Due to ssh bruteforce attempts which seem to increase lately, I hereby suggest to change ssh ports and make a VPN connection to the OSEG server mandatory for sftp and ssh connections.
May 18 11:44:46 lvpsX sshd[13711]: reverse mapping checking getaddrinfo for host-78-111-98-60.teklan.com.tr [78.111.98.60] failed - POSSIBLE BREAK-IN ATTEMPT!
May 18 11:44:46 lvpsX sshd[13711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.111.98.60 user=root
Oct 12 08:39:01 lvps178-77-78-212 CRON[7304]: pam_unix(cron:session): session closed for user root
Oct 12 08:53:57 lvps178-77-78-212 sshd[7324]: reverse mapping checking getaddrinfo for bd0401d5.ctb.static.virtua.com.br [189.4.1.213] failed - POSSIBLE BREAK-IN ATTEMPT!
Oct 12 08:53:57 lvps178-77-78-212 sshd[7324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.4.1.213 user=root
Oct 12 08:53:59 lvps178-77-78-212 sshd[7324]: Failed password for root from 189.4.1.213 port 58212 ssh2
Oct 12 08:59:50 lvps178-77-78-212 sshd[7328]: reverse mapping checking getaddrinfo for hosted-by.burratino.net [94.242.205.252] failed - POSSIBLE BREAK-IN ATTEMPT!
Oct 12 08:59:50 lvps178-77-78-212 sshd[7328]: Invalid user support from 94.242.205.252
Oct 12 08:59:50 lvps178-77-78-212 sshd[7328]: pam_unix(sshd:auth): check pass; user unknown
Oct 12 08:59:50 lvps178-77-78-212 sshd[7328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.242.205.252
Oct 12 08:59:53 lvps178-77-78-212 sshd[7328]: Failed password for invalid user support from 94.242.205.252 port 38612 ssh2
Note the connection attemps from Louxembourg and South America/Brazil/Montevideo… which seem to be proxy/tunnel servers or direct connection attempts.
IP address Type Host name DNS state
5.199.161.13 MX mail.burratino.net
5.199.161.13 MX baubis.balticservers.com
5.9.78.205 NS ns-uk.topdns.com
85.159.232.241 NS ns-usa.topdns.com
111.90.140.239 NS ns-canada.topdns.com