Compromised droplet.

Question

Greetings, one of my droplets has been compromised. Files were added and removed that I did not upload. I am wondering if there are detailed logs as far as connections for the last 2 months. From January to the end of February.

The logs on the server were deleted. Any help in this matter would be greatly appreciated.

Answer 1

sdev36744 March 5, 2020

Awesome one.
Thanks alot for info
Tc

Reply Report

Answer 2

mjoffe March 6, 2020

Unfortunately, in cases like this, your best bet is to do a fresh install on a new droplet.

It can be time-consuming and expensive to be sure that the environment is clean as you often require external help. Of course, the more you know about how the issue occurred, the better your chances of preventing this from happening again.

If you were not using centralized logging then all the logs are likely gone. I assume you have checked the standard OS logs. The exact location depends on the OS that you’re using.

Reply Report

Related

Question

Compromised droplet.

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Compromised droplet.

Related

Leave a comment

Related

question

ISIS hack on my server / droplet

question

Game Server DDoS Attack??

question

How do I put my SSH key on my droplet? (Publickey,password in particular)

question

"freebsd-update install" command fails on FreeBSD 10.1-RELEASE

Looking for something else?