My Droplet became hostile client for SYN Flood. An foreign process is sending SYN packets to an remote server i.e my droplet is compromised and used by hacker to perform DDOS attack by sending SYS packets from my droplet. Network for my droplet is disabled by DO. How to stop that process sending SYS flood ?
OS - Ubuntu 14.04 64-bit
Thanks in advance,
Advaya
If your droplet was launching a SYN Flood it has most likely already been compromised. Cleaning up an already compromised server can be quite an undertaking. The quickest way to resolve this type of issue is often to start over with a clean droplet, transfer over your files and take steps to secure.
On the new droplet you will want to set up a secure configuration. These tutorials will help you get started with this:
Initial Server Setup with Ubuntu 14.04
Additional Recommended Steps for new Ubuntu 14.04 Servers
If you would prefer to attempt to clean your droplet and resolve the issue I would recommend starting with the steps outlined here:
My Droplet has been Compromised and is Sending an Outgoing Flood or DDoS, What do I do.
Thanks for reply. If I destroy my droplet and recreate a new one will I get the same old IP address ? I can't change my IP as it is used by many clients.
Yes. When you destroy a droplet it's IP address remains reserved to your account for a while. As long as you wait for the destroy event in the control panel to complete and then create your new droplet in the same region as your old one within 24 hours or so it will inherit the IP address.
