How Do I Know if my Droplet has Been Compromised?

December 14, 2015 1.1k views
Security

I'm new to using VPS so any help would be appreciated.

I have a droplet IP that keeps getting flagged for abuse, but all I use Digital Ocean for is to host websites and I am the only person (from our company) that has access to the droplet.

Anyone have any experience with this. or can recommend what steps I should take to prevent this?

Thanks
Chaz

3 comments
  • What is being reported in these abuse complaints?

  • Hi Ryan, here is what the email said:
    Abused IP address(es): 195.128.28.224
    Abused HTTP host(s): komatransport.pl

    The abuser was attempting to bruteforce administrator password of our website

  • hi @chaze77892a4b53

    if you want to stop this kind of attacks, I suggest to use a WAF. If you want, you can find a free WAF here: https://waf.red is a new service in-cloud hosted on digitalocean, very easy to use and setup.

    hope this help :)

    -theMiddle

1 Answer

You would need to identify specific signs that you are compromised, such as traffic you do not recognize being sent from your droplet.

Have another answer? Share your knowledge.