2 weeks ago, my website has been hacked by sending spoof email.
every seconds there is auth log that saying some one is trying to log in.

and my email activity spike up. and the result, my mail transaction account has been suspended.

so i destroy droplet and rebuild one, which get different ip.
it look fine for 2 weeks. but just yesterday, it happend again. all my mail transaction spike up. and has been suspended. its similar attack.

can anyone help me? what should I do..