port 41650 [preauth]
Jan 21 09:50:28 host sshd[7185]: Invalid user Admin from 59.28.87.5 port 60925
Jan 21 09:50:28 host sshd[7185]: input_userauth_request: invalid user Admin [preauth]
Jan 21 09:50:28 host sshd[7185]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:50:28 host sshd[7185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.28.87.5
Jan 21 09:50:30 host sshd[7185]: Failed password for invalid user Admin from 59.28.87.5 port 60925 ssh2
Jan 21 09:50:30 host sshd[7185]: Connection reset by 59.28.87.5 port 60925 [preauth]
Jan 21 09:53:11 host sshd[7570]: Invalid user stats from 69.57.163.238 port 44050
Jan 21 09:53:11 host sshd[7570]: input_userauth_request: invalid user stats [preauth]
Jan 21 09:53:11 host sshd[7570]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:53:11 host sshd[7570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.57.163.238
Jan 21 09:53:12 host sshd[7570]: Failed password for invalid user stats from 69.57.163.238 port 44050 ssh2
Jan 21 09:53:13 host sshd[7570]: Received disconnect from 69.57.163.238 port 44050:11: Bye Bye [preauth]
Jan 21 09:53:13 host sshd[7570]: Disconnected from 69.57.163.238 port 44050 [preauth]
Jan 21 09:54:04 host sshd[7713]: User mail from 91.121.85.25 not allowed because not listed in AllowUsers
Jan 21 09:54:04 host sshd[7713]: input_userauth_request: invalid user mail [preauth]
Jan 21 09:54:04 host unix_chkpwd[7716]: password check failed for user (mail)
Jan 21 09:54:04 host sshd[7713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.121.85.25 user=mail
Jan 21 09:54:04 host sshd[7713]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mail"
Jan 21 09:54:06 host sshd[7713]: Failed password for invalid user mail from 91.121.85.25 port 52288 ssh2
Jan 21 09:54:06 host sshd[7713]: Received disconnect from 91.121.85.25 port 52288:11: Bye Bye [preauth]
Jan 21 09:54:06 host sshd[7713]: Disconnected from 91.121.85.25 port 52288 [preauth]
Jan 21 09:54:09 host sshd[7724]: Invalid user backups from 103.179.74.2 port 57962
Jan 21 09:54:09 host sshd[7724]: input_userauth_request: invalid user backups [preauth]
Jan 21 09:54:09 host sshd[7724]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:54:09 host sshd[7724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.74.2
Jan 21 09:54:10 host sshd[7724]: Failed password for invalid user backups from 103.179.74.2 port 57962 ssh2
Jan 21 09:54:11 host sshd[7724]: Received disconnect from 103.179.74.2 port 57962:11: Bye Bye [preauth]
Jan 21 09:54:11 host sshd[7724]: Disconnected from 103.179.74.2 port 57962 [preauth]
Jan 21 09:55:50 host sshd[8102]: Invalid user pbsadmin from 167.71.0.227 port 45040
Jan 21 09:55:50 host sshd[8102]: input_userauth_request: invalid user pbsadmin [preauth]
Jan 21 09:55:50 host sshd[8102]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:55:50 host sshd[8102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.0.227
Jan 21 09:55:53 host sshd[8102]: Failed password for invalid user pbsadmin from 167.71.0.227 port 45040 ssh2
Jan 21 09:55:53 host sshd[8102]: Received disconnect from 167.71.0.227 port 45040:11: Bye Bye [preauth]
Jan 21 09:55:53 host sshd[8102]: Disconnected from 167.71.0.227 port 45040 [preauth]
Jan 21 09:56:19 host sshd[8147]: User root from 106.10.122.53 not allowed because not listed in AllowUsers
Jan 21 09:56:19 host sshd[8147]: input_userauth_request: invalid user root [preauth]
Jan 21 09:56:19 host unix_chkpwd[8150]: password check failed for user (root)
Jan 21 09:56:19 host sshd[8147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53 user=root
Jan 21 09:56:19 host sshd[8147]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 09:56:21 host sshd[8147]: Failed password for invalid user root from 106.10.122.53 port 51356 ssh2
Jan 21 09:56:21 host sshd[8147]: Connection closed by 106.10.122.53 port 51356 [preauth]
Jan 21 09:57:38 host sshd[8350]: Invalid user test from 91.121.85.25 port 58616
Jan 21 09:57:38 host sshd[8350]: input_userauth_request: invalid user test [preauth]
Jan 21 09:57:38 host sshd[8350]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:57:38 host sshd[8350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.121.85.25
Jan 21 09:57:40 host sshd[8350]: Failed password for invalid user test from 91.121.85.25 port 58616 ssh2
Jan 21 09:57:40 host sshd[8350]: Received disconnect from 91.121.85.25 port 58616:11: Bye Bye [preauth]
Jan 21 09:57:40 host sshd[8350]: Disconnected from 91.121.85.25 port 58616 [preauth]
Jan 21 09:58:59 host sshd[8531]: Invalid user linuxacademy from 103.179.74.2 port 49230
Jan 21 09:58:59 host sshd[8531]: input_userauth_request: invalid user linuxacademy [preauth]
Jan 21 09:58:59 host sshd[8531]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:58:59 host sshd[8531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.74.2
Jan 21 09:59:02 host sshd[8531]: Failed password for invalid user linuxacademy from 103.179.74.2 port 49230 ssh2
Jan 21 09:59:02 host sshd[8531]: Received disconnect from 103.179.74.2 port 49230:11: Bye Bye [preauth]
Jan 21 09:59:02 host sshd[8531]: Disconnected from 103.179.74.2 port 49230 [preauth]
Jan 21 09:59:12 host sshd[8562]: Invalid user admin from 167.71.0.227 port 45196
Jan 21 09:59:12 host sshd[8562]: input_userauth_request: invalid user admin [preauth]
Jan 21 09:59:12 host sshd[8562]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 09:59:12 host sshd[8562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.0.227
Jan 21 09:59:14 host sshd[8562]: Failed password for invalid user admin from 167.71.0.227 port 45196 ssh2
Jan 21 09:59:14 host sshd[8562]: Received disconnect from 167.71.0.227 port 45196:11: Bye Bye [preauth]
Jan 21 09:59:14 host sshd[8562]: Disconnected from 167.71.0.227 port 45196 [preauth]
Jan 21 10:00:29 host sshd[8768]: Invalid user sammyfiles from 167.71.0.227 port 45304
Jan 21 10:00:29 host sshd[8768]: input_userauth_request: invalid user sammyfiles [preauth]
Jan 21 10:00:29 host sshd[8768]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:00:29 host sshd[8768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.0.227
Jan 21 10:00:31 host sshd[8768]: Failed password for invalid user sammyfiles from 167.71.0.227 port 45304 ssh2
Jan 21 10:00:32 host sshd[8779]: Invalid user steam from 103.179.74.2 port 48322
Jan 21 10:00:32 host sshd[8779]: input_userauth_request: invalid user steam [preauth]
Jan 21 10:00:32 host sshd[8779]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:00:32 host sshd[8779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.74.2
Jan 21 10:00:34 host sshd[8779]: Failed password for invalid user steam from 103.179.74.2 port 48322 ssh2
Jan 21 10:00:34 host sshd[8779]: Received disconnect from 103.179.74.2 port 48322:11: Bye Bye [preauth]
Jan 21 10:00:34 host sshd[8779]: Disconnected from 103.179.74.2 port 48322 [preauth]
Jan 21 10:01:32 host sshd[9091]: Invalid user postgres from 69.57.163.238 port 34530
Jan 21 10:01:32 host sshd[9091]: input_userauth_request: invalid user postgres [preauth]
Jan 21 10:01:32 host sshd[9091]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:01:32 host sshd[9091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.57.163.238
Jan 21 10:01:33 host sshd[9091]: Failed password for invalid user postgres from 69.57.163.238 port 34530 ssh2
Jan 21 10:01:33 host sshd[9091]: Received disconnect from 69.57.163.238 port 34530:11: Bye Bye [preauth]
Jan 21 10:01:33 host sshd[9091]: Disconnected from 69.57.163.238 port 34530 [preauth]
Jan 21 10:05:17 host sshd[9510]: Invalid user adminrig from 69.57.163.238 port 59710
Jan 21 10:05:17 host sshd[9510]: input_userauth_request: invalid user adminrig [preauth]
Jan 21 10:05:17 host sshd[9510]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:05:17 host sshd[9510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.57.163.238
Jan 21 10:05:19 host sshd[9510]: Failed password for invalid user adminrig from 69.57.163.238 port 59710 ssh2
Jan 21 10:05:20 host sshd[9510]: Received disconnect from 69.57.163.238 port 59710:11: Bye Bye [preauth]
Jan 21 10:05:20 host sshd[9510]: Disconnected from 69.57.163.238 port 59710 [preauth]
Jan 21 10:11:24 host sshd[11348]: Invalid user halo from 43.159.49.49 port 36134
Jan 21 10:11:24 host sshd[11348]: input_userauth_request: invalid user halo [preauth]
Jan 21 10:11:24 host sshd[11348]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:11:24 host sshd[11348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.49.49
Jan 21 10:11:26 host sshd[11348]: Failed password for invalid user halo from 43.159.49.49 port 36134 ssh2
Jan 21 10:11:26 host sshd[11348]: Received disconnect from 43.159.49.49 port 36134:11: Bye Bye [preauth]
Jan 21 10:11:26 host sshd[11348]: Disconnected from 43.159.49.49 port 36134 [preauth]
Jan 21 10:11:59 host sshd[11658]: Invalid user cadmin from 46.101.244.79 port 39616
Jan 21 10:11:59 host sshd[11658]: input_userauth_request: invalid user cadmin [preauth]
Jan 21 10:11:59 host sshd[11658]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:11:59 host sshd[11658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.244.79
Jan 21 10:12:01 host sshd[11658]: Failed password for invalid user cadmin from 46.101.244.79 port 39616 ssh2
Jan 21 10:12:01 host sshd[11658]: Received disconnect from 46.101.244.79 port 39616:11: Bye Bye [preauth]
Jan 21 10:12:01 host sshd[11658]: Disconnected from 46.101.244.79 port 39616 [preauth]
Jan 21 10:12:17 host sshd[11749]: Invalid user taiga from 203.151.83.7 port 36686
Jan 21 10:12:17 host sshd[11749]: input_userauth_request: invalid user taiga [preauth]
Jan 21 10:12:17 host sshd[11749]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:12:17 host sshd[11749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.151.83.7
Jan 21 10:12:18 host sshd[11749]: Failed password for invalid user taiga from 203.151.83.7 port 36686 ssh2
Jan 21 10:12:18 host sshd[11749]: Received disconnect from 203.151.83.7 port 36686:11: Bye Bye [preauth]
Jan 21 10:12:18 host sshd[11749]: Disconnected from 203.151.83.7 port 36686 [preauth]
Jan 21 10:12:23 host sshd[11830]: Invalid user test from 20.212.61.4 port 39768
Jan 21 10:12:23 host sshd[11830]: input_userauth_request: invalid user test [preauth]
Jan 21 10:12:23 host sshd[11830]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:12:23 host sshd[11830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.212.61.4
Jan 21 10:12:25 host sshd[11830]: Failed password for invalid user test from 20.212.61.4 port 39768 ssh2
Jan 21 10:12:25 host sshd[11830]: Received disconnect from 20.212.61.4 port 39768:11: Bye Bye [preauth]
Jan 21 10:12:25 host sshd[11830]: Disconnected from 20.212.61.4 port 39768 [preauth]
Jan 21 10:13:06 host sshd[12210]: Invalid user nagiosadmin from 138.197.151.213 port 47040
Jan 21 10:13:06 host sshd[12210]: input_userauth_request: invalid user nagiosadmin [preauth]
Jan 21 10:13:06 host sshd[12210]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:13:06 host sshd[12210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.151.213
Jan 21 10:13:09 host sshd[12210]: Failed password for invalid user nagiosadmin from 138.197.151.213 port 47040 ssh2
Jan 21 10:13:09 host sshd[12210]: Received disconnect from 138.197.151.213 port 47040:11: Bye Bye [preauth]
Jan 21 10:13:09 host sshd[12210]: Disconnected from 138.197.151.213 port 47040 [preauth]
Jan 21 10:13:36 host sshd[12499]: Invalid user fikifoouser from 188.170.13.225 port 43842
Jan 21 10:13:36 host sshd[12499]: input_userauth_request: invalid user fikifoouser [preauth]
Jan 21 10:13:36 host sshd[12499]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:13:36 host sshd[12499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.170.13.225
Jan 21 10:13:38 host sshd[12499]: Failed password for invalid user fikifoouser from 188.170.13.225 port 43842 ssh2
Jan 21 10:13:39 host sshd[12499]: Received disconnect from 188.170.13.225 port 43842:11: Bye Bye [preauth]
Jan 21 10:13:39 host sshd[12499]: Disconnected from 188.170.13.225 port 43842 [preauth]
Jan 21 10:13:40 host sshd[12539]: Invalid user sebastien from 138.68.230.183 port 47804
Jan 21 10:13:40 host sshd[12539]: input_userauth_request: invalid user sebastien [preauth]
Jan 21 10:13:40 host sshd[12539]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:13:40 host sshd[12539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.230.183
Jan 21 10:13:42 host sshd[12539]: Failed password for invalid user sebastien from 138.68.230.183 port 47804 ssh2
Jan 21 10:13:42 host sshd[12539]: Received disconnect from 138.68.230.183 port 47804:11: Bye Bye [preauth]
Jan 21 10:13:42 host sshd[12539]: Disconnected from 138.68.230.183 port 47804 [preauth]
Jan 21 10:16:04 host sshd[13729]: Invalid user backupadmin from 46.101.82.89 port 60232
Jan 21 10:16:04 host sshd[13729]: input_userauth_request: invalid user backupadmin [preauth]
Jan 21 10:16:04 host sshd[13729]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:16:04 host sshd[13729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.82.89
Jan 21 10:16:05 host sshd[13729]: Failed password for invalid user backupadmin from 46.101.82.89 port 60232 ssh2
Jan 21 10:16:05 host sshd[13729]: Received disconnect from 46.101.82.89 port 60232:11: Bye Bye [preauth]
Jan 21 10:16:05 host sshd[13729]: Disconnected from 46.101.82.89 port 60232 [preauth]
Jan 21 10:16:10 host sshd[13829]: Invalid user cftest from 159.89.161.126 port 54194
Jan 21 10:16:10 host sshd[13829]: input_userauth_request: invalid user cftest [preauth]
Jan 21 10:16:10 host sshd[13829]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:16:10 host sshd[13829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.161.126
Jan 21 10:16:12 host sshd[13829]: Failed password for invalid user cftest from 159.89.161.126 port 54194 ssh2
Jan 21 10:16:12 host sshd[13829]: Received disconnect from 159.89.161.126 port 54194:11: Bye Bye [preauth]
Jan 21 10:16:12 host sshd[13829]: Disconnected from 159.89.161.126 port 54194 [preauth]
Jan 21 10:16:42 host sshd[14201]: Invalid user steam from 91.89.132.76 port 34986
Jan 21 10:16:42 host sshd[14201]: input_userauth_request: invalid user steam [preauth]
Jan 21 10:16:42 host sshd[14201]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:16:42 host sshd[14201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.89.132.76
Jan 21 10:16:44 host sshd[14201]: Failed password for invalid user steam from 91.89.132.76 port 34986 ssh2
Jan 21 10:16:44 host sshd[14201]: Received disconnect from 91.89.132.76 port 34986:11: Bye Bye [preauth]
Jan 21 10:16:44 host sshd[14201]: Disconnected from 91.89.132.76 port 34986 [preauth]
Jan 21 10:17:17 host sshd[14399]: Invalid user bkuser from 43.159.49.49 port 37076
Jan 21 10:17:17 host sshd[14399]: input_userauth_request: invalid user bkuser [preauth]
Jan 21 10:17:17 host sshd[14399]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:17:17 host sshd[14399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.49.49
Jan 21 10:17:19 host sshd[14399]: Failed password for invalid user bkuser from 43.159.49.49 port 37076 ssh2
Jan 21 10:17:20 host sshd[14399]: Received disconnect from 43.159.49.49 port 37076:11: Bye Bye [preauth]
Jan 21 10:17:20 host sshd[14399]: Disconnected from 43.159.49.49 port 37076 [preauth]
Jan 21 10:17:42 host sshd[14469]: Invalid user data from 20.212.61.4 port 42142
Jan 21 10:17:42 host sshd[14469]: input_userauth_request: invalid user data [preauth]
Jan 21 10:17:42 host sshd[14469]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:17:42 host sshd[14469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.212.61.4
Jan 21 10:17:44 host sshd[14469]: Failed password for invalid user data from 20.212.61.4 port 42142 ssh2
Jan 21 10:17:44 host sshd[14469]: Received disconnect from 20.212.61.4 port 42142:11: Bye Bye [preauth]
Jan 21 10:17:44 host sshd[14469]: Disconnected from 20.212.61.4 port 42142 [preauth]
Jan 21 10:17:49 host sshd[14476]: Invalid user benjamin from 203.151.83.7 port 34800
Jan 21 10:17:49 host sshd[14476]: input_userauth_request: invalid user benjamin [preauth]
Jan 21 10:17:49 host sshd[14476]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:17:49 host sshd[14476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.151.83.7
Jan 21 10:17:51 host sshd[14476]: Failed password for invalid user benjamin from 203.151.83.7 port 34800 ssh2
Jan 21 10:17:51 host sshd[14476]: Received disconnect from 203.151.83.7 port 34800:11: Bye Bye [preauth]
Jan 21 10:17:51 host sshd[14476]: Disconnected from 203.151.83.7 port 34800 [preauth]
Jan 21 10:17:57 host sshd[14485]: Invalid user admin from 46.101.244.79 port 40084
Jan 21 10:17:57 host sshd[14485]: input_userauth_request: invalid user admin [preauth]
Jan 21 10:17:57 host sshd[14485]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:17:57 host sshd[14485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.244.79
Jan 21 10:17:58 host sshd[14485]: Failed password for invalid user admin from 46.101.244.79 port 40084 ssh2
Jan 21 10:17:58 host sshd[14485]: Received disconnect from 46.101.244.79 port 40084:11: Bye Bye [preauth]
Jan 21 10:17:58 host sshd[14485]: Disconnected from 46.101.244.79 port 40084 [preauth]
Jan 21 10:18:02 host sshd[14494]: Invalid user jenkins from 167.71.198.42 port 55880
Jan 21 10:18:02 host sshd[14494]: input_userauth_request: invalid user jenkins [preauth]
Jan 21 10:18:02 host sshd[14494]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:18:02 host sshd[14494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.198.42
Jan 21 10:18:04 host sshd[14494]: Failed password for invalid user jenkins from 167.71.198.42 port 55880 ssh2
Jan 21 10:18:04 host sshd[14494]: Received disconnect from 167.71.198.42 port 55880:11: Bye Bye [preauth]
Jan 21 10:18:04 host sshd[14494]: Disconnected from 167.71.198.42 port 55880 [preauth]
Jan 21 10:18:22 host sshd[14529]: Invalid user test03 from 138.197.151.213 port 41728
Jan 21 10:18:22 host sshd[14529]: input_userauth_request: invalid user test03 [preauth]
Jan 21 10:18:22 host sshd[14529]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:18:22 host sshd[14529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.151.213
Jan 21 10:18:23 host sshd[14529]: Failed password for invalid user test03 from 138.197.151.213 port 41728 ssh2
Jan 21 10:18:24 host sshd[14529]: Received disconnect from 138.197.151.213 port 41728:11: Bye Bye [preauth]
Jan 21 10:18:24 host sshd[14529]: Disconnected from 138.197.151.213 port 41728 [preauth]
Jan 21 10:18:25 host sshd[14535]: Invalid user bitrix from 188.170.13.225 port 56062
Jan 21 10:18:25 host sshd[14535]: input_userauth_request: invalid user bitrix [preauth]
Jan 21 10:18:25 host sshd[14535]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:18:25 host sshd[14535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.170.13.225
Jan 21 10:18:27 host sshd[14535]: Failed password for invalid user bitrix from 188.170.13.225 port 56062 ssh2
Jan 21 10:18:27 host sshd[14535]: Received disconnect from 188.170.13.225 port 56062:11: Bye Bye [preauth]
Jan 21 10:18:27 host sshd[14535]: Disconnected from 188.170.13.225 port 56062 [preauth]
Jan 21 10:18:31 host sshd[14580]: Invalid user znc-admin from 159.89.161.126 port 60184
Jan 21 10:18:31 host sshd[14580]: input_userauth_request: invalid user znc-admin [preauth]
Jan 21 10:18:31 host sshd[14580]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:18:31 host sshd[14580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.161.126
Jan 21 10:18:33 host sshd[14583]: Invalid user postgres from 185.151.32.7 port 42589
Jan 21 10:18:33 host sshd[14583]: input_userauth_request: invalid user postgres [preauth]
Jan 21 10:18:33 host sshd[14583]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:18:33 host sshd[14583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.151.32.7
Jan 21 10:18:34 host sshd[14580]: Failed password for invalid user znc-admin from 159.89.161.126 port 60184 ssh2
Jan 21 10:18:34 host sshd[14580]: Received disconnect from 159.89.161.126 port 60184:11: Bye Bye [preauth]
Jan 21 10:18:34 host sshd[14580]: Disconnected from 159.89.161.126 port 60184 [preauth]
Jan 21 10:18:34 host sshd[14587]: Invalid user fikifoouser from 46.101.82.89 port 39992
Jan 21 10:18:34 host sshd[14587]: input_userauth_request: invalid user fikifoouser [preauth]
Jan 21 10:18:34 host sshd[14587]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:18:34 host sshd[14587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.82.89
Jan 21 10:18:34 host sshd[14583]: Failed password for invalid user postgres from 185.151.32.7 port 42589 ssh2
Jan 21 10:18:34 host sshd[14583]: Received disconnect from 185.151.32.7 port 42589:11: Bye Bye [preauth]
Jan 21 10:18:34 host sshd[14583]: Disconnected from 185.151.32.7 port 42589 [preauth]
Jan 21 10:18:35 host sshd[14587]: Failed password for invalid user fikifoouser from 46.101.82.89 port 39992 ssh2
Jan 21 10:18:35 host sshd[14587]: Received disconnect from 46.101.82.89 port 39992:11: Bye Bye [preauth]
Jan 21 10:18:35 host sshd[14587]: Disconnected from 46.101.82.89 port 39992 [preauth]
Jan 21 10:18:36 host sshd[14594]: Invalid user teamspeak from 43.159.49.49 port 35420
Jan 21 10:18:36 host sshd[14594]: input_userauth_request: invalid user teamspeak [preauth]
Jan 21 10:18:36 host sshd[14594]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:18:36 host sshd[14594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.159.49.49
Jan 21 10:18:38 host sshd[14594]: Failed password for invalid user teamspeak from 43.159.49.49 port 35420 ssh2
Jan 21 10:18:53 host sshd[14664]: Invalid user znc-admin from 20.212.61.4 port 47178
Jan 21 10:18:53 host sshd[14664]: input_userauth_request: invalid user znc-admin [preauth]
Jan 21 10:18:53 host sshd[14664]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:18:53 host sshd[14664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.212.61.4
Jan 21 10:18:55 host sshd[14664]: Failed password for invalid user znc-admin from 20.212.61.4 port 47178 ssh2
Jan 21 10:18:55 host sshd[14664]: Received disconnect from 20.212.61.4 port 47178:11: Bye Bye [preauth]
Jan 21 10:18:55 host sshd[14664]: Disconnected from 20.212.61.4 port 47178 [preauth]
Jan 21 10:18:55 host sshd[14667]: Invalid user user3 from 91.89.132.76 port 53374
Jan 21 10:18:55 host sshd[14667]: input_userauth_request: invalid user user3 [preauth]
Jan 21 10:18:55 host sshd[14667]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:18:55 host sshd[14667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.89.132.76
Jan 21 10:18:57 host sshd[14667]: Failed password for invalid user user3 from 91.89.132.76 port 53374 ssh2
Jan 21 10:18:58 host sshd[14667]: Received disconnect from 91.89.132.76 port 53374:11: Bye Bye [preauth]
Jan 21 10:18:58 host sshd[14667]: Disconnected from 91.89.132.76 port 53374 [preauth]
Jan 21 10:19:03 host sshd[14729]: Invalid user soporte from 46.101.244.79 port 52236
Jan 21 10:19:03 host sshd[14729]: input_userauth_request: invalid user soporte [preauth]
Jan 21 10:19:03 host sshd[14729]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:19:03 host sshd[14729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.244.79
Jan 21 10:19:05 host sshd[14729]: Failed password for invalid user soporte from 46.101.244.79 port 52236 ssh2
Jan 21 10:19:05 host sshd[14729]: Received disconnect from 46.101.244.79 port 52236:11: Bye Bye [preauth]
Jan 21 10:19:05 host sshd[14729]: Disconnected from 46.101.244.79 port 52236 [preauth]
Jan 21 10:19:12 host sshd[14772]: Invalid user xuser from 203.151.83.7 port 33144
Jan 21 10:19:12 host sshd[14772]: input_userauth_request: invalid user xuser [preauth]
Jan 21 10:19:12 host sshd[14772]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:19:12 host sshd[14772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.151.83.7
Jan 21 10:19:13 host sshd[14772]: Failed password for invalid user xuser from 203.151.83.7 port 33144 ssh2
Jan 21 10:19:13 host sshd[14772]: Received disconnect from 203.151.83.7 port 33144:11: Bye Bye [preauth]
Jan 21 10:19:13 host sshd[14772]: Disconnected from 203.151.83.7 port 33144 [preauth]
Jan 21 10:19:32 host sshd[14866]: Invalid user developer2 from 167.71.198.42 port 54852
Jan 21 10:19:32 host sshd[14866]: input_userauth_request: invalid user developer2 [preauth]
Jan 21 10:19:32 host sshd[14866]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:19:32 host sshd[14866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.198.42
Jan 21 10:19:32 host sshd[14864]: Invalid user phpmyadmin from 138.197.151.213 port 40658
Jan 21 10:19:32 host sshd[14864]: input_userauth_request: invalid user phpmyadmin [preauth]
Jan 21 10:19:32 host sshd[14864]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:19:32 host sshd[14864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.151.213
Jan 21 10:19:34 host sshd[14869]: Invalid user postgres from 188.170.13.225 port 33452
Jan 21 10:19:34 host sshd[14869]: input_userauth_request: invalid user postgres [preauth]
Jan 21 10:19:34 host sshd[14869]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:19:34 host sshd[14869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.170.13.225
Jan 21 10:19:34 host sshd[14866]: Failed password for invalid user developer2 from 167.71.198.42 port 54852 ssh2
Jan 21 10:19:34 host sshd[14866]: Received disconnect from 167.71.198.42 port 54852:11: Bye Bye [preauth]
Jan 21 10:19:34 host sshd[14866]: Disconnected from 167.71.198.42 port 54852 [preauth]
Jan 21 10:19:35 host sshd[14864]: Failed password for invalid user phpmyadmin from 138.197.151.213 port 40658 ssh2
Jan 21 10:19:35 host sshd[14864]: Received disconnect from 138.197.151.213 port 40658:11: Bye Bye [preauth]
Jan 21 10:19:35 host sshd[14864]: Disconnected from 138.197.151.213 port 40658 [preauth]
Jan 21 10:19:35 host sshd[14869]: Failed password for invalid user postgres from 188.170.13.225 port 33452 ssh2
Jan 21 10:19:36 host sshd[14869]: Received disconnect from 188.170.13.225 port 33452:11: Bye Bye [preauth]
Jan 21 10:19:36 host sshd[14869]: Disconnected from 188.170.13.225 port 33452 [preauth]
Jan 21 10:19:39 host sshd[14915]: Invalid user testssh from 46.101.82.89 port 38454
Jan 21 10:19:39 host sshd[14915]: input_userauth_request: invalid user testssh [preauth]
Jan 21 10:19:39 host sshd[14915]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:19:39 host sshd[14915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.82.89
Jan 21 10:19:40 host sshd[14915]: Failed password for invalid user testssh from 46.101.82.89 port 38454 ssh2
Jan 21 10:19:40 host sshd[14915]: Received disconnect from 46.101.82.89 port 38454:11: Bye Bye [preauth]
Jan 21 10:19:40 host sshd[14915]: Disconnected from 46.101.82.89 port 38454 [preauth]
Jan 21 10:19:53 host sshd[14992]: Invalid user toni from 159.89.161.126 port 59230
Jan 21 10:19:53 host sshd[14992]: input_userauth_request: invalid user toni [preauth]
Jan 21 10:19:53 host sshd[14992]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:19:53 host sshd[14992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.161.126
Jan 21 10:19:55 host sshd[14992]: Failed password for invalid user toni from 159.89.161.126 port 59230 ssh2
Jan 21 10:19:55 host sshd[14992]: Received disconnect from 159.89.161.126 port 59230:11: Bye Bye [preauth]
Jan 21 10:19:55 host sshd[14992]: Disconnected from 159.89.161.126 port 59230 [preauth]
Jan 21 10:20:09 host sshd[15078]: Invalid user pjsuser from 185.151.32.7 port 41054
Jan 21 10:20:09 host sshd[15078]: input_userauth_request: invalid user pjsuser [preauth]
Jan 21 10:20:09 host sshd[15078]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:20:09 host sshd[15078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.151.32.7
Jan 21 10:20:11 host sshd[15078]: Failed password for invalid user pjsuser from 185.151.32.7 port 41054 ssh2
Jan 21 10:20:12 host sshd[15078]: Received disconnect from 185.151.32.7 port 41054:11: Bye Bye [preauth]
Jan 21 10:20:12 host sshd[15078]: Disconnected from 185.151.32.7 port 41054 [preauth]
Jan 21 10:20:26 host sshd[15103]: Invalid user testadmin from 91.89.132.76 port 41560
Jan 21 10:20:26 host sshd[15103]: input_userauth_request: invalid user testadmin [preauth]
Jan 21 10:20:26 host sshd[15103]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:20:26 host sshd[15103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.89.132.76
Jan 21 10:20:29 host sshd[15103]: Failed password for invalid user testadmin from 91.89.132.76 port 41560 ssh2
Jan 21 10:20:59 host sshd[15218]: Invalid user admin from 167.71.198.42 port 53538
Jan 21 10:20:59 host sshd[15218]: input_userauth_request: invalid user admin [preauth]
Jan 21 10:20:59 host sshd[15218]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:20:59 host sshd[15218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.198.42
Jan 21 10:21:01 host sshd[15218]: Failed password for invalid user admin from 167.71.198.42 port 53538 ssh2
Jan 21 10:21:01 host sshd[15218]: Received disconnect from 167.71.198.42 port 53538:11: Bye Bye [preauth]
Jan 21 10:21:01 host sshd[15218]: Disconnected from 167.71.198.42 port 53538 [preauth]
Jan 21 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=vfmassets user-2=wwwtestugo user-3=shalinijames user-4=pmcresources user-5=remysagr user-6=disposeat user-7=wwwkmaorg user-8=woodpeck user-9=wwwkapin user-10=gifterman user-11=palco123 user-12=kottayamcalldriv user-13=phmetals user-14=wwwnexidigital user-15=mrsclean user-16=bonifacegroup user-17=wwwevmhonda user-18=wwwletsstalkfood user-19=straightcurve user-20=dartsimp user-21=a2zgroup user-22=laundryboniface user-23=cochintaxi user-24=wwwkaretakers user-25=travelboniface user-26=wwwrmswll user-27=wwwresourcehunte user-28=keralaholi user-29=ugotscom user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 10:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-WMXjMFdF9QQUQFgJ.~
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-WMXjMFdF9QQUQFgJ.~'
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-WMXjMFdF9QQUQFgJ.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 10:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 10:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 10:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 10:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 10:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 10:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 10:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 10:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 10:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 10:21:09 host sshd[15396]: Invalid user Administrator from 195.226.194.242 port 51244
Jan 21 10:21:09 host sshd[15396]: input_userauth_request: invalid user Administrator [preauth]
Jan 21 10:21:09 host sshd[15396]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:21:09 host sshd[15396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242
Jan 21 10:21:11 host sshd[15396]: Failed password for invalid user Administrator from 195.226.194.242 port 51244 ssh2
Jan 21 10:21:11 host sshd[15396]: Received disconnect from 195.226.194.242 port 51244:11: Bye Bye [preauth]
Jan 21 10:21:11 host sshd[15396]: Disconnected from 195.226.194.242 port 51244 [preauth]
Jan 21 10:21:27 host sshd[15511]: Invalid user vpnoperator from 138.68.230.183 port 43590
Jan 21 10:21:27 host sshd[15511]: input_userauth_request: invalid user vpnoperator [preauth]
Jan 21 10:21:27 host sshd[15511]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:21:27 host sshd[15511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.230.183
Jan 21 10:21:29 host sshd[15511]: Failed password for invalid user vpnoperator from 138.68.230.183 port 43590 ssh2
Jan 21 10:21:29 host sshd[15511]: Received disconnect from 138.68.230.183 port 43590:11: Bye Bye [preauth]
Jan 21 10:21:29 host sshd[15511]: Disconnected from 138.68.230.183 port 43590 [preauth]
Jan 21 10:21:37 host sshd[15553]: Invalid user wwadmin from 185.151.32.7 port 35197
Jan 21 10:21:37 host sshd[15553]: input_userauth_request: invalid user wwadmin [preauth]
Jan 21 10:21:37 host sshd[15553]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:21:37 host sshd[15553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.151.32.7
Jan 21 10:21:39 host sshd[15553]: Failed password for invalid user wwadmin from 185.151.32.7 port 35197 ssh2
Jan 21 10:21:40 host sshd[15553]: Received disconnect from 185.151.32.7 port 35197:11: Bye Bye [preauth]
Jan 21 10:21:40 host sshd[15553]: Disconnected from 185.151.32.7 port 35197 [preauth]
Jan 21 10:23:05 host sshd[15737]: Invalid user scadmin from 138.68.230.183 port 38526
Jan 21 10:23:05 host sshd[15737]: input_userauth_request: invalid user scadmin [preauth]
Jan 21 10:23:05 host sshd[15737]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:23:05 host sshd[15737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.230.183
Jan 21 10:23:07 host sshd[15737]: Failed password for invalid user scadmin from 138.68.230.183 port 38526 ssh2
Jan 21 10:23:07 host sshd[15737]: Received disconnect from 138.68.230.183 port 38526:11: Bye Bye [preauth]
Jan 21 10:23:07 host sshd[15737]: Disconnected from 138.68.230.183 port 38526 [preauth]
Jan 21 10:27:01 host sshd[16427]: invalid public DH value: >= p-1 [preauth]
Jan 21 10:27:01 host sshd[16427]: ssh_dispatch_run_fatal: Connection from 203.127.161.82 port 35086: incomplete message [preauth]
Jan 21 10:37:25 host sshd[18274]: User root from 220.135.92.236 not allowed because not listed in AllowUsers
Jan 21 10:37:25 host sshd[18274]: input_userauth_request: invalid user root [preauth]
Jan 21 10:37:25 host unix_chkpwd[18278]: password check failed for user (root)
Jan 21 10:37:25 host sshd[18274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.92.236 user=root
Jan 21 10:37:25 host sshd[18274]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 10:37:27 host sshd[18274]: Failed password for invalid user root from 220.135.92.236 port 33828 ssh2
Jan 21 10:37:28 host sshd[18274]: Connection reset by 220.135.92.236 port 33828 [preauth]
Jan 21 10:46:38 host sshd[19570]: Invalid user lawrence from 209.141.56.48 port 58016
Jan 21 10:46:38 host sshd[19570]: input_userauth_request: invalid user lawrence [preauth]
Jan 21 10:46:38 host sshd[19570]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:46:38 host sshd[19570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 21 10:46:41 host sshd[19570]: Failed password for invalid user lawrence from 209.141.56.48 port 58016 ssh2
Jan 21 10:46:41 host sshd[19570]: Connection closed by 209.141.56.48 port 58016 [preauth]
Jan 21 10:46:52 host sshd[19591]: Invalid user admin from 114.35.41.135 port 56077
Jan 21 10:46:52 host sshd[19591]: input_userauth_request: invalid user admin [preauth]
Jan 21 10:46:52 host sshd[19591]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:46:52 host sshd[19591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.41.135
Jan 21 10:46:54 host sshd[19591]: Failed password for invalid user admin from 114.35.41.135 port 56077 ssh2
Jan 21 10:46:54 host sshd[19591]: Connection reset by 114.35.41.135 port 56077 [preauth]
Jan 21 10:48:39 host sshd[19786]: Invalid user testftp from 103.115.199.91 port 58313
Jan 21 10:48:39 host sshd[19786]: input_userauth_request: invalid user testftp [preauth]
Jan 21 10:48:39 host sshd[19786]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:48:39 host sshd[19786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.199.91
Jan 21 10:48:41 host sshd[19786]: Failed password for invalid user testftp from 103.115.199.91 port 58313 ssh2
Jan 21 10:48:41 host sshd[19786]: Received disconnect from 103.115.199.91 port 58313:11: Bye Bye [preauth]
Jan 21 10:48:41 host sshd[19786]: Disconnected from 103.115.199.91 port 58313 [preauth]
Jan 21 10:51:20 host sshd[20182]: User root from 195.226.194.242 not allowed because not listed in AllowUsers
Jan 21 10:51:20 host sshd[20182]: input_userauth_request: invalid user root [preauth]
Jan 21 10:51:20 host unix_chkpwd[20185]: password check failed for user (root)
Jan 21 10:51:20 host sshd[20182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.226.194.242 user=root
Jan 21 10:51:20 host sshd[20182]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 10:51:23 host sshd[20182]: Failed password for invalid user root from 195.226.194.242 port 45724 ssh2
Jan 21 10:51:23 host sshd[20182]: Received disconnect from 195.226.194.242 port 45724:11: Bye Bye [preauth]
Jan 21 10:51:23 host sshd[20182]: Disconnected from 195.226.194.242 port 45724 [preauth]
Jan 21 10:51:53 host sshd[20381]: Invalid user test from 31.41.244.124 port 41397
Jan 21 10:51:53 host sshd[20381]: input_userauth_request: invalid user test [preauth]
Jan 21 10:51:53 host sshd[20381]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:51:53 host sshd[20381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124
Jan 21 10:51:56 host sshd[20381]: Failed password for invalid user test from 31.41.244.124 port 41397 ssh2
Jan 21 10:51:56 host sshd[20381]: Received disconnect from 31.41.244.124 port 41397:11: Client disconnecting normally [preauth]
Jan 21 10:51:56 host sshd[20381]: Disconnected from 31.41.244.124 port 41397 [preauth]
Jan 21 10:53:40 host sshd[20576]: Invalid user admin from 118.41.75.57 port 55151
Jan 21 10:53:40 host sshd[20576]: input_userauth_request: invalid user admin [preauth]
Jan 21 10:53:40 host sshd[20576]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:53:40 host sshd[20576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.41.75.57
Jan 21 10:53:41 host sshd[20576]: Failed password for invalid user admin from 118.41.75.57 port 55151 ssh2
Jan 21 10:53:42 host sshd[20576]: Failed password for invalid user admin from 118.41.75.57 port 55151 ssh2
Jan 21 10:53:42 host sshd[20576]: Connection reset by 118.41.75.57 port 55151 [preauth]
Jan 21 10:54:41 host sshd[20700]: Invalid user tadmin from 103.115.199.91 port 40631
Jan 21 10:54:41 host sshd[20700]: input_userauth_request: invalid user tadmin [preauth]
Jan 21 10:54:41 host sshd[20700]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:54:41 host sshd[20700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.199.91
Jan 21 10:54:42 host sshd[20700]: Failed password for invalid user tadmin from 103.115.199.91 port 40631 ssh2
Jan 21 10:54:42 host sshd[20700]: Received disconnect from 103.115.199.91 port 40631:11: Bye Bye [preauth]
Jan 21 10:54:42 host sshd[20700]: Disconnected from 103.115.199.91 port 40631 [preauth]
Jan 21 10:56:25 host sshd[20875]: Invalid user guestuser from 103.115.199.91 port 36585
Jan 21 10:56:25 host sshd[20875]: input_userauth_request: invalid user guestuser [preauth]
Jan 21 10:56:25 host sshd[20875]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 10:56:25 host sshd[20875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.199.91
Jan 21 10:56:26 host sshd[20875]: Failed password for invalid user guestuser from 103.115.199.91 port 36585 ssh2
Jan 21 10:56:27 host sshd[20875]: Received disconnect from 103.115.199.91 port 36585:11: Bye Bye [preauth]
Jan 21 10:56:27 host sshd[20875]: Disconnected from 103.115.199.91 port 36585 [preauth]
Jan 21 11:09:28 host sshd[22677]: Connection closed by 167.94.146.58 port 41256 [preauth]
Jan 21 11:14:32 host sshd[23427]: Invalid user lawrence from 209.141.56.48 port 60816
Jan 21 11:14:32 host sshd[23427]: input_userauth_request: invalid user lawrence [preauth]
Jan 21 11:14:32 host sshd[23427]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 11:14:32 host sshd[23427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 21 11:14:33 host sshd[23427]: Failed password for invalid user lawrence from 209.141.56.48 port 60816 ssh2
Jan 21 11:14:33 host sshd[23427]: Connection closed by 209.141.56.48 port 60816 [preauth]
Jan 21 11:20:25 host sshd[24130]: Invalid user lawrence from 209.141.56.48 port 36084
Jan 21 11:20:25 host sshd[24130]: input_userauth_request: invalid user lawrence [preauth]
Jan 21 11:20:25 host sshd[24130]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 11:20:25 host sshd[24130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.56.48
Jan 21 11:20:27 host sshd[24130]: Failed password for invalid user lawrence from 209.141.56.48 port 36084 ssh2
Jan 21 11:20:27 host sshd[24130]: Connection closed by 209.141.56.48 port 36084 [preauth]
Jan 21 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=shalinijames user-2=wwwtestugo user-3=vfmassets user-4=pmcresources user-5=remysagr user-6=disposeat user-7=wwwkmaorg user-8=wwwkapin user-9=woodpeck user-10=phmetals user-11=kottayamcalldriv user-12=palco123 user-13=gifterman user-14=wwwnexidigital user-15=mrsclean user-16=wwwevmhonda user-17=bonifacegroup user-18=wwwletsstalkfood user-19=straightcurve user-20=a2zgroup user-21=dartsimp user-22=laundryboniface user-23=wwwkaretakers user-24=cochintaxi user-25=travelboniface user-26=ugotscom user-27=keralaholi user-28=wwwresourcehunte user-29=wwwrmswll user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 11:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vWQuH2CdfTKFKsuk.~
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vWQuH2CdfTKFKsuk.~'
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-vWQuH2CdfTKFKsuk.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 11:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 11:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 11:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 11:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 11:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 11:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 11:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 11:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 11:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 11:24:11 host sshd[24887]: Invalid user wangfang from 106.10.122.53 port 47508
Jan 21 11:24:11 host sshd[24887]: input_userauth_request: invalid user wangfang [preauth]
Jan 21 11:24:11 host sshd[24887]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 11:24:11 host sshd[24887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 21 11:24:13 host sshd[24887]: Failed password for invalid user wangfang from 106.10.122.53 port 47508 ssh2
Jan 21 11:24:13 host sshd[24887]: Connection closed by 106.10.122.53 port 47508 [preauth]
Jan 21 11:25:05 host sshd[25017]: Invalid user hj from 194.110.203.109 port 56182
Jan 21 11:25:05 host sshd[25017]: input_userauth_request: invalid user hj [preauth]
Jan 21 11:25:05 host sshd[25017]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 11:25:05 host sshd[25017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 11:25:07 host sshd[25017]: Failed password for invalid user hj from 194.110.203.109 port 56182 ssh2
Jan 21 11:25:10 host sshd[25017]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 11:25:12 host sshd[25017]: Failed password for invalid user hj from 194.110.203.109 port 56182 ssh2
Jan 21 11:25:16 host sshd[25017]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 11:25:17 host sshd[25017]: Failed password for invalid user hj from 194.110.203.109 port 56182 ssh2
Jan 21 11:25:20 host sshd[25017]: Connection closed by 194.110.203.109 port 56182 [preauth]
Jan 21 11:25:20 host sshd[25017]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 11:34:36 host sshd[26271]: User root from 125.229.55.183 not allowed because not listed in AllowUsers
Jan 21 11:34:36 host sshd[26271]: input_userauth_request: invalid user root [preauth]
Jan 21 11:34:36 host unix_chkpwd[26275]: password check failed for user (root)
Jan 21 11:34:36 host sshd[26271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.55.183 user=root
Jan 21 11:34:36 host sshd[26271]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 11:34:38 host sshd[26271]: Failed password for invalid user root from 125.229.55.183 port 38650 ssh2
Jan 21 11:34:38 host unix_chkpwd[26278]: password check failed for user (root)
Jan 21 11:34:38 host sshd[26271]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 11:34:40 host sshd[26271]: Failed password for invalid user root from 125.229.55.183 port 38650 ssh2
Jan 21 11:34:41 host unix_chkpwd[26282]: password check failed for user (root)
Jan 21 11:34:41 host sshd[26271]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 11:34:43 host sshd[26271]: Failed password for invalid user root from 125.229.55.183 port 38650 ssh2
Jan 21 11:34:44 host sshd[26271]: Connection reset by 125.229.55.183 port 38650 [preauth]
Jan 21 11:34:44 host sshd[26271]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.229.55.183 user=root
Jan 21 11:40:00 host sshd[26942]: Invalid user user from 59.126.125.72 port 34068
Jan 21 11:40:00 host sshd[26942]: input_userauth_request: invalid user user [preauth]
Jan 21 11:40:00 host sshd[26942]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 11:40:00 host sshd[26942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.125.72
Jan 21 11:40:01 host sshd[26942]: Failed password for invalid user user from 59.126.125.72 port 34068 ssh2
Jan 21 11:40:02 host sshd[26942]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 11:40:04 host sshd[26942]: Failed password for invalid user user from 59.126.125.72 port 34068 ssh2
Jan 21 11:40:05 host sshd[26942]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 11:40:06 host sshd[26942]: Failed password for invalid user user from 59.126.125.72 port 34068 ssh2
Jan 21 11:40:07 host sshd[26942]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 11:40:08 host sshd[26942]: Failed password for invalid user user from 59.126.125.72 port 34068 ssh2
Jan 21 11:40:09 host sshd[26942]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 11:40:12 host sshd[26942]: Failed password for invalid user user from 59.126.125.72 port 34068 ssh2
Jan 21 11:41:11 host sshd[27279]: Invalid user admin from 159.196.112.220 port 55981
Jan 21 11:41:11 host sshd[27279]: input_userauth_request: invalid user admin [preauth]
Jan 21 11:41:11 host sshd[27279]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 11:41:11 host sshd[27279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.196.112.220
Jan 21 11:41:12 host sshd[27279]: Failed password for invalid user admin from 159.196.112.220 port 55981 ssh2
Jan 21 11:49:12 host sshd[28293]: Invalid user viewer from 205.185.113.129 port 50328
Jan 21 11:49:12 host sshd[28293]: input_userauth_request: invalid user viewer [preauth]
Jan 21 11:49:12 host sshd[28293]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 11:49:12 host sshd[28293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 21 11:49:15 host sshd[28293]: Failed password for invalid user viewer from 205.185.113.129 port 50328 ssh2
Jan 21 11:49:15 host sshd[28293]: Connection closed by 205.185.113.129 port 50328 [preauth]
Jan 21 12:01:23 host sshd[30002]: User root from 220.133.122.152 not allowed because not listed in AllowUsers
Jan 21 12:01:23 host sshd[30002]: input_userauth_request: invalid user root [preauth]
Jan 21 12:01:24 host unix_chkpwd[30006]: password check failed for user (root)
Jan 21 12:01:24 host sshd[30002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.122.152 user=root
Jan 21 12:01:24 host sshd[30002]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 12:01:25 host sshd[30002]: Failed password for invalid user root from 220.133.122.152 port 42475 ssh2
Jan 21 12:01:26 host sshd[30002]: Connection reset by 220.133.122.152 port 42475 [preauth]
Jan 21 12:03:54 host sshd[30281]: User root from 209.141.55.27 not allowed because not listed in AllowUsers
Jan 21 12:03:54 host sshd[30281]: input_userauth_request: invalid user root [preauth]
Jan 21 12:03:54 host unix_chkpwd[30284]: password check failed for user (root)
Jan 21 12:03:54 host sshd[30281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.55.27 user=root
Jan 21 12:03:54 host sshd[30281]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 12:03:56 host sshd[30281]: Failed password for invalid user root from 209.141.55.27 port 47670 ssh2
Jan 21 12:03:56 host sshd[30281]: Received disconnect from 209.141.55.27 port 47670:11: Normal Shutdown, Thank you for playing [preauth]
Jan 21 12:03:56 host sshd[30281]: Disconnected from 209.141.55.27 port 47670 [preauth]
Jan 21 12:05:55 host sshd[30620]: User root from 59.127.188.139 not allowed because not listed in AllowUsers
Jan 21 12:05:55 host sshd[30620]: input_userauth_request: invalid user root [preauth]
Jan 21 12:05:55 host unix_chkpwd[30625]: password check failed for user (root)
Jan 21 12:05:55 host sshd[30620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.188.139 user=root
Jan 21 12:05:55 host sshd[30620]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 12:05:57 host sshd[30620]: Failed password for invalid user root from 59.127.188.139 port 57640 ssh2
Jan 21 12:05:58 host sshd[30620]: Connection reset by 59.127.188.139 port 57640 [preauth]
Jan 21 12:11:05 host sshd[31848]: Invalid user mailtest from 167.71.239.134 port 50220
Jan 21 12:11:05 host sshd[31848]: input_userauth_request: invalid user mailtest [preauth]
Jan 21 12:11:05 host sshd[31848]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:11:05 host sshd[31848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.239.134
Jan 21 12:11:07 host sshd[31848]: Failed password for invalid user mailtest from 167.71.239.134 port 50220 ssh2
Jan 21 12:11:07 host sshd[31848]: Received disconnect from 167.71.239.134 port 50220:11: Bye Bye [preauth]
Jan 21 12:11:07 host sshd[31848]: Disconnected from 167.71.239.134 port 50220 [preauth]
Jan 21 12:12:36 host sshd[32396]: Invalid user cuser from 205.214.74.6 port 59100
Jan 21 12:12:36 host sshd[32396]: input_userauth_request: invalid user cuser [preauth]
Jan 21 12:12:36 host sshd[32396]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:12:36 host sshd[32396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.214.74.6
Jan 21 12:12:38 host sshd[32396]: Failed password for invalid user cuser from 205.214.74.6 port 59100 ssh2
Jan 21 12:12:38 host sshd[32396]: Received disconnect from 205.214.74.6 port 59100:11: Bye Bye [preauth]
Jan 21 12:12:38 host sshd[32396]: Disconnected from 205.214.74.6 port 59100 [preauth]
Jan 21 12:12:55 host sshd[32432]: Invalid user testemail from 83.0.114.127 port 53579
Jan 21 12:12:55 host sshd[32432]: input_userauth_request: invalid user testemail [preauth]
Jan 21 12:12:55 host sshd[32432]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:12:55 host sshd[32432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.0.114.127
Jan 21 12:12:56 host sshd[32432]: Failed password for invalid user testemail from 83.0.114.127 port 53579 ssh2
Jan 21 12:12:57 host sshd[32432]: Received disconnect from 83.0.114.127 port 53579:11: Bye Bye [preauth]
Jan 21 12:12:57 host sshd[32432]: Disconnected from 83.0.114.127 port 53579 [preauth]
Jan 21 12:13:18 host sshd[32474]: Invalid user scsadmin from 209.141.35.242 port 56724
Jan 21 12:13:18 host sshd[32474]: input_userauth_request: invalid user scsadmin [preauth]
Jan 21 12:13:18 host sshd[32474]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:13:18 host sshd[32474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.35.242
Jan 21 12:13:20 host sshd[32474]: Failed password for invalid user scsadmin from 209.141.35.242 port 56724 ssh2
Jan 21 12:13:21 host sshd[32474]: Received disconnect from 209.141.35.242 port 56724:11: Bye Bye [preauth]
Jan 21 12:13:21 host sshd[32474]: Disconnected from 209.141.35.242 port 56724 [preauth]
Jan 21 12:14:28 host sshd[32716]: Invalid user andy from 64.227.140.134 port 26816
Jan 21 12:14:28 host sshd[32716]: input_userauth_request: invalid user andy [preauth]
Jan 21 12:14:28 host sshd[32716]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:14:28 host sshd[32716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.140.134
Jan 21 12:14:29 host sshd[32716]: Failed password for invalid user andy from 64.227.140.134 port 26816 ssh2
Jan 21 12:14:29 host sshd[32716]: Received disconnect from 64.227.140.134 port 26816:11: Bye Bye [preauth]
Jan 21 12:14:29 host sshd[32716]: Disconnected from 64.227.140.134 port 26816 [preauth]
Jan 21 12:16:00 host sshd[627]: Invalid user devops from 37.193.112.180 port 59544
Jan 21 12:16:00 host sshd[627]: input_userauth_request: invalid user devops [preauth]
Jan 21 12:16:00 host sshd[627]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:16:00 host sshd[627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.193.112.180
Jan 21 12:16:02 host sshd[627]: Failed password for invalid user devops from 37.193.112.180 port 59544 ssh2
Jan 21 12:16:02 host sshd[627]: Received disconnect from 37.193.112.180 port 59544:11: Bye Bye [preauth]
Jan 21 12:16:02 host sshd[627]: Disconnected from 37.193.112.180 port 59544 [preauth]
Jan 21 12:16:10 host sshd[669]: Invalid user ntadmin from 83.0.114.127 port 43145
Jan 21 12:16:10 host sshd[669]: input_userauth_request: invalid user ntadmin [preauth]
Jan 21 12:16:10 host sshd[669]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:16:10 host sshd[669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.0.114.127
Jan 21 12:16:12 host sshd[669]: Failed password for invalid user ntadmin from 83.0.114.127 port 43145 ssh2
Jan 21 12:16:12 host sshd[669]: Received disconnect from 83.0.114.127 port 43145:11: Bye Bye [preauth]
Jan 21 12:16:12 host sshd[669]: Disconnected from 83.0.114.127 port 43145 [preauth]
Jan 21 12:16:45 host sshd[772]: Invalid user test2 from 209.141.35.242 port 42750
Jan 21 12:16:45 host sshd[772]: input_userauth_request: invalid user test2 [preauth]
Jan 21 12:16:45 host sshd[772]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:16:45 host sshd[772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.35.242
Jan 21 12:16:46 host sshd[776]: Invalid user sk from 167.71.239.134 port 49272
Jan 21 12:16:46 host sshd[776]: input_userauth_request: invalid user sk [preauth]
Jan 21 12:16:46 host sshd[776]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:16:46 host sshd[776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.239.134
Jan 21 12:16:46 host sshd[772]: Failed password for invalid user test2 from 209.141.35.242 port 42750 ssh2
Jan 21 12:16:46 host sshd[772]: Received disconnect from 209.141.35.242 port 42750:11: Bye Bye [preauth]
Jan 21 12:16:46 host sshd[772]: Disconnected from 209.141.35.242 port 42750 [preauth]
Jan 21 12:16:47 host sshd[776]: Failed password for invalid user sk from 167.71.239.134 port 49272 ssh2
Jan 21 12:16:47 host sshd[776]: Received disconnect from 167.71.239.134 port 49272:11: Bye Bye [preauth]
Jan 21 12:16:47 host sshd[776]: Disconnected from 167.71.239.134 port 49272 [preauth]
Jan 21 12:17:19 host sshd[822]: Invalid user mftuser from 83.0.114.127 port 57305
Jan 21 12:17:19 host sshd[822]: input_userauth_request: invalid user mftuser [preauth]
Jan 21 12:17:19 host sshd[822]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:17:19 host sshd[822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.0.114.127
Jan 21 12:17:22 host sshd[822]: Failed password for invalid user mftuser from 83.0.114.127 port 57305 ssh2
Jan 21 12:17:43 host sshd[904]: Invalid user Administrator from 37.193.112.180 port 57756
Jan 21 12:17:43 host sshd[904]: input_userauth_request: invalid user Administrator [preauth]
Jan 21 12:17:43 host sshd[904]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:17:43 host sshd[904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.193.112.180
Jan 21 12:17:45 host sshd[904]: Failed password for invalid user Administrator from 37.193.112.180 port 57756 ssh2
Jan 21 12:17:45 host sshd[904]: Received disconnect from 37.193.112.180 port 57756:11: Bye Bye [preauth]
Jan 21 12:17:45 host sshd[904]: Disconnected from 37.193.112.180 port 57756 [preauth]
Jan 21 12:17:53 host sshd[923]: Invalid user cloud_user from 209.141.35.242 port 41464
Jan 21 12:17:53 host sshd[923]: input_userauth_request: invalid user cloud_user [preauth]
Jan 21 12:17:53 host sshd[923]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:17:53 host sshd[923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.35.242
Jan 21 12:17:55 host sshd[923]: Failed password for invalid user cloud_user from 209.141.35.242 port 41464 ssh2
Jan 21 12:17:55 host sshd[923]: Received disconnect from 209.141.35.242 port 41464:11: Bye Bye [preauth]
Jan 21 12:17:55 host sshd[923]: Disconnected from 209.141.35.242 port 41464 [preauth]
Jan 21 12:17:58 host sshd[966]: Invalid user magento from 64.227.140.134 port 32470
Jan 21 12:17:58 host sshd[966]: input_userauth_request: invalid user magento [preauth]
Jan 21 12:17:58 host sshd[966]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:17:58 host sshd[966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.140.134
Jan 21 12:18:00 host sshd[966]: Failed password for invalid user magento from 64.227.140.134 port 32470 ssh2
Jan 21 12:18:00 host sshd[966]: Received disconnect from 64.227.140.134 port 32470:11: Bye Bye [preauth]
Jan 21 12:18:00 host sshd[966]: Disconnected from 64.227.140.134 port 32470 [preauth]
Jan 21 12:18:06 host sshd[992]: Invalid user magento_user from 167.71.239.134 port 47544
Jan 21 12:18:06 host sshd[992]: input_userauth_request: invalid user magento_user [preauth]
Jan 21 12:18:06 host sshd[992]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:18:06 host sshd[992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.239.134
Jan 21 12:18:07 host sshd[992]: Failed password for invalid user magento_user from 167.71.239.134 port 47544 ssh2
Jan 21 12:18:07 host sshd[992]: Received disconnect from 167.71.239.134 port 47544:11: Bye Bye [preauth]
Jan 21 12:18:07 host sshd[992]: Disconnected from 167.71.239.134 port 47544 [preauth]
Jan 21 12:18:21 host sshd[1038]: Invalid user sshtest from 205.214.74.6 port 52536
Jan 21 12:18:21 host sshd[1038]: input_userauth_request: invalid user sshtest [preauth]
Jan 21 12:18:21 host sshd[1038]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:18:21 host sshd[1038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.214.74.6
Jan 21 12:18:23 host sshd[1038]: Failed password for invalid user sshtest from 205.214.74.6 port 52536 ssh2
Jan 21 12:18:24 host sshd[1038]: Received disconnect from 205.214.74.6 port 52536:11: Bye Bye [preauth]
Jan 21 12:18:24 host sshd[1038]: Disconnected from 205.214.74.6 port 52536 [preauth]
Jan 21 12:18:59 host sshd[1110]: Invalid user test from 37.193.112.180 port 52778
Jan 21 12:18:59 host sshd[1110]: input_userauth_request: invalid user test [preauth]
Jan 21 12:18:59 host sshd[1110]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:18:59 host sshd[1110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.193.112.180
Jan 21 12:19:01 host sshd[1110]: Failed password for invalid user test from 37.193.112.180 port 52778 ssh2
Jan 21 12:19:26 host sshd[1185]: Invalid user www from 64.227.140.134 port 17072
Jan 21 12:19:26 host sshd[1185]: input_userauth_request: invalid user www [preauth]
Jan 21 12:19:26 host sshd[1185]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:19:26 host sshd[1185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.140.134
Jan 21 12:19:28 host sshd[1185]: Failed password for invalid user www from 64.227.140.134 port 17072 ssh2
Jan 21 12:19:28 host sshd[1185]: Received disconnect from 64.227.140.134 port 17072:11: Bye Bye [preauth]
Jan 21 12:19:28 host sshd[1185]: Disconnected from 64.227.140.134 port 17072 [preauth]
Jan 21 12:19:30 host sshd[1211]: Invalid user bondtest from 205.214.74.6 port 46836
Jan 21 12:19:30 host sshd[1211]: input_userauth_request: invalid user bondtest [preauth]
Jan 21 12:19:30 host sshd[1211]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:19:30 host sshd[1211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.214.74.6
Jan 21 12:19:32 host sshd[1211]: Failed password for invalid user bondtest from 205.214.74.6 port 46836 ssh2
Jan 21 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=ugotscom user-3=wwwrmswll user-4=wwwresourcehunte user-5=keralaholi user-6=travelboniface user-7=wwwkaretakers user-8=cochintaxi user-9=laundryboniface user-10=dartsimp user-11=a2zgroup user-12=straightcurve user-13=wwwletsstalkfood user-14=wwwevmhonda user-15=bonifacegroup user-16=wwwnexidigital user-17=mrsclean user-18=phmetals user-19=kottayamcalldriv user-20=gifterman user-21=palco123 user-22=woodpeck user-23=wwwkapin user-24=disposeat user-25=remysagr user-26=wwwkmaorg user-27=pmcresources user-28=wwwtestugo user-29=shalinijames user-30=vfmassets feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 12:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-jnwJWBmCgEfjloAP.~
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-jnwJWBmCgEfjloAP.~'
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-jnwJWBmCgEfjloAP.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 12:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 12:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 12:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 12:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 12:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 12:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 12:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 12:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 12:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 12:21:52 host sshd[1918]: Connection closed by 45.79.181.179 port 51890 [preauth]
Jan 21 12:21:54 host sshd[1922]: Connection closed by 45.79.181.179 port 51894 [preauth]
Jan 21 12:21:56 host sshd[1925]: Connection closed by 45.79.181.179 port 51910 [preauth]
Jan 21 12:29:09 host sshd[2841]: invalid public DH value: >= p-1 [preauth]
Jan 21 12:29:09 host sshd[2841]: ssh_dispatch_run_fatal: Connection from 171.248.39.17 port 41728: incomplete message [preauth]
Jan 21 12:44:14 host sshd[4780]: Did not receive identification string from 167.71.166.243 port 49916
Jan 21 12:46:08 host sshd[5106]: Connection closed by 167.71.166.243 port 44412 [preauth]
Jan 21 12:49:03 host sshd[5452]: User root from 62.233.50.248 not allowed because not listed in AllowUsers
Jan 21 12:49:03 host sshd[5452]: input_userauth_request: invalid user root [preauth]
Jan 21 12:49:03 host unix_chkpwd[5454]: password check failed for user (root)
Jan 21 12:49:03 host sshd[5452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248 user=root
Jan 21 12:49:03 host sshd[5452]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 12:49:05 host sshd[5452]: Failed password for invalid user root from 62.233.50.248 port 39746 ssh2
Jan 21 12:49:05 host sshd[5452]: Received disconnect from 62.233.50.248 port 39746:11: Client disconnecting normally [preauth]
Jan 21 12:49:05 host sshd[5452]: Disconnected from 62.233.50.248 port 39746 [preauth]
Jan 21 12:52:15 host sshd[5939]: Invalid user oracle from 59.25.189.150 port 54649
Jan 21 12:52:15 host sshd[5939]: input_userauth_request: invalid user oracle [preauth]
Jan 21 12:52:15 host sshd[5939]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:52:15 host sshd[5939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.25.189.150
Jan 21 12:52:16 host sshd[5939]: Failed password for invalid user oracle from 59.25.189.150 port 54649 ssh2
Jan 21 12:52:18 host sshd[5939]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:52:20 host sshd[5939]: Failed password for invalid user oracle from 59.25.189.150 port 54649 ssh2
Jan 21 12:52:22 host sshd[5939]: Connection reset by 59.25.189.150 port 54649 [preauth]
Jan 21 12:52:22 host sshd[5939]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.25.189.150
Jan 21 12:52:23 host sshd[5950]: Invalid user hhd from 106.10.122.53 port 59030
Jan 21 12:52:23 host sshd[5950]: input_userauth_request: invalid user hhd [preauth]
Jan 21 12:52:23 host sshd[5950]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:52:23 host sshd[5950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 21 12:52:25 host sshd[5950]: Failed password for invalid user hhd from 106.10.122.53 port 59030 ssh2
Jan 21 12:52:25 host sshd[5950]: Connection closed by 106.10.122.53 port 59030 [preauth]
Jan 21 12:57:06 host sshd[6796]: Invalid user sysop from 108.28.163.143 port 52574
Jan 21 12:57:06 host sshd[6796]: input_userauth_request: invalid user sysop [preauth]
Jan 21 12:57:06 host sshd[6796]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:57:06 host sshd[6796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.28.163.143
Jan 21 12:57:07 host sshd[6796]: Failed password for invalid user sysop from 108.28.163.143 port 52574 ssh2
Jan 21 12:57:08 host sshd[6796]: Received disconnect from 108.28.163.143 port 52574:11: Bye Bye [preauth]
Jan 21 12:57:08 host sshd[6796]: Disconnected from 108.28.163.143 port 52574 [preauth]
Jan 21 12:59:03 host sshd[7202]: Connection closed by 192.241.222.31 port 36788 [preauth]
Jan 21 12:59:32 host sshd[7317]: Invalid user an from 3.110.6.147 port 45542
Jan 21 12:59:32 host sshd[7317]: input_userauth_request: invalid user an [preauth]
Jan 21 12:59:32 host sshd[7317]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:59:32 host sshd[7317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.110.6.147
Jan 21 12:59:34 host sshd[7317]: Failed password for invalid user an from 3.110.6.147 port 45542 ssh2
Jan 21 12:59:34 host sshd[7317]: Received disconnect from 3.110.6.147 port 45542:11: Bye Bye [preauth]
Jan 21 12:59:34 host sshd[7317]: Disconnected from 3.110.6.147 port 45542 [preauth]
Jan 21 12:59:34 host sshd[7321]: Invalid user dev from 178.128.37.95 port 53446
Jan 21 12:59:34 host sshd[7321]: input_userauth_request: invalid user dev [preauth]
Jan 21 12:59:34 host sshd[7321]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:59:34 host sshd[7321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.37.95
Jan 21 12:59:36 host sshd[7321]: Failed password for invalid user dev from 178.128.37.95 port 53446 ssh2
Jan 21 12:59:36 host sshd[7321]: Received disconnect from 178.128.37.95 port 53446:11: Bye Bye [preauth]
Jan 21 12:59:36 host sshd[7321]: Disconnected from 178.128.37.95 port 53446 [preauth]
Jan 21 12:59:45 host sshd[7339]: Invalid user mftuser from 178.39.224.188 port 50656
Jan 21 12:59:45 host sshd[7339]: input_userauth_request: invalid user mftuser [preauth]
Jan 21 12:59:45 host sshd[7339]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 12:59:45 host sshd[7339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.39.224.188
Jan 21 12:59:48 host sshd[7339]: Failed password for invalid user mftuser from 178.39.224.188 port 50656 ssh2
Jan 21 12:59:48 host sshd[7339]: Received disconnect from 178.39.224.188 port 50656:11: Bye Bye [preauth]
Jan 21 12:59:48 host sshd[7339]: Disconnected from 178.39.224.188 port 50656 [preauth]
Jan 21 13:00:53 host sshd[7510]: Invalid user docker from 51.195.146.178 port 49150
Jan 21 13:00:53 host sshd[7510]: input_userauth_request: invalid user docker [preauth]
Jan 21 13:00:53 host sshd[7510]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:00:53 host sshd[7510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.146.178
Jan 21 13:00:55 host sshd[7510]: Failed password for invalid user docker from 51.195.146.178 port 49150 ssh2
Jan 21 13:00:56 host sshd[7510]: Received disconnect from 51.195.146.178 port 49150:11: Bye Bye [preauth]
Jan 21 13:00:56 host sshd[7510]: Disconnected from 51.195.146.178 port 49150 [preauth]
Jan 21 13:01:02 host sshd[7528]: Invalid user tbadmin from 24.199.104.139 port 51146
Jan 21 13:01:02 host sshd[7528]: input_userauth_request: invalid user tbadmin [preauth]
Jan 21 13:01:02 host sshd[7528]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:01:02 host sshd[7528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.199.104.139
Jan 21 13:01:04 host sshd[7528]: Failed password for invalid user tbadmin from 24.199.104.139 port 51146 ssh2
Jan 21 13:01:04 host sshd[7528]: Received disconnect from 24.199.104.139 port 51146:11: Bye Bye [preauth]
Jan 21 13:01:04 host sshd[7528]: Disconnected from 24.199.104.139 port 51146 [preauth]
Jan 21 13:01:29 host sshd[7624]: Invalid user radmin from 75.119.145.220 port 35670
Jan 21 13:01:29 host sshd[7624]: input_userauth_request: invalid user radmin [preauth]
Jan 21 13:01:29 host sshd[7624]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:01:29 host sshd[7624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.119.145.220
Jan 21 13:01:31 host sshd[7624]: Failed password for invalid user radmin from 75.119.145.220 port 35670 ssh2
Jan 21 13:01:31 host sshd[7624]: Received disconnect from 75.119.145.220 port 35670:11: Bye Bye [preauth]
Jan 21 13:01:31 host sshd[7624]: Disconnected from 75.119.145.220 port 35670 [preauth]
Jan 21 13:02:18 host sshd[7724]: Invalid user git from 158.160.6.234 port 57418
Jan 21 13:02:18 host sshd[7724]: input_userauth_request: invalid user git [preauth]
Jan 21 13:02:18 host sshd[7724]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:02:18 host sshd[7724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.160.6.234
Jan 21 13:02:20 host sshd[7724]: Failed password for invalid user git from 158.160.6.234 port 57418 ssh2
Jan 21 13:02:20 host sshd[7724]: Received disconnect from 158.160.6.234 port 57418:11: Bye Bye [preauth]
Jan 21 13:02:20 host sshd[7724]: Disconnected from 158.160.6.234 port 57418 [preauth]
Jan 21 13:02:42 host sshd[7795]: Invalid user user from 62.117.65.188 port 39868
Jan 21 13:02:42 host sshd[7795]: input_userauth_request: invalid user user [preauth]
Jan 21 13:02:42 host sshd[7795]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:02:42 host sshd[7795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.117.65.188
Jan 21 13:02:43 host sshd[7795]: Failed password for invalid user user from 62.117.65.188 port 39868 ssh2
Jan 21 13:02:43 host sshd[7801]: Invalid user steam from 3.110.6.147 port 57108
Jan 21 13:02:43 host sshd[7801]: input_userauth_request: invalid user steam [preauth]
Jan 21 13:02:43 host sshd[7801]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:02:43 host sshd[7801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.110.6.147
Jan 21 13:02:43 host sshd[7795]: Received disconnect from 62.117.65.188 port 39868:11: Bye Bye [preauth]
Jan 21 13:02:43 host sshd[7795]: Disconnected from 62.117.65.188 port 39868 [preauth]
Jan 21 13:02:45 host sshd[7801]: Failed password for invalid user steam from 3.110.6.147 port 57108 ssh2
Jan 21 13:02:45 host sshd[7801]: Received disconnect from 3.110.6.147 port 57108:11: Bye Bye [preauth]
Jan 21 13:02:45 host sshd[7801]: Disconnected from 3.110.6.147 port 57108 [preauth]
Jan 21 13:03:45 host sshd[8061]: Invalid user admin from 108.28.163.143 port 52756
Jan 21 13:03:45 host sshd[8061]: input_userauth_request: invalid user admin [preauth]
Jan 21 13:03:45 host sshd[8061]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:03:45 host sshd[8061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.28.163.143
Jan 21 13:03:47 host sshd[8061]: Failed password for invalid user admin from 108.28.163.143 port 52756 ssh2
Jan 21 13:03:48 host sshd[8061]: Received disconnect from 108.28.163.143 port 52756:11: Bye Bye [preauth]
Jan 21 13:03:48 host sshd[8061]: Disconnected from 108.28.163.143 port 52756 [preauth]
Jan 21 13:03:57 host sshd[8075]: Invalid user sistemas from 3.110.6.147 port 55874
Jan 21 13:03:57 host sshd[8075]: input_userauth_request: invalid user sistemas [preauth]
Jan 21 13:03:57 host sshd[8075]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:03:57 host sshd[8075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.110.6.147
Jan 21 13:03:59 host sshd[8075]: Failed password for invalid user sistemas from 3.110.6.147 port 55874 ssh2
Jan 21 13:03:59 host sshd[8075]: Received disconnect from 3.110.6.147 port 55874:11: Bye Bye [preauth]
Jan 21 13:03:59 host sshd[8075]: Disconnected from 3.110.6.147 port 55874 [preauth]
Jan 21 13:04:10 host sshd[8130]: Invalid user test from 192.241.255.97 port 44576
Jan 21 13:04:10 host sshd[8130]: input_userauth_request: invalid user test [preauth]
Jan 21 13:04:10 host sshd[8130]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:04:10 host sshd[8130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.255.97
Jan 21 13:04:12 host sshd[8130]: Failed password for invalid user test from 192.241.255.97 port 44576 ssh2
Jan 21 13:04:12 host sshd[8130]: Received disconnect from 192.241.255.97 port 44576:11: Bye Bye [preauth]
Jan 21 13:04:12 host sshd[8130]: Disconnected from 192.241.255.97 port 44576 [preauth]
Jan 21 13:04:18 host sshd[8146]: Invalid user sgeadmin from 170.106.117.160 port 47930
Jan 21 13:04:18 host sshd[8146]: input_userauth_request: invalid user sgeadmin [preauth]
Jan 21 13:04:18 host sshd[8146]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:04:18 host sshd[8146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.106.117.160
Jan 21 13:04:20 host sshd[8146]: Failed password for invalid user sgeadmin from 170.106.117.160 port 47930 ssh2
Jan 21 13:04:20 host sshd[8146]: Received disconnect from 170.106.117.160 port 47930:11: Bye Bye [preauth]
Jan 21 13:04:20 host sshd[8146]: Disconnected from 170.106.117.160 port 47930 [preauth]
Jan 21 13:04:52 host sshd[8215]: Invalid user wp-admin from 108.28.163.143 port 52822
Jan 21 13:04:52 host sshd[8215]: input_userauth_request: invalid user wp-admin [preauth]
Jan 21 13:04:52 host sshd[8215]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:04:52 host sshd[8215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=108.28.163.143
Jan 21 13:04:52 host sshd[8217]: Invalid user tempuser from 178.128.37.95 port 48070
Jan 21 13:04:52 host sshd[8217]: input_userauth_request: invalid user tempuser [preauth]
Jan 21 13:04:52 host sshd[8217]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:04:52 host sshd[8217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.37.95
Jan 21 13:04:53 host sshd[8215]: Failed password for invalid user wp-admin from 108.28.163.143 port 52822 ssh2
Jan 21 13:04:53 host sshd[8217]: Failed password for invalid user tempuser from 178.128.37.95 port 48070 ssh2
Jan 21 13:04:54 host sshd[8217]: Received disconnect from 178.128.37.95 port 48070:11: Bye Bye [preauth]
Jan 21 13:04:54 host sshd[8217]: Disconnected from 178.128.37.95 port 48070 [preauth]
Jan 21 13:05:13 host sshd[8312]: Invalid user adminweb from 24.199.104.139 port 39258
Jan 21 13:05:13 host sshd[8312]: input_userauth_request: invalid user adminweb [preauth]
Jan 21 13:05:13 host sshd[8312]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:05:13 host sshd[8312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.199.104.139
Jan 21 13:05:15 host sshd[8312]: Failed password for invalid user adminweb from 24.199.104.139 port 39258 ssh2
Jan 21 13:05:16 host sshd[8312]: Received disconnect from 24.199.104.139 port 39258:11: Bye Bye [preauth]
Jan 21 13:05:16 host sshd[8312]: Disconnected from 24.199.104.139 port 39258 [preauth]
Jan 21 13:05:43 host sshd[8384]: Invalid user mftuser from 62.117.65.188 port 54962
Jan 21 13:05:43 host sshd[8384]: input_userauth_request: invalid user mftuser [preauth]
Jan 21 13:05:43 host sshd[8384]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:05:43 host sshd[8384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.117.65.188
Jan 21 13:05:45 host sshd[8384]: Failed password for invalid user mftuser from 62.117.65.188 port 54962 ssh2
Jan 21 13:05:46 host sshd[8384]: Received disconnect from 62.117.65.188 port 54962:11: Bye Bye [preauth]
Jan 21 13:05:46 host sshd[8384]: Disconnected from 62.117.65.188 port 54962 [preauth]
Jan 21 13:05:49 host sshd[8398]: Invalid user ftptest from 158.160.6.234 port 53590
Jan 21 13:05:49 host sshd[8398]: input_userauth_request: invalid user ftptest [preauth]
Jan 21 13:05:49 host sshd[8398]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:05:49 host sshd[8398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.160.6.234
Jan 21 13:05:51 host sshd[8398]: Failed password for invalid user ftptest from 158.160.6.234 port 53590 ssh2
Jan 21 13:05:51 host sshd[8398]: Received disconnect from 158.160.6.234 port 53590:11: Bye Bye [preauth]
Jan 21 13:05:51 host sshd[8398]: Disconnected from 158.160.6.234 port 53590 [preauth]
Jan 21 13:05:57 host sshd[8411]: Invalid user administrador from 178.128.37.95 port 42932
Jan 21 13:05:57 host sshd[8411]: input_userauth_request: invalid user administrador [preauth]
Jan 21 13:05:57 host sshd[8411]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:05:57 host sshd[8411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.37.95
Jan 21 13:05:59 host sshd[8445]: Invalid user max from 178.39.224.188 port 46440
Jan 21 13:05:59 host sshd[8445]: input_userauth_request: invalid user max [preauth]
Jan 21 13:05:59 host sshd[8445]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:05:59 host sshd[8445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.39.224.188
Jan 21 13:05:59 host sshd[8411]: Failed password for invalid user administrador from 178.128.37.95 port 42932 ssh2
Jan 21 13:06:01 host sshd[8445]: Failed password for invalid user max from 178.39.224.188 port 46440 ssh2
Jan 21 13:06:01 host sshd[8445]: Received disconnect from 178.39.224.188 port 46440:11: Bye Bye [preauth]
Jan 21 13:06:01 host sshd[8445]: Disconnected from 178.39.224.188 port 46440 [preauth]
Jan 21 13:06:24 host sshd[8480]: Invalid user jenkins from 51.195.146.178 port 59286
Jan 21 13:06:24 host sshd[8480]: input_userauth_request: invalid user jenkins [preauth]
Jan 21 13:06:24 host sshd[8480]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:06:24 host sshd[8480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.146.178
Jan 21 13:06:26 host sshd[8480]: Failed password for invalid user jenkins from 51.195.146.178 port 59286 ssh2
Jan 21 13:06:26 host sshd[8480]: Received disconnect from 51.195.146.178 port 59286:11: Bye Bye [preauth]
Jan 21 13:06:26 host sshd[8480]: Disconnected from 51.195.146.178 port 59286 [preauth]
Jan 21 13:06:28 host sshd[8498]: Invalid user ttuser from 24.199.104.139 port 60198
Jan 21 13:06:28 host sshd[8498]: input_userauth_request: invalid user ttuser [preauth]
Jan 21 13:06:28 host sshd[8498]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:06:28 host sshd[8498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.199.104.139
Jan 21 13:06:28 host sshd[8500]: Invalid user ghostuser from 192.241.255.97 port 45504
Jan 21 13:06:28 host sshd[8500]: input_userauth_request: invalid user ghostuser [preauth]
Jan 21 13:06:28 host sshd[8500]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:06:28 host sshd[8500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.255.97
Jan 21 13:06:29 host sshd[8498]: Failed password for invalid user ttuser from 24.199.104.139 port 60198 ssh2
Jan 21 13:06:30 host sshd[8498]: Received disconnect from 24.199.104.139 port 60198:11: Bye Bye [preauth]
Jan 21 13:06:30 host sshd[8498]: Disconnected from 24.199.104.139 port 60198 [preauth]
Jan 21 13:06:30 host sshd[8500]: Failed password for invalid user ghostuser from 192.241.255.97 port 45504 ssh2
Jan 21 13:06:30 host sshd[8500]: Received disconnect from 192.241.255.97 port 45504:11: Bye Bye [preauth]
Jan 21 13:06:30 host sshd[8500]: Disconnected from 192.241.255.97 port 45504 [preauth]
Jan 21 13:06:34 host sshd[8565]: Invalid user panda from 75.119.145.220 port 47486
Jan 21 13:06:34 host sshd[8565]: input_userauth_request: invalid user panda [preauth]
Jan 21 13:06:34 host sshd[8565]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:06:34 host sshd[8565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.119.145.220
Jan 21 13:06:36 host sshd[8565]: Failed password for invalid user panda from 75.119.145.220 port 47486 ssh2
Jan 21 13:06:36 host sshd[8565]: Received disconnect from 75.119.145.220 port 47486:11: Bye Bye [preauth]
Jan 21 13:06:36 host sshd[8565]: Disconnected from 75.119.145.220 port 47486 [preauth]
Jan 21 13:06:58 host sshd[8615]: Invalid user ftptest from 62.117.65.188 port 33906
Jan 21 13:06:58 host sshd[8615]: input_userauth_request: invalid user ftptest [preauth]
Jan 21 13:06:58 host sshd[8615]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:06:58 host sshd[8615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.117.65.188
Jan 21 13:07:00 host sshd[8615]: Failed password for invalid user ftptest from 62.117.65.188 port 33906 ssh2
Jan 21 13:07:00 host sshd[8615]: Received disconnect from 62.117.65.188 port 33906:11: Bye Bye [preauth]
Jan 21 13:07:00 host sshd[8615]: Disconnected from 62.117.65.188 port 33906 [preauth]
Jan 21 13:07:06 host sshd[8678]: Invalid user max from 158.160.6.234 port 46188
Jan 21 13:07:06 host sshd[8678]: input_userauth_request: invalid user max [preauth]
Jan 21 13:07:06 host sshd[8678]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:07:06 host sshd[8678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.160.6.234
Jan 21 13:07:07 host sshd[8678]: Failed password for invalid user max from 158.160.6.234 port 46188 ssh2
Jan 21 13:07:07 host sshd[8678]: Received disconnect from 158.160.6.234 port 46188:11: Bye Bye [preauth]
Jan 21 13:07:07 host sshd[8678]: Disconnected from 158.160.6.234 port 46188 [preauth]
Jan 21 13:07:19 host sshd[8743]: Invalid user ftptest from 178.39.224.188 port 40922
Jan 21 13:07:19 host sshd[8743]: input_userauth_request: invalid user ftptest [preauth]
Jan 21 13:07:19 host sshd[8743]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:07:19 host sshd[8743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.39.224.188
Jan 21 13:07:21 host sshd[8743]: Failed password for invalid user ftptest from 178.39.224.188 port 40922 ssh2
Jan 21 13:07:22 host sshd[8743]: Received disconnect from 178.39.224.188 port 40922:11: Bye Bye [preauth]
Jan 21 13:07:22 host sshd[8743]: Disconnected from 178.39.224.188 port 40922 [preauth]
Jan 21 13:07:28 host sshd[8789]: Invalid user git from 170.106.117.160 port 42924
Jan 21 13:07:28 host sshd[8789]: input_userauth_request: invalid user git [preauth]
Jan 21 13:07:28 host sshd[8789]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:07:28 host sshd[8789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.106.117.160
Jan 21 13:07:29 host sshd[8789]: Failed password for invalid user git from 170.106.117.160 port 42924 ssh2
Jan 21 13:07:29 host sshd[8789]: Received disconnect from 170.106.117.160 port 42924:11: Bye Bye [preauth]
Jan 21 13:07:29 host sshd[8789]: Disconnected from 170.106.117.160 port 42924 [preauth]
Jan 21 13:07:41 host sshd[8841]: Invalid user admin from 192.241.255.97 port 40166
Jan 21 13:07:41 host sshd[8841]: input_userauth_request: invalid user admin [preauth]
Jan 21 13:07:41 host sshd[8841]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:07:41 host sshd[8841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.255.97
Jan 21 13:07:42 host sshd[8841]: Failed password for invalid user admin from 192.241.255.97 port 40166 ssh2
Jan 21 13:07:42 host sshd[8841]: Received disconnect from 192.241.255.97 port 40166:11: Bye Bye [preauth]
Jan 21 13:07:42 host sshd[8841]: Disconnected from 192.241.255.97 port 40166 [preauth]
Jan 21 13:07:49 host sshd[8885]: Invalid user mailadmin from 75.119.145.220 port 45550
Jan 21 13:07:49 host sshd[8885]: input_userauth_request: invalid user mailadmin [preauth]
Jan 21 13:07:49 host sshd[8885]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:07:49 host sshd[8885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.119.145.220
Jan 21 13:07:50 host sshd[8885]: Failed password for invalid user mailadmin from 75.119.145.220 port 45550 ssh2
Jan 21 13:07:51 host sshd[8885]: Received disconnect from 75.119.145.220 port 45550:11: Bye Bye [preauth]
Jan 21 13:07:51 host sshd[8885]: Disconnected from 75.119.145.220 port 45550 [preauth]
Jan 21 13:08:32 host sshd[9011]: Invalid user test from 170.106.117.160 port 37698
Jan 21 13:08:32 host sshd[9011]: input_userauth_request: invalid user test [preauth]
Jan 21 13:08:32 host sshd[9011]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:08:32 host sshd[9011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.106.117.160
Jan 21 13:08:35 host sshd[9011]: Failed password for invalid user test from 170.106.117.160 port 37698 ssh2
Jan 21 13:08:35 host sshd[9011]: Received disconnect from 170.106.117.160 port 37698:11: Bye Bye [preauth]
Jan 21 13:08:35 host sshd[9011]: Disconnected from 170.106.117.160 port 37698 [preauth]
Jan 21 13:10:18 host sshd[9272]: Invalid user hk from 194.110.203.109 port 40934
Jan 21 13:10:18 host sshd[9272]: input_userauth_request: invalid user hk [preauth]
Jan 21 13:10:18 host sshd[9272]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:10:18 host sshd[9272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 13:10:19 host sshd[9272]: Failed password for invalid user hk from 194.110.203.109 port 40934 ssh2
Jan 21 13:10:23 host sshd[9272]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:10:25 host sshd[9272]: Failed password for invalid user hk from 194.110.203.109 port 40934 ssh2
Jan 21 13:10:28 host sshd[9272]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:10:30 host sshd[9272]: Failed password for invalid user hk from 194.110.203.109 port 40934 ssh2
Jan 21 13:10:34 host sshd[9272]: Connection closed by 194.110.203.109 port 40934 [preauth]
Jan 21 13:10:34 host sshd[9272]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 13:10:36 host sshd[9302]: Invalid user mftuser from 51.195.146.178 port 48678
Jan 21 13:10:36 host sshd[9302]: input_userauth_request: invalid user mftuser [preauth]
Jan 21 13:10:36 host sshd[9302]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:10:36 host sshd[9302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.146.178
Jan 21 13:10:37 host sshd[9302]: Failed password for invalid user mftuser from 51.195.146.178 port 48678 ssh2
Jan 21 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkmaorg user-2=disposeat user-3=remysagr user-4=wwwkapin user-5=woodpeck user-6=shalinijames user-7=wwwtestugo user-8=vfmassets user-9=pmcresources user-10=wwwevmhonda user-11=bonifacegroup user-12=wwwletsstalkfood user-13=straightcurve user-14=phmetals user-15=kottayamcalldriv user-16=palco123 user-17=gifterman user-18=mrsclean user-19=wwwnexidigital user-20=wwwkaretakers user-21=cochintaxi user-22=a2zgroup user-23=dartsimp user-24=laundryboniface user-25=wwwpmcresource user-26=travelboniface user-27=ugotscom user-28=wwwresourcehunte user-29=keralaholi user-30=wwwrmswll feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 13:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-6NZ3ShJAblDCykyX.~
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-6NZ3ShJAblDCykyX.~'
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-6NZ3ShJAblDCykyX.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 13:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 13:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 13:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 13:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 13:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 13:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 13:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 13:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 13:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 13:21:29 host sshd[11077]: Invalid user sFTPUser from 103.196.232.44 port 39804
Jan 21 13:21:29 host sshd[11077]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 21 13:21:29 host sshd[11077]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:21:29 host sshd[11077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.196.232.44
Jan 21 13:21:31 host sshd[11077]: Failed password for invalid user sFTPUser from 103.196.232.44 port 39804 ssh2
Jan 21 13:21:31 host sshd[11077]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:21:33 host sshd[11077]: Failed password for invalid user sFTPUser from 103.196.232.44 port 39804 ssh2
Jan 21 13:21:33 host sshd[11077]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:21:35 host sshd[11077]: Failed password for invalid user sFTPUser from 103.196.232.44 port 39804 ssh2
Jan 21 13:21:35 host sshd[11077]: Connection reset by 103.196.232.44 port 39804 [preauth]
Jan 21 13:21:35 host sshd[11077]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.196.232.44
Jan 21 13:32:09 host sshd[12529]: Did not receive identification string from 154.89.5.216 port 37642
Jan 21 13:32:24 host sshd[12530]: Connection closed by 154.89.5.216 port 37724 [preauth]
Jan 21 13:33:17 host sshd[12637]: Did not receive identification string from 125.74.239.20 port 36316
Jan 21 13:33:21 host sshd[12639]: User ftp from 125.74.239.20 not allowed because not listed in AllowUsers
Jan 21 13:33:21 host sshd[12639]: input_userauth_request: invalid user ftp [preauth]
Jan 21 13:33:21 host unix_chkpwd[12699]: password check failed for user (ftp)
Jan 21 13:33:21 host sshd[12639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20 user=ftp
Jan 21 13:33:21 host sshd[12639]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 21 13:33:22 host sshd[12644]: Invalid user es from 125.74.239.20 port 14763
Jan 21 13:33:22 host sshd[12644]: input_userauth_request: invalid user es [preauth]
Jan 21 13:33:22 host sshd[12645]: Invalid user testuser from 125.74.239.20 port 14737
Jan 21 13:33:22 host sshd[12645]: input_userauth_request: invalid user testuser [preauth]
Jan 21 13:33:22 host sshd[12643]: Invalid user steam from 125.74.239.20 port 14761
Jan 21 13:33:22 host sshd[12643]: input_userauth_request: invalid user steam [preauth]
Jan 21 13:33:22 host sshd[12646]: Invalid user ansadmin from 125.74.239.20 port 14716
Jan 21 13:33:22 host sshd[12646]: input_userauth_request: invalid user ansadmin [preauth]
Jan 21 13:33:22 host sshd[12651]: Invalid user testuser from 125.74.239.20 port 14775
Jan 21 13:33:22 host sshd[12651]: input_userauth_request: invalid user testuser [preauth]
Jan 21 13:33:22 host sshd[12650]: Invalid user ansadmin from 125.74.239.20 port 14777
Jan 21 13:33:22 host sshd[12650]: input_userauth_request: invalid user ansadmin [preauth]
Jan 21 13:33:22 host sshd[12649]: Invalid user steam from 125.74.239.20 port 14754
Jan 21 13:33:22 host sshd[12649]: input_userauth_request: invalid user steam [preauth]
Jan 21 13:33:22 host sshd[12647]: Invalid user linux from 125.74.239.20 port 14733
Jan 21 13:33:22 host sshd[12647]: input_userauth_request: invalid user linux [preauth]
Jan 21 13:33:22 host sshd[12655]: User centos from 125.74.239.20 not allowed because not listed in AllowUsers
Jan 21 13:33:22 host sshd[12653]: Invalid user guest from 125.74.239.20 port 14723
Jan 21 13:33:22 host sshd[12655]: input_userauth_request: invalid user centos [preauth]
Jan 21 13:33:22 host sshd[12653]: input_userauth_request: invalid user guest [preauth]
Jan 21 13:33:22 host sshd[12662]: User ftp from 125.74.239.20 not allowed because not listed in AllowUsers
Jan 21 13:33:22 host sshd[12662]: input_userauth_request: invalid user ftp [preauth]
Jan 21 13:33:22 host sshd[12648]: Invalid user ubuntu from 125.74.239.20 port 14780
Jan 21 13:33:22 host sshd[12648]: input_userauth_request: invalid user ubuntu [preauth]
Jan 21 13:33:22 host sshd[12654]: Invalid user ftpuser from 125.74.239.20 port 14734
Jan 21 13:33:22 host sshd[12654]: input_userauth_request: invalid user ftpuser [preauth]
Jan 21 13:33:22 host sshd[12658]: Invalid user teamspeak from 125.74.239.20 port 14715
Jan 21 13:33:22 host sshd[12658]: input_userauth_request: invalid user teamspeak [preauth]
Jan 21 13:33:22 host sshd[12657]: Invalid user linux from 125.74.239.20 port 14791
Jan 21 13:33:22 host sshd[12657]: input_userauth_request: invalid user linux [preauth]
Jan 21 13:33:22 host sshd[12652]: Invalid user ubuntu from 125.74.239.20 port 14779
Jan 21 13:33:22 host sshd[12652]: input_userauth_request: invalid user ubuntu [preauth]
Jan 21 13:33:22 host sshd[12659]: Invalid user ansadmin from 125.74.239.20 port 14765
Jan 21 13:33:22 host sshd[12659]: input_userauth_request: invalid user ansadmin [preauth]
Jan 21 13:33:22 host sshd[12656]: Invalid user zjw from 125.74.239.20 port 14729
Jan 21 13:33:22 host sshd[12656]: input_userauth_request: invalid user zjw [preauth]
Jan 21 13:33:22 host sshd[12666]: Invalid user posiflex from 125.74.239.20 port 14731
Jan 21 13:33:22 host sshd[12666]: input_userauth_request: invalid user posiflex [preauth]
Jan 21 13:33:22 host sshd[12660]: Invalid user ansadmin from 125.74.239.20 port 14753
Jan 21 13:33:22 host sshd[12660]: input_userauth_request: invalid user ansadmin [preauth]
Jan 21 13:33:22 host sshd[12661]: Invalid user git from 125.74.239.20 port 14757
Jan 21 13:33:22 host sshd[12661]: input_userauth_request: invalid user git [preauth]
Jan 21 13:33:22 host sshd[12665]: Invalid user steam from 125.74.239.20 port 14725
Jan 21 13:33:22 host sshd[12665]: input_userauth_request: invalid user steam [preauth]
Jan 21 13:33:22 host sshd[12667]: User ftp from 125.74.239.20 not allowed because not listed in AllowUsers
Jan 21 13:33:22 host sshd[12667]: input_userauth_request: invalid user ftp [preauth]
Jan 21 13:33:22 host sshd[12668]: Invalid user oracle from 125.74.239.20 port 14789
Jan 21 13:33:22 host sshd[12668]: input_userauth_request: invalid user oracle [preauth]
Jan 21 13:33:22 host sshd[12672]: Invalid user guest from 125.74.239.20 port 14749
Jan 21 13:33:22 host sshd[12673]: Invalid user admin from 125.74.239.20 port 14747
Jan 21 13:33:22 host sshd[12672]: input_userauth_request: invalid user guest [preauth]
Jan 21 13:33:22 host sshd[12673]: input_userauth_request: invalid user admin [preauth]
Jan 21 13:33:22 host sshd[12679]: User mysql from 125.74.239.20 not allowed because not listed in AllowUsers
Jan 21 13:33:22 host sshd[12679]: input_userauth_request: invalid user mysql [preauth]
Jan 21 13:33:22 host sshd[12674]: Invalid user posiflex from 125.74.239.20 port 14741
Jan 21 13:33:22 host sshd[12674]: input_userauth_request: invalid user posiflex [preauth]
Jan 21 13:33:22 host sshd[12644]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12643]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12645]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12646]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12651]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12649]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12650]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12647]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12653]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host unix_chkpwd[12701]: password check failed for user (centos)
Jan 21 13:33:22 host sshd[12655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20 user=centos
Jan 21 13:33:22 host sshd[12654]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host unix_chkpwd[12702]: password check failed for user (ftp)
Jan 21 13:33:22 host sshd[12662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20 user=ftp
Jan 21 13:33:22 host sshd[12662]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 21 13:33:22 host sshd[12648]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12658]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12657]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12652]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12656]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12659]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12666]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12660]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12661]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12665]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host unix_chkpwd[12703]: password check failed for user (ftp)
Jan 21 13:33:22 host sshd[12667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20 user=ftp
Jan 21 13:33:22 host sshd[12667]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 21 13:33:22 host sshd[12672]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12668]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12673]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host sshd[12674]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:33:22 host sshd[12674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20
Jan 21 13:33:22 host unix_chkpwd[12704]: password check failed for user (mysql)
Jan 21 13:33:22 host sshd[12679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.74.239.20 user=mysql
Jan 21 13:33:22 host sshd[12679]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "mysql"
Jan 21 13:33:23 host sshd[12639]: Failed password for invalid user ftp from 125.74.239.20 port 14787 ssh2
Jan 21 13:33:23 host sshd[12639]: Connection closed by 125.74.239.20 port 14787 [preauth]
Jan 21 13:33:24 host sshd[12644]: Failed password for invalid user es from 125.74.239.20 port 14763 ssh2
Jan 21 13:33:24 host sshd[12643]: Failed password for invalid user steam from 125.74.239.20 port 14761 ssh2
Jan 21 13:33:24 host sshd[12645]: Failed password for invalid user testuser from 125.74.239.20 port 14737 ssh2
Jan 21 13:33:24 host sshd[12646]: Failed password for invalid user ansadmin from 125.74.239.20 port 14716 ssh2
Jan 21 13:33:24 host sshd[12651]: Failed password for invalid user testuser from 125.74.239.20 port 14775 ssh2
Jan 21 13:33:24 host sshd[12649]: Failed password for invalid user steam from 125.74.239.20 port 14754 ssh2
Jan 21 13:33:24 host sshd[12650]: Failed password for invalid user ansadmin from 125.74.239.20 port 14777 ssh2
Jan 21 13:33:24 host sshd[12647]: Failed password for invalid user linux from 125.74.239.20 port 14733 ssh2
Jan 21 13:33:24 host sshd[12653]: Failed password for invalid user guest from 125.74.239.20 port 14723 ssh2
Jan 21 13:33:24 host sshd[12654]: Failed password for invalid user ftpuser from 125.74.239.20 port 14734 ssh2
Jan 21 13:33:24 host sshd[12655]: Failed password for invalid user centos from 125.74.239.20 port 14745 ssh2
Jan 21 13:33:24 host sshd[12662]: Failed password for invalid user ftp from 125.74.239.20 port 14713 ssh2
Jan 21 13:33:24 host sshd[12648]: Failed password for invalid user ubuntu from 125.74.239.20 port 14780 ssh2
Jan 21 13:33:24 host sshd[12658]: Failed password for invalid user teamspeak from 125.74.239.20 port 14715 ssh2
Jan 21 13:33:24 host sshd[12657]: Failed password for invalid user linux from 125.74.239.20 port 14791 ssh2
Jan 21 13:33:24 host sshd[12652]: Failed password for invalid user ubuntu from 125.74.239.20 port 14779 ssh2
Jan 21 13:33:24 host sshd[12656]: Failed password for invalid user zjw from 125.74.239.20 port 14729 ssh2
Jan 21 13:33:24 host sshd[12659]: Failed password for invalid user ansadmin from 125.74.239.20 port 14765 ssh2
Jan 21 13:33:24 host sshd[12666]: Failed password for invalid user posiflex from 125.74.239.20 port 14731 ssh2
Jan 21 13:33:24 host sshd[12660]: Failed password for invalid user ansadmin from 125.74.239.20 port 14753 ssh2
Jan 21 13:33:24 host sshd[12661]: Failed password for invalid user git from 125.74.239.20 port 14757 ssh2
Jan 21 13:33:24 host sshd[12665]: Failed password for invalid user steam from 125.74.239.20 port 14725 ssh2
Jan 21 13:33:24 host sshd[12667]: Failed password for invalid user ftp from 125.74.239.20 port 14739 ssh2
Jan 21 13:33:24 host sshd[12672]: Failed password for invalid user guest from 125.74.239.20 port 14749 ssh2
Jan 21 13:33:24 host sshd[12668]: Failed password for invalid user oracle from 125.74.239.20 port 14789 ssh2
Jan 21 13:33:24 host sshd[12673]: Failed password for invalid user admin from 125.74.239.20 port 14747 ssh2
Jan 21 13:33:24 host sshd[12674]: Failed password for invalid user posiflex from 125.74.239.20 port 14741 ssh2
Jan 21 13:33:24 host sshd[12679]: Failed password for invalid user mysql from 125.74.239.20 port 14759 ssh2
Jan 21 13:34:19 host sshd[12961]: Invalid user platform from 162.218.126.136 port 47408
Jan 21 13:34:19 host sshd[12961]: input_userauth_request: invalid user platform [preauth]
Jan 21 13:34:19 host sshd[12961]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:34:19 host sshd[12961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.218.126.136
Jan 21 13:34:21 host sshd[12961]: Failed password for invalid user platform from 162.218.126.136 port 47408 ssh2
Jan 21 13:34:22 host sshd[12961]: Connection closed by 162.218.126.136 port 47408 [preauth]
Jan 21 13:40:10 host sshd[13613]: Invalid user zyfwp from 101.113.91.53 port 39934
Jan 21 13:40:10 host sshd[13613]: input_userauth_request: invalid user zyfwp [preauth]
Jan 21 13:40:10 host sshd[13613]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:40:10 host sshd[13613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.113.91.53
Jan 21 13:40:11 host sshd[13613]: Failed password for invalid user zyfwp from 101.113.91.53 port 39934 ssh2
Jan 21 13:40:12 host sshd[13613]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:40:13 host sshd[13613]: Failed password for invalid user zyfwp from 101.113.91.53 port 39934 ssh2
Jan 21 13:41:53 host sshd[13924]: Invalid user nginx from 211.223.185.206 port 63923
Jan 21 13:41:53 host sshd[13924]: input_userauth_request: invalid user nginx [preauth]
Jan 21 13:41:53 host sshd[13924]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:41:53 host sshd[13924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.223.185.206
Jan 21 13:41:54 host sshd[13924]: Failed password for invalid user nginx from 211.223.185.206 port 63923 ssh2
Jan 21 13:41:55 host sshd[13924]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 13:41:56 host sshd[13924]: Failed password for invalid user nginx from 211.223.185.206 port 63923 ssh2
Jan 21 13:41:57 host sshd[13924]: Connection reset by 211.223.185.206 port 63923 [preauth]
Jan 21 13:41:57 host sshd[13924]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.223.185.206
Jan 21 13:42:47 host sshd[14021]: User root from 59.25.112.205 not allowed because not listed in AllowUsers
Jan 21 13:42:47 host sshd[14021]: input_userauth_request: invalid user root [preauth]
Jan 21 13:42:47 host unix_chkpwd[14028]: password check failed for user (root)
Jan 21 13:42:47 host sshd[14021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.25.112.205 user=root
Jan 21 13:42:47 host sshd[14021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 13:42:49 host sshd[14021]: Failed password for invalid user root from 59.25.112.205 port 61138 ssh2
Jan 21 13:42:49 host unix_chkpwd[14036]: password check failed for user (root)
Jan 21 13:42:49 host sshd[14021]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 13:42:52 host sshd[14021]: Failed password for invalid user root from 59.25.112.205 port 61138 ssh2
Jan 21 13:42:52 host sshd[14021]: Connection reset by 59.25.112.205 port 61138 [preauth]
Jan 21 13:42:52 host sshd[14021]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.25.112.205 user=root
Jan 21 13:49:46 host sshd[15347]: Did not receive identification string from 178.79.177.104 port 34740
Jan 21 14:12:40 host sshd[18661]: User root from 219.85.53.188 not allowed because not listed in AllowUsers
Jan 21 14:12:40 host sshd[18661]: input_userauth_request: invalid user root [preauth]
Jan 21 14:12:40 host unix_chkpwd[18664]: password check failed for user (root)
Jan 21 14:12:40 host sshd[18661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.85.53.188 user=root
Jan 21 14:12:40 host sshd[18661]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 14:12:41 host sshd[18661]: Failed password for invalid user root from 219.85.53.188 port 57921 ssh2
Jan 21 14:12:42 host unix_chkpwd[18669]: password check failed for user (root)
Jan 21 14:12:42 host sshd[18661]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 14:12:44 host sshd[18661]: Failed password for invalid user root from 219.85.53.188 port 57921 ssh2
Jan 21 14:12:45 host sshd[18661]: Connection reset by 219.85.53.188 port 57921 [preauth]
Jan 21 14:12:45 host sshd[18661]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.85.53.188 user=root
Jan 21 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwpmcresource user-2=keralaholi user-3=wwwresourcehunte user-4=wwwrmswll user-5=ugotscom user-6=travelboniface user-7=cochintaxi user-8=wwwkaretakers user-9=laundryboniface user-10=a2zgroup user-11=dartsimp user-12=straightcurve user-13=wwwletsstalkfood user-14=bonifacegroup user-15=wwwevmhonda user-16=mrsclean user-17=wwwnexidigital user-18=palco123 user-19=gifterman user-20=kottayamcalldriv user-21=phmetals user-22=woodpeck user-23=wwwkapin user-24=wwwkmaorg user-25=disposeat user-26=remysagr user-27=pmcresources user-28=vfmassets user-29=shalinijames user-30=wwwtestugo feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 14:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-WOWqEIdzd741Yazx.~
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-WOWqEIdzd741Yazx.~'
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-WOWqEIdzd741Yazx.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 14:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 14:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 14:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 14:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 14:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 14:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 14:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 14:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 14:22:04 host sshd[20082]: Invalid user pcxu from 106.10.122.53 port 48560
Jan 21 14:22:04 host sshd[20082]: input_userauth_request: invalid user pcxu [preauth]
Jan 21 14:22:04 host sshd[20082]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 14:22:04 host sshd[20082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 21 14:22:06 host sshd[20082]: Failed password for invalid user pcxu from 106.10.122.53 port 48560 ssh2
Jan 21 14:22:06 host sshd[20082]: Connection closed by 106.10.122.53 port 48560 [preauth]
Jan 21 14:26:10 host sshd[20638]: Invalid user pi from 202.130.123.190 port 36593
Jan 21 14:26:10 host sshd[20638]: input_userauth_request: invalid user pi [preauth]
Jan 21 14:26:10 host sshd[20638]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 14:26:10 host sshd[20638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.130.123.190
Jan 21 14:26:11 host sshd[20638]: Failed password for invalid user pi from 202.130.123.190 port 36593 ssh2
Jan 21 14:26:12 host sshd[20638]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 14:26:14 host sshd[20638]: Failed password for invalid user pi from 202.130.123.190 port 36593 ssh2
Jan 21 14:26:14 host sshd[20638]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 14:26:16 host sshd[20638]: Failed password for invalid user pi from 202.130.123.190 port 36593 ssh2
Jan 21 14:26:16 host sshd[20638]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 14:26:18 host sshd[20638]: Failed password for invalid user pi from 202.130.123.190 port 36593 ssh2
Jan 21 14:26:18 host sshd[20638]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 14:26:20 host sshd[20638]: Failed password for invalid user pi from 202.130.123.190 port 36593 ssh2
Jan 21 14:35:18 host sshd[21935]: Invalid user vadmin from 218.158.27.85 port 62505
Jan 21 14:35:18 host sshd[21935]: input_userauth_request: invalid user vadmin [preauth]
Jan 21 14:35:18 host sshd[21935]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 14:35:18 host sshd[21935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.158.27.85
Jan 21 14:35:20 host sshd[21935]: Failed password for invalid user vadmin from 218.158.27.85 port 62505 ssh2
Jan 21 14:35:21 host sshd[21935]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 14:35:23 host sshd[21935]: Failed password for invalid user vadmin from 218.158.27.85 port 62505 ssh2
Jan 21 14:36:27 host sshd[22157]: Invalid user vadmin from 221.160.148.227 port 62245
Jan 21 14:36:27 host sshd[22157]: input_userauth_request: invalid user vadmin [preauth]
Jan 21 14:36:27 host sshd[22157]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 14:36:27 host sshd[22157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.160.148.227
Jan 21 14:36:30 host sshd[22157]: Failed password for invalid user vadmin from 221.160.148.227 port 62245 ssh2
Jan 21 14:36:31 host sshd[22157]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 14:36:33 host sshd[22157]: Failed password for invalid user vadmin from 221.160.148.227 port 62245 ssh2
Jan 21 14:36:33 host sshd[22157]: Failed password for invalid user vadmin from 221.160.148.227 port 62245 ssh2
Jan 21 14:41:48 host sshd[22874]: Invalid user frederick from 107.189.30.59 port 52148
Jan 21 14:41:48 host sshd[22874]: input_userauth_request: invalid user frederick [preauth]
Jan 21 14:41:48 host sshd[22874]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 14:41:48 host sshd[22874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 21 14:41:50 host sshd[22874]: Failed password for invalid user frederick from 107.189.30.59 port 52148 ssh2
Jan 21 14:41:50 host sshd[22874]: Connection closed by 107.189.30.59 port 52148 [preauth]
Jan 21 14:59:13 host sshd[25322]: Invalid user hl from 194.110.203.109 port 57064
Jan 21 14:59:13 host sshd[25322]: input_userauth_request: invalid user hl [preauth]
Jan 21 14:59:13 host sshd[25322]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 14:59:13 host sshd[25322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 14:59:15 host sshd[25322]: Failed password for invalid user hl from 194.110.203.109 port 57064 ssh2
Jan 21 14:59:17 host sshd[25333]: User root from 80.76.51.143 not allowed because not listed in AllowUsers
Jan 21 14:59:17 host sshd[25333]: input_userauth_request: invalid user root [preauth]
Jan 21 14:59:17 host unix_chkpwd[25336]: password check failed for user (root)
Jan 21 14:59:17 host sshd[25333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.76.51.143 user=root
Jan 21 14:59:17 host sshd[25333]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 14:59:18 host sshd[25322]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 14:59:19 host sshd[25333]: Failed password for invalid user root from 80.76.51.143 port 34166 ssh2
Jan 21 14:59:19 host sshd[25333]: Connection closed by 80.76.51.143 port 34166 [preauth]
Jan 21 14:59:20 host sshd[25322]: Failed password for invalid user hl from 194.110.203.109 port 57064 ssh2
Jan 21 14:59:23 host sshd[25322]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 14:59:25 host sshd[25322]: Failed password for invalid user hl from 194.110.203.109 port 57064 ssh2
Jan 21 14:59:28 host sshd[25322]: Connection closed by 194.110.203.109 port 57064 [preauth]
Jan 21 14:59:28 host sshd[25322]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 15:03:54 host sshd[25976]: Invalid user sonaruser from 91.54.163.172 port 52370
Jan 21 15:03:54 host sshd[25976]: input_userauth_request: invalid user sonaruser [preauth]
Jan 21 15:03:54 host sshd[25976]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:03:54 host sshd[25976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.54.163.172
Jan 21 15:03:56 host sshd[25976]: Failed password for invalid user sonaruser from 91.54.163.172 port 52370 ssh2
Jan 21 15:03:56 host sshd[25976]: Received disconnect from 91.54.163.172 port 52370:11: Bye Bye [preauth]
Jan 21 15:03:56 host sshd[25976]: Disconnected from 91.54.163.172 port 52370 [preauth]
Jan 21 15:04:27 host sshd[26018]: Invalid user admin from 121.179.150.231 port 40349
Jan 21 15:04:27 host sshd[26018]: input_userauth_request: invalid user admin [preauth]
Jan 21 15:04:27 host sshd[26018]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:04:27 host sshd[26018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.179.150.231
Jan 21 15:04:30 host sshd[26018]: Failed password for invalid user admin from 121.179.150.231 port 40349 ssh2
Jan 21 15:04:31 host sshd[26018]: Connection closed by 121.179.150.231 port 40349 [preauth]
Jan 21 15:04:49 host sshd[26087]: Invalid user safeuser from 106.245.234.10 port 53874
Jan 21 15:04:49 host sshd[26087]: input_userauth_request: invalid user safeuser [preauth]
Jan 21 15:04:49 host sshd[26087]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:04:49 host sshd[26087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.245.234.10
Jan 21 15:04:51 host sshd[26087]: Failed password for invalid user safeuser from 106.245.234.10 port 53874 ssh2
Jan 21 15:04:52 host sshd[26087]: Received disconnect from 106.245.234.10 port 53874:11: Bye Bye [preauth]
Jan 21 15:04:52 host sshd[26087]: Disconnected from 106.245.234.10 port 53874 [preauth]
Jan 21 15:05:49 host sshd[26217]: Invalid user normaluser from 46.101.110.253 port 55748
Jan 21 15:05:49 host sshd[26217]: input_userauth_request: invalid user normaluser [preauth]
Jan 21 15:05:49 host sshd[26217]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:05:49 host sshd[26217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.110.253
Jan 21 15:05:51 host sshd[26217]: Failed password for invalid user normaluser from 46.101.110.253 port 55748 ssh2
Jan 21 15:05:51 host sshd[26217]: Received disconnect from 46.101.110.253 port 55748:11: Bye Bye [preauth]
Jan 21 15:05:51 host sshd[26217]: Disconnected from 46.101.110.253 port 55748 [preauth]
Jan 21 15:06:00 host sshd[26229]: Invalid user sFTPUser from 220.135.149.117 port 38637
Jan 21 15:06:00 host sshd[26229]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 21 15:06:00 host sshd[26229]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:06:00 host sshd[26229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.149.117
Jan 21 15:06:01 host sshd[26232]: Invalid user admin from 220.135.149.117 port 38648
Jan 21 15:06:01 host sshd[26232]: input_userauth_request: invalid user admin [preauth]
Jan 21 15:06:01 host sshd[26232]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:06:01 host sshd[26232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.135.149.117
Jan 21 15:06:02 host sshd[26229]: Failed password for invalid user sFTPUser from 220.135.149.117 port 38637 ssh2
Jan 21 15:06:03 host sshd[26232]: Failed password for invalid user admin from 220.135.149.117 port 38648 ssh2
Jan 21 15:06:03 host sshd[26229]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:06:04 host sshd[26232]: Failed password for invalid user admin from 220.135.149.117 port 38648 ssh2
Jan 21 15:06:05 host sshd[26232]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:06:06 host sshd[26229]: Failed password for invalid user sFTPUser from 220.135.149.117 port 38637 ssh2
Jan 21 15:06:06 host sshd[26232]: Failed password for invalid user admin from 220.135.149.117 port 38648 ssh2
Jan 21 15:06:09 host sshd[26281]: Invalid user wwwadmin from 45.232.73.83 port 38026
Jan 21 15:06:09 host sshd[26281]: input_userauth_request: invalid user wwwadmin [preauth]
Jan 21 15:06:09 host sshd[26281]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:06:09 host sshd[26281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.83
Jan 21 15:06:12 host sshd[26281]: Failed password for invalid user wwwadmin from 45.232.73.83 port 38026 ssh2
Jan 21 15:06:12 host sshd[26281]: Received disconnect from 45.232.73.83 port 38026:11: Bye Bye [preauth]
Jan 21 15:06:12 host sshd[26281]: Disconnected from 45.232.73.83 port 38026 [preauth]
Jan 21 15:06:33 host sshd[26333]: Invalid user ibmuser from 159.89.48.42 port 48696
Jan 21 15:06:33 host sshd[26333]: input_userauth_request: invalid user ibmuser [preauth]
Jan 21 15:06:33 host sshd[26333]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:06:33 host sshd[26333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.48.42
Jan 21 15:06:35 host sshd[26339]: Invalid user support from 103.170.122.206 port 33688
Jan 21 15:06:35 host sshd[26339]: input_userauth_request: invalid user support [preauth]
Jan 21 15:06:35 host sshd[26339]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:06:35 host sshd[26339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.170.122.206
Jan 21 15:06:36 host sshd[26333]: Failed password for invalid user ibmuser from 159.89.48.42 port 48696 ssh2
Jan 21 15:06:36 host sshd[26333]: Received disconnect from 159.89.48.42 port 48696:11: Bye Bye [preauth]
Jan 21 15:06:36 host sshd[26333]: Disconnected from 159.89.48.42 port 48696 [preauth]
Jan 21 15:06:37 host sshd[26339]: Failed password for invalid user support from 103.170.122.206 port 33688 ssh2
Jan 21 15:06:37 host sshd[26339]: Received disconnect from 103.170.122.206 port 33688:11: Bye Bye [preauth]
Jan 21 15:06:37 host sshd[26339]: Disconnected from 103.170.122.206 port 33688 [preauth]
Jan 21 15:07:11 host sshd[26401]: Invalid user nadmin from 103.226.138.216 port 38886
Jan 21 15:07:11 host sshd[26401]: input_userauth_request: invalid user nadmin [preauth]
Jan 21 15:07:11 host sshd[26401]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:07:11 host sshd[26401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.216
Jan 21 15:07:12 host sshd[26401]: Failed password for invalid user nadmin from 103.226.138.216 port 38886 ssh2
Jan 21 15:07:12 host sshd[26401]: Received disconnect from 103.226.138.216 port 38886:11: Bye Bye [preauth]
Jan 21 15:07:12 host sshd[26401]: Disconnected from 103.226.138.216 port 38886 [preauth]
Jan 21 15:07:14 host sshd[26408]: Invalid user oracle from 159.65.132.73 port 44172
Jan 21 15:07:14 host sshd[26408]: input_userauth_request: invalid user oracle [preauth]
Jan 21 15:07:14 host sshd[26408]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:07:14 host sshd[26408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.132.73
Jan 21 15:07:16 host sshd[26408]: Failed password for invalid user oracle from 159.65.132.73 port 44172 ssh2
Jan 21 15:07:16 host sshd[26408]: Received disconnect from 159.65.132.73 port 44172:11: Bye Bye [preauth]
Jan 21 15:07:16 host sshd[26408]: Disconnected from 159.65.132.73 port 44172 [preauth]
Jan 21 15:07:41 host sshd[26477]: Invalid user ec2-user from 49.247.22.240 port 33142
Jan 21 15:07:41 host sshd[26477]: input_userauth_request: invalid user ec2-user [preauth]
Jan 21 15:07:41 host sshd[26477]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:07:41 host sshd[26477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.22.240
Jan 21 15:07:43 host sshd[26477]: Failed password for invalid user ec2-user from 49.247.22.240 port 33142 ssh2
Jan 21 15:07:43 host sshd[26477]: Received disconnect from 49.247.22.240 port 33142:11: Bye Bye [preauth]
Jan 21 15:07:43 host sshd[26477]: Disconnected from 49.247.22.240 port 33142 [preauth]
Jan 21 15:08:07 host sshd[26516]: Invalid user userx from 1.229.203.234 port 51770
Jan 21 15:08:07 host sshd[26516]: input_userauth_request: invalid user userx [preauth]
Jan 21 15:08:07 host sshd[26516]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:08:07 host sshd[26516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.229.203.234
Jan 21 15:08:09 host sshd[26516]: Failed password for invalid user userx from 1.229.203.234 port 51770 ssh2
Jan 21 15:08:09 host sshd[26516]: Received disconnect from 1.229.203.234 port 51770:11: Bye Bye [preauth]
Jan 21 15:08:09 host sshd[26516]: Disconnected from 1.229.203.234 port 51770 [preauth]
Jan 21 15:08:27 host sshd[26546]: Invalid user testowy from 104.131.46.166 port 52755
Jan 21 15:08:27 host sshd[26546]: input_userauth_request: invalid user testowy [preauth]
Jan 21 15:08:27 host sshd[26546]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:08:27 host sshd[26546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.46.166
Jan 21 15:08:29 host sshd[26546]: Failed password for invalid user testowy from 104.131.46.166 port 52755 ssh2
Jan 21 15:08:29 host sshd[26546]: Received disconnect from 104.131.46.166 port 52755:11: Bye Bye [preauth]
Jan 21 15:08:29 host sshd[26546]: Disconnected from 104.131.46.166 port 52755 [preauth]
Jan 21 15:08:59 host sshd[26612]: Invalid user test from 157.7.64.249 port 40524
Jan 21 15:08:59 host sshd[26612]: input_userauth_request: invalid user test [preauth]
Jan 21 15:08:59 host sshd[26612]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:08:59 host sshd[26612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.7.64.249
Jan 21 15:09:00 host sshd[26612]: Failed password for invalid user test from 157.7.64.249 port 40524 ssh2
Jan 21 15:09:01 host sshd[26612]: Received disconnect from 157.7.64.249 port 40524:11: Bye Bye [preauth]
Jan 21 15:09:01 host sshd[26612]: Disconnected from 157.7.64.249 port 40524 [preauth]
Jan 21 15:09:08 host sshd[26645]: Invalid user lighthouse from 64.227.180.17 port 37546
Jan 21 15:09:08 host sshd[26645]: input_userauth_request: invalid user lighthouse [preauth]
Jan 21 15:09:08 host sshd[26645]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:09:08 host sshd[26645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.180.17
Jan 21 15:09:10 host sshd[26645]: Failed password for invalid user lighthouse from 64.227.180.17 port 37546 ssh2
Jan 21 15:09:10 host sshd[26645]: Received disconnect from 64.227.180.17 port 37546:11: Bye Bye [preauth]
Jan 21 15:09:10 host sshd[26645]: Disconnected from 64.227.180.17 port 37546 [preauth]
Jan 21 15:09:21 host sshd[26661]: Invalid user gpadmin from 137.184.37.163 port 54916
Jan 21 15:09:21 host sshd[26661]: input_userauth_request: invalid user gpadmin [preauth]
Jan 21 15:09:21 host sshd[26661]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:09:21 host sshd[26661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.37.163
Jan 21 15:09:23 host sshd[26661]: Failed password for invalid user gpadmin from 137.184.37.163 port 54916 ssh2
Jan 21 15:09:23 host sshd[26661]: Received disconnect from 137.184.37.163 port 54916:11: Bye Bye [preauth]
Jan 21 15:09:23 host sshd[26661]: Disconnected from 137.184.37.163 port 54916 [preauth]
Jan 21 15:09:27 host sshd[26671]: Invalid user jenns from 104.131.46.166 port 34550
Jan 21 15:09:27 host sshd[26671]: input_userauth_request: invalid user jenns [preauth]
Jan 21 15:09:27 host sshd[26671]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:09:27 host sshd[26671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.46.166
Jan 21 15:09:29 host sshd[26671]: Failed password for invalid user jenns from 104.131.46.166 port 34550 ssh2
Jan 21 15:09:30 host sshd[26671]: Received disconnect from 104.131.46.166 port 34550:11: Bye Bye [preauth]
Jan 21 15:09:30 host sshd[26671]: Disconnected from 104.131.46.166 port 34550 [preauth]
Jan 21 15:09:39 host sshd[26713]: Invalid user fptuser from 91.54.163.172 port 43462
Jan 21 15:09:39 host sshd[26713]: input_userauth_request: invalid user fptuser [preauth]
Jan 21 15:09:39 host sshd[26713]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:09:39 host sshd[26713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.54.163.172
Jan 21 15:09:42 host sshd[26713]: Failed password for invalid user fptuser from 91.54.163.172 port 43462 ssh2
Jan 21 15:09:42 host sshd[26713]: Received disconnect from 91.54.163.172 port 43462:11: Bye Bye [preauth]
Jan 21 15:09:42 host sshd[26713]: Disconnected from 91.54.163.172 port 43462 [preauth]
Jan 21 15:10:07 host sshd[26768]: Invalid user pacs from 206.189.213.126 port 52614
Jan 21 15:10:07 host sshd[26768]: input_userauth_request: invalid user pacs [preauth]
Jan 21 15:10:07 host sshd[26768]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:10:07 host sshd[26768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.213.126
Jan 21 15:10:08 host sshd[26768]: Failed password for invalid user pacs from 206.189.213.126 port 52614 ssh2
Jan 21 15:10:09 host sshd[26768]: Received disconnect from 206.189.213.126 port 52614:11: Bye Bye [preauth]
Jan 21 15:10:09 host sshd[26768]: Disconnected from 206.189.213.126 port 52614 [preauth]
Jan 21 15:10:22 host sshd[26863]: Invalid user digitalizacion from 104.131.46.166 port 44445
Jan 21 15:10:22 host sshd[26863]: input_userauth_request: invalid user digitalizacion [preauth]
Jan 21 15:10:22 host sshd[26863]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:10:22 host sshd[26863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.46.166
Jan 21 15:10:24 host sshd[26906]: Invalid user ssluser from 106.245.234.10 port 47706
Jan 21 15:10:24 host sshd[26906]: input_userauth_request: invalid user ssluser [preauth]
Jan 21 15:10:24 host sshd[26906]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:10:24 host sshd[26906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.245.234.10
Jan 21 15:10:24 host sshd[26863]: Failed password for invalid user digitalizacion from 104.131.46.166 port 44445 ssh2
Jan 21 15:10:25 host sshd[26863]: Received disconnect from 104.131.46.166 port 44445:11: Bye Bye [preauth]
Jan 21 15:10:25 host sshd[26863]: Disconnected from 104.131.46.166 port 44445 [preauth]
Jan 21 15:10:26 host sshd[26906]: Failed password for invalid user ssluser from 106.245.234.10 port 47706 ssh2
Jan 21 15:10:26 host sshd[26906]: Received disconnect from 106.245.234.10 port 47706:11: Bye Bye [preauth]
Jan 21 15:10:26 host sshd[26906]: Disconnected from 106.245.234.10 port 47706 [preauth]
Jan 21 15:10:30 host sshd[26965]: Invalid user ftpuser from 45.232.73.83 port 51464
Jan 21 15:10:30 host sshd[26965]: input_userauth_request: invalid user ftpuser [preauth]
Jan 21 15:10:30 host sshd[26965]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:10:30 host sshd[26965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.83
Jan 21 15:10:32 host sshd[26965]: Failed password for invalid user ftpuser from 45.232.73.83 port 51464 ssh2
Jan 21 15:10:32 host sshd[26965]: Received disconnect from 45.232.73.83 port 51464:11: Bye Bye [preauth]
Jan 21 15:10:32 host sshd[26965]: Disconnected from 45.232.73.83 port 51464 [preauth]
Jan 21 15:10:33 host sshd[26971]: Invalid user techuser from 46.101.110.253 port 58654
Jan 21 15:10:33 host sshd[26971]: input_userauth_request: invalid user techuser [preauth]
Jan 21 15:10:33 host sshd[26971]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:10:33 host sshd[26971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.110.253
Jan 21 15:10:35 host sshd[26971]: Failed password for invalid user techuser from 46.101.110.253 port 58654 ssh2
Jan 21 15:10:35 host sshd[26971]: Received disconnect from 46.101.110.253 port 58654:11: Bye Bye [preauth]
Jan 21 15:10:35 host sshd[26971]: Disconnected from 46.101.110.253 port 58654 [preauth]
Jan 21 15:10:52 host sshd[27010]: Invalid user fiscal from 91.54.163.172 port 57278
Jan 21 15:10:52 host sshd[27010]: input_userauth_request: invalid user fiscal [preauth]
Jan 21 15:10:52 host sshd[27010]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:10:52 host sshd[27010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.54.163.172
Jan 21 15:10:53 host sshd[27013]: Invalid user master from 59.3.76.218 port 35552
Jan 21 15:10:53 host sshd[27013]: input_userauth_request: invalid user master [preauth]
Jan 21 15:10:53 host sshd[27013]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:10:53 host sshd[27013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.3.76.218
Jan 21 15:10:54 host sshd[27010]: Failed password for invalid user fiscal from 91.54.163.172 port 57278 ssh2
Jan 21 15:10:54 host sshd[27010]: Received disconnect from 91.54.163.172 port 57278:11: Bye Bye [preauth]
Jan 21 15:10:54 host sshd[27010]: Disconnected from 91.54.163.172 port 57278 [preauth]
Jan 21 15:10:54 host sshd[27013]: Failed password for invalid user master from 59.3.76.218 port 35552 ssh2
Jan 21 15:10:55 host sshd[27013]: Received disconnect from 59.3.76.218 port 35552:11: Bye Bye [preauth]
Jan 21 15:10:55 host sshd[27013]: Disconnected from 59.3.76.218 port 35552 [preauth]
Jan 21 15:11:02 host sshd[27068]: Invalid user vagrant from 1.229.203.234 port 45482
Jan 21 15:11:02 host sshd[27068]: input_userauth_request: invalid user vagrant [preauth]
Jan 21 15:11:02 host sshd[27068]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:11:02 host sshd[27068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.229.203.234
Jan 21 15:11:03 host sshd[27071]: Invalid user e from 137.184.112.37 port 35070
Jan 21 15:11:03 host sshd[27071]: input_userauth_request: invalid user e [preauth]
Jan 21 15:11:03 host sshd[27071]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:11:03 host sshd[27071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.112.37
Jan 21 15:11:04 host sshd[27068]: Failed password for invalid user vagrant from 1.229.203.234 port 45482 ssh2
Jan 21 15:11:04 host sshd[27068]: Received disconnect from 1.229.203.234 port 45482:11: Bye Bye [preauth]
Jan 21 15:11:04 host sshd[27068]: Disconnected from 1.229.203.234 port 45482 [preauth]
Jan 21 15:11:05 host sshd[27071]: Failed password for invalid user e from 137.184.112.37 port 35070 ssh2
Jan 21 15:11:06 host sshd[27071]: Received disconnect from 137.184.112.37 port 35070:11: Bye Bye [preauth]
Jan 21 15:11:06 host sshd[27071]: Disconnected from 137.184.112.37 port 35070 [preauth]
Jan 21 15:11:29 host sshd[27120]: Invalid user erpuser from 159.89.48.42 port 40390
Jan 21 15:11:29 host sshd[27120]: input_userauth_request: invalid user erpuser [preauth]
Jan 21 15:11:29 host sshd[27120]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:11:29 host sshd[27120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.48.42
Jan 21 15:11:30 host sshd[27123]: User root from 114.32.46.110 not allowed because not listed in AllowUsers
Jan 21 15:11:30 host sshd[27123]: input_userauth_request: invalid user root [preauth]
Jan 21 15:11:30 host unix_chkpwd[27127]: password check failed for user (root)
Jan 21 15:11:30 host sshd[27123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.46.110 user=root
Jan 21 15:11:30 host sshd[27123]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 15:11:31 host sshd[27120]: Failed password for invalid user erpuser from 159.89.48.42 port 40390 ssh2
Jan 21 15:11:31 host sshd[27120]: Received disconnect from 159.89.48.42 port 40390:11: Bye Bye [preauth]
Jan 21 15:11:31 host sshd[27120]: Disconnected from 159.89.48.42 port 40390 [preauth]
Jan 21 15:11:32 host sshd[27130]: Invalid user admin from 103.170.122.206 port 60114
Jan 21 15:11:32 host sshd[27130]: input_userauth_request: invalid user admin [preauth]
Jan 21 15:11:32 host sshd[27130]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:11:32 host sshd[27130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.170.122.206
Jan 21 15:11:32 host sshd[27123]: Failed password for invalid user root from 114.32.46.110 port 40401 ssh2
Jan 21 15:11:34 host unix_chkpwd[27133]: password check failed for user (root)
Jan 21 15:11:34 host sshd[27123]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 15:11:34 host sshd[27130]: Failed password for invalid user admin from 103.170.122.206 port 60114 ssh2
Jan 21 15:11:34 host sshd[27130]: Received disconnect from 103.170.122.206 port 60114:11: Bye Bye [preauth]
Jan 21 15:11:34 host sshd[27130]: Disconnected from 103.170.122.206 port 60114 [preauth]
Jan 21 15:11:36 host sshd[27123]: Failed password for invalid user root from 114.32.46.110 port 40401 ssh2
Jan 21 15:11:37 host unix_chkpwd[27142]: password check failed for user (root)
Jan 21 15:11:37 host sshd[27123]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 15:11:39 host sshd[27123]: Failed password for invalid user root from 114.32.46.110 port 40401 ssh2
Jan 21 15:11:40 host unix_chkpwd[27146]: password check failed for user (root)
Jan 21 15:11:40 host sshd[27123]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 15:11:42 host sshd[27149]: Invalid user osboxes from 106.245.234.10 port 42160
Jan 21 15:11:42 host sshd[27149]: input_userauth_request: invalid user osboxes [preauth]
Jan 21 15:11:42 host sshd[27149]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:11:42 host sshd[27149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.245.234.10
Jan 21 15:11:42 host sshd[27145]: Invalid user test from 45.232.73.83 port 38132
Jan 21 15:11:42 host sshd[27145]: input_userauth_request: invalid user test [preauth]
Jan 21 15:11:42 host sshd[27145]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:11:42 host sshd[27145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.232.73.83
Jan 21 15:11:42 host sshd[27123]: Failed password for invalid user root from 114.32.46.110 port 40401 ssh2
Jan 21 15:11:44 host sshd[27149]: Failed password for invalid user osboxes from 106.245.234.10 port 42160 ssh2
Jan 21 15:11:44 host sshd[27149]: Received disconnect from 106.245.234.10 port 42160:11: Bye Bye [preauth]
Jan 21 15:11:44 host sshd[27149]: Disconnected from 106.245.234.10 port 42160 [preauth]
Jan 21 15:11:44 host sshd[27145]: Failed password for invalid user test from 45.232.73.83 port 38132 ssh2
Jan 21 15:11:44 host sshd[27184]: Invalid user deploy from 46.101.110.253 port 47164
Jan 21 15:11:44 host sshd[27184]: input_userauth_request: invalid user deploy [preauth]
Jan 21 15:11:44 host sshd[27184]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:11:44 host sshd[27184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.110.253
Jan 21 15:11:44 host sshd[27145]: Received disconnect from 45.232.73.83 port 38132:11: Bye Bye [preauth]
Jan 21 15:11:44 host sshd[27145]: Disconnected from 45.232.73.83 port 38132 [preauth]
Jan 21 15:11:45 host sshd[27190]: Invalid user import from 64.227.180.17 port 37678
Jan 21 15:11:45 host sshd[27190]: input_userauth_request: invalid user import [preauth]
Jan 21 15:11:45 host sshd[27190]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:11:45 host sshd[27190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.180.17
Jan 21 15:11:45 host sshd[27192]: Invalid user qadmin from 159.65.132.73 port 33124
Jan 21 15:11:45 host sshd[27192]: input_userauth_request: invalid user qadmin [preauth]
Jan 21 15:11:45 host sshd[27192]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:11:45 host sshd[27192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.132.73
Jan 21 15:11:47 host sshd[27184]: Failed password for invalid user deploy from 46.101.110.253 port 47164 ssh2
Jan 21 15:11:47 host sshd[27190]: Failed password for invalid user import from 64.227.180.17 port 37678 ssh2
Jan 21 15:11:47 host sshd[27190]: Received disconnect from 64.227.180.17 port 37678:11: Bye Bye [preauth]
Jan 21 15:11:47 host sshd[27190]: Disconnected from 64.227.180.17 port 37678 [preauth]
Jan 21 15:11:47 host sshd[27192]: Failed password for invalid user qadmin from 159.65.132.73 port 33124 ssh2
Jan 21 15:11:47 host sshd[27192]: Received disconnect from 159.65.132.73 port 33124:11: Bye Bye [preauth]
Jan 21 15:11:47 host sshd[27192]: Disconnected from 159.65.132.73 port 33124 [preauth]
Jan 21 15:11:49 host sshd[27186]: Invalid user ible from 125.163.181.2 port 46856
Jan 21 15:11:49 host sshd[27186]: input_userauth_request: invalid user ible [preauth]
Jan 21 15:11:49 host sshd[27186]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:11:49 host sshd[27186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.163.181.2
Jan 21 15:11:51 host sshd[27186]: Failed password for invalid user ible from 125.163.181.2 port 46856 ssh2
Jan 21 15:11:52 host sshd[27186]: Received disconnect from 125.163.181.2 port 46856:11: Bye Bye [preauth]
Jan 21 15:11:52 host sshd[27186]: Disconnected from 125.163.181.2 port 46856 [preauth]
Jan 21 15:12:11 host sshd[27316]: Invalid user ftpuser from 206.189.213.126 port 53156
Jan 21 15:12:11 host sshd[27316]: input_userauth_request: invalid user ftpuser [preauth]
Jan 21 15:12:11 host sshd[27316]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:12:11 host sshd[27316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.213.126
Jan 21 15:12:13 host sshd[27316]: Failed password for invalid user ftpuser from 206.189.213.126 port 53156 ssh2
Jan 21 15:12:13 host sshd[27320]: Invalid user cuser from 137.184.37.163 port 55394
Jan 21 15:12:13 host sshd[27320]: input_userauth_request: invalid user cuser [preauth]
Jan 21 15:12:13 host sshd[27320]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:12:13 host sshd[27320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.37.163
Jan 21 15:12:13 host sshd[27316]: Received disconnect from 206.189.213.126 port 53156:11: Bye Bye [preauth]
Jan 21 15:12:13 host sshd[27316]: Disconnected from 206.189.213.126 port 53156 [preauth]
Jan 21 15:12:15 host sshd[27320]: Failed password for invalid user cuser from 137.184.37.163 port 55394 ssh2
Jan 21 15:12:15 host sshd[27320]: Received disconnect from 137.184.37.163 port 55394:11: Bye Bye [preauth]
Jan 21 15:12:15 host sshd[27320]: Disconnected from 137.184.37.163 port 55394 [preauth]
Jan 21 15:12:16 host sshd[27325]: Invalid user tickwsuser from 137.184.112.37 port 53540
Jan 21 15:12:16 host sshd[27325]: input_userauth_request: invalid user tickwsuser [preauth]
Jan 21 15:12:16 host sshd[27325]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:12:16 host sshd[27325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.112.37
Jan 21 15:12:18 host sshd[27329]: Invalid user duser from 1.229.203.234 port 34674
Jan 21 15:12:18 host sshd[27329]: input_userauth_request: invalid user duser [preauth]
Jan 21 15:12:18 host sshd[27329]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:12:18 host sshd[27329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.229.203.234
Jan 21 15:12:18 host sshd[27325]: Failed password for invalid user tickwsuser from 137.184.112.37 port 53540 ssh2
Jan 21 15:12:19 host sshd[27325]: Received disconnect from 137.184.112.37 port 53540:11: Bye Bye [preauth]
Jan 21 15:12:19 host sshd[27325]: Disconnected from 137.184.112.37 port 53540 [preauth]
Jan 21 15:12:19 host sshd[27329]: Failed password for invalid user duser from 1.229.203.234 port 34674 ssh2
Jan 21 15:12:19 host sshd[27329]: Received disconnect from 1.229.203.234 port 34674:11: Bye Bye [preauth]
Jan 21 15:12:19 host sshd[27329]: Disconnected from 1.229.203.234 port 34674 [preauth]
Jan 21 15:12:27 host sshd[27368]: Invalid user djangoadmin from 103.226.138.216 port 48330
Jan 21 15:12:27 host sshd[27368]: input_userauth_request: invalid user djangoadmin [preauth]
Jan 21 15:12:27 host sshd[27368]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:12:27 host sshd[27368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.216
Jan 21 15:12:29 host sshd[27395]: Invalid user cacheuser from 59.3.76.218 port 60466
Jan 21 15:12:29 host sshd[27395]: input_userauth_request: invalid user cacheuser [preauth]
Jan 21 15:12:29 host sshd[27395]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:12:29 host sshd[27395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.3.76.218
Jan 21 15:12:29 host sshd[27368]: Failed password for invalid user djangoadmin from 103.226.138.216 port 48330 ssh2
Jan 21 15:12:29 host sshd[27368]: Received disconnect from 103.226.138.216 port 48330:11: Bye Bye [preauth]
Jan 21 15:12:29 host sshd[27368]: Disconnected from 103.226.138.216 port 48330 [preauth]
Jan 21 15:12:31 host sshd[27395]: Failed password for invalid user cacheuser from 59.3.76.218 port 60466 ssh2
Jan 21 15:12:31 host sshd[27395]: Received disconnect from 59.3.76.218 port 60466:11: Bye Bye [preauth]
Jan 21 15:12:31 host sshd[27395]: Disconnected from 59.3.76.218 port 60466 [preauth]
Jan 21 15:12:34 host sshd[27407]: Invalid user testdev from 159.89.48.42 port 34934
Jan 21 15:12:34 host sshd[27407]: input_userauth_request: invalid user testdev [preauth]
Jan 21 15:12:34 host sshd[27407]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:12:34 host sshd[27407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.48.42
Jan 21 15:12:36 host sshd[27407]: Failed password for invalid user testdev from 159.89.48.42 port 34934 ssh2
Jan 21 15:12:36 host sshd[27407]: Received disconnect from 159.89.48.42 port 34934:11: Bye Bye [preauth]
Jan 21 15:12:36 host sshd[27407]: Disconnected from 159.89.48.42 port 34934 [preauth]
Jan 21 15:12:57 host sshd[27480]: Invalid user aitest from 157.7.64.249 port 33830
Jan 21 15:12:57 host sshd[27480]: input_userauth_request: invalid user aitest [preauth]
Jan 21 15:12:57 host sshd[27480]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:12:57 host sshd[27480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.7.64.249
Jan 21 15:12:58 host sshd[27483]: Invalid user safeuser from 103.170.122.206 port 56896
Jan 21 15:12:58 host sshd[27483]: input_userauth_request: invalid user safeuser [preauth]
Jan 21 15:12:58 host sshd[27483]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:12:58 host sshd[27483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.170.122.206
Jan 21 15:13:00 host sshd[27480]: Failed password for invalid user aitest from 157.7.64.249 port 33830 ssh2
Jan 21 15:13:00 host sshd[27480]: Received disconnect from 157.7.64.249 port 33830:11: Bye Bye [preauth]
Jan 21 15:13:00 host sshd[27480]: Disconnected from 157.7.64.249 port 33830 [preauth]
Jan 21 15:13:01 host sshd[27483]: Failed password for invalid user safeuser from 103.170.122.206 port 56896 ssh2
Jan 21 15:13:01 host sshd[27483]: Received disconnect from 103.170.122.206 port 56896:11: Bye Bye [preauth]
Jan 21 15:13:01 host sshd[27483]: Disconnected from 103.170.122.206 port 56896 [preauth]
Jan 21 15:13:02 host sshd[27539]: Invalid user testuser from 64.227.180.17 port 37778
Jan 21 15:13:02 host sshd[27539]: input_userauth_request: invalid user testuser [preauth]
Jan 21 15:13:02 host sshd[27539]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:13:02 host sshd[27539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.180.17
Jan 21 15:13:05 host sshd[27539]: Failed password for invalid user testuser from 64.227.180.17 port 37778 ssh2
Jan 21 15:13:05 host sshd[27539]: Received disconnect from 64.227.180.17 port 37778:11: Bye Bye [preauth]
Jan 21 15:13:05 host sshd[27539]: Disconnected from 64.227.180.17 port 37778 [preauth]
Jan 21 15:13:15 host sshd[27581]: Invalid user systest from 206.189.213.126 port 47288
Jan 21 15:13:15 host sshd[27581]: input_userauth_request: invalid user systest [preauth]
Jan 21 15:13:15 host sshd[27581]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:13:15 host sshd[27581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.213.126
Jan 21 15:13:16 host sshd[27605]: Invalid user db2user from 159.65.132.73 port 60216
Jan 21 15:13:16 host sshd[27605]: input_userauth_request: invalid user db2user [preauth]
Jan 21 15:13:16 host sshd[27605]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:13:16 host sshd[27605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.132.73
Jan 21 15:13:17 host sshd[27581]: Failed password for invalid user systest from 206.189.213.126 port 47288 ssh2
Jan 21 15:13:18 host sshd[27605]: Failed password for invalid user db2user from 159.65.132.73 port 60216 ssh2
Jan 21 15:13:18 host sshd[27605]: Received disconnect from 159.65.132.73 port 60216:11: Bye Bye [preauth]
Jan 21 15:13:18 host sshd[27605]: Disconnected from 159.65.132.73 port 60216 [preauth]
Jan 21 15:13:25 host sshd[27655]: Invalid user crmadmin from 49.247.22.240 port 55574
Jan 21 15:13:25 host sshd[27655]: input_userauth_request: invalid user crmadmin [preauth]
Jan 21 15:13:25 host sshd[27655]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:13:25 host sshd[27655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.22.240
Jan 21 15:13:27 host sshd[27655]: Failed password for invalid user crmadmin from 49.247.22.240 port 55574 ssh2
Jan 21 15:13:27 host sshd[27655]: Received disconnect from 49.247.22.240 port 55574:11: Bye Bye [preauth]
Jan 21 15:13:27 host sshd[27655]: Disconnected from 49.247.22.240 port 55574 [preauth]
Jan 21 15:13:28 host sshd[27662]: Invalid user admin from 137.184.112.37 port 51626
Jan 21 15:13:28 host sshd[27662]: input_userauth_request: invalid user admin [preauth]
Jan 21 15:13:28 host sshd[27662]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:13:28 host sshd[27662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.112.37
Jan 21 15:13:30 host sshd[27662]: Failed password for invalid user admin from 137.184.112.37 port 51626 ssh2
Jan 21 15:13:30 host sshd[27662]: Received disconnect from 137.184.112.37 port 51626:11: Bye Bye [preauth]
Jan 21 15:13:30 host sshd[27662]: Disconnected from 137.184.112.37 port 51626 [preauth]
Jan 21 15:13:37 host sshd[27723]: User root from 59.20.251.86 not allowed because not listed in AllowUsers
Jan 21 15:13:37 host sshd[27723]: input_userauth_request: invalid user root [preauth]
Jan 21 15:13:37 host unix_chkpwd[27732]: password check failed for user (root)
Jan 21 15:13:37 host sshd[27723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.20.251.86 user=root
Jan 21 15:13:37 host sshd[27723]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 15:13:39 host sshd[27723]: Failed password for invalid user root from 59.20.251.86 port 61779 ssh2
Jan 21 15:13:40 host sshd[27723]: Connection reset by 59.20.251.86 port 61779 [preauth]
Jan 21 15:13:46 host sshd[27741]: Invalid user mailtest from 59.3.76.218 port 55078
Jan 21 15:13:46 host sshd[27741]: input_userauth_request: invalid user mailtest [preauth]
Jan 21 15:13:46 host sshd[27741]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:13:46 host sshd[27741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.3.76.218
Jan 21 15:13:48 host sshd[27741]: Failed password for invalid user mailtest from 59.3.76.218 port 55078 ssh2
Jan 21 15:13:49 host sshd[27741]: Received disconnect from 59.3.76.218 port 55078:11: Bye Bye [preauth]
Jan 21 15:13:49 host sshd[27741]: Disconnected from 59.3.76.218 port 55078 [preauth]
Jan 21 15:13:53 host sshd[27779]: Invalid user testmail from 103.226.138.216 port 51256
Jan 21 15:13:53 host sshd[27779]: input_userauth_request: invalid user testmail [preauth]
Jan 21 15:13:53 host sshd[27779]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:13:53 host sshd[27779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.216
Jan 21 15:13:55 host sshd[27779]: Failed password for invalid user testmail from 103.226.138.216 port 51256 ssh2
Jan 21 15:13:55 host sshd[27779]: Received disconnect from 103.226.138.216 port 51256:11: Bye Bye [preauth]
Jan 21 15:13:55 host sshd[27779]: Disconnected from 103.226.138.216 port 51256 [preauth]
Jan 21 15:14:16 host sshd[27855]: Invalid user master from 157.7.64.249 port 51902
Jan 21 15:14:16 host sshd[27855]: input_userauth_request: invalid user master [preauth]
Jan 21 15:14:16 host sshd[27855]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:14:16 host sshd[27855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.7.64.249
Jan 21 15:14:18 host sshd[27855]: Failed password for invalid user master from 157.7.64.249 port 51902 ssh2
Jan 21 15:14:18 host sshd[27855]: Received disconnect from 157.7.64.249 port 51902:11: Bye Bye [preauth]
Jan 21 15:14:18 host sshd[27855]: Disconnected from 157.7.64.249 port 51902 [preauth]
Jan 21 15:14:48 host sshd[27950]: invalid public DH value: >= p-1 [preauth]
Jan 21 15:14:48 host sshd[27950]: ssh_dispatch_run_fatal: Connection from 159.196.98.221 port 46695: incomplete message [preauth]
Jan 21 15:14:51 host sshd[27954]: Invalid user postgres from 49.247.22.240 port 50376
Jan 21 15:14:51 host sshd[27954]: input_userauth_request: invalid user postgres [preauth]
Jan 21 15:14:51 host sshd[27954]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:14:51 host sshd[27954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.22.240
Jan 21 15:14:53 host sshd[27954]: Failed password for invalid user postgres from 49.247.22.240 port 50376 ssh2
Jan 21 15:14:54 host sshd[27954]: Received disconnect from 49.247.22.240 port 50376:11: Bye Bye [preauth]
Jan 21 15:14:54 host sshd[27954]: Disconnected from 49.247.22.240 port 50376 [preauth]
Jan 21 15:15:49 host sshd[28205]: invalid public DH value: >= p-1 [preauth]
Jan 21 15:15:49 host sshd[28205]: ssh_dispatch_run_fatal: Connection from 128.106.199.144 port 41930: incomplete message [preauth]
Jan 21 15:16:38 host sshd[28299]: Invalid user ftp_user from 137.184.37.163 port 45030
Jan 21 15:16:38 host sshd[28299]: input_userauth_request: invalid user ftp_user [preauth]
Jan 21 15:16:38 host sshd[28299]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:16:38 host sshd[28299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.37.163
Jan 21 15:16:40 host sshd[28299]: Failed password for invalid user ftp_user from 137.184.37.163 port 45030 ssh2
Jan 21 15:16:40 host sshd[28299]: Received disconnect from 137.184.37.163 port 45030:11: Bye Bye [preauth]
Jan 21 15:16:40 host sshd[28299]: Disconnected from 137.184.37.163 port 45030 [preauth]
Jan 21 15:19:32 host sshd[28615]: Connection closed by 125.163.181.2 port 5900 [preauth]
Jan 21 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=kottayamcalldriv user-2=phmetals user-3=palco123 user-4=gifterman user-5=wwwnexidigital user-6=mrsclean user-7=wwwevmhonda user-8=bonifacegroup user-9=wwwletsstalkfood user-10=straightcurve user-11=shalinijames user-12=wwwtestugo user-13=vfmassets user-14=pmcresources user-15=wwwkmaorg user-16=disposeat user-17=remysagr user-18=woodpeck user-19=wwwkapin user-20=travelboniface user-21=ugotscom user-22=wwwresourcehunte user-23=keralaholi user-24=wwwrmswll user-25=wwwpmcresource user-26=a2zgroup user-27=dartsimp user-28=laundryboniface user-29=wwwkaretakers user-30=cochintaxi feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 15:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Q6J5KwKbrsxnoqFP.~
Jan 21 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Q6J5KwKbrsxnoqFP.~'
Jan 21 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-Q6J5KwKbrsxnoqFP.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 15:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 15:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 15:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 15:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 15:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 15:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 15:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 15:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 15:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 15:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 15:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 15:22:50 host sshd[29415]: Connection reset by 125.163.181.2 port 53064 [preauth]
Jan 21 15:26:16 host sshd[29794]: Invalid user cake from 1.161.195.144 port 60900
Jan 21 15:26:16 host sshd[29794]: input_userauth_request: invalid user cake [preauth]
Jan 21 15:26:16 host sshd[29794]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:26:16 host sshd[29794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.161.195.144
Jan 21 15:26:18 host sshd[29794]: Failed password for invalid user cake from 1.161.195.144 port 60900 ssh2
Jan 21 15:26:18 host sshd[29794]: Connection closed by 1.161.195.144 port 60900 [preauth]
Jan 21 15:26:30 host sshd[29810]: Connection closed by 125.163.181.2 port 20024 [preauth]
Jan 21 15:32:52 host sshd[30906]: Did not receive identification string from 217.115.58.242 port 51836
Jan 21 15:33:12 host sshd[30940]: Bad protocol version identification 'MGLNDD_167.71.234.10_22' from 192.241.229.23 port 58996
Jan 21 15:35:30 host sshd[31262]: Invalid user usr from 59.126.18.50 port 55577
Jan 21 15:35:30 host sshd[31262]: input_userauth_request: invalid user usr [preauth]
Jan 21 15:35:30 host sshd[31262]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:35:30 host sshd[31262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.18.50
Jan 21 15:35:32 host sshd[31262]: Failed password for invalid user usr from 59.126.18.50 port 55577 ssh2
Jan 21 15:35:34 host sshd[31262]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:35:35 host sshd[31262]: Failed password for invalid user usr from 59.126.18.50 port 55577 ssh2
Jan 21 15:35:36 host sshd[31262]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:35:38 host sshd[31262]: Failed password for invalid user usr from 59.126.18.50 port 55577 ssh2
Jan 21 15:35:39 host sshd[31262]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:35:42 host sshd[31262]: Failed password for invalid user usr from 59.126.18.50 port 55577 ssh2
Jan 21 15:35:43 host sshd[31262]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:35:45 host sshd[31262]: Failed password for invalid user usr from 59.126.18.50 port 55577 ssh2
Jan 21 15:35:46 host sshd[31262]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:35:47 host sshd[31262]: Failed password for invalid user usr from 59.126.18.50 port 55577 ssh2
Jan 21 15:35:47 host sshd[31262]: error: maximum authentication attempts exceeded for invalid user usr from 59.126.18.50 port 55577 ssh2 [preauth]
Jan 21 15:35:47 host sshd[31262]: Disconnecting: Too many authentication failures [preauth]
Jan 21 15:35:47 host sshd[31262]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.18.50
Jan 21 15:35:47 host sshd[31262]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 21 15:37:30 host sshd[31607]: Invalid user teste from 125.163.181.2 port 33992
Jan 21 15:37:30 host sshd[31607]: input_userauth_request: invalid user teste [preauth]
Jan 21 15:37:30 host sshd[31607]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:37:30 host sshd[31607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.163.181.2
Jan 21 15:37:32 host sshd[31607]: Failed password for invalid user teste from 125.163.181.2 port 33992 ssh2
Jan 21 15:37:38 host sshd[31607]: Received disconnect from 125.163.181.2 port 33992:11: Bye Bye [preauth]
Jan 21 15:37:38 host sshd[31607]: Disconnected from 125.163.181.2 port 33992 [preauth]
Jan 21 15:41:09 host sshd[32110]: Connection closed by 125.163.181.2 port 57462 [preauth]
Jan 21 15:43:21 host sshd[32455]: Did not receive identification string from 213.170.135.30 port 32856
Jan 21 15:43:56 host sshd[32523]: Invalid user admin from 213.170.135.30 port 33496
Jan 21 15:43:56 host sshd[32523]: input_userauth_request: invalid user admin [preauth]
Jan 21 15:43:56 host sshd[32523]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:43:56 host sshd[32523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.170.135.30
Jan 21 15:43:58 host sshd[32523]: Failed password for invalid user admin from 213.170.135.30 port 33496 ssh2
Jan 21 15:43:59 host sshd[32523]: Connection closed by 213.170.135.30 port 33496 [preauth]
Jan 21 15:44:43 host sshd[32616]: Invalid user admin from 213.170.135.30 port 58522
Jan 21 15:44:43 host sshd[32616]: input_userauth_request: invalid user admin [preauth]
Jan 21 15:44:43 host sshd[32616]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:44:43 host sshd[32616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.170.135.30
Jan 21 15:44:45 host sshd[32616]: Failed password for invalid user admin from 213.170.135.30 port 58522 ssh2
Jan 21 15:44:45 host sshd[32616]: Connection closed by 213.170.135.30 port 58522 [preauth]
Jan 21 15:44:50 host sshd[32618]: Connection closed by 125.163.181.2 port 52700 [preauth]
Jan 21 15:44:50 host sshd[32656]: Invalid user fengbo from 106.10.122.53 port 41614
Jan 21 15:44:50 host sshd[32656]: input_userauth_request: invalid user fengbo [preauth]
Jan 21 15:44:50 host sshd[32656]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:44:50 host sshd[32656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 21 15:44:52 host sshd[32656]: Failed password for invalid user fengbo from 106.10.122.53 port 41614 ssh2
Jan 21 15:44:52 host sshd[32656]: Connection closed by 106.10.122.53 port 41614 [preauth]
Jan 21 15:44:57 host sshd[32669]: invalid public DH value: >= p-1 [preauth]
Jan 21 15:44:57 host sshd[32669]: ssh_dispatch_run_fatal: Connection from 122.116.46.241 port 56875: incomplete message [preauth]
Jan 21 15:48:33 host sshd[580]: Invalid user mapadmin from 125.163.181.2 port 47930
Jan 21 15:48:33 host sshd[580]: input_userauth_request: invalid user mapadmin [preauth]
Jan 21 15:48:33 host sshd[580]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:48:33 host sshd[580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.163.181.2
Jan 21 15:48:35 host sshd[580]: Failed password for invalid user mapadmin from 125.163.181.2 port 47930 ssh2
Jan 21 15:51:56 host sshd[1202]: Invalid user pi from 122.117.63.117 port 35382
Jan 21 15:51:56 host sshd[1202]: input_userauth_request: invalid user pi [preauth]
Jan 21 15:51:56 host sshd[1202]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:51:56 host sshd[1202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.63.117
Jan 21 15:51:59 host sshd[1202]: Failed password for invalid user pi from 122.117.63.117 port 35382 ssh2
Jan 21 15:51:59 host sshd[1202]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:52:01 host sshd[1202]: Failed password for invalid user pi from 122.117.63.117 port 35382 ssh2
Jan 21 15:52:01 host sshd[1202]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:52:03 host sshd[1202]: Failed password for invalid user pi from 122.117.63.117 port 35382 ssh2
Jan 21 15:52:04 host sshd[1202]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:52:06 host sshd[1202]: Failed password for invalid user pi from 122.117.63.117 port 35382 ssh2
Jan 21 15:52:06 host sshd[1202]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:52:08 host sshd[1202]: Failed password for invalid user pi from 122.117.63.117 port 35382 ssh2
Jan 21 15:56:59 host sshd[1920]: User root from 122.117.0.142 not allowed because not listed in AllowUsers
Jan 21 15:56:59 host sshd[1920]: input_userauth_request: invalid user root [preauth]
Jan 21 15:56:59 host unix_chkpwd[1926]: password check failed for user (root)
Jan 21 15:56:59 host sshd[1920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.0.142 user=root
Jan 21 15:56:59 host sshd[1920]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 15:57:00 host sshd[1920]: Failed password for invalid user root from 122.117.0.142 port 34845 ssh2
Jan 21 15:57:01 host sshd[1920]: Connection reset by 122.117.0.142 port 34845 [preauth]
Jan 21 15:57:57 host sshd[2046]: User root from 141.98.11.66 not allowed because not listed in AllowUsers
Jan 21 15:57:57 host sshd[2046]: input_userauth_request: invalid user root [preauth]
Jan 21 15:57:57 host unix_chkpwd[2050]: password check failed for user (root)
Jan 21 15:57:57 host sshd[2046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.11.66 user=root
Jan 21 15:57:57 host sshd[2046]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 15:57:59 host sshd[2046]: Failed password for invalid user root from 141.98.11.66 port 57118 ssh2
Jan 21 15:57:59 host sshd[2046]: Received disconnect from 141.98.11.66 port 57118:11: Normal Shutdown, Thank you for playing [preauth]
Jan 21 15:57:59 host sshd[2046]: Disconnected from 141.98.11.66 port 57118 [preauth]
Jan 21 15:58:17 host sshd[2103]: Invalid user pooja from 124.187.103.196 port 44271
Jan 21 15:58:17 host sshd[2103]: input_userauth_request: invalid user pooja [preauth]
Jan 21 15:58:17 host sshd[2103]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 15:58:17 host sshd[2103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.187.103.196
Jan 21 15:58:19 host sshd[2103]: Failed password for invalid user pooja from 124.187.103.196 port 44271 ssh2
Jan 21 15:58:19 host sshd[2103]: Connection closed by 124.187.103.196 port 44271 [preauth]
Jan 21 16:00:16 host sshd[2370]: User root from 31.41.244.124 not allowed because not listed in AllowUsers
Jan 21 16:00:16 host sshd[2370]: input_userauth_request: invalid user root [preauth]
Jan 21 16:00:16 host unix_chkpwd[2373]: password check failed for user (root)
Jan 21 16:00:16 host sshd[2370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124 user=root
Jan 21 16:00:16 host sshd[2370]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 16:00:17 host sshd[2370]: Failed password for invalid user root from 31.41.244.124 port 25574 ssh2
Jan 21 16:00:18 host sshd[2370]: Received disconnect from 31.41.244.124 port 25574:11: Client disconnecting normally [preauth]
Jan 21 16:00:18 host sshd[2370]: Disconnected from 31.41.244.124 port 25574 [preauth]
Jan 21 16:04:49 host sshd[3028]: User root from 141.98.11.66 not allowed because not listed in AllowUsers
Jan 21 16:04:49 host sshd[3028]: input_userauth_request: invalid user root [preauth]
Jan 21 16:04:49 host unix_chkpwd[3032]: password check failed for user (root)
Jan 21 16:04:49 host sshd[3028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.11.66 user=root
Jan 21 16:04:49 host sshd[3028]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 16:04:51 host sshd[3028]: Failed password for invalid user root from 141.98.11.66 port 44158 ssh2
Jan 21 16:04:51 host sshd[3028]: Received disconnect from 141.98.11.66 port 44158:11: Normal Shutdown, Thank you for playing [preauth]
Jan 21 16:04:51 host sshd[3028]: Disconnected from 141.98.11.66 port 44158 [preauth]
Jan 21 16:16:47 host sshd[4683]: User root from 118.33.24.72 not allowed because not listed in AllowUsers
Jan 21 16:16:47 host sshd[4683]: input_userauth_request: invalid user root [preauth]
Jan 21 16:16:47 host unix_chkpwd[4688]: password check failed for user (root)
Jan 21 16:16:47 host sshd[4683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.33.24.72 user=root
Jan 21 16:16:47 host sshd[4683]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 16:16:50 host sshd[4683]: Failed password for invalid user root from 118.33.24.72 port 39195 ssh2
Jan 21 16:16:52 host unix_chkpwd[4693]: password check failed for user (root)
Jan 21 16:16:52 host sshd[4683]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 16:16:54 host sshd[4683]: Failed password for invalid user root from 118.33.24.72 port 39195 ssh2
Jan 21 16:16:54 host sshd[4683]: Connection reset by 118.33.24.72 port 39195 [preauth]
Jan 21 16:16:54 host sshd[4683]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.33.24.72 user=root
Jan 21 16:19:46 host sshd[5088]: Invalid user jincm from 162.218.126.136 port 33494
Jan 21 16:19:46 host sshd[5088]: input_userauth_request: invalid user jincm [preauth]
Jan 21 16:19:47 host sshd[5088]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 16:19:47 host sshd[5088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.218.126.136
Jan 21 16:19:49 host sshd[5088]: Failed password for invalid user jincm from 162.218.126.136 port 33494 ssh2
Jan 21 16:19:49 host sshd[5088]: Connection closed by 162.218.126.136 port 33494 [preauth]
Jan 21 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=a2zgroup user-2=dartsimp user-3=laundryboniface user-4=wwwkaretakers user-5=cochintaxi user-6=travelboniface user-7=wwwresourcehunte user-8=keralaholi user-9=wwwrmswll user-10=ugotscom user-11=wwwpmcresource user-12=vfmassets user-13=shalinijames user-14=wwwtestugo user-15=pmcresources user-16=wwwkmaorg user-17=disposeat user-18=remysagr user-19=wwwkapin user-20=woodpeck user-21=palco123 user-22=gifterman user-23=phmetals user-24=kottayamcalldriv user-25=wwwnexidigital user-26=mrsclean user-27=bonifacegroup user-28=wwwevmhonda user-29=wwwletsstalkfood user-30=straightcurve feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 16:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-7V2cRA9ek4Pn9JTz.~
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-7V2cRA9ek4Pn9JTz.~'
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-7V2cRA9ek4Pn9JTz.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 16:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 16:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 16:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 16:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 16:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 16:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 16:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 16:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 16:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 16:26:25 host sshd[6157]: Invalid user vadmin from 220.133.200.227 port 58218
Jan 21 16:26:25 host sshd[6157]: input_userauth_request: invalid user vadmin [preauth]
Jan 21 16:26:25 host sshd[6157]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 16:26:25 host sshd[6157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.200.227
Jan 21 16:26:27 host sshd[6157]: Failed password for invalid user vadmin from 220.133.200.227 port 58218 ssh2
Jan 21 16:26:28 host sshd[6157]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 16:26:30 host sshd[6157]: Failed password for invalid user vadmin from 220.133.200.227 port 58218 ssh2
Jan 21 16:26:31 host sshd[6157]: Failed password for invalid user vadmin from 220.133.200.227 port 58218 ssh2
Jan 21 16:26:31 host sshd[6157]: Connection closed by 220.133.200.227 port 58218 [preauth]
Jan 21 16:26:31 host sshd[6157]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.200.227
Jan 21 16:27:37 host sshd[6294]: User root from 89.31.32.115 not allowed because not listed in AllowUsers
Jan 21 16:27:37 host sshd[6294]: input_userauth_request: invalid user root [preauth]
Jan 21 16:27:37 host unix_chkpwd[6298]: password check failed for user (root)
Jan 21 16:27:37 host sshd[6294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.31.32.115 user=root
Jan 21 16:27:37 host sshd[6294]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 16:27:39 host sshd[6294]: Failed password for invalid user root from 89.31.32.115 port 47089 ssh2
Jan 21 16:27:41 host sshd[6294]: Connection reset by 89.31.32.115 port 47089 [preauth]
Jan 21 16:32:31 host sshd[6922]: Invalid user zyfwp from 121.185.203.56 port 63354
Jan 21 16:32:31 host sshd[6922]: input_userauth_request: invalid user zyfwp [preauth]
Jan 21 16:32:31 host sshd[6922]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 16:32:31 host sshd[6922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.185.203.56
Jan 21 16:32:34 host sshd[6922]: Failed password for invalid user zyfwp from 121.185.203.56 port 63354 ssh2
Jan 21 16:32:34 host sshd[6922]: Connection reset by 121.185.203.56 port 63354 [preauth]
Jan 21 16:36:18 host sshd[7321]: Invalid user usr from 119.195.226.143 port 63989
Jan 21 16:36:18 host sshd[7321]: input_userauth_request: invalid user usr [preauth]
Jan 21 16:36:18 host sshd[7321]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 16:36:18 host sshd[7321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.195.226.143
Jan 21 16:36:19 host sshd[7321]: Failed password for invalid user usr from 119.195.226.143 port 63989 ssh2
Jan 21 16:36:20 host sshd[7321]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 16:36:22 host sshd[7321]: Failed password for invalid user usr from 119.195.226.143 port 63989 ssh2
Jan 21 16:39:13 host sshd[7797]: User root from 45.90.161.125 not allowed because not listed in AllowUsers
Jan 21 16:39:13 host sshd[7797]: input_userauth_request: invalid user root [preauth]
Jan 21 16:39:13 host unix_chkpwd[7800]: password check failed for user (root)
Jan 21 16:39:13 host sshd[7797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.90.161.125 user=root
Jan 21 16:39:13 host sshd[7797]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 16:39:14 host sshd[7797]: Failed password for invalid user root from 45.90.161.125 port 39426 ssh2
Jan 21 16:39:15 host sshd[7797]: Received disconnect from 45.90.161.125 port 39426:11: Bye Bye [preauth]
Jan 21 16:39:15 host sshd[7797]: Disconnected from 45.90.161.125 port 39426 [preauth]
Jan 21 16:39:16 host sshd[7803]: Invalid user telnet from 45.90.161.125 port 43148
Jan 21 16:39:16 host sshd[7803]: input_userauth_request: invalid user telnet [preauth]
Jan 21 16:39:16 host sshd[7803]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 16:39:16 host sshd[7803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.90.161.125
Jan 21 16:39:18 host sshd[7803]: Failed password for invalid user telnet from 45.90.161.125 port 43148 ssh2
Jan 21 16:39:18 host sshd[7803]: Received disconnect from 45.90.161.125 port 43148:11: Bye Bye [preauth]
Jan 21 16:39:18 host sshd[7803]: Disconnected from 45.90.161.125 port 43148 [preauth]
Jan 21 16:41:20 host sshd[8071]: User root from 59.126.87.108 not allowed because not listed in AllowUsers
Jan 21 16:41:20 host sshd[8071]: input_userauth_request: invalid user root [preauth]
Jan 21 16:41:20 host unix_chkpwd[8076]: password check failed for user (root)
Jan 21 16:41:20 host sshd[8071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.126.87.108 user=root
Jan 21 16:41:20 host sshd[8071]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 16:41:22 host sshd[8071]: Failed password for invalid user root from 59.126.87.108 port 47962 ssh2
Jan 21 16:41:23 host unix_chkpwd[8079]: password check failed for user (root)
Jan 21 16:41:23 host sshd[8071]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 16:41:25 host sshd[8071]: Failed password for invalid user root from 59.126.87.108 port 47962 ssh2
Jan 21 16:41:26 host unix_chkpwd[8082]: password check failed for user (root)
Jan 21 16:41:26 host sshd[8071]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 16:41:28 host sshd[8071]: Failed password for invalid user root from 59.126.87.108 port 47962 ssh2
Jan 21 16:41:29 host unix_chkpwd[8125]: password check failed for user (root)
Jan 21 16:41:29 host sshd[8071]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 16:41:31 host sshd[8071]: Failed password for invalid user root from 59.126.87.108 port 47962 ssh2
Jan 21 16:46:28 host sshd[8743]: Invalid user ec2-user from 121.148.215.114 port 61006
Jan 21 16:46:28 host sshd[8743]: input_userauth_request: invalid user ec2-user [preauth]
Jan 21 16:46:28 host sshd[8743]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 16:46:28 host sshd[8743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.148.215.114
Jan 21 16:46:30 host sshd[8743]: Failed password for invalid user ec2-user from 121.148.215.114 port 61006 ssh2
Jan 21 16:46:31 host sshd[8743]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 16:46:32 host sshd[8743]: Failed password for invalid user ec2-user from 121.148.215.114 port 61006 ssh2
Jan 21 16:46:33 host sshd[8743]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 16:46:35 host sshd[8743]: Failed password for invalid user ec2-user from 121.148.215.114 port 61006 ssh2
Jan 21 16:46:36 host sshd[8743]: Failed password for invalid user ec2-user from 121.148.215.114 port 61006 ssh2
Jan 21 16:46:37 host sshd[8743]: Connection reset by 121.148.215.114 port 61006 [preauth]
Jan 21 16:46:37 host sshd[8743]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.148.215.114
Jan 21 16:48:21 host sshd[9090]: Invalid user hm from 194.110.203.109 port 34070
Jan 21 16:48:21 host sshd[9090]: input_userauth_request: invalid user hm [preauth]
Jan 21 16:48:21 host sshd[9090]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 16:48:21 host sshd[9090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 16:48:22 host sshd[9090]: Failed password for invalid user hm from 194.110.203.109 port 34070 ssh2
Jan 21 16:48:26 host sshd[9090]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 16:48:28 host sshd[9090]: Failed password for invalid user hm from 194.110.203.109 port 34070 ssh2
Jan 21 16:48:31 host sshd[9090]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 16:48:33 host sshd[9090]: Failed password for invalid user hm from 194.110.203.109 port 34070 ssh2
Jan 21 16:48:36 host sshd[9090]: Connection closed by 194.110.203.109 port 34070 [preauth]
Jan 21 16:48:36 host sshd[9090]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 16:51:38 host sshd[9527]: Did not receive identification string from 3.10.171.191 port 21345
Jan 21 16:51:44 host sshd[9544]: Did not receive identification string from 3.10.171.191 port 21345
Jan 21 16:53:14 host sshd[9822]: Did not receive identification string from 206.189.23.129 port 61000
Jan 21 16:55:19 host sshd[10108]: Did not receive identification string from 3.10.171.191 port 21345
Jan 21 16:55:25 host sshd[10117]: Did not receive identification string from 3.10.171.191 port 21345
Jan 21 16:55:25 host sshd[10117]: Did not receive identification string from 3.10.171.191 port 21345
Jan 21 16:55:25 host sshd[10117]: Did not receive identification string from 3.10.171.191 port 21345
Jan 21 16:58:21 host sshd[10488]: Did not receive identification string from 58.72.18.130 port 20542
Jan 21 16:58:34 host sshd[10570]: User sshd from 194.169.175.102 not allowed because not listed in AllowUsers
Jan 21 16:58:34 host sshd[10570]: input_userauth_request: invalid user sshd [preauth]
Jan 21 16:58:34 host unix_chkpwd[10632]: password check failed for user (sshd)
Jan 21 16:58:34 host sshd[10570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.169.175.102 user=sshd
Jan 21 16:58:34 host sshd[10570]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "sshd"
Jan 21 16:58:36 host sshd[10570]: Failed password for invalid user sshd from 194.169.175.102 port 51893 ssh2
Jan 21 16:58:36 host sshd[10570]: Received disconnect from 194.169.175.102 port 51893:11: Client disconnecting normally [preauth]
Jan 21 16:58:36 host sshd[10570]: Disconnected from 194.169.175.102 port 51893 [preauth]
Jan 21 17:01:33 host sshd[11047]: User root from 61.61.22.2 not allowed because not listed in AllowUsers
Jan 21 17:01:33 host sshd[11047]: input_userauth_request: invalid user root [preauth]
Jan 21 17:01:33 host unix_chkpwd[11061]: password check failed for user (root)
Jan 21 17:01:33 host sshd[11047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.61.22.2 user=root
Jan 21 17:01:33 host sshd[11047]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 17:01:35 host sshd[11047]: Failed password for invalid user root from 61.61.22.2 port 58689 ssh2
Jan 21 17:01:36 host unix_chkpwd[11071]: password check failed for user (root)
Jan 21 17:01:36 host sshd[11047]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 17:01:38 host sshd[11047]: Failed password for invalid user root from 61.61.22.2 port 58689 ssh2
Jan 21 17:01:38 host sshd[11047]: Connection reset by 61.61.22.2 port 58689 [preauth]
Jan 21 17:01:38 host sshd[11047]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.61.22.2 user=root
Jan 21 17:06:19 host sshd[11739]: Invalid user changxu from 106.10.122.53 port 45712
Jan 21 17:06:19 host sshd[11739]: input_userauth_request: invalid user changxu [preauth]
Jan 21 17:06:19 host sshd[11739]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:06:19 host sshd[11739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 21 17:06:21 host sshd[11739]: Failed password for invalid user changxu from 106.10.122.53 port 45712 ssh2
Jan 21 17:06:21 host sshd[11739]: Connection closed by 106.10.122.53 port 45712 [preauth]
Jan 21 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 17:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=gifterman user-2=palco123 user-3=kottayamcalldriv user-4=phmetals user-5=wwwnexidigital user-6=mrsclean user-7=bonifacegroup user-8=wwwevmhonda user-9=wwwletsstalkfood user-10=straightcurve user-11=vfmassets user-12=wwwtestugo user-13=shalinijames user-14=pmcresources user-15=remysagr user-16=disposeat user-17=wwwkmaorg user-18=wwwkapin user-19=woodpeck user-20=travelboniface user-21=wwwrmswll user-22=keralaholi user-23=wwwresourcehunte user-24=ugotscom user-25=wwwpmcresource user-26=dartsimp user-27=a2zgroup user-28=laundryboniface user-29=wwwkaretakers user-30=cochintaxi feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 17:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-KowzRwbo8gtRMgPu.~
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-KowzRwbo8gtRMgPu.~'
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-KowzRwbo8gtRMgPu.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 17:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 17:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 17:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 17:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 17:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 17:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 17:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 17:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 17:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 17:37:47 host sshd[16600]: Invalid user pi from 49.213.227.42 port 51066
Jan 21 17:37:47 host sshd[16600]: input_userauth_request: invalid user pi [preauth]
Jan 21 17:37:47 host sshd[16600]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:37:47 host sshd[16600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.227.42
Jan 21 17:37:49 host sshd[16600]: Failed password for invalid user pi from 49.213.227.42 port 51066 ssh2
Jan 21 17:37:49 host sshd[16600]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:37:51 host sshd[16600]: Failed password for invalid user pi from 49.213.227.42 port 51066 ssh2
Jan 21 17:37:51 host sshd[16600]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:37:53 host sshd[16600]: Failed password for invalid user pi from 49.213.227.42 port 51066 ssh2
Jan 21 17:37:54 host sshd[16600]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:37:56 host sshd[16600]: Failed password for invalid user pi from 49.213.227.42 port 51066 ssh2
Jan 21 17:37:57 host sshd[16600]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:37:59 host sshd[16600]: Failed password for invalid user pi from 49.213.227.42 port 51066 ssh2
Jan 21 17:38:00 host sshd[16600]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:38:02 host sshd[16600]: Failed password for invalid user pi from 49.213.227.42 port 51066 ssh2
Jan 21 17:38:02 host sshd[16600]: error: maximum authentication attempts exceeded for invalid user pi from 49.213.227.42 port 51066 ssh2 [preauth]
Jan 21 17:38:02 host sshd[16600]: Disconnecting: Too many authentication failures [preauth]
Jan 21 17:38:02 host sshd[16600]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.213.227.42
Jan 21 17:38:02 host sshd[16600]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 21 17:50:44 host sshd[18597]: Invalid user ubnt from 222.112.66.163 port 60755
Jan 21 17:50:44 host sshd[18597]: input_userauth_request: invalid user ubnt [preauth]
Jan 21 17:50:44 host sshd[18597]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:50:44 host sshd[18597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.112.66.163
Jan 21 17:50:45 host sshd[18597]: Failed password for invalid user ubnt from 222.112.66.163 port 60755 ssh2
Jan 21 17:50:46 host sshd[18597]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:50:48 host sshd[18597]: Failed password for invalid user ubnt from 222.112.66.163 port 60755 ssh2
Jan 21 17:50:50 host sshd[18597]: Failed password for invalid user ubnt from 222.112.66.163 port 60755 ssh2
Jan 21 17:50:50 host sshd[18597]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:50:52 host sshd[18597]: Failed password for invalid user ubnt from 222.112.66.163 port 60755 ssh2
Jan 21 17:50:53 host sshd[18597]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:50:55 host sshd[18597]: Failed password for invalid user ubnt from 222.112.66.163 port 60755 ssh2
Jan 21 17:50:55 host sshd[18597]: Connection reset by 222.112.66.163 port 60755 [preauth]
Jan 21 17:50:55 host sshd[18597]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.112.66.163
Jan 21 17:50:55 host sshd[18597]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 21 17:56:10 host sshd[19308]: Invalid user zyfwp from 121.136.127.58 port 63585
Jan 21 17:56:10 host sshd[19308]: input_userauth_request: invalid user zyfwp [preauth]
Jan 21 17:56:10 host sshd[19308]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:56:10 host sshd[19308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.136.127.58
Jan 21 17:56:12 host sshd[19308]: Failed password for invalid user zyfwp from 121.136.127.58 port 63585 ssh2
Jan 21 17:56:12 host sshd[19308]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:56:14 host sshd[19308]: Failed password for invalid user zyfwp from 121.136.127.58 port 63585 ssh2
Jan 21 17:56:15 host sshd[19308]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:56:17 host sshd[19308]: Failed password for invalid user zyfwp from 121.136.127.58 port 63585 ssh2
Jan 21 17:56:17 host sshd[19308]: Connection closed by 121.136.127.58 port 63585 [preauth]
Jan 21 17:56:17 host sshd[19308]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.136.127.58
Jan 21 17:57:35 host sshd[19478]: Invalid user postgres from 175.204.208.193 port 60404
Jan 21 17:57:35 host sshd[19478]: input_userauth_request: invalid user postgres [preauth]
Jan 21 17:57:35 host sshd[19478]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:57:35 host sshd[19478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.204.208.193
Jan 21 17:57:37 host sshd[19478]: Failed password for invalid user postgres from 175.204.208.193 port 60404 ssh2
Jan 21 17:57:38 host sshd[19478]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 17:57:40 host sshd[19478]: Failed password for invalid user postgres from 175.204.208.193 port 60404 ssh2
Jan 21 17:57:41 host sshd[19478]: Connection reset by 175.204.208.193 port 60404 [preauth]
Jan 21 17:57:41 host sshd[19478]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.204.208.193
Jan 21 18:00:38 host sshd[19842]: Invalid user admin from 62.233.50.248 port 58101
Jan 21 18:00:38 host sshd[19842]: input_userauth_request: invalid user admin [preauth]
Jan 21 18:00:38 host sshd[19842]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:00:38 host sshd[19842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248
Jan 21 18:00:40 host sshd[19842]: Failed password for invalid user admin from 62.233.50.248 port 58101 ssh2
Jan 21 18:00:40 host sshd[19842]: Received disconnect from 62.233.50.248 port 58101:11: Client disconnecting normally [preauth]
Jan 21 18:00:40 host sshd[19842]: Disconnected from 62.233.50.248 port 58101 [preauth]
Jan 21 18:03:49 host sshd[20402]: User root from 107.189.1.133 not allowed because not listed in AllowUsers
Jan 21 18:03:49 host sshd[20402]: input_userauth_request: invalid user root [preauth]
Jan 21 18:03:49 host unix_chkpwd[20413]: password check failed for user (root)
Jan 21 18:03:49 host sshd[20402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.1.133 user=root
Jan 21 18:03:49 host sshd[20402]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 18:03:51 host sshd[20402]: Failed password for invalid user root from 107.189.1.133 port 38834 ssh2
Jan 21 18:03:51 host sshd[20402]: Connection closed by 107.189.1.133 port 38834 [preauth]
Jan 21 18:08:45 host sshd[21124]: Invalid user admin from 72.209.29.177 port 44189
Jan 21 18:08:45 host sshd[21124]: input_userauth_request: invalid user admin [preauth]
Jan 21 18:08:45 host sshd[21124]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:08:45 host sshd[21124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.209.29.177
Jan 21 18:08:46 host sshd[21124]: Failed password for invalid user admin from 72.209.29.177 port 44189 ssh2
Jan 21 18:08:47 host sshd[21124]: Failed password for invalid user admin from 72.209.29.177 port 44189 ssh2
Jan 21 18:08:47 host sshd[21124]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:08:49 host sshd[21124]: Failed password for invalid user admin from 72.209.29.177 port 44189 ssh2
Jan 21 18:08:50 host sshd[21124]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:08:52 host sshd[21124]: Failed password for invalid user admin from 72.209.29.177 port 44189 ssh2
Jan 21 18:08:53 host sshd[21124]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:08:55 host sshd[21124]: Failed password for invalid user admin from 72.209.29.177 port 44189 ssh2
Jan 21 18:08:55 host sshd[21124]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:08:57 host sshd[21124]: Failed password for invalid user admin from 72.209.29.177 port 44189 ssh2
Jan 21 18:08:57 host sshd[21124]: error: maximum authentication attempts exceeded for invalid user admin from 72.209.29.177 port 44189 ssh2 [preauth]
Jan 21 18:08:57 host sshd[21124]: Disconnecting: Too many authentication failures [preauth]
Jan 21 18:08:57 host sshd[21124]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.209.29.177
Jan 21 18:08:57 host sshd[21124]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 21 18:09:54 host sshd[21284]: User root from 222.103.25.111 not allowed because not listed in AllowUsers
Jan 21 18:09:54 host sshd[21284]: input_userauth_request: invalid user root [preauth]
Jan 21 18:09:54 host unix_chkpwd[21298]: password check failed for user (root)
Jan 21 18:09:54 host sshd[21284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.103.25.111 user=root
Jan 21 18:09:54 host sshd[21284]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 18:09:57 host sshd[21284]: Failed password for invalid user root from 222.103.25.111 port 60555 ssh2
Jan 21 18:09:58 host unix_chkpwd[21302]: password check failed for user (root)
Jan 21 18:09:58 host sshd[21284]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 18:09:59 host sshd[21284]: Failed password for invalid user root from 222.103.25.111 port 60555 ssh2
Jan 21 18:10:01 host unix_chkpwd[21306]: password check failed for user (root)
Jan 21 18:10:01 host sshd[21284]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 18:10:02 host sshd[21284]: Failed password for invalid user root from 222.103.25.111 port 60555 ssh2
Jan 21 18:10:03 host unix_chkpwd[21333]: password check failed for user (root)
Jan 21 18:10:03 host sshd[21284]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 18:10:05 host sshd[21284]: Failed password for invalid user root from 222.103.25.111 port 60555 ssh2
Jan 21 18:10:06 host unix_chkpwd[21340]: password check failed for user (root)
Jan 21 18:10:06 host sshd[21284]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 18:10:09 host sshd[21284]: Failed password for invalid user root from 222.103.25.111 port 60555 ssh2
Jan 21 18:10:52 host sshd[21499]: Invalid user wzw from 162.218.126.136 port 56572
Jan 21 18:10:52 host sshd[21499]: input_userauth_request: invalid user wzw [preauth]
Jan 21 18:10:52 host sshd[21499]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:10:52 host sshd[21499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.218.126.136
Jan 21 18:10:54 host sshd[21499]: Failed password for invalid user wzw from 162.218.126.136 port 56572 ssh2
Jan 21 18:10:54 host sshd[21499]: Connection closed by 162.218.126.136 port 56572 [preauth]
Jan 21 18:17:05 host sshd[22337]: Invalid user admin from 59.120.90.33 port 54985
Jan 21 18:17:05 host sshd[22337]: input_userauth_request: invalid user admin [preauth]
Jan 21 18:17:05 host sshd[22337]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:17:05 host sshd[22337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.120.90.33
Jan 21 18:17:08 host sshd[22337]: Failed password for invalid user admin from 59.120.90.33 port 54985 ssh2
Jan 21 18:17:08 host sshd[22337]: Connection reset by 59.120.90.33 port 54985 [preauth]
Jan 21 18:18:21 host sshd[22496]: Invalid user admin from 1.214.29.246 port 61237
Jan 21 18:18:21 host sshd[22496]: input_userauth_request: invalid user admin [preauth]
Jan 21 18:18:21 host sshd[22496]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:18:21 host sshd[22496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.214.29.246
Jan 21 18:18:23 host sshd[22496]: Failed password for invalid user admin from 1.214.29.246 port 61237 ssh2
Jan 21 18:18:24 host sshd[22496]: Failed password for invalid user admin from 1.214.29.246 port 61237 ssh2
Jan 21 18:18:24 host sshd[22496]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:18:27 host sshd[22496]: Failed password for invalid user admin from 1.214.29.246 port 61237 ssh2
Jan 21 18:18:27 host sshd[22496]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:18:29 host sshd[22496]: Failed password for invalid user admin from 1.214.29.246 port 61237 ssh2
Jan 21 18:18:30 host sshd[22496]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:18:32 host sshd[22496]: Failed password for invalid user admin from 1.214.29.246 port 61237 ssh2
Jan 21 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 18:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=mrsclean user-2=wwwnexidigital user-3=palco123 user-4=gifterman user-5=phmetals user-6=kottayamcalldriv user-7=straightcurve user-8=wwwletsstalkfood user-9=bonifacegroup user-10=wwwevmhonda user-11=pmcresources user-12=vfmassets user-13=shalinijames user-14=wwwtestugo user-15=wwwkapin user-16=woodpeck user-17=wwwkmaorg user-18=disposeat user-19=remysagr user-20=wwwresourcehunte user-21=keralaholi user-22=wwwrmswll user-23=ugotscom user-24=travelboniface user-25=wwwpmcresource user-26=laundryboniface user-27=a2zgroup user-28=dartsimp user-29=wwwkaretakers user-30=cochintaxi feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 18:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-PXFnfZYmuwvsd9fI.~
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-PXFnfZYmuwvsd9fI.~'
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-PXFnfZYmuwvsd9fI.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 18:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 18:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 18:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 18:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 18:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 18:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 18:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 18:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 18:24:23 host sshd[23610]: Invalid user ckh from 106.10.122.53 port 37126
Jan 21 18:24:23 host sshd[23610]: input_userauth_request: invalid user ckh [preauth]
Jan 21 18:24:23 host sshd[23610]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:24:23 host sshd[23610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 21 18:24:24 host sshd[23610]: Failed password for invalid user ckh from 106.10.122.53 port 37126 ssh2
Jan 21 18:24:25 host sshd[23610]: Connection closed by 106.10.122.53 port 37126 [preauth]
Jan 21 18:28:41 host sshd[24118]: Connection reset by 198.235.24.30 port 64978 [preauth]
Jan 21 18:29:40 host sshd[24267]: Did not receive identification string from 192.155.90.220 port 10584
Jan 21 18:29:41 host sshd[24269]: Did not receive identification string from 192.155.90.220 port 10596
Jan 21 18:29:42 host sshd[24273]: Did not receive identification string from 192.155.90.220 port 10406
Jan 21 18:33:09 host sshd[24864]: Invalid user hn from 194.110.203.109 port 54236
Jan 21 18:33:09 host sshd[24864]: input_userauth_request: invalid user hn [preauth]
Jan 21 18:33:09 host sshd[24864]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:33:09 host sshd[24864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 18:33:11 host sshd[24864]: Failed password for invalid user hn from 194.110.203.109 port 54236 ssh2
Jan 21 18:33:14 host sshd[24864]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:33:16 host sshd[24864]: Failed password for invalid user hn from 194.110.203.109 port 54236 ssh2
Jan 21 18:33:20 host sshd[24864]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:33:21 host sshd[24864]: Failed password for invalid user hn from 194.110.203.109 port 54236 ssh2
Jan 21 18:33:24 host sshd[24864]: Connection closed by 194.110.203.109 port 54236 [preauth]
Jan 21 18:33:24 host sshd[24864]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 18:54:06 host sshd[27753]: Invalid user zyfwp from 220.133.146.111 port 46912
Jan 21 18:54:06 host sshd[27753]: input_userauth_request: invalid user zyfwp [preauth]
Jan 21 18:54:06 host sshd[27753]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:54:06 host sshd[27753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.146.111
Jan 21 18:54:08 host sshd[27753]: Failed password for invalid user zyfwp from 220.133.146.111 port 46912 ssh2
Jan 21 18:54:09 host sshd[27753]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 18:54:11 host sshd[27753]: Failed password for invalid user zyfwp from 220.133.146.111 port 46912 ssh2
Jan 21 18:54:11 host sshd[27753]: Connection reset by 220.133.146.111 port 46912 [preauth]
Jan 21 18:54:11 host sshd[27753]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.146.111
Jan 21 18:56:28 host sshd[28157]: Did not receive identification string from 141.105.66.212 port 45044
Jan 21 18:57:46 host sshd[28520]: Did not receive identification string from 141.105.66.212 port 42886
Jan 21 18:57:46 host sshd[28512]: Protocol major versions differ for 141.105.66.212 port 42840: SSH-2.0-OpenSSH_7.4 vs. SSH-1.5-NmapNSE_1.0
Jan 21 19:02:40 host sshd[29250]: Connection reset by 220.133.203.74 port 46401 [preauth]
Jan 21 19:02:44 host sshd[29266]: Did not receive identification string from 115.146.122.211 port 57608
Jan 21 19:02:44 host sshd[29267]: Invalid user www from 115.146.122.211 port 60294
Jan 21 19:02:44 host sshd[29267]: input_userauth_request: invalid user www [preauth]
Jan 21 19:02:44 host sshd[29268]: Invalid user ubuntu from 115.146.122.211 port 60332
Jan 21 19:02:44 host sshd[29268]: input_userauth_request: invalid user ubuntu [preauth]
Jan 21 19:02:44 host sshd[29272]: Invalid user admin from 115.146.122.211 port 60302
Jan 21 19:02:44 host sshd[29272]: input_userauth_request: invalid user admin [preauth]
Jan 21 19:02:44 host sshd[29269]: Invalid user admin from 115.146.122.211 port 60336
Jan 21 19:02:44 host sshd[29269]: input_userauth_request: invalid user admin [preauth]
Jan 21 19:02:44 host sshd[29276]: Invalid user admin from 115.146.122.211 port 60418
Jan 21 19:02:44 host sshd[29276]: input_userauth_request: invalid user admin [preauth]
Jan 21 19:02:44 host sshd[29277]: User root from 115.146.122.211 not allowed because not listed in AllowUsers
Jan 21 19:02:44 host sshd[29277]: input_userauth_request: invalid user root [preauth]
Jan 21 19:02:44 host sshd[29279]: User root from 115.146.122.211 not allowed because not listed in AllowUsers
Jan 21 19:02:44 host sshd[29279]: input_userauth_request: invalid user root [preauth]
Jan 21 19:02:44 host sshd[29278]: User root from 115.146.122.211 not allowed because not listed in AllowUsers
Jan 21 19:02:44 host sshd[29278]: input_userauth_request: invalid user root [preauth]
Jan 21 19:02:44 host sshd[29273]: Invalid user admin from 115.146.122.211 port 60394
Jan 21 19:02:44 host sshd[29273]: input_userauth_request: invalid user admin [preauth]
Jan 21 19:02:45 host sshd[29284]: Invalid user devops from 115.146.122.211 port 60386
Jan 21 19:02:45 host sshd[29284]: input_userauth_request: invalid user devops [preauth]
Jan 21 19:02:45 host sshd[29275]: Invalid user web from 115.146.122.211 port 60298
Jan 21 19:02:45 host sshd[29275]: input_userauth_request: invalid user web [preauth]
Jan 21 19:02:45 host sshd[29271]: User root from 115.146.122.211 not allowed because not listed in AllowUsers
Jan 21 19:02:45 host sshd[29289]: User root from 115.146.122.211 not allowed because not listed in AllowUsers
Jan 21 19:02:45 host sshd[29271]: input_userauth_request: invalid user root [preauth]
Jan 21 19:02:45 host sshd[29289]: input_userauth_request: invalid user root [preauth]
Jan 21 19:02:45 host sshd[29280]: User root from 115.146.122.211 not allowed because not listed in AllowUsers
Jan 21 19:02:45 host sshd[29280]: input_userauth_request: invalid user root [preauth]
Jan 21 19:02:45 host sshd[29291]: Invalid user admin from 115.146.122.211 port 60406
Jan 21 19:02:45 host sshd[29283]: Invalid user ubnt from 115.146.122.211 port 60416
Jan 21 19:02:45 host sshd[29291]: input_userauth_request: invalid user admin [preauth]
Jan 21 19:02:45 host sshd[29286]: User root from 115.146.122.211 not allowed because not listed in AllowUsers
Jan 21 19:02:45 host sshd[29286]: input_userauth_request: invalid user root [preauth]
Jan 21 19:02:45 host sshd[29283]: input_userauth_request: invalid user ubnt [preauth]
Jan 21 19:02:45 host sshd[29290]: Invalid user admin from 115.146.122.211 port 60348
Jan 21 19:02:45 host sshd[29290]: input_userauth_request: invalid user admin [preauth]
Jan 21 19:02:45 host sshd[29292]: Invalid user oracle from 115.146.122.211 port 60398
Jan 21 19:02:45 host sshd[29292]: input_userauth_request: invalid user oracle [preauth]
Jan 21 19:02:45 host sshd[29274]: Invalid user ansible from 115.146.122.211 port 60362
Jan 21 19:02:45 host sshd[29274]: input_userauth_request: invalid user ansible [preauth]
Jan 21 19:02:45 host sshd[29282]: User root from 115.146.122.211 not allowed because not listed in AllowUsers
Jan 21 19:02:45 host sshd[29282]: input_userauth_request: invalid user root [preauth]
Jan 21 19:02:45 host sshd[29285]: User root from 115.146.122.211 not allowed because not listed in AllowUsers
Jan 21 19:02:45 host sshd[29285]: input_userauth_request: invalid user root [preauth]
Jan 21 19:02:45 host sshd[29294]: Invalid user es from 115.146.122.211 port 60430
Jan 21 19:02:45 host sshd[29294]: input_userauth_request: invalid user es [preauth]
Jan 21 19:02:45 host sshd[29267]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host sshd[29288]: User root from 115.146.122.211 not allowed because not listed in AllowUsers
Jan 21 19:02:45 host sshd[29288]: input_userauth_request: invalid user root [preauth]
Jan 21 19:02:45 host sshd[29287]: Invalid user postgres from 115.146.122.211 port 60290
Jan 21 19:02:45 host sshd[29287]: input_userauth_request: invalid user postgres [preauth]
Jan 21 19:02:45 host sshd[29293]: Invalid user pi from 115.146.122.211 port 60434
Jan 21 19:02:45 host sshd[29293]: input_userauth_request: invalid user pi [preauth]
Jan 21 19:02:45 host sshd[29295]: Invalid user ansible from 115.146.122.211 port 60316
Jan 21 19:02:45 host sshd[29268]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host sshd[29295]: input_userauth_request: invalid user ansible [preauth]
Jan 21 19:02:45 host sshd[29272]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host sshd[29269]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host sshd[29276]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host sshd[29273]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host sshd[29284]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host sshd[29275]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host unix_chkpwd[29327]: password check failed for user (root)
Jan 21 19:02:45 host sshd[29279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211 user=root
Jan 21 19:02:45 host sshd[29279]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:02:45 host sshd[29281]: Invalid user steam from 115.146.122.211 port 60320
Jan 21 19:02:45 host unix_chkpwd[29326]: password check failed for user (root)
Jan 21 19:02:45 host sshd[29281]: input_userauth_request: invalid user steam [preauth]
Jan 21 19:02:45 host sshd[29277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211 user=root
Jan 21 19:02:45 host sshd[29277]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:02:45 host sshd[29291]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host unix_chkpwd[29328]: password check failed for user (root)
Jan 21 19:02:45 host sshd[29278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211 user=root
Jan 21 19:02:45 host sshd[29278]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:02:45 host sshd[29283]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host sshd[29290]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host sshd[29292]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host sshd[29274]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host unix_chkpwd[29329]: password check failed for user (root)
Jan 21 19:02:45 host sshd[29274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host sshd[29271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211 user=root
Jan 21 19:02:45 host sshd[29271]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:02:45 host sshd[29287]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host unix_chkpwd[29330]: password check failed for user (root)
Jan 21 19:02:45 host sshd[29293]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host sshd[29289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211 user=root
Jan 21 19:02:45 host sshd[29289]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:02:45 host sshd[29294]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host unix_chkpwd[29331]: password check failed for user (root)
Jan 21 19:02:45 host sshd[29280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211 user=root
Jan 21 19:02:45 host sshd[29280]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:02:45 host sshd[29295]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host unix_chkpwd[29332]: password check failed for user (root)
Jan 21 19:02:45 host sshd[29286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211 user=root
Jan 21 19:02:45 host sshd[29286]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:02:45 host unix_chkpwd[29333]: password check failed for user (root)
Jan 21 19:02:45 host sshd[29282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211 user=root
Jan 21 19:02:45 host sshd[29282]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:02:45 host unix_chkpwd[29334]: password check failed for user (root)
Jan 21 19:02:45 host sshd[29288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211 user=root
Jan 21 19:02:45 host sshd[29288]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:02:45 host sshd[29281]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host sshd[29270]: Invalid user admin from 115.146.122.211 port 60328
Jan 21 19:02:45 host sshd[29270]: input_userauth_request: invalid user admin [preauth]
Jan 21 19:02:45 host sshd[29270]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:02:45 host sshd[29270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211
Jan 21 19:02:45 host unix_chkpwd[29335]: password check failed for user (root)
Jan 21 19:02:45 host sshd[29285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.146.122.211 user=root
Jan 21 19:02:45 host sshd[29285]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:02:47 host sshd[29267]: Failed password for invalid user www from 115.146.122.211 port 60294 ssh2
Jan 21 19:02:47 host sshd[29268]: Failed password for invalid user ubuntu from 115.146.122.211 port 60332 ssh2
Jan 21 19:02:47 host sshd[29272]: Failed password for invalid user admin from 115.146.122.211 port 60302 ssh2
Jan 21 19:02:47 host sshd[29269]: Failed password for invalid user admin from 115.146.122.211 port 60336 ssh2
Jan 21 19:02:47 host sshd[29276]: Failed password for invalid user admin from 115.146.122.211 port 60418 ssh2
Jan 21 19:02:47 host sshd[29273]: Failed password for invalid user admin from 115.146.122.211 port 60394 ssh2
Jan 21 19:02:47 host sshd[29284]: Failed password for invalid user devops from 115.146.122.211 port 60386 ssh2
Jan 21 19:02:47 host sshd[29275]: Failed password for invalid user web from 115.146.122.211 port 60298 ssh2
Jan 21 19:02:47 host sshd[29279]: Failed password for invalid user root from 115.146.122.211 port 60356 ssh2
Jan 21 19:02:47 host sshd[29277]: Failed password for invalid user root from 115.146.122.211 port 60344 ssh2
Jan 21 19:02:47 host sshd[29291]: Failed password for invalid user admin from 115.146.122.211 port 60406 ssh2
Jan 21 19:02:47 host sshd[29278]: Failed password for invalid user root from 115.146.122.211 port 60306 ssh2
Jan 21 19:02:47 host sshd[29283]: Failed password for invalid user ubnt from 115.146.122.211 port 60416 ssh2
Jan 21 19:02:47 host sshd[29290]: Failed password for invalid user admin from 115.146.122.211 port 60348 ssh2
Jan 21 19:02:47 host sshd[29267]: Connection closed by 115.146.122.211 port 60294 [preauth]
Jan 21 19:02:47 host sshd[29292]: Failed password for invalid user oracle from 115.146.122.211 port 60398 ssh2
Jan 21 19:02:47 host sshd[29268]: Connection closed by 115.146.122.211 port 60332 [preauth]
Jan 21 19:02:47 host sshd[29274]: Failed password for invalid user ansible from 115.146.122.211 port 60362 ssh2
Jan 21 19:02:47 host sshd[29271]: Failed password for invalid user root from 115.146.122.211 port 60324 ssh2
Jan 21 19:02:47 host sshd[29293]: Failed password for invalid user pi from 115.146.122.211 port 60434 ssh2
Jan 21 19:02:47 host sshd[29287]: Failed password for invalid user postgres from 115.146.122.211 port 60290 ssh2
Jan 21 19:02:47 host sshd[29289]: Failed password for invalid user root from 115.146.122.211 port 60402 ssh2
Jan 21 19:02:47 host sshd[29294]: Failed password for invalid user es from 115.146.122.211 port 60430 ssh2
Jan 21 19:02:47 host sshd[29272]: Connection closed by 115.146.122.211 port 60302 [preauth]
Jan 21 19:02:47 host sshd[29280]: Failed password for invalid user root from 115.146.122.211 port 60378 ssh2
Jan 21 19:02:47 host sshd[29269]: Connection closed by 115.146.122.211 port 60336 [preauth]
Jan 21 19:02:47 host sshd[29295]: Failed password for invalid user ansible from 115.146.122.211 port 60316 ssh2
Jan 21 19:02:47 host sshd[29276]: Connection closed by 115.146.122.211 port 60418 [preauth]
Jan 21 19:02:47 host sshd[29286]: Failed password for invalid user root from 115.146.122.211 port 60376 ssh2
Jan 21 19:02:47 host sshd[29282]: Failed password for invalid user root from 115.146.122.211 port 60312 ssh2
Jan 21 19:02:47 host sshd[29288]: Failed password for invalid user root from 115.146.122.211 port 60390 ssh2
Jan 21 19:02:47 host sshd[29273]: Connection closed by 115.146.122.211 port 60394 [preauth]
Jan 21 19:02:47 host sshd[29284]: Connection closed by 115.146.122.211 port 60386 [preauth]
Jan 21 19:02:47 host sshd[29275]: Connection closed by 115.146.122.211 port 60298 [preauth]
Jan 21 19:02:47 host sshd[29279]: Connection closed by 115.146.122.211 port 60356 [preauth]
Jan 21 19:02:47 host sshd[29277]: Connection closed by 115.146.122.211 port 60344 [preauth]
Jan 21 19:02:47 host sshd[29281]: Failed password for invalid user steam from 115.146.122.211 port 60320 ssh2
Jan 21 19:02:47 host sshd[29291]: Connection closed by 115.146.122.211 port 60406 [preauth]
Jan 21 19:02:47 host sshd[29278]: Connection closed by 115.146.122.211 port 60306 [preauth]
Jan 21 19:02:47 host sshd[29283]: Connection closed by 115.146.122.211 port 60416 [preauth]
Jan 21 19:02:47 host sshd[29290]: Connection closed by 115.146.122.211 port 60348 [preauth]
Jan 21 19:02:47 host sshd[29292]: Connection closed by 115.146.122.211 port 60398 [preauth]
Jan 21 19:02:47 host sshd[29274]: Connection closed by 115.146.122.211 port 60362 [preauth]
Jan 21 19:02:47 host sshd[29271]: Connection closed by 115.146.122.211 port 60324 [preauth]
Jan 21 19:02:47 host sshd[29287]: Connection closed by 115.146.122.211 port 60290 [preauth]
Jan 21 19:02:47 host sshd[29289]: Connection closed by 115.146.122.211 port 60402 [preauth]
Jan 21 19:02:47 host sshd[29294]: Connection closed by 115.146.122.211 port 60430 [preauth]
Jan 21 19:02:47 host sshd[29280]: Connection closed by 115.146.122.211 port 60378 [preauth]
Jan 21 19:02:47 host sshd[29293]: Connection closed by 115.146.122.211 port 60434 [preauth]
Jan 21 19:02:47 host sshd[29295]: Connection closed by 115.146.122.211 port 60316 [preauth]
Jan 21 19:02:47 host sshd[29286]: Connection closed by 115.146.122.211 port 60376 [preauth]
Jan 21 19:02:47 host sshd[29282]: Connection closed by 115.146.122.211 port 60312 [preauth]
Jan 21 19:02:47 host sshd[29288]: Connection closed by 115.146.122.211 port 60390 [preauth]
Jan 21 19:02:47 host sshd[29281]: Connection closed by 115.146.122.211 port 60320 [preauth]
Jan 21 19:02:47 host sshd[29270]: Failed password for invalid user admin from 115.146.122.211 port 60328 ssh2
Jan 21 19:02:48 host sshd[29285]: Failed password for invalid user root from 115.146.122.211 port 60368 ssh2
Jan 21 19:02:48 host sshd[29270]: Connection closed by 115.146.122.211 port 60328 [preauth]
Jan 21 19:02:48 host sshd[29285]: Connection closed by 115.146.122.211 port 60368 [preauth]
Jan 21 19:06:09 host sshd[29739]: Did not receive identification string from 117.50.66.128 port 41828
Jan 21 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=ugotscom user-2=wwwrmswll user-3=keralaholi user-4=wwwresourcehunte user-5=travelboniface user-6=wwwpmcresource user-7=laundryboniface user-8=dartsimp user-9=a2zgroup user-10=wwwkaretakers user-11=cochintaxi user-12=mrsclean user-13=wwwnexidigital user-14=kottayamcalldriv user-15=phmetals user-16=gifterman user-17=palco123 user-18=wwwletsstalkfood user-19=straightcurve user-20=wwwevmhonda user-21=bonifacegroup user-22=pmcresources user-23=wwwtestugo user-24=shalinijames user-25=vfmassets user-26=woodpeck user-27=wwwkapin user-28=remysagr user-29=disposeat user-30=wwwkmaorg feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 19:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-pD8gV8T3DNx8Nq7G.~
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-pD8gV8T3DNx8Nq7G.~'
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-pD8gV8T3DNx8Nq7G.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 19:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 19:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 19:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 19:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 19:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 19:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 19:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 19:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 19:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 19:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 19:22:49 host sshd[32039]: Invalid user admin from 1.34.76.241 port 48415
Jan 21 19:22:49 host sshd[32039]: input_userauth_request: invalid user admin [preauth]
Jan 21 19:22:49 host sshd[32039]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:22:49 host sshd[32039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.76.241
Jan 21 19:22:51 host sshd[32039]: Failed password for invalid user admin from 1.34.76.241 port 48415 ssh2
Jan 21 19:22:52 host sshd[32039]: Failed password for invalid user admin from 1.34.76.241 port 48415 ssh2
Jan 21 19:22:52 host sshd[32039]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:22:54 host sshd[32039]: Failed password for invalid user admin from 1.34.76.241 port 48415 ssh2
Jan 21 19:22:54 host sshd[32039]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:22:56 host sshd[32039]: Failed password for invalid user admin from 1.34.76.241 port 48415 ssh2
Jan 21 19:22:57 host sshd[32039]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:22:59 host sshd[32039]: Failed password for invalid user admin from 1.34.76.241 port 48415 ssh2
Jan 21 19:22:59 host sshd[32039]: Connection reset by 1.34.76.241 port 48415 [preauth]
Jan 21 19:22:59 host sshd[32039]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.76.241
Jan 21 19:22:59 host sshd[32039]: PAM service(sshd) ignoring max retries; 4 > 3
Jan 21 19:33:24 host sshd[983]: User root from 165.22.190.158 not allowed because not listed in AllowUsers
Jan 21 19:33:24 host sshd[983]: input_userauth_request: invalid user root [preauth]
Jan 21 19:33:24 host unix_chkpwd[987]: password check failed for user (root)
Jan 21 19:33:24 host sshd[983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.190.158 user=root
Jan 21 19:33:24 host sshd[983]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:33:27 host sshd[983]: Failed password for invalid user root from 165.22.190.158 port 43200 ssh2
Jan 21 19:33:28 host sshd[983]: Connection closed by 165.22.190.158 port 43200 [preauth]
Jan 21 19:41:03 host sshd[2171]: Invalid user bytenest_dev from 106.10.122.53 port 36390
Jan 21 19:41:03 host sshd[2171]: input_userauth_request: invalid user bytenest_dev [preauth]
Jan 21 19:41:03 host sshd[2171]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:41:03 host sshd[2171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 21 19:41:05 host sshd[2171]: Failed password for invalid user bytenest_dev from 106.10.122.53 port 36390 ssh2
Jan 21 19:41:06 host sshd[2171]: Connection closed by 106.10.122.53 port 36390 [preauth]
Jan 21 19:48:03 host sshd[3546]: User root from 122.117.80.89 not allowed because not listed in AllowUsers
Jan 21 19:48:03 host sshd[3546]: input_userauth_request: invalid user root [preauth]
Jan 21 19:48:04 host unix_chkpwd[3553]: password check failed for user (root)
Jan 21 19:48:04 host sshd[3546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.117.80.89 user=root
Jan 21 19:48:04 host sshd[3546]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:48:06 host sshd[3546]: Failed password for invalid user root from 122.117.80.89 port 48810 ssh2
Jan 21 19:48:07 host unix_chkpwd[3561]: password check failed for user (root)
Jan 21 19:48:07 host sshd[3546]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:48:09 host sshd[3546]: Failed password for invalid user root from 122.117.80.89 port 48810 ssh2
Jan 21 19:48:10 host unix_chkpwd[3566]: password check failed for user (root)
Jan 21 19:48:10 host sshd[3546]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:48:12 host sshd[3546]: Failed password for invalid user root from 122.117.80.89 port 48810 ssh2
Jan 21 19:48:13 host unix_chkpwd[3570]: password check failed for user (root)
Jan 21 19:48:13 host sshd[3546]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:48:14 host sshd[3546]: Failed password for invalid user root from 122.117.80.89 port 48810 ssh2
Jan 21 19:49:46 host sshd[3897]: Connection reset by 59.126.108.104 port 51888 [preauth]
Jan 21 19:49:59 host sshd[3926]: Invalid user Admin from 211.216.68.180 port 61078
Jan 21 19:49:59 host sshd[3926]: input_userauth_request: invalid user Admin [preauth]
Jan 21 19:49:59 host sshd[3926]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:49:59 host sshd[3926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.216.68.180
Jan 21 19:50:01 host sshd[3926]: Failed password for invalid user Admin from 211.216.68.180 port 61078 ssh2
Jan 21 19:50:01 host sshd[3926]: Connection reset by 211.216.68.180 port 61078 [preauth]
Jan 21 19:51:01 host sshd[4084]: Invalid user admin from 118.41.26.226 port 62970
Jan 21 19:51:01 host sshd[4084]: input_userauth_request: invalid user admin [preauth]
Jan 21 19:51:01 host sshd[4084]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:51:01 host sshd[4084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.41.26.226
Jan 21 19:51:02 host sshd[4084]: Failed password for invalid user admin from 118.41.26.226 port 62970 ssh2
Jan 21 19:51:04 host sshd[4084]: Failed password for invalid user admin from 118.41.26.226 port 62970 ssh2
Jan 21 19:51:04 host sshd[4084]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:51:07 host sshd[4084]: Failed password for invalid user admin from 118.41.26.226 port 62970 ssh2
Jan 21 19:51:08 host sshd[4084]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:51:09 host sshd[4084]: Failed password for invalid user admin from 118.41.26.226 port 62970 ssh2
Jan 21 19:51:10 host sshd[4084]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:51:12 host sshd[4084]: Failed password for invalid user admin from 118.41.26.226 port 62970 ssh2
Jan 21 19:52:13 host sshd[4297]: Invalid user ray from 107.189.30.59 port 38608
Jan 21 19:52:13 host sshd[4297]: input_userauth_request: invalid user ray [preauth]
Jan 21 19:52:13 host sshd[4297]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 19:52:13 host sshd[4297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 21 19:52:16 host sshd[4297]: Failed password for invalid user ray from 107.189.30.59 port 38608 ssh2
Jan 21 19:52:16 host sshd[4297]: Connection closed by 107.189.30.59 port 38608 [preauth]
Jan 21 19:59:56 host sshd[5499]: User root from 59.127.88.52 not allowed because not listed in AllowUsers
Jan 21 19:59:56 host sshd[5499]: input_userauth_request: invalid user root [preauth]
Jan 21 19:59:57 host unix_chkpwd[5504]: password check failed for user (root)
Jan 21 19:59:57 host sshd[5499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.88.52 user=root
Jan 21 19:59:57 host sshd[5499]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 19:59:58 host sshd[5499]: Failed password for invalid user root from 59.127.88.52 port 52157 ssh2
Jan 21 19:59:59 host unix_chkpwd[5507]: password check failed for user (root)
Jan 21 19:59:59 host sshd[5499]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 20:00:02 host sshd[5499]: Failed password for invalid user root from 59.127.88.52 port 52157 ssh2
Jan 21 20:00:02 host sshd[5499]: Connection reset by 59.127.88.52 port 52157 [preauth]
Jan 21 20:00:02 host sshd[5499]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.88.52 user=root
Jan 21 20:04:50 host sshd[6162]: User root from 183.103.215.209 not allowed because not listed in AllowUsers
Jan 21 20:04:50 host sshd[6162]: input_userauth_request: invalid user root [preauth]
Jan 21 20:04:50 host unix_chkpwd[6166]: password check failed for user (root)
Jan 21 20:04:50 host sshd[6162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.103.215.209 user=root
Jan 21 20:04:50 host sshd[6162]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 20:04:52 host sshd[6162]: Failed password for invalid user root from 183.103.215.209 port 60512 ssh2
Jan 21 20:04:52 host unix_chkpwd[6171]: password check failed for user (root)
Jan 21 20:04:52 host sshd[6162]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 20:04:54 host sshd[6162]: Failed password for invalid user root from 183.103.215.209 port 60512 ssh2
Jan 21 20:05:25 host sshd[6245]: User ftp from 79.25.182.73 not allowed because not listed in AllowUsers
Jan 21 20:05:25 host sshd[6245]: input_userauth_request: invalid user ftp [preauth]
Jan 21 20:05:25 host unix_chkpwd[6251]: password check failed for user (ftp)
Jan 21 20:05:25 host sshd[6245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.25.182.73 user=ftp
Jan 21 20:05:25 host sshd[6245]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 21 20:05:27 host sshd[6245]: Failed password for invalid user ftp from 79.25.182.73 port 56346 ssh2
Jan 21 20:05:27 host unix_chkpwd[6256]: password check failed for user (ftp)
Jan 21 20:05:27 host sshd[6245]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 21 20:05:29 host sshd[6245]: Failed password for invalid user ftp from 79.25.182.73 port 56346 ssh2
Jan 21 20:05:30 host unix_chkpwd[6283]: password check failed for user (ftp)
Jan 21 20:05:30 host sshd[6245]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 21 20:05:32 host sshd[6245]: Failed password for invalid user ftp from 79.25.182.73 port 56346 ssh2
Jan 21 20:05:32 host sshd[6245]: Failed password for invalid user ftp from 79.25.182.73 port 56346 ssh2
Jan 21 20:05:33 host unix_chkpwd[6287]: password check failed for user (ftp)
Jan 21 20:05:33 host sshd[6245]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 21 20:05:35 host sshd[6245]: Failed password for invalid user ftp from 79.25.182.73 port 56346 ssh2
Jan 21 20:06:05 host sshd[6487]: Invalid user ubnt from 5.181.80.142 port 54174
Jan 21 20:06:05 host sshd[6487]: input_userauth_request: invalid user ubnt [preauth]
Jan 21 20:06:05 host sshd[6487]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 20:06:05 host sshd[6487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.181.80.142
Jan 21 20:06:07 host sshd[6487]: Failed password for invalid user ubnt from 5.181.80.142 port 54174 ssh2
Jan 21 20:06:07 host sshd[6487]: Received disconnect from 5.181.80.142 port 54174:11: Bye Bye [preauth]
Jan 21 20:06:07 host sshd[6487]: Disconnected from 5.181.80.142 port 54174 [preauth]
Jan 21 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwkapin user-2=woodpeck user-3=wwwkmaorg user-4=disposeat user-5=remysagr user-6=pmcresources user-7=shalinijames user-8=wwwtestugo user-9=vfmassets user-10=wwwletsstalkfood user-11=straightcurve user-12=wwwevmhonda user-13=bonifacegroup user-14=wwwnexidigital user-15=mrsclean user-16=kottayamcalldriv user-17=phmetals user-18=palco123 user-19=gifterman user-20=cochintaxi user-21=wwwkaretakers user-22=laundryboniface user-23=a2zgroup user-24=dartsimp user-25=wwwpmcresource user-26=ugotscom user-27=wwwresourcehunte user-28=keralaholi user-29=wwwrmswll user-30=travelboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 20:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-5meeGPTc7wHtR7DG.~
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-5meeGPTc7wHtR7DG.~'
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-5meeGPTc7wHtR7DG.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 20:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 20:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 20:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 20:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 20:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 20:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 20:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 20:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 20:22:23 host sshd[9045]: Invalid user ho from 194.110.203.109 port 53448
Jan 21 20:22:23 host sshd[9045]: input_userauth_request: invalid user ho [preauth]
Jan 21 20:22:23 host sshd[9045]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 20:22:23 host sshd[9045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 20:22:25 host sshd[9045]: Failed password for invalid user ho from 194.110.203.109 port 53448 ssh2
Jan 21 20:22:28 host sshd[9045]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 20:22:30 host sshd[9045]: Failed password for invalid user ho from 194.110.203.109 port 53448 ssh2
Jan 21 20:22:33 host sshd[9045]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 20:22:35 host sshd[9045]: Failed password for invalid user ho from 194.110.203.109 port 53448 ssh2
Jan 21 20:22:38 host sshd[9045]: Connection closed by 194.110.203.109 port 53448 [preauth]
Jan 21 20:22:38 host sshd[9045]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 20:31:27 host sshd[10341]: Connection reset by 210.242.252.24 port 54102 [preauth]
Jan 21 20:37:35 host sshd[11169]: User root from 59.6.245.86 not allowed because not listed in AllowUsers
Jan 21 20:37:35 host sshd[11169]: input_userauth_request: invalid user root [preauth]
Jan 21 20:37:35 host unix_chkpwd[11174]: password check failed for user (root)
Jan 21 20:37:35 host sshd[11169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.6.245.86 user=root
Jan 21 20:37:35 host sshd[11169]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 20:37:37 host sshd[11169]: Failed password for invalid user root from 59.6.245.86 port 63731 ssh2
Jan 21 20:37:38 host unix_chkpwd[11178]: password check failed for user (root)
Jan 21 20:37:38 host sshd[11169]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 20:37:40 host sshd[11169]: Failed password for invalid user root from 59.6.245.86 port 63731 ssh2
Jan 21 20:37:41 host unix_chkpwd[11183]: password check failed for user (root)
Jan 21 20:37:41 host sshd[11169]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 20:37:43 host sshd[11169]: Failed password for invalid user root from 59.6.245.86 port 63731 ssh2
Jan 21 20:55:34 host sshd[13653]: Invalid user usr from 122.116.194.28 port 48638
Jan 21 20:55:34 host sshd[13653]: input_userauth_request: invalid user usr [preauth]
Jan 21 20:55:34 host sshd[13653]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 20:55:34 host sshd[13653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.194.28
Jan 21 20:55:36 host sshd[13653]: Failed password for invalid user usr from 122.116.194.28 port 48638 ssh2
Jan 21 20:55:36 host sshd[13653]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 20:55:39 host sshd[13653]: Failed password for invalid user usr from 122.116.194.28 port 48638 ssh2
Jan 21 20:55:39 host sshd[13653]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 20:55:41 host sshd[13653]: Failed password for invalid user usr from 122.116.194.28 port 48638 ssh2
Jan 21 20:55:42 host sshd[13653]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 20:55:44 host sshd[13653]: Failed password for invalid user usr from 122.116.194.28 port 48638 ssh2
Jan 21 20:55:45 host sshd[13653]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 20:55:46 host sshd[13653]: Failed password for invalid user usr from 122.116.194.28 port 48638 ssh2
Jan 21 20:55:47 host sshd[13653]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 20:55:49 host sshd[13653]: Failed password for invalid user usr from 122.116.194.28 port 48638 ssh2
Jan 21 20:55:49 host sshd[13653]: error: maximum authentication attempts exceeded for invalid user usr from 122.116.194.28 port 48638 ssh2 [preauth]
Jan 21 20:55:49 host sshd[13653]: Disconnecting: Too many authentication failures [preauth]
Jan 21 20:55:49 host sshd[13653]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.194.28
Jan 21 20:55:49 host sshd[13653]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 21 20:57:07 host sshd[13857]: Invalid user wangbuyiyi from 106.10.122.53 port 59088
Jan 21 20:57:07 host sshd[13857]: input_userauth_request: invalid user wangbuyiyi [preauth]
Jan 21 20:57:07 host sshd[13857]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 20:57:07 host sshd[13857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 21 20:57:09 host sshd[13857]: Failed password for invalid user wangbuyiyi from 106.10.122.53 port 59088 ssh2
Jan 21 20:57:10 host sshd[13857]: Connection closed by 106.10.122.53 port 59088 [preauth]
Jan 21 20:57:57 host sshd[13940]: Connection closed by 34.224.33.91 port 42998 [preauth]
Jan 21 21:10:26 host sshd[15553]: Invalid user test from 31.41.244.124 port 30529
Jan 21 21:10:26 host sshd[15553]: input_userauth_request: invalid user test [preauth]
Jan 21 21:10:26 host sshd[15553]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 21:10:26 host sshd[15553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124
Jan 21 21:10:27 host sshd[15553]: Failed password for invalid user test from 31.41.244.124 port 30529 ssh2
Jan 21 21:10:28 host sshd[15553]: Received disconnect from 31.41.244.124 port 30529:11: Client disconnecting normally [preauth]
Jan 21 21:10:28 host sshd[15553]: Disconnected from 31.41.244.124 port 30529 [preauth]
Jan 21 21:13:24 host sshd[15997]: Invalid user cer1 from 102.68.141.170 port 57992
Jan 21 21:13:24 host sshd[15997]: input_userauth_request: invalid user cer1 [preauth]
Jan 21 21:13:25 host sshd[15997]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 21:13:25 host sshd[15997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.141.170
Jan 21 21:13:26 host sshd[15997]: Failed password for invalid user cer1 from 102.68.141.170 port 57992 ssh2
Jan 21 21:13:27 host sshd[15997]: Connection closed by 102.68.141.170 port 57992 [preauth]
Jan 21 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=a2zgroup user-2=dartsimp user-3=laundryboniface user-4=wwwkaretakers user-5=cochintaxi user-6=travelboniface user-7=keralaholi user-8=wwwresourcehunte user-9=wwwrmswll user-10=ugotscom user-11=wwwpmcresource user-12=vfmassets user-13=shalinijames user-14=wwwtestugo user-15=pmcresources user-16=disposeat user-17=wwwkmaorg user-18=remysagr user-19=woodpeck user-20=wwwkapin user-21=palco123 user-22=gifterman user-23=phmetals user-24=kottayamcalldriv user-25=mrsclean user-26=wwwnexidigital user-27=bonifacegroup user-28=wwwevmhonda user-29=wwwletsstalkfood user-30=straightcurve feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 21:21:22 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-NqCQLEdg4DgyhtQG.~
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-NqCQLEdg4DgyhtQG.~'
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-NqCQLEdg4DgyhtQG.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 21:21:23 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 21:21:23 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 21:21:23 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 21:21:23 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:23 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:24 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 21:21:24 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:24 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:24 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 21:21:24 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:24 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:24 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 21:21:24 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:24 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:21:24 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 21:21:24 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 21:21:25 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 21:28:26 host sshd[18136]: User root from 165.22.190.158 not allowed because not listed in AllowUsers
Jan 21 21:28:26 host sshd[18136]: input_userauth_request: invalid user root [preauth]
Jan 21 21:28:26 host unix_chkpwd[18140]: password check failed for user (root)
Jan 21 21:28:26 host sshd[18136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.190.158 user=root
Jan 21 21:28:26 host sshd[18136]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 21:28:28 host sshd[18136]: Failed password for invalid user root from 165.22.190.158 port 50376 ssh2
Jan 21 21:28:29 host sshd[18136]: Connection closed by 165.22.190.158 port 50376 [preauth]
Jan 21 21:29:10 host sshd[18230]: Did not receive identification string from 101.206.243.239 port 45706
Jan 21 21:29:12 host sshd[18231]: User root from 101.206.243.239 not allowed because not listed in AllowUsers
Jan 21 21:29:12 host sshd[18231]: input_userauth_request: invalid user root [preauth]
Jan 21 21:29:12 host sshd[18234]: User root from 101.206.243.239 not allowed because not listed in AllowUsers
Jan 21 21:29:12 host sshd[18234]: input_userauth_request: invalid user root [preauth]
Jan 21 21:29:12 host sshd[18236]: User root from 101.206.243.239 not allowed because not listed in AllowUsers
Jan 21 21:29:12 host sshd[18236]: input_userauth_request: invalid user root [preauth]
Jan 21 21:29:12 host sshd[18232]: Invalid user admin from 101.206.243.239 port 45888
Jan 21 21:29:12 host sshd[18232]: input_userauth_request: invalid user admin [preauth]
Jan 21 21:29:12 host sshd[18237]: User root from 101.206.243.239 not allowed because not listed in AllowUsers
Jan 21 21:29:12 host sshd[18237]: input_userauth_request: invalid user root [preauth]
Jan 21 21:29:12 host sshd[18241]: Invalid user pi from 101.206.243.239 port 45912
Jan 21 21:29:12 host sshd[18241]: input_userauth_request: invalid user pi [preauth]
Jan 21 21:29:12 host sshd[18238]: User root from 101.206.243.239 not allowed because not listed in AllowUsers
Jan 21 21:29:12 host sshd[18238]: input_userauth_request: invalid user root [preauth]
Jan 21 21:29:12 host sshd[18245]: User root from 101.206.243.239 not allowed because not listed in AllowUsers
Jan 21 21:29:12 host sshd[18245]: input_userauth_request: invalid user root [preauth]
Jan 21 21:29:12 host sshd[18244]: User root from 101.206.243.239 not allowed because not listed in AllowUsers
Jan 21 21:29:12 host sshd[18244]: input_userauth_request: invalid user root [preauth]
Jan 21 21:29:12 host unix_chkpwd[18261]: password check failed for user (root)
Jan 21 21:29:12 host sshd[18231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.206.243.239 user=root
Jan 21 21:29:12 host sshd[18231]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 21:29:12 host unix_chkpwd[18263]: password check failed for user (root)
Jan 21 21:29:12 host unix_chkpwd[18262]: password check failed for user (root)
Jan 21 21:29:12 host sshd[18236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.206.243.239 user=root
Jan 21 21:29:12 host sshd[18236]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 21:29:12 host sshd[18234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.206.243.239 user=root
Jan 21 21:29:12 host sshd[18234]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 21:29:12 host sshd[18241]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 21:29:12 host sshd[18241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.206.243.239
Jan 21 21:29:12 host unix_chkpwd[18268]: password check failed for user (root)
Jan 21 21:29:12 host sshd[18238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.206.243.239 user=root
Jan 21 21:29:12 host sshd[18238]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 21:29:12 host unix_chkpwd[18269]: password check failed for user (root)
Jan 21 21:29:12 host sshd[18244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.206.243.239 user=root
Jan 21 21:29:12 host sshd[18244]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 21:29:12 host unix_chkpwd[18270]: password check failed for user (root)
Jan 21 21:29:12 host sshd[18245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.206.243.239 user=root
Jan 21 21:29:12 host sshd[18245]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 21:29:13 host sshd[18254]: Invalid user user from 101.206.243.239 port 45786
Jan 21 21:29:13 host sshd[18254]: input_userauth_request: invalid user user [preauth]
Jan 21 21:29:13 host sshd[18239]: Invalid user admin from 101.206.243.239 port 45994
Jan 21 21:29:13 host sshd[18239]: input_userauth_request: invalid user admin [preauth]
Jan 21 21:29:13 host sshd[18256]: Invalid user guest from 101.206.243.239 port 45988
Jan 21 21:29:13 host sshd[18256]: input_userauth_request: invalid user guest [preauth]
Jan 21 21:29:13 host sshd[18257]: Invalid user admin from 101.206.243.239 port 45744
Jan 21 21:29:13 host sshd[18257]: input_userauth_request: invalid user admin [preauth]
Jan 21 21:29:13 host sshd[18232]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 21:29:13 host sshd[18232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.206.243.239
Jan 21 21:29:13 host unix_chkpwd[18292]: password check failed for user (root)
Jan 21 21:29:13 host sshd[18237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.206.243.239 user=root
Jan 21 21:29:13 host sshd[18237]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 21:29:14 host sshd[18231]: Failed password for invalid user root from 101.206.243.239 port 46076 ssh2
Jan 21 21:29:14 host sshd[18236]: Failed password for invalid user root from 101.206.243.239 port 45958 ssh2
Jan 21 21:29:14 host sshd[18234]: Failed password for invalid user root from 101.206.243.239 port 45720 ssh2
Jan 21 21:29:14 host sshd[18241]: Failed password for invalid user pi from 101.206.243.239 port 45912 ssh2
Jan 21 21:29:15 host sshd[18238]: Failed password for invalid user root from 101.206.243.239 port 45820 ssh2
Jan 21 21:29:15 host sshd[18244]: Failed password for invalid user root from 101.206.243.239 port 45832 ssh2
Jan 21 21:29:15 host sshd[18245]: Failed password for invalid user root from 101.206.243.239 port 45894 ssh2
Jan 21 21:29:15 host sshd[18232]: Failed password for invalid user admin from 101.206.243.239 port 45888 ssh2
Jan 21 21:29:15 host sshd[18237]: Failed password for invalid user root from 101.206.243.239 port 46042 ssh2
Jan 21 21:32:46 host sshd[18782]: invalid public DH value: >= p-1 [preauth]
Jan 21 21:32:46 host sshd[18782]: ssh_dispatch_run_fatal: Connection from 69.176.58.253 port 58407: incomplete message [preauth]
Jan 21 21:33:19 host sshd[18838]: Did not receive identification string from 69.176.58.253 port 58400
Jan 21 21:36:11 host sshd[19266]: Invalid user support from 222.114.116.228 port 60214
Jan 21 21:36:11 host sshd[19266]: input_userauth_request: invalid user support [preauth]
Jan 21 21:36:11 host sshd[19266]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 21:36:11 host sshd[19266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.114.116.228
Jan 21 21:36:13 host sshd[19266]: Failed password for invalid user support from 222.114.116.228 port 60214 ssh2
Jan 21 21:36:13 host sshd[19266]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 21:36:15 host sshd[19266]: Failed password for invalid user support from 222.114.116.228 port 60214 ssh2
Jan 21 21:36:16 host sshd[19266]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 21:36:18 host sshd[19266]: Failed password for invalid user support from 222.114.116.228 port 60214 ssh2
Jan 21 21:36:18 host sshd[19266]: Failed password for invalid user support from 222.114.116.228 port 60214 ssh2
Jan 21 21:36:19 host sshd[19266]: Connection reset by 222.114.116.228 port 60214 [preauth]
Jan 21 21:36:19 host sshd[19266]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.114.116.228
Jan 21 21:59:12 host sshd[22181]: User root from 59.92.106.29 not allowed because not listed in AllowUsers
Jan 21 21:59:12 host sshd[22181]: input_userauth_request: invalid user root [preauth]
Jan 21 21:59:12 host unix_chkpwd[22184]: password check failed for user (root)
Jan 21 21:59:12 host sshd[22181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.92.106.29 user=root
Jan 21 21:59:12 host sshd[22181]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 21:59:14 host sshd[22181]: Failed password for invalid user root from 59.92.106.29 port 48220 ssh2
Jan 21 21:59:14 host unix_chkpwd[22186]: password check failed for user (root)
Jan 21 21:59:14 host sshd[22181]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 21:59:16 host sshd[22181]: Failed password for invalid user root from 59.92.106.29 port 48220 ssh2
Jan 21 21:59:16 host unix_chkpwd[22190]: password check failed for user (root)
Jan 21 21:59:16 host sshd[22181]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 21:59:18 host sshd[22181]: Failed password for invalid user root from 59.92.106.29 port 48220 ssh2
Jan 21 21:59:18 host unix_chkpwd[22199]: password check failed for user (root)
Jan 21 21:59:18 host sshd[22181]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 21:59:20 host sshd[22181]: Failed password for invalid user root from 59.92.106.29 port 48220 ssh2
Jan 21 22:06:33 host sshd[23455]: Invalid user hp from 194.110.203.109 port 47848
Jan 21 22:06:33 host sshd[23455]: input_userauth_request: invalid user hp [preauth]
Jan 21 22:06:33 host sshd[23455]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:06:33 host sshd[23455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 22:06:35 host sshd[23455]: Failed password for invalid user hp from 194.110.203.109 port 47848 ssh2
Jan 21 22:06:38 host sshd[23455]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:06:41 host sshd[23455]: Failed password for invalid user hp from 194.110.203.109 port 47848 ssh2
Jan 21 22:06:44 host sshd[23455]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:06:45 host sshd[23455]: Failed password for invalid user hp from 194.110.203.109 port 47848 ssh2
Jan 21 22:06:49 host sshd[23455]: Connection closed by 194.110.203.109 port 47848 [preauth]
Jan 21 22:06:49 host sshd[23455]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 22:13:05 host sshd[24543]: Invalid user polycom from 106.10.122.53 port 58126
Jan 21 22:13:05 host sshd[24543]: input_userauth_request: invalid user polycom [preauth]
Jan 21 22:13:05 host sshd[24543]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:13:05 host sshd[24543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 21 22:13:07 host sshd[24543]: Failed password for invalid user polycom from 106.10.122.53 port 58126 ssh2
Jan 21 22:13:07 host sshd[24543]: Connection closed by 106.10.122.53 port 58126 [preauth]
Jan 21 22:17:29 host sshd[25191]: Invalid user pi from 14.7.132.246 port 62574
Jan 21 22:17:29 host sshd[25191]: input_userauth_request: invalid user pi [preauth]
Jan 21 22:17:29 host sshd[25191]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:17:29 host sshd[25191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.7.132.246
Jan 21 22:17:31 host sshd[25191]: Failed password for invalid user pi from 14.7.132.246 port 62574 ssh2
Jan 21 22:17:32 host sshd[25191]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:17:34 host sshd[25191]: Failed password for invalid user pi from 14.7.132.246 port 62574 ssh2
Jan 21 22:17:34 host sshd[25191]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:17:36 host sshd[25191]: Failed password for invalid user pi from 14.7.132.246 port 62574 ssh2
Jan 21 22:17:37 host sshd[25191]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:17:39 host sshd[25191]: Failed password for invalid user pi from 14.7.132.246 port 62574 ssh2
Jan 21 22:17:39 host sshd[25191]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:17:41 host sshd[25191]: Failed password for invalid user pi from 14.7.132.246 port 62574 ssh2
Jan 21 22:17:44 host sshd[25191]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:17:45 host sshd[25191]: Failed password for invalid user pi from 14.7.132.246 port 62574 ssh2
Jan 21 22:17:45 host sshd[25191]: error: maximum authentication attempts exceeded for invalid user pi from 14.7.132.246 port 62574 ssh2 [preauth]
Jan 21 22:17:45 host sshd[25191]: Disconnecting: Too many authentication failures [preauth]
Jan 21 22:17:45 host sshd[25191]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.7.132.246
Jan 21 22:17:45 host sshd[25191]: PAM service(sshd) ignoring max retries; 6 > 3
Jan 21 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 22:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=laundryboniface user-2=dartsimp user-3=a2zgroup user-4=wwwkaretakers user-5=cochintaxi user-6=ugotscom user-7=wwwrmswll user-8=wwwresourcehunte user-9=keralaholi user-10=travelboniface user-11=wwwpmcresource user-12=pmcresources user-13=wwwtestugo user-14=shalinijames user-15=vfmassets user-16=woodpeck user-17=wwwkapin user-18=disposeat user-19=wwwkmaorg user-20=remysagr user-21=mrsclean user-22=wwwnexidigital user-23=kottayamcalldriv user-24=phmetals user-25=gifterman user-26=palco123 user-27=wwwletsstalkfood user-28=straightcurve user-29=wwwevmhonda user-30=bonifacegroup feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 22:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-OykIuDTx7PiTAoM4.~
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-OykIuDTx7PiTAoM4.~'
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-OykIuDTx7PiTAoM4.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 22:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 22:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 22:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 22:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 22:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 22:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 22:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 22:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 22:24:20 host sshd[26387]: User root from 201.33.192.17 not allowed because not listed in AllowUsers
Jan 21 22:24:20 host sshd[26387]: input_userauth_request: invalid user root [preauth]
Jan 21 22:24:20 host unix_chkpwd[26394]: password check failed for user (root)
Jan 21 22:24:20 host sshd[26387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.33.192.17 user=root
Jan 21 22:24:20 host sshd[26387]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 22:24:22 host sshd[26387]: Failed password for invalid user root from 201.33.192.17 port 45346 ssh2
Jan 21 22:24:22 host sshd[26387]: Received disconnect from 201.33.192.17 port 45346:11: Bye Bye [preauth]
Jan 21 22:24:22 host sshd[26387]: Disconnected from 201.33.192.17 port 45346 [preauth]
Jan 21 22:24:25 host sshd[26398]: User root from 201.33.192.17 not allowed because not listed in AllowUsers
Jan 21 22:24:25 host sshd[26398]: input_userauth_request: invalid user root [preauth]
Jan 21 22:24:25 host unix_chkpwd[26403]: password check failed for user (root)
Jan 21 22:24:25 host sshd[26398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.33.192.17 user=root
Jan 21 22:24:25 host sshd[26398]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 22:24:27 host sshd[26398]: Failed password for invalid user root from 201.33.192.17 port 45564 ssh2
Jan 21 22:24:27 host sshd[26398]: Received disconnect from 201.33.192.17 port 45564:11: Bye Bye [preauth]
Jan 21 22:24:27 host sshd[26398]: Disconnected from 201.33.192.17 port 45564 [preauth]
Jan 21 22:24:29 host sshd[26408]: Invalid user ubnt from 201.33.192.17 port 45776
Jan 21 22:24:29 host sshd[26408]: input_userauth_request: invalid user ubnt [preauth]
Jan 21 22:24:29 host sshd[26408]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:24:29 host sshd[26408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.33.192.17
Jan 21 22:24:31 host sshd[26408]: Failed password for invalid user ubnt from 201.33.192.17 port 45776 ssh2
Jan 21 22:26:08 host sshd[26796]: invalid public DH value: >= p-1 [preauth]
Jan 21 22:26:08 host sshd[26796]: ssh_dispatch_run_fatal: Connection from 115.37.136.219 port 60566: incomplete message [preauth]
Jan 21 22:40:29 host sshd[28664]: Invalid user ubnt from 59.24.233.251 port 49370
Jan 21 22:40:29 host sshd[28664]: input_userauth_request: invalid user ubnt [preauth]
Jan 21 22:40:29 host sshd[28664]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:40:29 host sshd[28664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.24.233.251
Jan 21 22:40:32 host sshd[28664]: Failed password for invalid user ubnt from 59.24.233.251 port 49370 ssh2
Jan 21 22:40:32 host sshd[28664]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:40:34 host sshd[28664]: Failed password for invalid user ubnt from 59.24.233.251 port 49370 ssh2
Jan 21 22:40:36 host sshd[28664]: Failed password for invalid user ubnt from 59.24.233.251 port 49370 ssh2
Jan 21 22:40:36 host sshd[28664]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:40:38 host sshd[28664]: Failed password for invalid user ubnt from 59.24.233.251 port 49370 ssh2
Jan 21 22:40:39 host sshd[28664]: Connection reset by 59.24.233.251 port 49370 [preauth]
Jan 21 22:40:39 host sshd[28664]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.24.233.251
Jan 21 22:48:27 host sshd[29634]: Invalid user admin from 183.100.69.205 port 40834
Jan 21 22:48:27 host sshd[29634]: input_userauth_request: invalid user admin [preauth]
Jan 21 22:48:27 host sshd[29634]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:48:27 host sshd[29634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.100.69.205
Jan 21 22:48:29 host sshd[29634]: Failed password for invalid user admin from 183.100.69.205 port 40834 ssh2
Jan 21 22:48:29 host sshd[29634]: Connection reset by 183.100.69.205 port 40834 [preauth]
Jan 21 22:48:56 host sshd[29687]: Invalid user ts from 209.141.55.27 port 34310
Jan 21 22:48:56 host sshd[29687]: input_userauth_request: invalid user ts [preauth]
Jan 21 22:48:56 host sshd[29687]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:48:56 host sshd[29687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.55.27
Jan 21 22:48:57 host sshd[29687]: Failed password for invalid user ts from 209.141.55.27 port 34310 ssh2
Jan 21 22:48:57 host sshd[29687]: Received disconnect from 209.141.55.27 port 34310:11: Normal Shutdown, Thank you for playing [preauth]
Jan 21 22:48:57 host sshd[29687]: Disconnected from 209.141.55.27 port 34310 [preauth]
Jan 21 22:49:24 host sshd[29736]: invalid public DH value: >= p-1 [preauth]
Jan 21 22:49:24 host sshd[29736]: ssh_dispatch_run_fatal: Connection from 122.116.44.235 port 54595: incomplete message [preauth]
Jan 21 22:51:45 host sshd[30135]: Did not receive identification string from 115.241.167.73 port 57372
Jan 21 22:51:46 host sshd[30137]: Invalid user teamspeak from 115.241.167.73 port 57440
Jan 21 22:51:46 host sshd[30137]: input_userauth_request: invalid user teamspeak [preauth]
Jan 21 22:51:46 host sshd[30136]: User root from 115.241.167.73 not allowed because not listed in AllowUsers
Jan 21 22:51:46 host sshd[30136]: input_userauth_request: invalid user root [preauth]
Jan 21 22:51:46 host sshd[30139]: Invalid user admin from 115.241.167.73 port 57636
Jan 21 22:51:46 host sshd[30139]: input_userauth_request: invalid user admin [preauth]
Jan 21 22:51:46 host sshd[30147]: Invalid user ubnt from 115.241.167.73 port 57612
Jan 21 22:51:46 host sshd[30147]: input_userauth_request: invalid user ubnt [preauth]
Jan 21 22:51:46 host sshd[30142]: User root from 115.241.167.73 not allowed because not listed in AllowUsers
Jan 21 22:51:46 host sshd[30142]: input_userauth_request: invalid user root [preauth]
Jan 21 22:51:46 host sshd[30144]: Invalid user admin from 115.241.167.73 port 57592
Jan 21 22:51:46 host sshd[30144]: input_userauth_request: invalid user admin [preauth]
Jan 21 22:51:46 host sshd[30138]: User root from 115.241.167.73 not allowed because not listed in AllowUsers
Jan 21 22:51:46 host sshd[30138]: input_userauth_request: invalid user root [preauth]
Jan 21 22:51:46 host sshd[30143]: Invalid user ftpuser from 115.241.167.73 port 57428
Jan 21 22:51:46 host sshd[30143]: input_userauth_request: invalid user ftpuser [preauth]
Jan 21 22:51:46 host sshd[30140]: Invalid user devops from 115.241.167.73 port 57530
Jan 21 22:51:46 host sshd[30140]: input_userauth_request: invalid user devops [preauth]
Jan 21 22:51:46 host sshd[30148]: Invalid user devops from 115.241.167.73 port 57616
Jan 21 22:51:46 host sshd[30148]: input_userauth_request: invalid user devops [preauth]
Jan 21 22:51:46 host sshd[30162]: User root from 115.241.167.73 not allowed because not listed in AllowUsers
Jan 21 22:51:46 host sshd[30162]: input_userauth_request: invalid user root [preauth]
Jan 21 22:51:46 host sshd[30145]: Invalid user halo from 115.241.167.73 port 57532
Jan 21 22:51:46 host sshd[30145]: input_userauth_request: invalid user halo [preauth]
Jan 21 22:51:46 host sshd[30156]: Invalid user ftpuser from 115.241.167.73 port 57674
Jan 21 22:51:46 host sshd[30156]: input_userauth_request: invalid user ftpuser [preauth]
Jan 21 22:51:46 host sshd[30146]: User root from 115.241.167.73 not allowed because not listed in AllowUsers
Jan 21 22:51:46 host sshd[30146]: input_userauth_request: invalid user root [preauth]
Jan 21 22:51:46 host sshd[30151]: Invalid user steam from 115.241.167.73 port 57478
Jan 21 22:51:46 host sshd[30150]: Invalid user oracle from 115.241.167.73 port 57578
Jan 21 22:51:46 host sshd[30151]: input_userauth_request: invalid user steam [preauth]
Jan 21 22:51:46 host sshd[30150]: input_userauth_request: invalid user oracle [preauth]
Jan 21 22:51:46 host sshd[30152]: Invalid user admin from 115.241.167.73 port 57442
Jan 21 22:51:46 host sshd[30152]: input_userauth_request: invalid user admin [preauth]
Jan 21 22:51:46 host sshd[30161]: Invalid user admin from 115.241.167.73 port 57650
Jan 21 22:51:46 host sshd[30161]: input_userauth_request: invalid user admin [preauth]
Jan 21 22:51:46 host sshd[30141]: Invalid user pi from 115.241.167.73 port 57566
Jan 21 22:51:46 host sshd[30158]: User root from 115.241.167.73 not allowed because not listed in AllowUsers
Jan 21 22:51:46 host sshd[30141]: input_userauth_request: invalid user pi [preauth]
Jan 21 22:51:46 host sshd[30158]: input_userauth_request: invalid user root [preauth]
Jan 21 22:51:46 host sshd[30154]: User root from 115.241.167.73 not allowed because not listed in AllowUsers
Jan 21 22:51:46 host sshd[30154]: input_userauth_request: invalid user root [preauth]
Jan 21 22:51:46 host sshd[30153]: Invalid user pi from 115.241.167.73 port 57464
Jan 21 22:51:46 host sshd[30137]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30153]: input_userauth_request: invalid user pi [preauth]
Jan 21 22:51:46 host sshd[30137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30149]: Invalid user vagrant from 115.241.167.73 port 57460
Jan 21 22:51:46 host sshd[30139]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30149]: input_userauth_request: invalid user vagrant [preauth]
Jan 21 22:51:46 host sshd[30165]: Invalid user ansadmin from 115.241.167.73 port 57570
Jan 21 22:51:46 host sshd[30157]: Invalid user vagrant from 115.241.167.73 port 57554
Jan 21 22:51:46 host sshd[30165]: input_userauth_request: invalid user ansadmin [preauth]
Jan 21 22:51:46 host sshd[30157]: input_userauth_request: invalid user vagrant [preauth]
Jan 21 22:51:46 host sshd[30155]: User root from 115.241.167.73 not allowed because not listed in AllowUsers
Jan 21 22:51:46 host sshd[30159]: Invalid user es from 115.241.167.73 port 57422
Jan 21 22:51:46 host sshd[30155]: input_userauth_request: invalid user root [preauth]
Jan 21 22:51:46 host sshd[30147]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30159]: input_userauth_request: invalid user es [preauth]
Jan 21 22:51:46 host unix_chkpwd[30193]: password check failed for user (root)
Jan 21 22:51:46 host sshd[30144]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73 user=root
Jan 21 22:51:46 host sshd[30136]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 22:51:46 host sshd[30166]: Invalid user pi from 115.241.167.73 port 57550
Jan 21 22:51:46 host sshd[30166]: input_userauth_request: invalid user pi [preauth]
Jan 21 22:51:46 host sshd[30143]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30140]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host unix_chkpwd[30194]: password check failed for user (root)
Jan 21 22:51:46 host sshd[30142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73 user=root
Jan 21 22:51:46 host sshd[30142]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 22:51:46 host sshd[30148]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host unix_chkpwd[30195]: password check failed for user (root)
Jan 21 22:51:46 host sshd[30138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73 user=root
Jan 21 22:51:46 host sshd[30138]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 22:51:46 host sshd[30145]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30156]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30150]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30151]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30152]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30161]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30141]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host unix_chkpwd[30196]: password check failed for user (root)
Jan 21 22:51:46 host sshd[30162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73 user=root
Jan 21 22:51:46 host sshd[30162]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 22:51:46 host unix_chkpwd[30197]: password check failed for user (root)
Jan 21 22:51:46 host sshd[30146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73 user=root
Jan 21 22:51:46 host sshd[30146]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 22:51:46 host sshd[30153]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30149]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host unix_chkpwd[30198]: password check failed for user (root)
Jan 21 22:51:46 host sshd[30158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73 user=root
Jan 21 22:51:46 host sshd[30158]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 22:51:46 host unix_chkpwd[30199]: password check failed for user (root)
Jan 21 22:51:46 host sshd[30165]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30157]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73 user=root
Jan 21 22:51:46 host sshd[30154]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 22:51:46 host sshd[30159]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host unix_chkpwd[30200]: password check failed for user (root)
Jan 21 22:51:46 host sshd[30155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73 user=root
Jan 21 22:51:46 host sshd[30155]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 22:51:46 host sshd[30166]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host sshd[30201]: Invalid user admin from 115.241.167.73 port 57600
Jan 21 22:51:46 host sshd[30201]: input_userauth_request: invalid user admin [preauth]
Jan 21 22:51:46 host sshd[30202]: User root from 115.241.167.73 not allowed because not listed in AllowUsers
Jan 21 22:51:46 host sshd[30202]: input_userauth_request: invalid user root [preauth]
Jan 21 22:51:46 host sshd[30203]: User root from 115.241.167.73 not allowed because not listed in AllowUsers
Jan 21 22:51:46 host sshd[30203]: input_userauth_request: invalid user root [preauth]
Jan 21 22:51:46 host sshd[30201]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 22:51:46 host sshd[30201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73
Jan 21 22:51:46 host unix_chkpwd[30208]: password check failed for user (root)
Jan 21 22:51:46 host sshd[30202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73 user=root
Jan 21 22:51:46 host sshd[30202]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 22:51:47 host unix_chkpwd[30209]: password check failed for user (root)
Jan 21 22:51:47 host sshd[30203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.241.167.73 user=root
Jan 21 22:51:47 host sshd[30203]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 22:51:48 host sshd[30137]: Failed password for invalid user teamspeak from 115.241.167.73 port 57440 ssh2
Jan 21 22:51:48 host sshd[30139]: Failed password for invalid user admin from 115.241.167.73 port 57636 ssh2
Jan 21 22:51:48 host sshd[30147]: Failed password for invalid user ubnt from 115.241.167.73 port 57612 ssh2
Jan 21 22:51:48 host sshd[30144]: Failed password for invalid user admin from 115.241.167.73 port 57592 ssh2
Jan 21 22:51:48 host sshd[30136]: Failed password for invalid user root from 115.241.167.73 port 57666 ssh2
Jan 21 22:51:48 host sshd[30143]: Failed password for invalid user ftpuser from 115.241.167.73 port 57428 ssh2
Jan 21 22:51:48 host sshd[30140]: Failed password for invalid user devops from 115.241.167.73 port 57530 ssh2
Jan 21 22:51:48 host sshd[30142]: Failed password for invalid user root from 115.241.167.73 port 57380 ssh2
Jan 21 22:51:48 host sshd[30148]: Failed password for invalid user devops from 115.241.167.73 port 57616 ssh2
Jan 21 22:51:48 host sshd[30138]: Failed password for invalid user root from 115.241.167.73 port 57542 ssh2
Jan 21 22:51:48 host sshd[30145]: Failed password for invalid user halo from 115.241.167.73 port 57532 ssh2
Jan 21 22:51:48 host sshd[30156]: Failed password for invalid user ftpuser from 115.241.167.73 port 57674 ssh2
Jan 21 22:51:48 host sshd[30150]: Failed password for invalid user oracle from 115.241.167.73 port 57578 ssh2
Jan 21 22:51:48 host sshd[30152]: Failed password for invalid user admin from 115.241.167.73 port 57442 ssh2
Jan 21 22:51:48 host sshd[30151]: Failed password for invalid user steam from 115.241.167.73 port 57478 ssh2
Jan 21 22:51:48 host sshd[30161]: Failed password for invalid user admin from 115.241.167.73 port 57650 ssh2
Jan 21 22:51:48 host sshd[30141]: Failed password for invalid user pi from 115.241.167.73 port 57566 ssh2
Jan 21 22:51:48 host sshd[30162]: Failed password for invalid user root from 115.241.167.73 port 57634 ssh2
Jan 21 22:51:48 host sshd[30146]: Failed password for invalid user root from 115.241.167.73 port 57610 ssh2
Jan 21 22:51:48 host sshd[30153]: Failed password for invalid user pi from 115.241.167.73 port 57464 ssh2
Jan 21 22:51:48 host sshd[30149]: Failed password for invalid user vagrant from 115.241.167.73 port 57460 ssh2
Jan 21 22:51:48 host sshd[30158]: Failed password for invalid user root from 115.241.167.73 port 57450 ssh2
Jan 21 22:51:48 host sshd[30137]: Connection closed by 115.241.167.73 port 57440 [preauth]
Jan 21 22:51:48 host sshd[30165]: Failed password for invalid user ansadmin from 115.241.167.73 port 57570 ssh2
Jan 21 22:51:48 host sshd[30157]: Failed password for invalid user vagrant from 115.241.167.73 port 57554 ssh2
Jan 21 22:51:48 host sshd[30139]: Connection closed by 115.241.167.73 port 57636 [preauth]
Jan 21 22:51:48 host sshd[30154]: Failed password for invalid user root from 115.241.167.73 port 57516 ssh2
Jan 21 22:51:48 host sshd[30147]: Connection closed by 115.241.167.73 port 57612 [preauth]
Jan 21 22:51:48 host sshd[30159]: Failed password for invalid user es from 115.241.167.73 port 57422 ssh2
Jan 21 22:51:48 host sshd[30136]: Connection closed by 115.241.167.73 port 57666 [preauth]
Jan 21 22:51:48 host sshd[30144]: Connection closed by 115.241.167.73 port 57592 [preauth]
Jan 21 22:51:48 host sshd[30155]: Failed password for invalid user root from 115.241.167.73 port 57502 ssh2
Jan 21 22:51:48 host sshd[30140]: Connection closed by 115.241.167.73 port 57530 [preauth]
Jan 21 22:51:48 host sshd[30166]: Failed password for invalid user pi from 115.241.167.73 port 57550 ssh2
Jan 21 22:51:48 host sshd[30143]: Connection closed by 115.241.167.73 port 57428 [preauth]
Jan 21 22:51:48 host sshd[30148]: Connection closed by 115.241.167.73 port 57616 [preauth]
Jan 21 22:51:48 host sshd[30142]: Connection closed by 115.241.167.73 port 57380 [preauth]
Jan 21 22:51:48 host sshd[30138]: Connection closed by 115.241.167.73 port 57542 [preauth]
Jan 21 22:51:48 host sshd[30145]: Connection closed by 115.241.167.73 port 57532 [preauth]
Jan 21 22:51:48 host sshd[30156]: Connection closed by 115.241.167.73 port 57674 [preauth]
Jan 21 22:51:48 host sshd[30152]: Connection closed by 115.241.167.73 port 57442 [preauth]
Jan 21 22:51:48 host sshd[30150]: Connection closed by 115.241.167.73 port 57578 [preauth]
Jan 21 22:51:48 host sshd[30161]: Connection closed by 115.241.167.73 port 57650 [preauth]
Jan 21 22:51:48 host sshd[30151]: Connection closed by 115.241.167.73 port 57478 [preauth]
Jan 21 22:51:48 host sshd[30162]: Connection closed by 115.241.167.73 port 57634 [preauth]
Jan 21 22:51:48 host sshd[30141]: Connection closed by 115.241.167.73 port 57566 [preauth]
Jan 21 22:51:48 host sshd[30146]: Connection closed by 115.241.167.73 port 57610 [preauth]
Jan 21 22:51:48 host sshd[30153]: Connection closed by 115.241.167.73 port 57464 [preauth]
Jan 21 22:51:48 host sshd[30158]: Connection closed by 115.241.167.73 port 57450 [preauth]
Jan 21 22:51:48 host sshd[30149]: Connection closed by 115.241.167.73 port 57460 [preauth]
Jan 21 22:51:48 host sshd[30154]: Connection closed by 115.241.167.73 port 57516 [preauth]
Jan 21 22:51:48 host sshd[30165]: Connection closed by 115.241.167.73 port 57570 [preauth]
Jan 21 22:51:48 host sshd[30157]: Connection closed by 115.241.167.73 port 57554 [preauth]
Jan 21 22:51:48 host sshd[30159]: Connection closed by 115.241.167.73 port 57422 [preauth]
Jan 21 22:51:48 host sshd[30155]: Connection closed by 115.241.167.73 port 57502 [preauth]
Jan 21 22:51:48 host sshd[30166]: Connection closed by 115.241.167.73 port 57550 [preauth]
Jan 21 22:51:49 host sshd[30201]: Failed password for invalid user admin from 115.241.167.73 port 57600 ssh2
Jan 21 22:51:49 host sshd[30202]: Failed password for invalid user root from 115.241.167.73 port 57392 ssh2
Jan 21 22:51:49 host sshd[30203]: Failed password for invalid user root from 115.241.167.73 port 57540 ssh2
Jan 21 22:51:49 host sshd[30201]: Connection closed by 115.241.167.73 port 57600 [preauth]
Jan 21 22:51:49 host sshd[30202]: Connection closed by 115.241.167.73 port 57392 [preauth]
Jan 21 22:51:49 host sshd[30203]: Connection closed by 115.241.167.73 port 57540 [preauth]
Jan 21 23:12:48 host sshd[378]: User tomcat from 62.233.50.248 not allowed because not listed in AllowUsers
Jan 21 23:12:48 host sshd[378]: input_userauth_request: invalid user tomcat [preauth]
Jan 21 23:12:48 host unix_chkpwd[381]: password check failed for user (tomcat)
Jan 21 23:12:48 host sshd[378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.233.50.248 user=tomcat
Jan 21 23:12:48 host sshd[378]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "tomcat"
Jan 21 23:12:49 host sshd[378]: Failed password for invalid user tomcat from 62.233.50.248 port 39453 ssh2
Jan 21 23:12:49 host sshd[378]: Received disconnect from 62.233.50.248 port 39453:11: Client disconnecting normally [preauth]
Jan 21 23:12:49 host sshd[378]: Disconnected from 62.233.50.248 port 39453 [preauth]
Jan 21 23:12:53 host sshd[355]: User ftp from 114.32.170.28 not allowed because not listed in AllowUsers
Jan 21 23:12:53 host sshd[355]: input_userauth_request: invalid user ftp [preauth]
Jan 21 23:12:53 host unix_chkpwd[391]: password check failed for user (ftp)
Jan 21 23:12:53 host sshd[355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.170.28 user=ftp
Jan 21 23:12:53 host sshd[355]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 21 23:12:55 host sshd[355]: Failed password for invalid user ftp from 114.32.170.28 port 54471 ssh2
Jan 21 23:12:56 host sshd[355]: Connection reset by 114.32.170.28 port 54471 [preauth]
Jan 21 23:19:30 host sshd[1268]: Did not receive identification string from 164.92.94.46 port 43412
Jan 21 23:19:32 host sshd[1269]: User root from 164.92.94.46 not allowed because not listed in AllowUsers
Jan 21 23:19:32 host sshd[1269]: input_userauth_request: invalid user root [preauth]
Jan 21 23:19:32 host sshd[1270]: Invalid user teamspeak from 164.92.94.46 port 43520
Jan 21 23:19:32 host sshd[1270]: input_userauth_request: invalid user teamspeak [preauth]
Jan 21 23:19:32 host sshd[1271]: Invalid user steam from 164.92.94.46 port 43420
Jan 21 23:19:32 host sshd[1271]: input_userauth_request: invalid user steam [preauth]
Jan 21 23:19:32 host sshd[1280]: Invalid user admin from 164.92.94.46 port 43454
Jan 21 23:19:32 host sshd[1277]: Invalid user ansadmin from 164.92.94.46 port 43496
Jan 21 23:19:32 host sshd[1280]: input_userauth_request: invalid user admin [preauth]
Jan 21 23:19:32 host sshd[1277]: input_userauth_request: invalid user ansadmin [preauth]
Jan 21 23:19:32 host sshd[1273]: Invalid user teamspeak from 164.92.94.46 port 43632
Jan 21 23:19:32 host sshd[1273]: input_userauth_request: invalid user teamspeak [preauth]
Jan 21 23:19:32 host sshd[1275]: User root from 164.92.94.46 not allowed because not listed in AllowUsers
Jan 21 23:19:32 host sshd[1275]: input_userauth_request: invalid user root [preauth]
Jan 21 23:19:32 host sshd[1278]: Invalid user admin from 164.92.94.46 port 43588
Jan 21 23:19:32 host sshd[1278]: input_userauth_request: invalid user admin [preauth]
Jan 21 23:19:32 host sshd[1281]: User root from 164.92.94.46 not allowed because not listed in AllowUsers
Jan 21 23:19:32 host sshd[1281]: input_userauth_request: invalid user root [preauth]
Jan 21 23:19:32 host sshd[1274]: Invalid user admin from 164.92.94.46 port 43736
Jan 21 23:19:32 host sshd[1274]: input_userauth_request: invalid user admin [preauth]
Jan 21 23:19:32 host sshd[1282]: User root from 164.92.94.46 not allowed because not listed in AllowUsers
Jan 21 23:19:32 host sshd[1282]: input_userauth_request: invalid user root [preauth]
Jan 21 23:19:32 host sshd[1285]: User root from 164.92.94.46 not allowed because not listed in AllowUsers
Jan 21 23:19:32 host sshd[1285]: input_userauth_request: invalid user root [preauth]
Jan 21 23:19:32 host sshd[1295]: User root from 164.92.94.46 not allowed because not listed in AllowUsers
Jan 21 23:19:32 host sshd[1295]: input_userauth_request: invalid user root [preauth]
Jan 21 23:19:32 host sshd[1289]: User root from 164.92.94.46 not allowed because not listed in AllowUsers
Jan 21 23:19:32 host sshd[1284]: Invalid user testuser from 164.92.94.46 port 43562
Jan 21 23:19:32 host sshd[1289]: input_userauth_request: invalid user root [preauth]
Jan 21 23:19:32 host sshd[1284]: input_userauth_request: invalid user testuser [preauth]
Jan 21 23:19:32 host sshd[1276]: Invalid user admin from 164.92.94.46 port 43560
Jan 21 23:19:32 host sshd[1276]: input_userauth_request: invalid user admin [preauth]
Jan 21 23:19:32 host sshd[1299]: Invalid user postgres from 164.92.94.46 port 43604
Jan 21 23:19:32 host sshd[1299]: input_userauth_request: invalid user postgres [preauth]
Jan 21 23:19:32 host sshd[1288]: Invalid user pi from 164.92.94.46 port 43482
Jan 21 23:19:32 host sshd[1288]: input_userauth_request: invalid user pi [preauth]
Jan 21 23:19:32 host sshd[1272]: Invalid user steam from 164.92.94.46 port 43616
Jan 21 23:19:32 host sshd[1272]: input_userauth_request: invalid user steam [preauth]
Jan 21 23:19:32 host sshd[1286]: Invalid user admin from 164.92.94.46 port 43444
Jan 21 23:19:32 host sshd[1286]: input_userauth_request: invalid user admin [preauth]
Jan 21 23:19:32 host sshd[1283]: Invalid user admin from 164.92.94.46 port 43614
Jan 21 23:19:32 host sshd[1283]: input_userauth_request: invalid user admin [preauth]
Jan 21 23:19:32 host sshd[1294]: Invalid user ansadmin from 164.92.94.46 port 43466
Jan 21 23:19:32 host sshd[1294]: input_userauth_request: invalid user ansadmin [preauth]
Jan 21 23:19:32 host sshd[1279]: User root from 164.92.94.46 not allowed because not listed in AllowUsers
Jan 21 23:19:32 host sshd[1279]: input_userauth_request: invalid user root [preauth]
Jan 21 23:19:32 host sshd[1290]: User root from 164.92.94.46 not allowed because not listed in AllowUsers
Jan 21 23:19:32 host sshd[1290]: input_userauth_request: invalid user root [preauth]
Jan 21 23:19:32 host sshd[1292]: User centos from 164.92.94.46 not allowed because not listed in AllowUsers
Jan 21 23:19:32 host sshd[1292]: input_userauth_request: invalid user centos [preauth]
Jan 21 23:19:32 host sshd[1287]: Invalid user ubnt from 164.92.94.46 port 43674
Jan 21 23:19:32 host sshd[1287]: input_userauth_request: invalid user ubnt [preauth]
Jan 21 23:19:32 host sshd[1296]: Invalid user user from 164.92.94.46 port 43696
Jan 21 23:19:32 host sshd[1296]: input_userauth_request: invalid user user [preauth]
Jan 21 23:19:32 host sshd[1293]: User root from 164.92.94.46 not allowed because not listed in AllowUsers
Jan 21 23:19:32 host sshd[1293]: input_userauth_request: invalid user root [preauth]
Jan 21 23:19:32 host sshd[1300]: User root from 164.92.94.46 not allowed because not listed in AllowUsers
Jan 21 23:19:32 host sshd[1300]: input_userauth_request: invalid user root [preauth]
Jan 21 23:19:32 host sshd[1306]: Invalid user admin from 164.92.94.46 port 43508
Jan 21 23:19:32 host sshd[1306]: input_userauth_request: invalid user admin [preauth]
Jan 21 23:19:32 host sshd[1307]: User root from 164.92.94.46 not allowed because not listed in AllowUsers
Jan 21 23:19:32 host sshd[1307]: input_userauth_request: invalid user root [preauth]
Jan 21 23:19:32 host sshd[1297]: Invalid user devops from 164.92.94.46 port 43734
Jan 21 23:19:32 host sshd[1297]: input_userauth_request: invalid user devops [preauth]
Jan 21 23:19:32 host sshd[1273]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1280]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1277]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1271]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1278]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1270]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1274]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1284]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1276]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host unix_chkpwd[1344]: password check failed for user (root)
Jan 21 23:19:32 host sshd[1299]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1272]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46 user=root
Jan 21 23:19:32 host sshd[1269]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 23:19:32 host sshd[1286]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1288]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1283]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1294]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host unix_chkpwd[1346]: password check failed for user (root)
Jan 21 23:19:32 host sshd[1281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46 user=root
Jan 21 23:19:32 host sshd[1281]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 23:19:32 host sshd[1287]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host unix_chkpwd[1345]: password check failed for user (root)
Jan 21 23:19:32 host unix_chkpwd[1350]: password check failed for user (root)
Jan 21 23:19:32 host sshd[1296]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46 user=root
Jan 21 23:19:32 host sshd[1275]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 23:19:32 host unix_chkpwd[1349]: password check failed for user (root)
Jan 21 23:19:32 host sshd[1295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46 user=root
Jan 21 23:19:32 host sshd[1289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46 user=root
Jan 21 23:19:32 host sshd[1295]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 23:19:32 host sshd[1289]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 23:19:32 host sshd[1306]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host sshd[1297]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:19:32 host sshd[1297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46
Jan 21 23:19:32 host unix_chkpwd[1347]: password check failed for user (root)
Jan 21 23:19:32 host sshd[1282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46 user=root
Jan 21 23:19:32 host sshd[1282]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 23:19:32 host unix_chkpwd[1351]: password check failed for user (root)
Jan 21 23:19:32 host unix_chkpwd[1356]: password check failed for user (root)
Jan 21 23:19:32 host unix_chkpwd[1352]: password check failed for user (centos)
Jan 21 23:19:32 host sshd[1307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46 user=root
Jan 21 23:19:32 host sshd[1307]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 23:19:32 host sshd[1292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46 user=centos
Jan 21 23:19:32 host sshd[1279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46 user=root
Jan 21 23:19:32 host sshd[1279]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 23:19:32 host unix_chkpwd[1355]: password check failed for user (root)
Jan 21 23:19:32 host sshd[1293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46 user=root
Jan 21 23:19:32 host sshd[1293]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 23:19:32 host unix_chkpwd[1353]: password check failed for user (root)
Jan 21 23:19:32 host unix_chkpwd[1348]: password check failed for user (root)
Jan 21 23:19:32 host sshd[1290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46 user=root
Jan 21 23:19:32 host sshd[1290]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 23:19:32 host sshd[1285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46 user=root
Jan 21 23:19:32 host sshd[1285]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 23:19:32 host unix_chkpwd[1354]: password check failed for user (root)
Jan 21 23:19:32 host sshd[1300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.94.46 user=root
Jan 21 23:19:32 host sshd[1300]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 23:19:34 host sshd[1273]: Failed password for invalid user teamspeak from 164.92.94.46 port 43632 ssh2
Jan 21 23:19:34 host sshd[1280]: Failed password for invalid user admin from 164.92.94.46 port 43454 ssh2
Jan 21 23:19:34 host sshd[1271]: Failed password for invalid user steam from 164.92.94.46 port 43420 ssh2
Jan 21 23:19:34 host sshd[1277]: Failed password for invalid user ansadmin from 164.92.94.46 port 43496 ssh2
Jan 21 23:19:34 host sshd[1278]: Failed password for invalid user admin from 164.92.94.46 port 43588 ssh2
Jan 21 23:19:34 host sshd[1270]: Failed password for invalid user teamspeak from 164.92.94.46 port 43520 ssh2
Jan 21 23:19:34 host sshd[1274]: Failed password for invalid user admin from 164.92.94.46 port 43736 ssh2
Jan 21 23:19:34 host sshd[1284]: Failed password for invalid user testuser from 164.92.94.46 port 43562 ssh2
Jan 21 23:19:34 host sshd[1276]: Failed password for invalid user admin from 164.92.94.46 port 43560 ssh2
Jan 21 23:19:34 host sshd[1299]: Failed password for invalid user postgres from 164.92.94.46 port 43604 ssh2
Jan 21 23:19:34 host sshd[1272]: Failed password for invalid user steam from 164.92.94.46 port 43616 ssh2
Jan 21 23:19:34 host sshd[1269]: Failed password for invalid user root from 164.92.94.46 port 43436 ssh2
Jan 21 23:19:34 host sshd[1286]: Failed password for invalid user admin from 164.92.94.46 port 43444 ssh2
Jan 21 23:19:34 host sshd[1288]: Failed password for invalid user pi from 164.92.94.46 port 43482 ssh2
Jan 21 23:19:34 host sshd[1283]: Failed password for invalid user admin from 164.92.94.46 port 43614 ssh2
Jan 21 23:19:34 host sshd[1294]: Failed password for invalid user ansadmin from 164.92.94.46 port 43466 ssh2
Jan 21 23:19:34 host sshd[1281]: Failed password for invalid user root from 164.92.94.46 port 43670 ssh2
Jan 21 23:19:34 host sshd[1287]: Failed password for invalid user ubnt from 164.92.94.46 port 43674 ssh2
Jan 21 23:19:34 host sshd[1296]: Failed password for invalid user user from 164.92.94.46 port 43696 ssh2
Jan 21 23:19:34 host sshd[1275]: Failed password for invalid user root from 164.92.94.46 port 43538 ssh2
Jan 21 23:19:34 host sshd[1295]: Failed password for invalid user root from 164.92.94.46 port 43540 ssh2
Jan 21 23:19:34 host sshd[1289]: Failed password for invalid user root from 164.92.94.46 port 43602 ssh2
Jan 21 23:19:34 host sshd[1306]: Failed password for invalid user admin from 164.92.94.46 port 43508 ssh2
Jan 21 23:19:34 host sshd[1297]: Failed password for invalid user devops from 164.92.94.46 port 43734 ssh2
Jan 21 23:19:34 host sshd[1282]: Failed password for invalid user root from 164.92.94.46 port 43702 ssh2
Jan 21 23:19:34 host sshd[1307]: Failed password for invalid user root from 164.92.94.46 port 43536 ssh2
Jan 21 23:19:34 host sshd[1292]: Failed password for invalid user centos from 164.92.94.46 port 43682 ssh2
Jan 21 23:19:34 host sshd[1279]: Failed password for invalid user root from 164.92.94.46 port 43598 ssh2
Jan 21 23:19:34 host sshd[1293]: Failed password for invalid user root from 164.92.94.46 port 43658 ssh2
Jan 21 23:19:34 host sshd[1290]: Failed password for invalid user root from 164.92.94.46 port 43648 ssh2
Jan 21 23:19:34 host sshd[1285]: Failed password for invalid user root from 164.92.94.46 port 43712 ssh2
Jan 21 23:19:34 host sshd[1300]: Failed password for invalid user root from 164.92.94.46 port 43576 ssh2
Jan 21 23:19:35 host sshd[1296]: Connection closed by 164.92.94.46 port 43696 [preauth]
Jan 21 23:19:35 host sshd[1269]: Connection closed by 164.92.94.46 port 43436 [preauth]
Jan 21 23:19:35 host sshd[1276]: Connection closed by 164.92.94.46 port 43560 [preauth]
Jan 21 23:19:35 host sshd[1272]: Connection closed by 164.92.94.46 port 43616 [preauth]
Jan 21 23:19:35 host sshd[1287]: Connection closed by 164.92.94.46 port 43674 [preauth]
Jan 21 23:19:35 host sshd[1295]: Connection closed by 164.92.94.46 port 43540 [preauth]
Jan 21 23:19:35 host sshd[1283]: Connection closed by 164.92.94.46 port 43614 [preauth]
Jan 21 23:19:35 host sshd[1306]: Connection closed by 164.92.94.46 port 43508 [preauth]
Jan 21 23:19:35 host sshd[1284]: Connection closed by 164.92.94.46 port 43562 [preauth]
Jan 21 23:19:35 host sshd[1288]: Connection closed by 164.92.94.46 port 43482 [preauth]
Jan 21 23:19:35 host sshd[1281]: Connection closed by 164.92.94.46 port 43670 [preauth]
Jan 21 23:19:35 host sshd[1286]: Connection closed by 164.92.94.46 port 43444 [preauth]
Jan 21 23:19:35 host sshd[1294]: Connection closed by 164.92.94.46 port 43466 [preauth]
Jan 21 23:19:35 host sshd[1299]: Connection closed by 164.92.94.46 port 43604 [preauth]
Jan 21 23:19:35 host sshd[1289]: Connection closed by 164.92.94.46 port 43602 [preauth]
Jan 21 23:19:35 host sshd[1297]: Connection closed by 164.92.94.46 port 43734 [preauth]
Jan 21 23:19:35 host sshd[1282]: Connection closed by 164.92.94.46 port 43702 [preauth]
Jan 21 23:19:35 host sshd[1307]: Connection closed by 164.92.94.46 port 43536 [preauth]
Jan 21 23:19:35 host sshd[1275]: Connection closed by 164.92.94.46 port 43538 [preauth]
Jan 21 23:19:35 host sshd[1279]: Connection closed by 164.92.94.46 port 43598 [preauth]
Jan 21 23:19:35 host sshd[1290]: Connection closed by 164.92.94.46 port 43648 [preauth]
Jan 21 23:19:35 host sshd[1285]: Connection closed by 164.92.94.46 port 43712 [preauth]
Jan 21 23:19:35 host sshd[1292]: Connection closed by 164.92.94.46 port 43682 [preauth]
Jan 21 23:19:35 host sshd[1293]: Connection closed by 164.92.94.46 port 43658 [preauth]
Jan 21 23:19:35 host sshd[1274]: Connection closed by 164.92.94.46 port 43736 [preauth]
Jan 21 23:19:35 host sshd[1278]: Connection closed by 164.92.94.46 port 43588 [preauth]
Jan 21 23:19:35 host sshd[1270]: Connection closed by 164.92.94.46 port 43520 [preauth]
Jan 21 23:19:35 host sshd[1271]: Connection closed by 164.92.94.46 port 43420 [preauth]
Jan 21 23:19:35 host sshd[1277]: Connection closed by 164.92.94.46 port 43496 [preauth]
Jan 21 23:19:35 host sshd[1280]: Connection closed by 164.92.94.46 port 43454 [preauth]
Jan 21 23:19:35 host sshd[1273]: Connection closed by 164.92.94.46 port 43632 [preauth]
Jan 21 23:19:35 host sshd[1300]: Connection closed by 164.92.94.46 port 43576 [preauth]
Jan 21 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 21 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 21 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 21 23:21:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=cochintaxi user-2=wwwkaretakers user-3=laundryboniface user-4=dartsimp user-5=a2zgroup user-6=wwwpmcresource user-7=ugotscom user-8=wwwrmswll user-9=keralaholi user-10=wwwresourcehunte user-11=travelboniface user-12=woodpeck user-13=wwwkapin user-14=wwwkmaorg user-15=disposeat user-16=remysagr user-17=pmcresources user-18=wwwtestugo user-19=shalinijames user-20=vfmassets user-21=wwwletsstalkfood user-22=straightcurve user-23=wwwevmhonda user-24=bonifacegroup user-25=wwwnexidigital user-26=mrsclean user-27=kottayamcalldriv user-28=phmetals user-29=gifterman user-30=palco123 feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 21 23:21:06 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-FwS6awTWuDrgMAIA.~
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-FwS6awTWuDrgMAIA.~'
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-FwS6awTWuDrgMAIA.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 21 23:21:07 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 21 23:21:07 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 21 23:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 21 23:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 21 23:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 21 23:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 21 23:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 21 23:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 21 23:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 21 23:22:52 host sshd[2127]: User root from 165.22.190.158 not allowed because not listed in AllowUsers
Jan 21 23:22:52 host sshd[2127]: input_userauth_request: invalid user root [preauth]
Jan 21 23:22:52 host unix_chkpwd[2136]: password check failed for user (root)
Jan 21 23:22:52 host sshd[2127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.190.158 user=root
Jan 21 23:22:52 host sshd[2127]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 23:22:55 host sshd[2127]: Failed password for invalid user root from 165.22.190.158 port 47986 ssh2
Jan 21 23:22:55 host sshd[2127]: Connection closed by 165.22.190.158 port 47986 [preauth]
Jan 21 23:26:21 host sshd[2610]: Invalid user admin from 92.33.231.219 port 34727
Jan 21 23:26:21 host sshd[2610]: input_userauth_request: invalid user admin [preauth]
Jan 21 23:26:21 host sshd[2610]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:26:21 host sshd[2610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.33.231.219
Jan 21 23:26:23 host sshd[2610]: Failed password for invalid user admin from 92.33.231.219 port 34727 ssh2
Jan 21 23:26:23 host sshd[2610]: Failed password for invalid user admin from 92.33.231.219 port 34727 ssh2
Jan 21 23:26:23 host sshd[2610]: Connection reset by 92.33.231.219 port 34727 [preauth]
Jan 21 23:28:47 host sshd[2889]: Invalid user hadmin from 106.10.122.53 port 34314
Jan 21 23:28:47 host sshd[2889]: input_userauth_request: invalid user hadmin [preauth]
Jan 21 23:28:47 host sshd[2889]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:28:47 host sshd[2889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 21 23:28:49 host sshd[2889]: Failed password for invalid user hadmin from 106.10.122.53 port 34314 ssh2
Jan 21 23:28:49 host sshd[2889]: Connection closed by 106.10.122.53 port 34314 [preauth]
Jan 21 23:39:49 host sshd[4325]: Invalid user sFTPUser from 114.35.38.115 port 39284
Jan 21 23:39:49 host sshd[4325]: input_userauth_request: invalid user sFTPUser [preauth]
Jan 21 23:39:49 host sshd[4325]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:39:49 host sshd[4325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.38.115
Jan 21 23:39:51 host sshd[4325]: Failed password for invalid user sFTPUser from 114.35.38.115 port 39284 ssh2
Jan 21 23:39:52 host sshd[4325]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:39:53 host sshd[4325]: Failed password for invalid user sFTPUser from 114.35.38.115 port 39284 ssh2
Jan 21 23:39:54 host sshd[4325]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:39:56 host sshd[4325]: Failed password for invalid user sFTPUser from 114.35.38.115 port 39284 ssh2
Jan 21 23:39:57 host sshd[4325]: Connection reset by 114.35.38.115 port 39284 [preauth]
Jan 21 23:39:57 host sshd[4325]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.35.38.115
Jan 21 23:47:58 host sshd[5532]: Invalid user admin from 216.15.70.66 port 58605
Jan 21 23:47:58 host sshd[5532]: input_userauth_request: invalid user admin [preauth]
Jan 21 23:47:58 host sshd[5532]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:47:58 host sshd[5532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.15.70.66
Jan 21 23:48:00 host sshd[5532]: Failed password for invalid user admin from 216.15.70.66 port 58605 ssh2
Jan 21 23:48:00 host sshd[5532]: Failed password for invalid user admin from 216.15.70.66 port 58605 ssh2
Jan 21 23:48:03 host sshd[5532]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:48:05 host sshd[5532]: Failed password for invalid user admin from 216.15.70.66 port 58605 ssh2
Jan 21 23:48:06 host sshd[5532]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:48:09 host sshd[5532]: Failed password for invalid user admin from 216.15.70.66 port 58605 ssh2
Jan 21 23:48:11 host sshd[5532]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:48:12 host sshd[5532]: Failed password for invalid user admin from 216.15.70.66 port 58605 ssh2
Jan 21 23:48:15 host sshd[5601]: Invalid user zengyuanqi from 92.46.108.20 port 59100
Jan 21 23:48:15 host sshd[5601]: input_userauth_request: invalid user zengyuanqi [preauth]
Jan 21 23:48:16 host sshd[5601]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:48:16 host sshd[5601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.46.108.20
Jan 21 23:48:18 host sshd[5601]: Failed password for invalid user zengyuanqi from 92.46.108.20 port 59100 ssh2
Jan 21 23:48:18 host sshd[5601]: Connection closed by 92.46.108.20 port 59100 [preauth]
Jan 21 23:54:32 host sshd[6446]: Invalid user hq from 194.110.203.109 port 48720
Jan 21 23:54:32 host sshd[6446]: input_userauth_request: invalid user hq [preauth]
Jan 21 23:54:32 host sshd[6446]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:54:32 host sshd[6446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 21 23:54:34 host sshd[6446]: Failed password for invalid user hq from 194.110.203.109 port 48720 ssh2
Jan 21 23:54:37 host sshd[6446]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:54:40 host sshd[6446]: Failed password for invalid user hq from 194.110.203.109 port 48720 ssh2
Jan 21 23:54:43 host sshd[6446]: pam_unix(sshd:auth): check pass; user unknown
Jan 21 23:54:45 host sshd[6446]: Failed password for invalid user hq from 194.110.203.109 port 48720 ssh2
Jan 21 23:54:49 host sshd[6446]: Connection closed by 194.110.203.109 port 48720 [preauth]
Jan 21 23:54:49 host sshd[6446]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 22 00:01:15 host sshd[7573]: Invalid user admin from 125.228.115.190 port 42768
Jan 22 00:01:15 host sshd[7573]: input_userauth_request: invalid user admin [preauth]
Jan 22 00:01:15 host sshd[7573]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 00:01:15 host sshd[7573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.115.190
Jan 22 00:01:17 host sshd[7573]: Failed password for invalid user admin from 125.228.115.190 port 42768 ssh2
Jan 22 00:01:18 host sshd[7573]: Failed password for invalid user admin from 125.228.115.190 port 42768 ssh2
Jan 22 00:01:18 host sshd[7573]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 00:01:21 host sshd[7573]: Failed password for invalid user admin from 125.228.115.190 port 42768 ssh2
Jan 22 00:01:22 host sshd[7573]: Connection reset by 125.228.115.190 port 42768 [preauth]
Jan 22 00:01:22 host sshd[7573]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.228.115.190
Jan 22 00:02:08 host sshd[7673]: Invalid user bigipuser3 from 220.133.142.148 port 59286
Jan 22 00:02:08 host sshd[7673]: input_userauth_request: invalid user bigipuser3 [preauth]
Jan 22 00:02:08 host sshd[7673]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 00:02:08 host sshd[7673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.142.148
Jan 22 00:02:10 host sshd[7673]: Failed password for invalid user bigipuser3 from 220.133.142.148 port 59286 ssh2
Jan 22 00:02:11 host sshd[7673]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 00:02:13 host sshd[7673]: Failed password for invalid user bigipuser3 from 220.133.142.148 port 59286 ssh2
Jan 22 00:02:14 host sshd[7673]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 00:02:16 host sshd[7673]: Failed password for invalid user bigipuser3 from 220.133.142.148 port 59286 ssh2
Jan 22 00:02:17 host sshd[7673]: Failed password for invalid user bigipuser3 from 220.133.142.148 port 59286 ssh2
Jan 22 00:02:17 host sshd[7673]: Connection closed by 220.133.142.148 port 59286 [preauth]
Jan 22 00:02:17 host sshd[7673]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.133.142.148
Jan 22 00:12:00 host sshd[9418]: Invalid user pi from 122.116.138.31 port 50904
Jan 22 00:12:00 host sshd[9418]: input_userauth_request: invalid user pi [preauth]
Jan 22 00:12:00 host sshd[9418]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 00:12:00 host sshd[9418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.138.31
Jan 22 00:12:01 host sshd[9418]: Failed password for invalid user pi from 122.116.138.31 port 50904 ssh2
Jan 22 00:12:02 host sshd[9418]: Connection reset by 122.116.138.31 port 50904 [preauth]
Jan 22 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 22 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 22 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=shalinijames user-2=wwwtestugo user-3=vfmassets user-4=pmcresources user-5=wwwkmaorg user-6=disposeat user-7=remysagr user-8=woodpeck user-9=wwwkapin user-10=phmetals user-11=kottayamcalldriv user-12=palco123 user-13=gifterman user-14=mrsclean user-15=wwwnexidigital user-16=wwwevmhonda user-17=bonifacegroup user-18=straightcurve user-19=wwwletsstalkfood user-20=a2zgroup user-21=dartsimp user-22=laundryboniface user-23=cochintaxi user-24=wwwkaretakers user-25=travelboniface user-26=ugotscom user-27=keralaholi user-28=wwwresourcehunte user-29=wwwrmswll user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 22 00:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 22 00:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 22 00:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-iqzdVDKsP4ejjxNz.~
Jan 22 00:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-iqzdVDKsP4ejjxNz.~'
Jan 22 00:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-iqzdVDKsP4ejjxNz.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 22 00:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 22 00:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 22 00:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 22 00:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 22 00:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 22 00:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 22 00:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 22 00:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 22 00:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 22 00:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 00:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 00:23:16 host sshd[12476]: Invalid user pi from 114.33.61.103 port 38165
Jan 22 00:23:16 host sshd[12476]: input_userauth_request: invalid user pi [preauth]
Jan 22 00:23:16 host sshd[12476]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 00:23:16 host sshd[12476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.61.103
Jan 22 00:23:17 host sshd[12476]: Failed password for invalid user pi from 114.33.61.103 port 38165 ssh2
Jan 22 00:23:18 host sshd[12476]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 00:23:20 host sshd[12476]: Failed password for invalid user pi from 114.33.61.103 port 38165 ssh2
Jan 22 00:23:21 host sshd[12476]: Connection reset by 114.33.61.103 port 38165 [preauth]
Jan 22 00:23:21 host sshd[12476]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.61.103
Jan 22 00:24:04 host sshd[12565]: Connection closed by 172.104.11.51 port 15472 [preauth]
Jan 22 00:24:06 host sshd[12574]: Connection closed by 172.104.11.51 port 15478 [preauth]
Jan 22 00:24:08 host sshd[12580]: Connection closed by 172.104.11.51 port 15486 [preauth]
Jan 22 00:24:08 host sshd[12577]: Invalid user corecess from 205.185.113.129 port 37940
Jan 22 00:24:08 host sshd[12577]: input_userauth_request: invalid user corecess [preauth]
Jan 22 00:24:08 host sshd[12577]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 00:24:08 host sshd[12577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.113.129
Jan 22 00:24:09 host sshd[12577]: Failed password for invalid user corecess from 205.185.113.129 port 37940 ssh2
Jan 22 00:24:10 host sshd[12577]: Connection closed by 205.185.113.129 port 37940 [preauth]
Jan 22 00:28:32 host sshd[13183]: Connection reset by 112.172.237.26 port 61127 [preauth]
Jan 22 00:44:08 host sshd[15330]: Invalid user disk from 106.10.122.53 port 42720
Jan 22 00:44:08 host sshd[15330]: input_userauth_request: invalid user disk [preauth]
Jan 22 00:44:08 host sshd[15330]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 00:44:08 host sshd[15330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 22 00:44:10 host sshd[15330]: Failed password for invalid user disk from 106.10.122.53 port 42720 ssh2
Jan 22 00:44:10 host sshd[15330]: Connection closed by 106.10.122.53 port 42720 [preauth]
Jan 22 00:47:28 host sshd[15807]: Did not receive identification string from 206.189.23.129 port 61000
Jan 22 00:57:59 host sshd[17176]: Invalid user joel from 107.189.30.59 port 53300
Jan 22 00:57:59 host sshd[17176]: input_userauth_request: invalid user joel [preauth]
Jan 22 00:57:59 host sshd[17176]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 00:57:59 host sshd[17176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.30.59
Jan 22 00:58:00 host sshd[17176]: Failed password for invalid user joel from 107.189.30.59 port 53300 ssh2
Jan 22 00:58:01 host sshd[17176]: Connection closed by 107.189.30.59 port 53300 [preauth]
Jan 22 01:00:08 host sshd[17433]: User ftp from 121.188.160.55 not allowed because not listed in AllowUsers
Jan 22 01:00:08 host sshd[17433]: input_userauth_request: invalid user ftp [preauth]
Jan 22 01:00:08 host unix_chkpwd[17436]: password check failed for user (ftp)
Jan 22 01:00:08 host sshd[17433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.188.160.55 user=ftp
Jan 22 01:00:08 host sshd[17433]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "ftp"
Jan 22 01:00:10 host sshd[17433]: Failed password for invalid user ftp from 121.188.160.55 port 60752 ssh2
Jan 22 01:04:24 host sshd[17949]: Did not receive identification string from 43.153.95.137 port 22960
Jan 22 01:06:24 host sshd[18274]: Invalid user admin from 43.153.95.137 port 38050
Jan 22 01:06:24 host sshd[18274]: input_userauth_request: invalid user admin [preauth]
Jan 22 01:06:24 host sshd[18274]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 01:06:24 host sshd[18274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.95.137
Jan 22 01:06:27 host sshd[18274]: Failed password for invalid user admin from 43.153.95.137 port 38050 ssh2
Jan 22 01:06:27 host sshd[18274]: Connection closed by 43.153.95.137 port 38050 [preauth]
Jan 22 01:08:32 host sshd[18509]: User centos from 43.153.95.137 not allowed because not listed in AllowUsers
Jan 22 01:08:32 host sshd[18509]: input_userauth_request: invalid user centos [preauth]
Jan 22 01:08:32 host unix_chkpwd[18514]: password check failed for user (centos)
Jan 22 01:08:32 host sshd[18509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.95.137 user=centos
Jan 22 01:08:34 host sshd[18509]: Failed password for invalid user centos from 43.153.95.137 port 28282 ssh2
Jan 22 01:08:35 host sshd[18509]: Connection closed by 43.153.95.137 port 28282 [preauth]
Jan 22 01:16:11 host sshd[19624]: Connection reset by 59.126.66.1 port 46644 [preauth]
Jan 22 01:17:13 host sshd[19733]: User root from 165.22.190.158 not allowed because not listed in AllowUsers
Jan 22 01:17:13 host sshd[19733]: input_userauth_request: invalid user root [preauth]
Jan 22 01:17:13 host unix_chkpwd[19737]: password check failed for user (root)
Jan 22 01:17:13 host sshd[19733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.190.158 user=root
Jan 22 01:17:13 host sshd[19733]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 22 01:17:16 host sshd[19733]: Failed password for invalid user root from 165.22.190.158 port 60882 ssh2
Jan 22 01:17:16 host sshd[19733]: Connection closed by 165.22.190.158 port 60882 [preauth]
Jan 22 01:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 22 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 22 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:05 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:05 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=wwwresourcehunte user-2=keralaholi user-3=wwwrmswll user-4=ugotscom user-5=travelboniface user-6=wwwpmcresource user-7=laundryboniface user-8=a2zgroup user-9=dartsimp user-10=cochintaxi user-11=wwwkaretakers user-12=wwwnexidigital user-13=mrsclean user-14=palco123 user-15=gifterman user-16=kottayamcalldriv user-17=phmetals user-18=straightcurve user-19=wwwletsstalkfood user-20=bonifacegroup user-21=wwwevmhonda user-22=pmcresources user-23=vfmassets user-24=shalinijames user-25=wwwtestugo user-26=wwwkapin user-27=woodpeck user-28=disposeat user-29=remysagr user-30=wwwkmaorg feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 22 01:21:05 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 22 01:21:05 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 22 01:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-JNFQ5CGCcPVrah7L.~
Jan 22 01:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-JNFQ5CGCcPVrah7L.~'
Jan 22 01:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-JNFQ5CGCcPVrah7L.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 22 01:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 22 01:21:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 22 01:21:06 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 22 01:21:06 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 22 01:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 22 01:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 22 01:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 22 01:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:07 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 22 01:21:07 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:07 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:21:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 22 01:21:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 01:21:08 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 01:28:56 host sshd[21491]: User root from 160.155.57.46 not allowed because not listed in AllowUsers
Jan 22 01:28:56 host sshd[21491]: input_userauth_request: invalid user root [preauth]
Jan 22 01:28:57 host unix_chkpwd[21503]: password check failed for user (root)
Jan 22 01:28:57 host sshd[21491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.155.57.46 user=root
Jan 22 01:28:57 host sshd[21491]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 22 01:28:59 host sshd[21491]: Failed password for invalid user root from 160.155.57.46 port 34816 ssh2
Jan 22 01:28:59 host sshd[21491]: Connection closed by 160.155.57.46 port 34816 [preauth]
Jan 22 01:29:00 host sshd[21507]: User root from 160.155.57.46 not allowed because not listed in AllowUsers
Jan 22 01:29:00 host sshd[21507]: input_userauth_request: invalid user root [preauth]
Jan 22 01:29:00 host unix_chkpwd[21512]: password check failed for user (root)
Jan 22 01:29:00 host sshd[21507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.155.57.46 user=root
Jan 22 01:29:00 host sshd[21507]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 22 01:29:03 host sshd[21507]: Failed password for invalid user root from 160.155.57.46 port 47822 ssh2
Jan 22 01:29:03 host sshd[21507]: Connection closed by 160.155.57.46 port 47822 [preauth]
Jan 22 01:29:04 host sshd[21525]: User root from 160.155.57.46 not allowed because not listed in AllowUsers
Jan 22 01:29:04 host sshd[21525]: input_userauth_request: invalid user root [preauth]
Jan 22 01:29:04 host unix_chkpwd[21528]: password check failed for user (root)
Jan 22 01:29:04 host sshd[21525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.155.57.46 user=root
Jan 22 01:29:04 host sshd[21525]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 22 01:29:06 host sshd[21525]: Failed password for invalid user root from 160.155.57.46 port 47834 ssh2
Jan 22 01:42:08 host sshd[23428]: Invalid user hr from 194.110.203.109 port 53050
Jan 22 01:42:08 host sshd[23428]: input_userauth_request: invalid user hr [preauth]
Jan 22 01:42:08 host sshd[23428]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 01:42:08 host sshd[23428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 22 01:42:09 host sshd[23428]: Failed password for invalid user hr from 194.110.203.109 port 53050 ssh2
Jan 22 01:42:13 host sshd[23428]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 01:42:15 host sshd[23428]: Failed password for invalid user hr from 194.110.203.109 port 53050 ssh2
Jan 22 01:42:18 host sshd[23428]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 01:42:20 host sshd[23428]: Failed password for invalid user hr from 194.110.203.109 port 53050 ssh2
Jan 22 01:42:24 host sshd[23428]: Connection closed by 194.110.203.109 port 53050 [preauth]
Jan 22 01:42:24 host sshd[23428]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.110.203.109
Jan 22 01:49:19 host sshd[24719]: Invalid user user from 46.19.136.138 port 33674
Jan 22 01:49:19 host sshd[24719]: input_userauth_request: invalid user user [preauth]
Jan 22 01:49:19 host sshd[24719]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 01:49:19 host sshd[24719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.136.138
Jan 22 01:49:21 host sshd[24719]: Failed password for invalid user user from 46.19.136.138 port 33674 ssh2
Jan 22 01:49:22 host sshd[24719]: Connection closed by 46.19.136.138 port 33674 [preauth]
Jan 22 01:49:22 host sshd[24725]: Invalid user user from 46.19.136.138 port 56076
Jan 22 01:49:22 host sshd[24725]: input_userauth_request: invalid user user [preauth]
Jan 22 01:49:22 host sshd[24725]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 01:49:22 host sshd[24725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.136.138
Jan 22 01:49:24 host sshd[24725]: Failed password for invalid user user from 46.19.136.138 port 56076 ssh2
Jan 22 01:49:24 host sshd[24725]: Connection closed by 46.19.136.138 port 56076 [preauth]
Jan 22 01:49:25 host sshd[24729]: Invalid user user from 46.19.136.138 port 56088
Jan 22 01:49:25 host sshd[24729]: input_userauth_request: invalid user user [preauth]
Jan 22 01:49:25 host sshd[24729]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 01:49:25 host sshd[24729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.19.136.138
Jan 22 01:49:27 host sshd[24729]: Failed password for invalid user user from 46.19.136.138 port 56088 ssh2
Jan 22 01:54:14 host sshd[25514]: Invalid user ubuntu from 1.34.194.19 port 52299
Jan 22 01:54:14 host sshd[25514]: input_userauth_request: invalid user ubuntu [preauth]
Jan 22 01:54:14 host sshd[25514]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 01:54:14 host sshd[25514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.194.19
Jan 22 01:54:16 host sshd[25514]: Failed password for invalid user ubuntu from 1.34.194.19 port 52299 ssh2
Jan 22 01:54:17 host sshd[25514]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 01:54:19 host sshd[25514]: Failed password for invalid user ubuntu from 1.34.194.19 port 52299 ssh2
Jan 22 01:54:20 host sshd[25514]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 01:54:22 host sshd[25514]: Failed password for invalid user ubuntu from 1.34.194.19 port 52299 ssh2
Jan 22 01:54:23 host sshd[25514]: Failed password for invalid user ubuntu from 1.34.194.19 port 52299 ssh2
Jan 22 01:54:23 host sshd[25514]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 01:54:25 host sshd[25514]: Failed password for invalid user ubuntu from 1.34.194.19 port 52299 ssh2
Jan 22 01:54:26 host sshd[25514]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 01:54:29 host sshd[25514]: Failed password for invalid user ubuntu from 1.34.194.19 port 52299 ssh2
Jan 22 01:54:29 host sshd[25514]: error: maximum authentication attempts exceeded for invalid user ubuntu from 1.34.194.19 port 52299 ssh2 [preauth]
Jan 22 01:54:29 host sshd[25514]: Disconnecting: Too many authentication failures [preauth]
Jan 22 01:54:29 host sshd[25514]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.34.194.19
Jan 22 01:54:29 host sshd[25514]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 22 01:59:13 host sshd[26496]: Invalid user szy from 106.10.122.53 port 48680
Jan 22 01:59:13 host sshd[26496]: input_userauth_request: invalid user szy [preauth]
Jan 22 01:59:13 host sshd[26496]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 01:59:13 host sshd[26496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.10.122.53
Jan 22 01:59:15 host sshd[26496]: Failed password for invalid user szy from 106.10.122.53 port 48680 ssh2
Jan 22 01:59:15 host sshd[26496]: Connection closed by 106.10.122.53 port 48680 [preauth]
Jan 22 02:06:22 host sshd[27602]: Connection closed by 192.241.218.42 port 43126 [preauth]
Jan 22 02:06:46 host sshd[27659]: invalid public DH value: >= p-1 [preauth]
Jan 22 02:06:46 host sshd[27659]: ssh_dispatch_run_fatal: Connection from 117.110.169.82 port 53341: incomplete message [preauth]
Jan 22 02:08:48 host sshd[27960]: Invalid user oracle from 175.112.214.17 port 60702
Jan 22 02:08:48 host sshd[27960]: input_userauth_request: invalid user oracle [preauth]
Jan 22 02:08:48 host sshd[27960]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 02:08:48 host sshd[27960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.112.214.17
Jan 22 02:08:50 host sshd[27960]: Failed password for invalid user oracle from 175.112.214.17 port 60702 ssh2
Jan 22 02:08:51 host sshd[27960]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 02:08:53 host sshd[27960]: Failed password for invalid user oracle from 175.112.214.17 port 60702 ssh2
Jan 22 02:08:54 host sshd[27960]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 02:08:55 host sshd[27960]: Failed password for invalid user oracle from 175.112.214.17 port 60702 ssh2
Jan 22 02:08:56 host sshd[27960]: Failed password for invalid user oracle from 175.112.214.17 port 60702 ssh2
Jan 22 02:08:57 host sshd[27960]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 02:08:59 host sshd[27960]: Failed password for invalid user oracle from 175.112.214.17 port 60702 ssh2
Jan 22 02:09:00 host sshd[27960]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 02:09:03 host sshd[27960]: Failed password for invalid user oracle from 175.112.214.17 port 60702 ssh2
Jan 22 02:09:03 host sshd[27960]: error: maximum authentication attempts exceeded for invalid user oracle from 175.112.214.17 port 60702 ssh2 [preauth]
Jan 22 02:09:03 host sshd[27960]: Disconnecting: Too many authentication failures [preauth]
Jan 22 02:09:03 host sshd[27960]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.112.214.17
Jan 22 02:09:03 host sshd[27960]: PAM service(sshd) ignoring max retries; 5 > 3
Jan 22 02:15:40 host sshd[28949]: Invalid user zyfwp from 122.116.40.252 port 32799
Jan 22 02:15:40 host sshd[28949]: input_userauth_request: invalid user zyfwp [preauth]
Jan 22 02:15:40 host sshd[28949]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 02:15:40 host sshd[28949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.40.252
Jan 22 02:15:43 host sshd[28949]: Failed password for invalid user zyfwp from 122.116.40.252 port 32799 ssh2
Jan 22 02:15:44 host sshd[28949]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 02:15:46 host sshd[28949]: Failed password for invalid user zyfwp from 122.116.40.252 port 32799 ssh2
Jan 22 02:15:47 host sshd[28949]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 02:15:50 host sshd[28949]: Failed password for invalid user zyfwp from 122.116.40.252 port 32799 ssh2
Jan 22 02:15:50 host sshd[28949]: Connection closed by 122.116.40.252 port 32799 [preauth]
Jan 22 02:15:50 host sshd[28949]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.116.40.252
Jan 22 02:18:30 host sshd[29266]: Invalid user admin from 31.41.244.124 port 49793
Jan 22 02:18:30 host sshd[29266]: input_userauth_request: invalid user admin [preauth]
Jan 22 02:18:30 host sshd[29266]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 02:18:30 host sshd[29266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.41.244.124
Jan 22 02:18:33 host sshd[29266]: Failed password for invalid user admin from 31.41.244.124 port 49793 ssh2
Jan 22 02:18:33 host sshd[29266]: Received disconnect from 31.41.244.124 port 49793:11: Client disconnecting normally [preauth]
Jan 22 02:18:33 host sshd[29266]: Disconnected from 31.41.244.124 port 49793 [preauth]
Jan 22 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/debian_version
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/redhat-release
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/redhat-release
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /opt/psa
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/psa
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/psa
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /usr/local/cpanel
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /usr/local/cpanel/version
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 22 02:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 22 02:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=shalinijames user-2=wwwtestugo user-3=vfmassets user-4=pmcresources user-5=wwwkmaorg user-6=disposeat user-7=remysagr user-8=wwwkapin user-9=woodpeck user-10=kottayamcalldriv user-11=phmetals user-12=palco123 user-13=gifterman user-14=wwwnexidigital user-15=mrsclean user-16=wwwevmhonda user-17=bonifacegroup user-18=straightcurve user-19=wwwletsstalkfood user-20=a2zgroup user-21=dartsimp user-22=laundryboniface user-23=wwwkaretakers user-24=cochintaxi user-25=travelboniface user-26=ugotscom user-27=keralaholi user-28=wwwresourcehunte user-29=wwwrmswll user-30=wwwpmcresource feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 22 02:21:09 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 22 02:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -f /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 22 02:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:09 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-GnU2doYDWD9svTlF.~
Jan 22 02:21:09 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c cat > '/etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-GnU2doYDWD9svTlF.~'
Jan 22 02:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/mv /etc/logrotate.d/wp-toolkit-action-logs-wpt-tmp-GnU2doYDWD9svTlF.~ /etc/logrotate.d/wp-toolkit-action-logs.~
Jan 22 02:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c mv '/etc/logrotate.d/wp-toolkit-action-logs.~' /etc/logrotate.d/wp-toolkit-action-logs
Jan 22 02:21:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:10 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 22 02:21:10 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 22 02:21:10 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 22 02:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 22 02:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 22 02:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 22 02:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_tweaksetting key=server_locale --output=json
Jan 22 02:21:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:21:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 22 02:21:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:21:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:28:41 host sshd[30793]: User root from 220.134.123.145 not allowed because not listed in AllowUsers
Jan 22 02:28:41 host sshd[30793]: input_userauth_request: invalid user root [preauth]
Jan 22 02:28:41 host unix_chkpwd[30796]: password check failed for user (root)
Jan 22 02:28:41 host sshd[30793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.123.145 user=root
Jan 22 02:28:41 host sshd[30793]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 22 02:28:43 host sshd[30793]: Failed password for invalid user root from 220.134.123.145 port 59491 ssh2
Jan 22 02:28:44 host unix_chkpwd[30800]: password check failed for user (root)
Jan 22 02:28:44 host sshd[30793]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 22 02:28:46 host sshd[30793]: Failed password for invalid user root from 220.134.123.145 port 59491 ssh2
Jan 22 02:28:47 host unix_chkpwd[30804]: password check failed for user (root)
Jan 22 02:28:47 host sshd[30793]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 22 02:28:49 host sshd[30793]: Failed password for invalid user root from 220.134.123.145 port 59491 ssh2
Jan 22 02:28:49 host unix_chkpwd[30808]: password check failed for user (root)
Jan 22 02:28:49 host sshd[30793]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 22 02:28:52 host sshd[30793]: Failed password for invalid user root from 220.134.123.145 port 59491 ssh2
Jan 22 02:29:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/passwd
Jan 22 02:29:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/passwd
Jan 22 02:29:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /root/.wp-toolkit-identifier
Jan 22 02:29:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 listaccts --output=json
Jan 22 02:29:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_domain_info --output=json
Jan 22 02:29:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_features_settings user-1=woodpeck user-2=wwwkapin user-3=wwwkmaorg user-4=disposeat user-5=remysagr user-6=pmcresources user-7=vfmassets user-8=wwwtestugo user-9=shalinijames user-10=straightcurve user-11=wwwletsstalkfood user-12=bonifacegroup user-13=wwwevmhonda user-14=wwwnexidigital user-15=mrsclean user-16=gifterman user-17=palco123 user-18=kottayamcalldriv user-19=phmetals user-20=cochintaxi user-21=wwwkaretakers user-22=laundryboniface user-23=dartsimp user-24=a2zgroup user-25=wwwpmcresource user-26=wwwrmswll user-27=keralaholi user-28=wwwresourcehunte user-29=ugotscom user-30=travelboniface feature-1=filemanager feature-2=backup feature-3=cron feature-4=phpmyadmin feature-5=mysql feature-6=multiphp feature-7=addondomains feature-8=subdomains feature-9=webprotect feature-10=sslinstall feature-11=wp-toolkit
Jan 22 02:29:03 host sudo: wp-toolkit : (command continued) feature-12=wp-toolkit-deluxe --output=json
Jan 22 02:29:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:03 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwevmhonda --output=json
Jan 22 02:29:03 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:03 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwevmhonda ; COMMAND=/bin/sh -c cd /home/wwwevmhonda/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 22 02:29:11 host sudo: pam_unix(sudo:session): session opened for user wwwevmhonda by (uid=0)
Jan 22 02:29:11 host sudo: pam_unix(sudo:session): session closed for user wwwevmhonda
Jan 22 02:29:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwevmhonda LangPHP php_get_vhost_versions --output=json
Jan 22 02:29:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 package_manager_get_package_info package-0=ea-php72 --output=json
Jan 22 02:29:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:13 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwletsstalkfood --output=json
Jan 22 02:29:13 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:13 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:25 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwletsstalkfood ; COMMAND=/bin/sh -c cd /home/wwwletsstalkfood/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 22 02:29:25 host sudo: pam_unix(sudo:session): session opened for user wwwletsstalkfood by (uid=0)
Jan 22 02:29:25 host sudo: pam_unix(sudo:session): session closed for user wwwletsstalkfood
Jan 22 02:29:25 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood LangPHP php_get_vhost_versions --output=json
Jan 22 02:29:25 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:25 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood DomainInfo single_domain_data domain=letsstalkfood.com return_https_redirect_status=1 --output=json
Jan 22 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 fetch_vhost_ssl_components --output=json
Jan 22 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 fetch_ssl_vhosts --output=json
Jan 22 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:26 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood Mime list_redirects --output=json
Jan 22 02:29:26 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:26 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:40 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwletsstalkfood DirectoryPrivacy is_directory_protected dir=/home/wwwletsstalkfood/public_html --output=json
Jan 22 02:29:40 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:40 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=mrsclean --output=json
Jan 22 02:29:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean DomainInfo single_domain_data domain=mrsclean.co.in return_https_redirect_status=1 --output=json
Jan 22 02:29:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean Mime list_redirects --output=json
Jan 22 02:29:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/sh -c cd /home/mrsclean/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 22 02:29:46 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 22 02:29:46 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 22 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=mrsclean LangPHP php_get_vhost_versions --output=json
Jan 22 02:29:46 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:46 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/cat /home/ugotscom/.wp-toolkit-identifier
Jan 22 02:29:46 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 22 02:29:46 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 22 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=mrsclean ; COMMAND=/bin/sh -c cd /home/mrsclean/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 22 02:29:46 host sudo: pam_unix(sudo:session): session opened for user mrsclean by (uid=0)
Jan 22 02:29:46 host sudo: pam_unix(sudo:session): session closed for user mrsclean
Jan 22 02:29:46 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=shalinijames --output=json
Jan 22 02:29:46 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:46 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:55 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=shalinijames ; COMMAND=/bin/sh -c cd /home/shalinijames/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 22 02:29:55 host sudo: pam_unix(sudo:session): session opened for user shalinijames by (uid=0)
Jan 22 02:29:55 host sudo: pam_unix(sudo:session): session closed for user shalinijames
Jan 22 02:29:55 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames LangPHP php_get_vhost_versions --output=json
Jan 22 02:29:55 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:55 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:55 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames DomainInfo single_domain_data domain=shalinijames.com return_https_redirect_status=1 --output=json
Jan 22 02:29:55 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:55 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:29:55 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames Mime list_redirects --output=json
Jan 22 02:29:55 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:29:56 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:30:04 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=shalinijames DirectoryPrivacy is_directory_protected dir=/home/shalinijames/public_html --output=json
Jan 22 02:30:04 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:30:04 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:30:08 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwtestugo --output=json
Jan 22 02:30:08 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:30:09 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:30:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 22 02:30:15 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 22 02:30:15 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 22 02:30:15 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo LangPHP php_get_vhost_versions --output=json
Jan 22 02:30:15 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:30:15 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:30:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DomainInfo single_domain_data domain=testugo.in return_https_redirect_status=1 --output=json
Jan 22 02:30:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:30:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:30:16 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo Mime list_redirects --output=json
Jan 22 02:30:16 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:30:16 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:30:22 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/tt1 --output=json
Jan 22 02:30:22 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:30:22 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:30:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 22 02:30:43 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 22 02:30:43 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 22 02:30:50 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/tt --output=json
Jan 22 02:30:50 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:30:50 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:00 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwtestugo ; COMMAND=/bin/sh -c cd /home/wwwtestugo/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 22 02:31:00 host sudo: pam_unix(sudo:session): session opened for user wwwtestugo by (uid=0)
Jan 22 02:31:00 host sudo: pam_unix(sudo:session): session closed for user wwwtestugo
Jan 22 02:31:06 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwtestugo DirectoryPrivacy is_directory_protected dir=/home/wwwtestugo/public_html/HYPE --output=json
Jan 22 02:31:06 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:06 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:10 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=ugotscom --output=json
Jan 22 02:31:10 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DomainInfo single_domain_data domain=ugotechnologies.com return_https_redirect_status=1 --output=json
Jan 22 02:31:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom Mime list_redirects --output=json
Jan 22 02:31:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:11 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 22 02:31:11 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 22 02:31:11 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 22 02:31:11 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom LangPHP php_get_vhost_versions --output=json
Jan 22 02:31:11 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:19 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 22 02:31:19 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 22 02:31:19 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 22 02:31:27 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DirectoryPrivacy is_directory_protected dir=/home/ugotscom/public_html/old/UGOCRM/ugo_blg --output=json
Jan 22 02:31:27 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:27 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:35 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=ugotscom ; COMMAND=/bin/sh -c cd /home/ugotscom/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 22 02:31:35 host sudo: pam_unix(sudo:session): session opened for user ugotscom by (uid=0)
Jan 22 02:31:35 host sudo: pam_unix(sudo:session): session closed for user ugotscom
Jan 22 02:31:40 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=ugotscom DirectoryPrivacy is_directory_protected dir=/home/ugotscom/public_html/old/site --output=json
Jan 22 02:31:40 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:40 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:44 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=woodpeck --output=json
Jan 22 02:31:44 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:44 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:44 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck DomainInfo single_domain_data domain=woodpeckerindia.com return_https_redirect_status=1 --output=json
Jan 22 02:31:44 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:44 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:44 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck Mime list_redirects --output=json
Jan 22 02:31:44 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:44 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:44 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=woodpeck ; COMMAND=/bin/sh -c cd /home/woodpeck/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 22 02:31:44 host sudo: pam_unix(sudo:session): session opened for user woodpeck by (uid=0)
Jan 22 02:31:44 host sudo: pam_unix(sudo:session): session closed for user woodpeck
Jan 22 02:31:44 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck LangPHP php_get_vhost_versions --output=json
Jan 22 02:31:44 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:45 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=palco123 --output=json
Jan 22 02:31:45 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:45 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=palco123 ; COMMAND=/bin/sh -c cd /home/palco123/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 22 02:31:58 host sudo: pam_unix(sudo:session): session opened for user palco123 by (uid=0)
Jan 22 02:31:58 host sudo: pam_unix(sudo:session): session closed for user palco123
Jan 22 02:31:58 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 LangPHP php_get_vhost_versions --output=json
Jan 22 02:31:58 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:58 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 DomainInfo single_domain_data domain=panlys.com return_https_redirect_status=1 --output=json
Jan 22 02:31:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:31:59 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 Mime list_redirects --output=json
Jan 22 02:31:59 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:31:59 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:12 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=palco123 DirectoryPrivacy is_directory_protected dir=/home/palco123/public_html --output=json
Jan 22 02:32:12 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:12 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:17 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c whmapi1 get_users_links user=wwwresourcehunte --output=json
Jan 22 02:32:17 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:17 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:24 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=wwwresourcehunte ; COMMAND=/bin/sh -c cd /home/wwwresourcehunte/public_html && /usr/local/bin/php -d display_errors=0 -r 'echo PHP_MAJOR_VERSION.'"'"'.'"'"'.PHP_MINOR_VERSION.'"'"'.'"'"'.PHP_RELEASE_VERSION;'
Jan 22 02:32:24 host sudo: pam_unix(sudo:session): session opened for user wwwresourcehunte by (uid=0)
Jan 22 02:32:24 host sudo: pam_unix(sudo:session): session closed for user wwwresourcehunte
Jan 22 02:32:24 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte LangPHP php_get_vhost_versions --output=json
Jan 22 02:32:24 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:24 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:24 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte DomainInfo single_domain_data domain=resourcehunters.com return_https_redirect_status=1 --output=json
Jan 22 02:32:24 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:25 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:25 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte Mime list_redirects --output=json
Jan 22 02:32:25 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:25 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:31 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=wwwresourcehunte DirectoryPrivacy is_directory_protected dir=/home/wwwresourcehunte/public_html --output=json
Jan 22 02:32:31 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:31 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:35 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c uapi --user=woodpeck WpToolkitNotification send_admin_auto_updates_notification 'available_updates_text=<br/><br/>Updates are available for the following items:<br/><br/>' 'available_updates_list=1. Plugin "Country & Phone Field Contact Form 7" on Panlys (https://www.panlys.com). Installed version: 2.2.7. Available version: 2.4.2.<br/><br/>' installed_updates_text= installed_updates_list= 'failure_updates_text=Updates were not installed for the following items:<br/><br/>' 'failure_updates_list=1. Website "EVM Honda Cochin" (http://www.evmhonda.com): Failed to reset cache for the instance #1: Fatal error: Uncaught Error: Call to undefined function cardealer_is_wpml_active() in /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-options.php:1041#012Stack trace:#012#0
Jan 22 02:32:35 host sudo: wp-toolkit : (command continued) /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-init.php(22): require_once()#012#1 /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/cardealer-helper-library.php(183): require_once('"'"'/home/wwwevmhon...'"'"')#012#2 /home/wwwevmhonda/public_html/wp-includes/class-wp-hook.php(287): cdhl_include_admin_files('"'"''"'"')#012#3 /home/wwwevmhonda/public_html/wp-includes/class-wp-hook.php(311): WP_Hook->apply_filters(NULL, Array)#012#4 /home/wwwevmhonda/public_html/wp-includes/plugin.php(478): WP_Hook->do_action(Array)#012#5 /home/wwwevmhonda/public_html/wp-settings.php(546): do_action('"'"'init'"'"')#012#6 /usr/local/cpanel/3rdparty/wp-toolkit/plib/vendor/wp-cli/vendor/wp-cli/wp-cli/php/WP_CLI/Runner.php(1356): require('"'"'/home/wwwevmhon...'"'"')#012#7 /usr/local/cpanel/3rdparty/wp-toolkit/plib/ve in
Jan 22 02:32:35 host sudo: wp-toolkit : (command continued) /home/wwwevmhonda/public_html/wp-content/plugins/cardealer-helper-library/includes/redux/redux-options.php on line 1041#012Error: There has been a critical error on your website.Learn more about debugging in WordPress. There has been a critical error on your website.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>2. Website "/home/mrsclean/public_html/backup" (http://mrsclean.co.in/backup): Failed to reset cache for the instance #5: Error: Error establishing a database connection. This either means that the username and password information in your `wp-config.php` file is incorrect or we can’t contact the database server at `localhost`. This could mean your host’s database server is down.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>3. Website "/home/mrsclean/public_html/blog" (http://mrsclean.co.in/blog): Failed to reset cache for the instance #6: Error: Error
Jan 22 02:32:35 host sudo: wp-toolkit : (command continued) establishing a database connection. This either means that the username and password information in your `wp-config.php` file is incorrect or we can’t contact the database server at `localhost`. This could mean your host’s database server is down.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>4. Website "/home/ugotscom/public_html/boniface/blog" (http://ugotechnologies.com/boniface/blog): Failed to reset cache for the instance #13: Error: Error establishing a database connection.#012[error]FailedToExecuteWpCliCommand: exit status 1[/error]#012<br/><br/>5. Website "/home/woodpeck/public_html/wp" (http://woodpeckerindia.com/wp): Failed to reset cache for the instance #16: [error]FailedToExecuteWpCliCommand: chdir /home/woodpeck/public_html/wp: no such file or directory[/error]#012<br/><br/>' --output=json
Jan 22 02:32:35 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:35 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/sh -c httpd -v
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwevmhonda/evmhonda.com/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwletsstalkfood/letsstalkfood.com/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/shalinijames/shalinijames.com/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwtestugo/testugo.in/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:42 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:42 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/ugotscom/ugotechnologies.com/wp-toolkit.conf
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/palco123/panlys.com/wp-toolkit.conf
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/palco123/panlys.com/wp-toolkit.conf
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/palco123/panlys.com/wp-toolkit.conf
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/palco123/panlys.com/wp-toolkit.conf
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/ssl/2_4/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/apache2/conf.d/userdata/std/2_4/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/test -e /etc/nginx/conf.d/users/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:32:43 host sudo: wp-toolkit : TTY=unknown ; PWD=/usr/local/cpanel/3rdparty/wp-toolkit/scripts ; USER=root ; COMMAND=/bin/cat /etc/nginx/conf.d/users/wwwresourcehunte/resourcehunters.com/wp-toolkit.conf
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 22 02:32:43 host sudo: pam_unix(sudo:session): session closed for user root
Jan 22 02:49:59 host sshd[4104]: invalid public DH value: >= p-1 [preauth]
Jan 22 02:49:59 host sshd[4104]: ssh_dispatch_run_fatal: Connection from 59.127.82.132 port 53942: incomplete message [preauth]
Jan 22 03:01:40 host sshd[6482]: Invalid user pi from 82.66.77.8 port 37052
Jan 22 03:01:40 host sshd[6482]: input_userauth_request: invalid user pi [preauth]
Jan 22 03:01:40 host sshd[6483]: Invalid user pi from 82.66.77.8 port 37050
Jan 22 03:01:40 host sshd[6483]: input_userauth_request: invalid user pi [preauth]
Jan 22 03:01:40 host sshd[6482]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 03:01:40 host sshd[6482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.66.77.8
Jan 22 03:01:40 host sshd[6483]: pam_unix(sshd:auth): check pass; user unknown
Jan 22 03:01:40 host sshd[6483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.66.77.8
Jan 22 03:01:42 host sshd[6482]: Failed password for invalid user pi from 82.66.77.8 port 37052 ssh2
Jan 22 03:01:42 host sshd[6483]: Failed password for invalid user pi from 82.66.77.8 port 37050 ssh2
Jan 22 03:01:42 host sshd[6482]: Connection closed by 82.66.77.8 port 37052 [preauth]
Jan 22 03:01:42 host sshd[6483]: Connection closed by 82.66.77.8 port 37050 [preauth]
Mini Shell