Compromised droplet.

Posted March 5, 2020 854 views

Greetings, one of my droplets has been compromised. Files were added and removed that I did not upload. I am wondering if there are detailed logs as far as connections for the last 2 months. From January to the end of February.

The logs on the server were deleted. Any help in this matter would be greatly appreciated.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers

Awesome one.
Thanks alot for info

Unfortunately, in cases like this, your best bet is to do a fresh install on a new droplet.

It can be time-consuming and expensive to be sure that the environment is clean as you often require external help. Of course, the more you know about how the issue occurred, the better your chances of preventing this from happening again.

If you were not using centralized logging then all the logs are likely gone. I assume you have checked the standard OS logs. The exact location depends on the OS that you’re using.