Invalid user / Break-In Attempt

Woke up this morning and my site was inaccessible (502), when trying to check ghost - it seems someone is running a username/password list against my server.

Best way to solve ? And is there anywhere better to than a forum to discuss these issues (Discord, IRC, Glitter, etc?)

Fail2ban stopped most of the requests, still unable to start ghost backup

@glasgowm148 the login attempts are normal for any server that is accessible via the public internet, they would be completely unrelated to the problem you’re having with Ghost. If you’re worried about the login attempts it’s worth looking into “server hardening” and seeing if there’s anything further you can do, or at least put your mind at rest :slight_smile: It sounds like you’ve already gone some way with that if you have fail2ban set up.

Regarding the Ghost startup problem, the logs you’ve provided don’t tell us anything. If you look in your Ghost logs (/{path to your ghost install}/content/logs/) rather than the system logs there may be more information that could help pinpoint what the problem is.

Here’s the output of those files.

Isn’t ’ Failed at step USER spawning /usr/bin/node: No such process’ in my last paste indicative of the problem?

My post was hidden as spam? wtf?

Fixed, had to figure out which folder was which, go into /var/www/html/ and do ‘ghost start’ - which kicked it back into action.