Question

Compromised droplet.

Posted March 5, 2020 93 views
Security

Greetings, one of my droplets has been compromised. Files were added and removed that I did not upload. I am wondering if there are detailed logs as far as connections for the last 2 months. From January to the end of February.

The logs on the server were deleted. Any help in this matter would be greatly appreciated.

Add a comment
smokeone810
By:
smokeone810
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers
sdev36744 March 5, 2020

Awesome one.
Thanks alot for info
Tc

Reply Report
mjoffe March 6, 2020

Unfortunately, in cases like this, your best bet is to do a fresh install on a new droplet.

It can be time-consuming and expensive to be sure that the environment is clean as you often require external help. Of course, the more you know about how the issue occurred, the better your chances of preventing this from happening again.

If you were not using centralized logging then all the logs are likely gone. I assume you have checked the standard OS logs. The exact location depends on the OS that you’re using.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help