By simonleee
I purchased three droplets yesterday, one with a strong password, two with a very weak password (1 in SGP, 1 in BLR). When I check my email this morning, DO Is warning me about two of my droplets with weak password were being used for a DDOS attack (Consumes 3.84TB of Bandwidth before DO cut the network of my droplets). My first assumption was my droplets are infected by malware. I wondered did a person just ssh into my machine and download some malware? And how should i recover my data from it?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Hey friend,
Great question. Every server which is online is under constant attack over SSH when on port 22 (not to imply that changing port is more secure), at the very least. If you had an easy password, they likely slipped right in and planted their malware. It isn’t usually a human doing the work, it’s all automated.
If you just spun up these servers yesterday, I’d suggest you might be able to spare the data on them and just destroy the droplets. If you really need the data off, you’ll need to work with our Trust & Safety team to have them re-enable networking after you’ve booted from our recovery ISO:
https://www.digitalocean.com/docs/droplets/resources/recovery-iso/
Jarland
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.