Related

ssh login key question .............. Question Question
How can I achieve HIPAA compliance on a DigitalOcean hosted solution? Question Question

Question

Digital Ocean, can you stop Brute Force our IPs?

Posted March 3, 2018 2.6k views
CentOSSecurity

Our whole /19 IPs are getting brute force attack from Digital Ocean IPs every single day. the worst thing is that those kids know you guys don’t care much.

What a good deal? you get US IP that is hackable anywhere in the USA.

Abuse reporting does not help.

Are you guys brainless to let those happen in the USA? Seriously I don’t know if you guys are full of UK in NY office so don’t bother to break the environment of other nation.

You guys are the most prominent backdoor in the state.

Add a comment
seandex
By:
seandex
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers
Woet March 3, 2018

What is your question for the DigitalOcean community?

Reply Report
jasonjpeters March 4, 2018
Reply Report
billott May 6, 2019

I have been having these attacks for weeks as shown for the last two days, below. Abuse@digitalocean.com is either overwhelmed or under staffed or both. My solution as of today is to block their entire domain 107/170.0.0/16, since they have no valid reason to be accessing my servers.

[“May 5 14:56:15 wbofw sshd[22084]: Connection from 107.170.231.42 port 58873 on 96.10.34.34 port 22”,
“May 5 14:56:19 wbofw sshd[22084]: User root from 107.170.231.42 not allowed because not listed in AllowUsers”,
“May 5 14:56:19 wbofw sshd[22084]: inputuserauthrequest: invalid user root [preauth]”,
“May 5 14:56:19 wbofw sshd[22084]: Received disconnect from 107.170.231.42 port 58873:11: Normal Shutdown, Thank you for playing [preauth]”,
“May 5 14:56:19 wbofw sshd[22084]: Disconnected from 107.170.231.42 port 58873 [preauth]”]
[“May 5 16:03:24 wbofw sshd[27194]: Connection from 107.170.249.235 port 56651 on 96.10.34.40 port 22”,
“May 5 16:03:24 wbofw sshd[27194]: Invalid user ubuntu from 107.170.249.235 port 56651”,
“May 5 16:03:24 wbofw sshd[27194]: inputuserauthrequest: invalid user ubuntu [preauth]”,
“May 5 16:03:25 wbofw sshd[27194]: Received disconnect from 107.170.249.235 port 56651:11: Normal Shutdown, Thank you for playing [preauth]”,
“May 5 16:03:25 wbofw sshd[27194]: Disconnected from 107.170.249.235 port 56651 [preauth]”]
[“May 5 16:22:56 wbofw sshd[28535]: Connection from 107.170.249.235 port 42680 on 96.10.34.34 port 22”,
“May 5 16:22:57 wbofw sshd[28535]: Invalid user mysql from 107.170.249.235 port 42680”,
“May 5 16:22:57 wbofw sshd[28535]: inputuserauthrequest: invalid user mysql [preauth]”,
“May 5 16:22:57 wbofw sshd[28535]: Received disconnect from 107.170.249.235 port 42680:11: Normal Shutdown, Thank you for playing [preauth]”,
“May 5 16:22:57 wbofw sshd[28535]: Disconnected from 107.170.249.235 port 42680 [preauth]”]
[“May 6 04:22:29 wbofw sshd[13883]: Connection from 107.170.105.164 port 54472 on 96.10.34.40 port 22”,
“May 6 04:22:56 wbofw sshd[13883]: Invalid user lian from 107.170.105.164 port 54472”,
“May 6 04:22:56 wbofw sshd[13883]: inputuserauthrequest: invalid user lian [preauth]”,
“May 6 04:22:56 wbofw sshd[13883]: Received disconnect from 107.170.105.164 port 54472:11: Bye Bye [preauth]”,
“May 6 04:22:56 wbofw sshd[13883]: Disconnected from 107.170.105.164 port 54472 [preauth]”]
[“May 6 10:06:30 wbofw sshd[8221]: Connection from 107.170.172.23 port 53235 on 96.10.34.40 port 22”,
“May 6 10:06:35 wbofw sshd[8221]: Address 107.170.172.23 maps to www.thethinktankers.in, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!”,
“May 6 10:06:35 wbofw sshd[8221]: User ftp from 107.170.172.23 not allowed because not listed in AllowUsers”,
“May 6 10:06:35 wbofw sshd[8221]: inputuserauthrequest: invalid user ftp [preauth]”,
“May 6 10:06:35 wbofw sshd[8221]: Received disconnect from 107.170.172.23 port 53235:11: Normal Shutdown, Thank you for playing [preauth]”,
“May 6 10:06:35 wbofw sshd[8221]: Disconnected from 107.170.172.23 port 53235 [preauth]”]

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help