How to stop my droplet sending SYN Flood

December 11, 2014 2.1k views

My Droplet became hostile client for SYN Flood. An foreign process is sending SYN packets to an remote server i.e my droplet is compromised and used by hacker to perform DDOS attack by sending SYS packets from my droplet. Network for my droplet is disabled by DO. How to stop that process sending SYS flood ?
OS - Ubuntu 14.04 64-bit
Thanks in advance,

1 Answer

If your droplet was launching a SYN Flood it has most likely already been compromised. Cleaning up an already compromised server can be quite an undertaking. The quickest way to resolve this type of issue is often to start over with a clean droplet, transfer over your files and take steps to secure.

On the new droplet you will want to set up a secure configuration. These tutorials will help you get started with this:

Initial Server Setup with Ubuntu 14.04

Additional Recommended Steps for new Ubuntu 14.04 Servers

If you would prefer to attempt to clean your droplet and resolve the issue I would recommend starting with the steps outlined here:

My Droplet has been Compromised and is Sending an Outgoing Flood or DDoS, What do I do.

by Justin Ellingwood
When you start a new server, there are a few steps that you should take every time to add some basic security and give you a solid foundation. In this guide, we'll walk you through the basic steps necessary to hit the ground running with Ubuntu 14.04.
  • Thanks for reply. If I destroy my droplet and recreate a new one will I get the same old IP address ? I can't change my IP as it is used by many clients.

  • Yes. When you destroy a droplet it's IP address remains reserved to your account for a while. As long as you wait for the destroy event in the control panel to complete and then create your new droplet in the same region as your old one within 24 hours or so it will inherit the IP address.

Have another answer? Share your knowledge.