从我以前的快照恢复我的vps并重新定位到另一个IP后，Nginx“502 Bad Gateway”

Question

作为标题，我使用nginx / hhvm / wordpress来运行我的博客。起初，我猜测在一些配置文件中有一些硬编码。但我检查了每个配置文件，根本没有硬编码。那发生了什么？

我确实检查了CPU和内存：

root@vultr:~# mcm
             total       used       free     shared    buffers     cached
Mem:           993        853        140          4        405        118
-/+ buffers/cache:        330        663
Swap:            0          0          0
--sort=-pcpu
  PID %CPU   RSS STIME     TIME CMD
25179  0.6  3568 07:21 00:00:00 -bash
25160  0.5  4300 07:21 00:00:00 sshd: root@pts/4    
    1  0.0  1708 Jul23 00:00:04 /sbin/init
    2  0.0     0 Jul23 00:00:00 [kthreadd]
    3  0.0     0 Jul23 00:00:01 [ksoftirqd/0]
--sort=-rss
  PID %CPU   RSS STIME     TIME CMD
 1534  0.0 83552 Jul23 00:20:27 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql
 2040  0.0 10768 Jul23 00:07:52 /usr/bin/python /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
 2313  0.0  8048 Jul23 00:18:51 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail
  893  0.0  5836 Jul23 00:00:19 rsyslogd
25091  0.0  4304 07:14 00:00:00 sshd: root@pts/3 

和nginx日志：

root@vultr:~# tail /var/log/nginx/access.log.1
103.205.63.137 - - [16/Aug/2017:07:07:40 +0000] "POST /wp-login.php HTTP/1.1" 502 172 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
103.205.63.137 - - [16/Aug/2017:07:07:41 +0000] "GET /wp-login.php HTTP/1.1" 502 172 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
103.205.63.137 - - [16/Aug/2017:07:07:41 +0000] "POST /wp-login.php HTTP/1.1" 502 172 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
106.121.66.175 - - [16/Aug/2017:07:10:36 +0000] "GET /favicon.ico HTTP/1.1" 502 172 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0"
180.191.111.155 - - [16/Aug/2017:07:10:52 +0000] "POST /xmlrpc.php HTTP/1.1" 502 172 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
180.191.111.155 - - [16/Aug/2017:07:10:53 +0000] "GET /wp-login.php HTTP/1.1" 502 172 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
180.191.111.155 - - [16/Aug/2017:07:10:53 +0000] "POST /wp-login.php HTTP/1.1" 502 172 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
180.191.111.155 - - [16/Aug/2017:07:10:53 +0000] "GET /wp-login.php HTTP/1.1" 502 172 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
180.191.111.155 - - [16/Aug/2017:07:10:53 +0000] "POST /wp-login.php HTTP/1.1" 502 172 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
176.31.64.186 - - [16/Aug/2017:07:12:06 +0000] "GET /2015/11/07/hello-world/ HTTP/1.1" 502 172 "-" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"

root@vultr:~# tail /var/log/nginx/error.log.1
2017/08/16 07:07:40 [error] 3725#0: *38564 connect() failed (111: Connection refused) while connecting to upstream, client: 103.205.63.137, server: silent.computer, request: "POST /wp-login.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dominikasite.com"
2017/08/16 07:07:41 [error] 3725#0: *38564 connect() failed (111: Connection refused) while connecting to upstream, client: 103.205.63.137, server: silent.computer, request: "GET /wp-login.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dominikasite.com"
2017/08/16 07:07:41 [error] 3725#0: *38564 connect() failed (111: Connection refused) while connecting to upstream, client: 103.205.63.137, server: silent.computer, request: "POST /wp-login.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dominikasite.com"
2017/08/16 07:10:36 [error] 3725#0: *38570 connect() failed (111: Connection refused) while connecting to upstream, client: 106.121.66.175, server: silent.computer, request: "GET /favicon.ico HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "silent.computer"
2017/08/16 07:10:52 [error] 3725#0: *38572 connect() failed (111: Connection refused) while connecting to upstream, client: 180.191.111.155, server: silent.computer, request: "POST /xmlrpc.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dominikasite.com"
2017/08/16 07:10:53 [error] 3725#0: *38572 connect() failed (111: Connection refused) while connecting to upstream, client: 180.191.111.155, server: silent.computer, request: "GET /wp-login.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dominikasite.com"
2017/08/16 07:10:53 [error] 3725#0: *38572 connect() failed (111: Connection refused) while connecting to upstream, client: 180.191.111.155, server: silent.computer, request: "POST /wp-login.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dominikasite.com"
2017/08/16 07:10:53 [error] 3725#0: *38572 connect() failed (111: Connection refused) while connecting to upstream, client: 180.191.111.155, server: silent.computer, request: "GET /wp-login.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dominikasite.com"
2017/08/16 07:10:53 [error] 3725#0: *38572 connect() failed (111: Connection refused) while connecting to upstream, client: 180.191.111.155, server: silent.computer, request: "POST /wp-login.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dominikasite.com"
2017/08/16 07:12:06 [error] 3725#0: *38578 connect() failed (111: Connection refused) while connecting to upstream, client: 176.31.64.186, server: silent.computer, request: "GET /2015/11/07/hello-world/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "silent.computer"

我是否受到DDOS攻击？我不知道什么是dominikasite.com，似乎有人一直试图登录我的wordpress ...