Recently logged into our server after we had the site crash, to restart it, and noticed over 50,000 failed logins to the server since the last successful one only a couple days prior. So I ran "last" command first, and didn't find any suspicious successful logins, and then ran "lastb" and got a whooping list mostly coming from china and similar IPs.
My main guy that handles this stuff is on vacation now so I'm sort of slowly teaching myself; I am just wondering if this could of been what caused the server to crash and slow down beforehand, if this is an attack, or an attempt to hack, and recommendations to fix it.