Hi,
I recently used a one click app droplet to fire up a new wordpress installation for a site that’s being migrated.
I went through the configuring process and set up LetsEncrypt per the auto scripts instructions.
The site isn’t live yet so I had to migrate the DNS (via an a-record change) in Cloudflare to the new server temporarily to get the SSL updates to go through.
Once done I migrated the DNS back to the old server and connected directly to the new site via a host file update.
All looked good (lets encrypt was working as normal). This morning when trying to login the site crashed, so I rebooted the server but now all I receive are timeout notifications via browser.
I still have SSH access and ran the following:
systemctl status sshd
Dec 20 12:33:07 ggs-live-1gb sshd[1204]: Invalid user mc from 94.25.38.210 port 44058 Dec 20 12:33:07 ggs-live-1gb sshd[1204]: Received disconnect from 94.25.38.210 port 44058:11: Bye Bye [preauth] Dec 20 12:33:07 ggs-live-1gb sshd[1204]: Disconnected from invalid user mc 94.25.38.210 port 44058 [preauth] Dec 20 12:34:00 ggs-live-1gb sshd[1214]: Received disconnect from 122.226.181.166 port 46578:11: [preauth] Dec 20 12:34:00 ggs-live-1gb sshd[1214]: Disconnected from authenticating user root 122.226.181.166 port 46578 [preauth] Dec 20 12:34:37 ggs-live-1gb sshd[1216]: Accepted publickey for root from 81.133.250.129 port 58845 ssh2: RSA** REMOVED FOR SECURITY** Dec 20 12:34:37 ggs-live-1gb sshd[1216]: pam_unix(sshd:session): session opened for user root by (uid=0) Dec 20 12:36:16 ggs-live-1gb sshd[1361]: Invalid user vbox from 178.128.97.193 port 33879 Dec 20 12:36:17 ggs-live-1gb sshd[1361]: Received disconnect from 178.128.97.193 port 33879:11: Bye Bye [preauth] Dec 20 12:36:17 ggs-live-1gb sshd[1361]: Disconnected from invalid user vbox 178.128.97.193 port 33879 [preauth]
The address of the server is 104.248.162.53, not sure what IP 178.128.97.193 is doing…
Just checking firewall settings also…
ufw status
To Action From
22/tcp LIMIT Anywhere
443/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
22/tcp (v6) LIMIT Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
Any ideas? Any feedback would really be appreciated.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
To anyone who is suffering from the same symptoms, this was caused by fail2ban (automatically installed with the droplet). Not sure how to fix it so I’ve temporarily disabled it.
All returned to normal as soon as that was done.