I’d check https://transparencyreport.google.com/safe-browsing/search because most browsers including mozilla firefox rely on google safe browsing.
The other thing to point out is that if an attacker somehow got root access, they could install a so called “rootkit” and what it does it replacing some of the basic commands like top, ps, … with altered ones in order to hide the malware activities
few years ago I was contacted by digital ocean because they got reports about myserver being involved in ssh attack or something like that. Turns out my old drupal website had unpatched vulnersbilities that allowed attacker to access my system and use it for attacking others.
am not saying that to defend your provider they should have at least give you a warning. I an saying that to check yiur server as it may have been compromised
My country also block VPN.
The solution that always worked for me is using OpenVPN with static key configuration. https://openvpn.net/community-resources/static-key-mini-howto/
yes Syncthing should work just fine just make sure to only sync the save directory to minimize bandwidth. rsync is another common tool (at least for Linux) that does same job through command line. making it easier to automate the syncing tasks through bash scripts