I recently used a one click app droplet to fire up a new wordpress installation for a site that’s being migrated.
I went through the configuring process and set up LetsEncrypt per the auto scripts instructions.
The site isn’t live yet so I had to migrate the DNS (via an a-record change) in Cloudflare to the new server temporarily to get the SSL updates to go through.
Once done I migrated the DNS back to the old server and connected directly to the new site via a host file update.
All looked good (lets encrypt was working as normal). This morning when trying to login the site crashed, so I rebooted the server but now all I receive are timeout notifications via browser.
I still have SSH access and ran the following:
systemctl status sshd
Dec 20 12:33:07 ggs-live-1gb sshd: Invalid user mc from 126.96.36.199 port 44058 Dec 20 12:33:07 ggs-live-1gb sshd: Received disconnect from 188.8.131.52 port 44058:11: Bye Bye [preauth] Dec 20 12:33:07 ggs-live-1gb sshd: Disconnected from invalid user mc 184.108.40.206 port 44058 [preauth] Dec 20 12:34:00 ggs-live-1gb sshd: Received disconnect from 220.127.116.11 port 46578:11: [preauth] Dec 20 12:34:00 ggs-live-1gb sshd: Disconnected from authenticating user root 18.104.22.168 port 46578 [preauth] Dec 20 12:34:37 ggs-live-1gb sshd: Accepted publickey for root from 22.214.171.124 port 58845 ssh2: RSA** REMOVED FOR SECURITY** Dec 20 12:34:37 ggs-live-1gb sshd: pam_unix(sshd:session): session opened for user root by (uid=0) Dec 20 12:36:16 ggs-live-1gb sshd: Invalid user vbox from 126.96.36.199 port 33879 Dec 20 12:36:17 ggs-live-1gb sshd: Received disconnect from 188.8.131.52 port 33879:11: Bye Bye [preauth] Dec 20 12:36:17 ggs-live-1gb sshd: Disconnected from invalid user vbox 184.108.40.206 port 33879 [preauth]
The address of the server is 220.127.116.11, not sure what IP 18.104.22.168 is doing…
Just checking firewall settings also…
To Action From
22/tcp LIMIT Anywhere
443/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
22/tcp (v6) LIMIT Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
Any ideas? Any feedback would really be appreciated.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Click below to sign up and get $200 of credit to try our products over 60 days!
To anyone who is suffering from the same symptoms, this was caused by fail2ban (automatically installed with the droplet). Not sure how to fix it so I’ve temporarily disabled it.
All returned to normal as soon as that was done.