My hosting provider (ovh) recently blocked my VPS due to some attack on the server. When I restored it to the normal mode, I can see indeed something is happening: the access to server is limited, ping results are slow and frequently cannot access server, and when I try any service (ftp, ssh, http...), it is difficult to access it. It seems therefore something like DDoS, but it is probably not exactly a DDoS attack - my provider's staff told me that something must be installed on the server.
I'm not an administrator, but I need to do something... what should I do in such a case?
This is what I got from the provider:
Attack detail : 7Kpps/56Mbps
dateTime srcIp:srcPort dstIp:dstPort protocol flags packets bytes reason
2020.01.29 14:14:57 CET {IP of the server}:25611 23.252.163.175:80 TCP SYN 16384 15138816 ATTACK:TCP_SYN