Digital Ocean, can you stop Brute Force our IPs?

Posted March 3, 2018 3.4k views

Our whole /19 IPs are getting brute force attack from Digital Ocean IPs every single day. the worst thing is that those kids know you guys don’t care much.

What a good deal? you get US IP that is hackable anywhere in the USA.

Abuse reporting does not help.

Are you guys brainless to let those happen in the USA? Seriously I don’t know if you guys are full of UK in NY office so don’t bother to break the environment of other nation.

You guys are the most prominent backdoor in the state.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
3 answers

What is your question for the DigitalOcean community?

I have been having these attacks for weeks as shown for the last two days, below. is either overwhelmed or under staffed or both. My solution as of today is to block their entire domain 107/170.0.0/16, since they have no valid reason to be accessing my servers.

[“May 5 14:56:15 wbofw sshd[22084]: Connection from port 58873 on port 22”,
“May 5 14:56:19 wbofw sshd[22084]: User root from not allowed because not listed in AllowUsers”,
“May 5 14:56:19 wbofw sshd[22084]: inputuserauthrequest: invalid user root [preauth]”,
“May 5 14:56:19 wbofw sshd[22084]: Received disconnect from port 58873:11: Normal Shutdown, Thank you for playing [preauth]”,
“May 5 14:56:19 wbofw sshd[22084]: Disconnected from port 58873 [preauth]”]
[“May 5 16:03:24 wbofw sshd[27194]: Connection from port 56651 on port 22”,
“May 5 16:03:24 wbofw sshd[27194]: Invalid user ubuntu from port 56651”,
“May 5 16:03:24 wbofw sshd[27194]: inputuserauthrequest: invalid user ubuntu [preauth]”,
“May 5 16:03:25 wbofw sshd[27194]: Received disconnect from port 56651:11: Normal Shutdown, Thank you for playing [preauth]”,
“May 5 16:03:25 wbofw sshd[27194]: Disconnected from port 56651 [preauth]”]
[“May 5 16:22:56 wbofw sshd[28535]: Connection from port 42680 on port 22”,
“May 5 16:22:57 wbofw sshd[28535]: Invalid user mysql from port 42680”,
“May 5 16:22:57 wbofw sshd[28535]: inputuserauthrequest: invalid user mysql [preauth]”,
“May 5 16:22:57 wbofw sshd[28535]: Received disconnect from port 42680:11: Normal Shutdown, Thank you for playing [preauth]”,
“May 5 16:22:57 wbofw sshd[28535]: Disconnected from port 42680 [preauth]”]
[“May 6 04:22:29 wbofw sshd[13883]: Connection from port 54472 on port 22”,
“May 6 04:22:56 wbofw sshd[13883]: Invalid user lian from port 54472”,
“May 6 04:22:56 wbofw sshd[13883]: inputuserauthrequest: invalid user lian [preauth]”,
“May 6 04:22:56 wbofw sshd[13883]: Received disconnect from port 54472:11: Bye Bye [preauth]”,
“May 6 04:22:56 wbofw sshd[13883]: Disconnected from port 54472 [preauth]”]
[“May 6 10:06:30 wbofw sshd[8221]: Connection from port 53235 on port 22”,
“May 6 10:06:35 wbofw sshd[8221]: Address maps to, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!”,
“May 6 10:06:35 wbofw sshd[8221]: User ftp from not allowed because not listed in AllowUsers”,
“May 6 10:06:35 wbofw sshd[8221]: inputuserauthrequest: invalid user ftp [preauth]”,
“May 6 10:06:35 wbofw sshd[8221]: Received disconnect from port 53235:11: Normal Shutdown, Thank you for playing [preauth]”,
“May 6 10:06:35 wbofw sshd[8221]: Disconnected from port 53235 [preauth]”]