Related

Tool [NEW] Bandwidth Pricing Calculator Tool
How to route outgoing connection via Floating IP Question Question
SFO2 region packet loss / Telia issue? Question Question

Question

Droplets got infected by Bot-Net Malware

Posted December 26, 2018 1.9k views
NetworkingUbuntu 18.04

I purchased three droplets yesterday, one with a strong password, two with a very weak password (1 in SGP, 1 in BLR). When I check my email this morning, DO Is warning me about two of my droplets with weak password were being used for a DDOS attack (Consumes 3.84TB of Bandwidth before DO cut the network of my droplets). My first assumption was my droplets are infected by malware. I wondered did a person just ssh into my machine and download some malware? And how should i recover my data from it?

Add a comment
simonleee
By:
simonleee

Related

Tool [NEW] Bandwidth Pricing Calculator Tool
How to route outgoing connection via Floating IP Question Question
SFO2 region packet loss / Telia issue? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
jarland December 27, 2018

Hey friend,

Great question. Every server which is online is under constant attack over SSH when on port 22 (not to imply that changing port is more secure), at the very least. If you had an easy password, they likely slipped right in and planted their malware. It isn’t usually a human doing the work, it’s all automated.

If you just spun up these servers yesterday, I’d suggest you might be able to spare the data on them and just destroy the droplets. If you really need the data off, you’ll need to work with our Trust & Safety team to have them re-enable networking after you’ve booted from our recovery ISO:

https://www.digitalocean.com/docs/droplets/resources/recovery-iso/

Jarland

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help