How Do I Know if my Droplet has Been Compromised?

December 14, 2015 2.4k views
Security
chaze77892a4b53
By:
chaze77892a4b53

I'm new to using VPS so any help would be appreciated.

I have a droplet IP that keeps getting flagged for abuse, but all I use Digital Ocean for is to host websites and I am the only person (from our company) that has access to the droplet.

Anyone have any experience with this. or can recommend what steps I should take to prevent this?

Thanks
Chaz

3 comments
  • ryanpq MOD December 14, 2015

    What is being reported in these abuse complaints?

  • chaze77892a4b53 December 14, 2015

    Hi Ryan, here is what the email said:
    Abused IP address(es): 195.128.28.224
    Abused HTTP host(s): komatransport.pl

    The abuser was attempting to bruteforce administrator password of our website

  • theMiddle December 15, 2015

    hi @chaze77892a4b53

    if you want to stop this kind of attacks, I suggest to use a WAF. If you want, you can find a free WAF here: https://waf.red is a new service in-cloud hosted on digitalocean, very easy to use and setup.

    hope this help :)

    -theMiddle

Log In to Comment
1 Answer
gparent December 14, 2015

You would need to identify specific signs that you are compromised, such as traffic you do not recognize being sent from your droplet.

Reply
Have another answer? Share your knowledge.

Related Questions