Server Timeouts after reboot

December 20, 2018 390 views
Apache

Hi,

I recently used a one click app droplet to fire up a new wordpress installation for a site that’s being migrated.

I went through the configuring process and set up LetsEncrypt per the auto scripts instructions.

The site isn’t live yet so I had to migrate the DNS (via an a-record change) in Cloudflare to the new server temporarily to get the SSL updates to go through.

Once done I migrated the DNS back to the old server and connected directly to the new site via a host file update.

All looked good (lets encrypt was working as normal). This morning when trying to login the site crashed, so I rebooted the server but now all I receive are timeout notifications via browser.

I still have SSH access and ran the following:

systemctl status sshd

Dec 20 12:33:07 ggs-live-1gb sshd[1204]: Invalid user mc from 94.25.38.210 port 44058
Dec 20 12:33:07 ggs-live-1gb sshd[1204]: Received disconnect from 94.25.38.210 port 44058:11: Bye Bye [preauth]
Dec 20 12:33:07 ggs-live-1gb sshd[1204]: Disconnected from invalid user mc 94.25.38.210 port 44058 [preauth]
Dec 20 12:34:00 ggs-live-1gb sshd[1214]: Received disconnect from 122.226.181.166 port 46578:11: [preauth]
Dec 20 12:34:00 ggs-live-1gb sshd[1214]: Disconnected from authenticating user root 122.226.181.166 port 46578 [preauth]
Dec 20 12:34:37 ggs-live-1gb sshd[1216]: Accepted publickey for root from 81.133.250.129 port 58845 ssh2: RSA** REMOVED FOR SECURITY**
Dec 20 12:34:37 ggs-live-1gb sshd[1216]: pam_unix(sshd:session): session opened for user root by (uid=0)
Dec 20 12:36:16 ggs-live-1gb sshd[1361]: Invalid user vbox from 178.128.97.193 port 33879
Dec 20 12:36:17 ggs-live-1gb sshd[1361]: Received disconnect from 178.128.97.193 port 33879:11: Bye Bye [preauth]
Dec 20 12:36:17 ggs-live-1gb sshd[1361]: Disconnected from invalid user vbox 178.128.97.193 port 33879 [preauth]

The address of the server is 104.248.162.53, not sure what IP 178.128.97.193 is doing…

Just checking firewall settings also....

ufw status

To Action From


22/tcp LIMIT Anywhere

443/tcp ALLOW Anywhere

80/tcp ALLOW Anywhere

22/tcp (v6) LIMIT Anywhere (v6)

443/tcp (v6) ALLOW Anywhere (v6)

80/tcp (v6) ALLOW Anywhere (v6)

Any ideas? Any feedback would really be appreciated.

1 Answer

To anyone who is suffering from the same symptoms, this was caused by fail2ban (automatically installed with the droplet). Not sure how to fix it so I’ve temporarily disabled it.

All returned to normal as soon as that was done.

Have another answer? Share your knowledge.