Hacker using Digital Ocean IPs

September 1, 2017 6.4k views
DigitalOcean Security

I report a particular hacker using Digital Ocean on nearly a daily basis. I supply logs to show the hacker access to my droplet. I provide links to abusedb.com to show the IP is being used for hacking.

What does it take for Digital Ocean to simply refuse to provide a user service when they are demonstratively show to be a bad actor?

5 Answers

Are you using tickets? I doubt you'll get much done by creating a ticket. I suggest you send them an email to abuse@digitalocean.com with all the information regarding users malicious actions.
All hosting companies will have people who abuse their services and to be honest with you not many of them do much about it anyway.

  • I use abuse@digitalocean.com.

    I don't report the scrapers, wordpress hackers, port sniffers, etc. However email is sacred because if you have a bad actor in your IP space, some RBL will block the entire IP space in some of their more aggressive lists. As you probably know, the RBL providers are mighty useless regarding why you are on the list, presumably so you don't discover how to avoid their spammer detector. Frankly given the poor job Digital Ocean does on blocking this hacker, I don't blame the RBLs for blocking an entire chunk of Digital Ocean. I would do the same thing since the hacker has been operational for months.

    Personally when you have over 100 RBL providers, there is simply something suspicious. I've heard some are shakedown artists. Pay them money not to be on the list. I try to get some hosting companies to drop the slime RBLs like spamrl, but it isn't easy.

I just got hit by a script kiddie, using DigitalOcean to brute force ssh.

current IP of the attacker (as of 9th january, 2018): 46.101.7.101

I guess this is the dude you're talking about.
If I/you/we are lucky, DI sysops might see this post - and will do SOMETHING.

I've basically given up on the sys admins to block the DO hackers. I assume this is a problem on all VPSs, given the cost we pay these days. That is, I used to get hacked without mercy from Linode until I blocked most of Linode. I have slowly put together the IP space of DO as I've been hacked. Don't expect perfection, but it will block many DO droplets.
DO IP space
It expires in a week, but just ask again if you need it.

I'm probably stating the obvious here, and this is hardly the only solution, but my workflow is look up the IP on ip2location.com. Once I determine it is a datacenter, VSP, VPN or what I determine to be a trouble maker, I put the IP address into bgp.he.net and get the AS. You can either block the one CIDR from bgp.he.net, or you can look at the IPV4 space list and select the matching names.

For example, from my nginx log:

400 104.236.186.55 - - [17/Jan/2018:03:42:43 +0000] "SSH-2.0-Go" 173 "-" "-" "-"

Clearly an IP that isn't going to do any browsing. Ip2location show that IP is at DO SFO. The associated CIDR is 104.236.128.0/18, which you can block in the firewall of your choice from everything but maybe port 25 should you want email from the hacker.

bgp.he.net identifies the IP as the infamous stretchoid hacker, or researcher if you believe them.

104.236.186.55 (zg-1222a-94.stretchoid.com) 

abusedb
Shocker, it is in the abuse database. ;-) The IP CIDR is in AS14061. The associated IPV4 space is at
as14061
which is not exclusively DO. You can cut, paste, sed the results to get it in the form you want.

There are other ways to get the contents of an AS, but they don't seem to be up to date. That is bgp.he.net has more IP CIDRs. Here is one example of how to enumerate an AS.
[list AS]https://www.linkedin.com/pulse/autonomous-system-lookup-using-command-line-linux-mezgani-ali()

I reported a phisher and a spammer and got a response via email saying they will not do anything.

You find details and you can drill down by every IP in the problems and registered attacks from AS14061 (Digital Ocean). This here are only 660 IPs, they have attacked our servers in between of 7 days - example via: https://www.anti-attacks.com/daten-abfrage/?abfrage_ip=162.243.168.172

ip attacks
162.243.168.172 2042
157.230.122.181 1485
206.189.36.69 1484
165.227.39.71 1480
142.93.58.151 1472
167.99.13.45 1457
209.97.153.35 1381
82.196.15.195 1338
157.230.129.73 1231
104.236.119.79 1225
157.230.146.88 846
157.230.174.111 785
138.197.197.174 768
198.199.107.41 744
159.203.17.176 735
165.22.143.229 668
134.209.120.68 519
104.248.85.54 511
162.243.20.243 462
104.248.150.150 442
178.62.226.37 289
178.62.6.225 251
159.89.100.35 248
165.227.140.120 235
159.89.163.235 221
104.248.1.14 186
188.166.216.84 163
68.183.97.220 154
128.199.118.27 149
192.241.253.218 138
138.197.133.232 117
157.230.177.88 114
157.230.28.16 107
206.189.88.75 74
178.128.79.169 67
128.199.182.235 66
167.99.75.174 66
138.68.146.186 64
167.99.200.84 63
206.189.136.160 63
104.236.38.105 63
206.189.188.223 61
139.59.180.53 61
159.65.245.203 61
206.189.145.152 60
159.65.144.233 60
46.101.27.6 60
206.81.24.64 56
138.68.87.0 56
178.128.213.25 56
139.59.78.236 54
104.248.211.180 54
206.189.197.48 54
165.22.252.92 52
207.154.232.160 52
178.128.81.125 51
178.128.201.224 51
206.189.166.172 50
139.59.85.89 50
159.65.242.16 49
159.65.30.66 48
138.68.20.158 48
159.65.175.37 48
159.89.182.194 47
178.62.117.82 47
209.97.142.250 47
206.189.131.213 47
104.236.246.16 46
104.236.81.204 46
206.189.186.191 46
178.128.215.16 45
159.203.77.51 45
134.209.55.7 44
139.59.56.121 44
206.189.229.112 43
165.227.97.108 43
159.65.34.82 43
128.199.128.215 43
138.197.142.181 43
138.197.72.48 42
139.59.59.90 42
104.236.30.168 40
206.189.239.103 40
178.128.124.83 40
128.199.133.249 40
138.197.105.79 40
104.248.69.142 39
206.189.94.158 39
178.128.195.6 39
139.59.135.84 39
159.65.149.131 39
159.65.7.56 39
159.89.165.127 39
178.128.107.164 38
104.236.52.94 38
178.62.117.106 38
134.209.164.164 38
139.59.17.173 37
159.65.148.241 37
159.203.111.100 37
159.65.81.187 37
174.138.56.93 36
139.59.92.10 36
37.139.13.105 36
139.59.59.187 35
46.101.163.220 35
139.59.9.58 35
138.68.143.226 35
167.99.230.57 35
178.128.156.144 35
206.189.200.22 34
167.99.46.145 34
142.93.198.86 33
159.65.54.221 33
165.227.68.88 33
128.199.69.86 33
46.101.235.214 32
139.59.79.56 31
178.128.17.76 31
107.170.172.23 30
206.189.226.43 30
67.205.177.0 29
178.62.199.240 29
167.99.3.40 29
138.68.186.24 29
138.197.153.228 29
165.227.140.123 29
206.189.65.11 28
104.236.31.227 28
167.99.71.144 28
142.93.167.172 27
128.199.202.206 27
45.55.12.248 26
45.55.232.84 26
146.185.149.245 26
159.203.100.20 25
206.189.222.38 25
104.236.131.54 24
134.209.63.140 24
139.59.59.154 24
157.230.234.222 23
139.59.34.17 22
165.227.166.144 22
46.101.1.198 22
142.93.240.79 21
206.189.134.83 21
206.189.137.145 21
104.248.187.165 21
138.68.171.25 20
142.93.39.181 20
142.93.81.77 20
209.97.187.108 19
157.230.183.255 19
188.226.250.187 17
104.248.175.98 16
142.93.47.74 16
46.101.127.49 16
139.59.84.55 16
204.48.31.143 15
68.183.181.7 15
139.59.170.23 15
134.209.61.78 15
198.211.107.151 15
157.230.42.76 15
165.227.69.188 14
206.189.128.7 14
104.131.84.59 14
104.248.55.99 13
162.243.97.113 13
138.68.17.96 12
178.62.194.63 12
209.97.174.145 12
128.199.59.42 11
104.131.175.24 10
104.248.134.200 10
104.248.177.184 10
157.230.84.180 10
139.59.6.148 10
159.65.191.184 9
167.99.65.138 9
157.230.32.188 9
67.205.135.188 9
165.227.9.184 9
192.241.211.215 9
138.68.254.12 9
142.93.253.203 9
82.196.14.222 9
178.128.73.191 9
192.241.185.120 8
206.189.165.34 8
157.230.91.45 8
45.55.47.149 8
128.199.229.131 8
138.197.171.124 8
157.230.222.149 8
188.166.251.87 8
134.209.99.242 8
46.101.18.118 8
104.248.148.98 8
138.197.151.248 8
167.99.101.168 8
159.203.86.82 7
138.197.127.59 7
162.243.149.209 7
207.154.239.128 7
68.183.36.92 7
68.183.16.188 7
104.236.122.193 7
142.93.170.244 7
188.166.178.121 7
165.227.67.64 7
138.68.70.108 7
134.209.106.54 7
167.99.156.157 7
159.65.145.175 7
134.209.243.95 7
142.93.179.95 6
134.209.196.169 6
178.62.47.177 6
159.203.37.83 6
134.209.199.82 6
178.128.217.58 6
157.230.93.62 6
159.65.164.133 6
46.101.81.143 6
134.209.40.67 6
165.22.255.179 6
142.93.139.119 6
139.59.214.38 6
162.243.13.195 6
134.209.182.204 6
139.59.75.241 6
167.99.92.141 6
45.55.243.124 6
157.230.56.187 6
178.128.214.241 6
162.243.142.193 6
178.128.255.8 6
46.101.38.173 5
68.183.90.46 5
159.89.166.115 5
178.128.47.207 5
45.55.190.106 5
157.230.134.219 5
107.170.113.190 5
128.199.104.232 5
157.230.13.28 5
128.199.83.146 5
162.243.94.34 5
159.203.189.255 5
188.166.172.117 5
167.99.138.153 5
68.183.41.215 5
165.227.131.210 5
157.230.41.56 5
167.99.38.240 5
167.99.153.31 5
68.183.118.79 5
178.128.82.133 5
104.131.185.1 5
139.59.19.168 5
142.93.3.124 5
45.55.142.207 5
142.93.211.31 5
68.183.161.99 5
68.183.95.97 5
188.166.208.131 5
134.209.10.41 5
68.183.88.131 5
134.209.183.233 5
142.93.221.103 5
167.99.232.88 5
128.199.52.84 5
157.230.228.186 5
104.248.4.117 4
157.230.112.34 4
159.203.13.4 4
165.22.110.231 4
142.93.37.180 4
157.230.30.23 4
188.166.239.94 4
46.101.237.212 4
159.89.100.38 4
165.22.202.29 4
157.230.230.181 4
134.209.113.22 4
142.93.187.61 4
46.101.126.14 4
178.128.52.126 4
46.101.240.197 4
165.227.159.16 4
206.189.16.203 4
46.101.170.142 4
159.65.131.134 4
128.199.209.209 4
157.230.18.33 4
167.71.34.173 4
139.59.73.38 4
198.211.122.197 4
68.183.22.86 4
128.199.87.57 4
128.199.253.133 4
206.189.112.60 4
142.93.251.1 4
157.230.157.99 4
174.138.58.136 4
107.170.194.62 4
162.243.160.63 4
134.209.48.133 4
68.183.200.119 4
104.248.132.25 4
37.139.24.204 4
138.68.165.102 4
178.128.105.2 4
139.59.23.20 4
178.62.46.4 4
204.48.24.34 4
138.68.82.220 4
159.65.162.182 4
207.154.238.50 4
165.22.88.10 4
104.248.134.125 4
206.189.40.105 4
68.183.192.207 3
134.209.15.14 3
188.166.85.78 3
198.199.106.55 3
46.101.107.118 3
104.248.254.222 3
67.205.138.125 3
104.236.28.167 3
128.199.219.121 3
159.65.91.16 3
167.99.32.241 3
206.189.221.160 3
138.68.236.225 3
167.99.132.51 3
128.199.205.52 3
134.209.179.120 3
178.128.10.204 3
159.65.147.154 3
178.62.54.120 3
68.183.207.50 3
162.243.150.216 3
104.248.225.22 3
178.62.16.52 3
46.101.126.68 3
138.68.64.210 3
167.99.76.71 3
207.154.206.132 3
46.101.42.142 3
165.22.78.120 3
178.62.63.148 3
206.189.27.224 3
68.183.183.18 3
46.101.98.242 3
128.199.65.26 3
157.230.51.28 3
167.99.70.82 3
67.205.136.215 3
107.170.48.143 3
128.199.95.163 3
142.93.141.59 3
159.203.26.248 3
192.241.247.89 3
68.183.190.10 3
107.170.199.238 3
139.59.238.14 3
142.93.177.199 3
157.230.106.135 3
134.209.49.59 3
142.93.103.103 3
142.93.36.72 3
165.22.54.62 3
206.189.220.99 3
188.166.103.213 3
134.209.80.221 3
157.230.43.135 3
159.65.129.182 3
159.65.28.172 3
134.209.107.95 2
162.243.194.242 2
167.99.161.150 2
178.128.205.91 2
68.183.134.240 2
142.93.104.203 2
159.65.146.250 2
139.59.29.153 2
188.166.155.178 2
159.65.163.27 2
178.62.233.112 2
165.227.239.137 2
46.101.224.184 2
104.248.27.218 2
107.170.239.125 2
157.230.113.218 2
159.65.233.171 2
162.243.251.58 2
206.189.153.46 2
142.93.139.5 2
192.241.205.172 2
46.101.39.199 2
68.183.91.25 2
139.59.33.157 2
159.65.99.227 2
165.22.69.59 2
128.199.188.201 2
134.209.161.66 2
142.93.246.231 2
159.89.100.48 2
165.22.203.187 2
68.183.182.160 2
198.199.84.154 2
157.230.47.10 2
162.243.12.114 2
165.22.109.213 2
167.99.67.155 2
104.248.135.32 2
178.128.14.26 2
45.55.94.254 2
68.183.192.249 2
167.99.226.50 2
95.85.62.139 2
107.170.23.212 2
157.230.62.219 2
159.203.17.223 2
67.205.157.56 2
188.226.160.61 2
206.189.222.181 2
138.197.129.94 2
157.230.97.97 2
104.248.238.226 2
192.241.147.65 2
178.62.23.108 2
206.189.202.253 2
188.166.101.236 2
206.189.159.108 2
104.236.215.3 2
178.128.152.40 2
104.248.182.179 2
139.59.38.252 2
178.128.57.96 2
206.189.224.173 2
46.101.246.155 2
68.183.237.129 2
159.89.112.17 2
165.227.171.38 2
68.183.134.90 2
104.236.107.55 2
165.22.110.127 2
178.62.176.221 2
206.189.143.75 2
206.81.4.235 2
157.230.29.180 2
157.230.209.220 2
188.166.236.211 2
138.68.191.198 2
159.203.121.190 2
68.183.179.113 2
104.236.218.201 2
107.170.106.13 2
139.59.143.199 2
157.230.85.172 2
67.205.174.102 2
139.59.42.255 2
178.62.75.81 2
67.205.131.152 2
165.22.251.129 2
188.166.215.254 2
46.101.219.44 1
107.170.239.109 1
139.59.249.157 1
209.97.161.162 1
128.199.72.159 1
138.68.28.46 1
157.230.57.112 1
167.99.73.206 1
178.62.193.248 1
104.248.161.82 1
138.197.156.62 1
157.230.214.222 1
165.22.63.3 1
68.183.207.1 1
134.209.23.228 1
159.203.165.90 1
165.227.154.44 1
167.99.233.163 1
209.97.182.100 1
104.236.224.134 1
134.209.98.5 1
165.227.48.91 1
178.128.171.243 1
198.199.123.209 1
46.101.81.27 1
128.199.54.252 1
134.209.247.249 1
142.93.78.111 1
157.230.44.184 1
159.65.130.187 1
162.243.4.134 1
165.22.96.225 1
178.62.83.179 1
188.226.254.169 1
46.101.15.198 1
67.205.133.171 1
138.197.143.84 1
139.59.87.183 1
159.89.132.94 1
206.189.44.105 1
68.183.192.243 1
138.197.24.220 1
138.68.172.225 1
139.59.69.106 1
178.128.208.219 1
188.166.88.91 1
209.97.167.50 1
95.85.17.8 1
104.248.255.118 1
138.68.56.76 1
139.59.62.101 1
157.230.62.164 1
165.227.1.117 1
178.128.111.152 1
207.154.203.230 1
67.205.139.107 1
167.99.36.54 1
45.55.213.131 1
104.131.1.126 1
138.197.128.12 1
138.68.249.4 1
104.236.239.226 1
159.203.57.73 1
165.227.63.207 1
188.166.3.131 1
207.154.240.67 1
67.207.82.173 1
68.183.99.124 1
104.236.69.134 1
139.59.58.166 1
157.230.234.185 1
192.241.145.236 1
104.131.179.45 1
134.209.181.225 1
138.197.146.200 1
159.89.151.10 1
188.166.226.219 1
46.101.229.239 1
138.68.178.64 1
157.230.116.77 1
159.203.103.120 1
188.166.92.10 1
206.189.153.178 1
209.97.168.98 1
139.59.119.91 1
68.183.94.110 1
134.209.216.241 1
138.197.189.223 1
157.230.223.236 1
159.65.126.173 1
159.89.195.16 1
178.128.56.65 1
46.101.242.117 1
68.183.235.106 1
104.131.53.32 1
104.248.122.33 1
128.199.199.183 1
134.209.161.167 1
139.59.79.64 1
159.65.0.75 1
159.89.111.176 1
165.22.205.108 1
178.128.226.199 1
206.189.174.47 1
46.101.171.143 1
134.209.5.139 1
134.209.102.85 1
142.93.175.21 1
159.203.61.149 1
159.65.171.113 1
188.166.7.108 1
198.199.90.139 1
69.55.54.42 1
138.68.23.195 1
142.93.98.26 1
165.22.110.10 1
206.81.0.108 1
68.183.54.67 1
128.199.215.105 1
157.230.186.166 1
165.22.41.73 1
188.166.228.111 1
206.189.83.82 1
46.101.230.159 1
104.248.58.93 1
134.209.153.100 1
138.197.73.65 1
165.22.19.191 1
178.128.213.91 1
134.209.66.147 1
162.243.141.28 1
178.62.203.31 1
46.101.44.142 1
67.205.161.94 1
104.236.37.149 1
128.199.33.76 1
134.209.232.53 1
157.230.227.48 1
159.65.128.246 1
159.89.229.200 1
165.22.78.206 1
178.62.73.245 1
188.226.182.209 1
134.209.164.23 1
139.59.0.145 1
157.230.169.36 1
165.22.244.146 1
174.138.77.106 1
178.128.233.134 1
46.101.197.131 1
178.128.201.246 1
188.166.29.138 1
198.199.101.103 1
46.101.99.173 1
104.248.249.25 1
138.68.26.30 1
157.230.254.143 1
162.243.14.115 1
192.241.167.200 1
46.101.33.199 1
67.205.138.29 1
104.131.251.152 1
128.199.215.184 1
178.128.21.38 1
206.189.84.121 1
45.55.187.39 1
68.183.200.254 1
104.248.63.35 1
128.199.135.251 1
134.209.21.170 1
139.59.77.13 1
165.22.196.53 1
206.189.159.168 1
209.97.176.152 1
46.101.130.20 1
128.199.104.60 1
142.93.163.193 1
159.203.30.2 1
165.227.44.216 1
46.101.79.108 1
68.183.96.112 1
138.68.12.1 1
142.93.73.189 1
159.89.239.9 1
167.99.64.54 1
68.183.33.7 1
104.131.100.152 1
128.199.203.245 1
159.89.125.103 1
165.227.209.166 1
178.128.7.124 1
Have another answer? Share your knowledge.