SSH

Is digital ocean compromised?

Good afternoon!
I ran into a problem, the droplets created on DO are blocked a few days later.
There are suspicions that droplets initially come with some kind of hole / backdoor, which is actively used?
This is accompanied by a letter of happiness:

Networking disabled
Hi there,
We are sorry to report that we have detected what appears to be a large flood of traffic from one or more of your servers that is disrupting the normal traffic flow for other users.
To prevent this traffic from causing further disruption, we have disabled the networking interface on the server or servers involved. In order to correct the issue, here is the direct link to the console of the affected droplet
Please take action at your earliest convenience in order to investigate and resolve the situation. Once this is done, if you determine the program was malicious, please also determine how this software came to be installed on your droplet and prevent it from being installed again in the future. As soon as this is done let us know and we will investigate re-enabling your networking.
If you need any guidance on how to find and resolve this issue, we recommend reviewing this:
https://www.digitalocean.com/community/tutorials/h...
Please understand that this is a very serious issue as it negatively impacts our platform and your server. If you have any questions just let us know.
Thank you,
DigitalOcean Support

I would be grateful for an explanation of this situation, and perhaps a useful practice on how to protect yourself?
Also, will it be enough to configure fail2ban and access via ssh exclusively by keys?
UPD:
Droplets run Node.js + MongoDB in replicaset
Ports are used by Monga and
Node UPD2:
Yes, Redis is used, default configs. check this bug