Greetings, one of my droplets has been compromised. Files were added and removed that I did not upload. I am wondering if there are detailed logs as far as connections for the last 2 months. From January to the end of February.
The logs on the server were deleted. Any help in this matter would be greatly appreciated.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Unfortunately, in cases like this, your best bet is to do a fresh install on a new droplet.
It can be time-consuming and expensive to be sure that the environment is clean as you often require external help. Of course, the more you know about how the issue occurred, the better your chances of preventing this from happening again.
If you were not using centralized logging then all the logs are likely gone. I assume you have checked the standard OS logs. The exact location depends on the OS that you’re using.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.