Large flood of traffic from my server

2nd instance when Digital Ocean has shut down networking in my server due to high traffic emanating from it. I do not have the technical expertise to go into the problem and figure out the source. If anyone could guide me what I should look at, please help

Hi there,

We are sorry to report that we have detected what appears to be a large flood of traffic from one or more of your servers that is disrupting the normal traffic flow for other users.

To prevent this traffic from causing further disruption, we have disabled the networking interface on the server or servers involved. In order to correct the issue, here is the direct link to the console of the affected droplet ......

Please take action at your earliest convenience in order to investigate and resolve the situation. Once this is done, if you determine the program was malicious, please also determine how this software came to be installed on your droplet and prevent it from being installed again in the future. As soon as this is done let us know and we will investigate re-enabling your networking.

If you need any guidance on how to find and resolve this issue, we recommend reviewing this:

Please understand that this is a very serious issue as it negatively impacts our platform and your server. If you have any questions just let us know.

Thank you,
DigitalOcean Support

Please login to view the ticket:
https://www.digitalocean.com/support/tickets

Thanks so much,
DigitalOcean

Did you follow this guide: http://docs.plone.org/manage/deploying/production/ubuntu_production.html?
If your expertise isn't around *nix sysadmin/networking this approach provides some sensible defaults, especially the firewall. This should help with some of the stuff that you are experiencing. The article you are linking to speaks about a compromised server (this is less likely, but not impossible with a Plone site), I'd guess that the problem seems to be some kind of amplification attack e.g. https://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack/ which doesn't require that someone actually commandeer your server, just that you have the wrong ports open.

Another option is to run your public facing site behind cloudflare.com.

To be clear, this is not a Plone problem, it's a part of running a server live on the internet.