My droplet got disabled, presumably, because of weak root password.

June 27, 2019 1.1k views
DigitalOcean Ubuntu Ubuntu 18.04

2 days ago, my network consultant changed my password to <snip> in order to fix something.

A day later, my server got disabled by DO. They email me this

“”“"We are writing to let you know that your Droplet FFGCCLUB-SERVER at <snip> has been disconnected from the network after it contributed 1.5 Gbps to a 12.4 Gbps Distributed Denial of Service attack. The network traffic from your Droplet matches a pattern of malicious traffic originating from other Droplets targeted at a specific victim. We understand how disruptive this may be to your work; however, it was critical for us to disconnect your Droplet to reduce further harm.

Your path to resolution will be influenced by how you use FFGCCLUB-SERVER, your technical expertise, and/or your time available for investigation.”“”“

I have done some research. and i found a DO moderator said that "a weak password can cause DO to disable someone network”
(https://www.digitalocean.com/community/questions/why-am-i-getting-disconnected-from-network-so-frequently)

PS. I ran all my websites with Cloudflare.

2 Answers

Is there any solution to get my Droplet up online. Now it all disconect. Cannot access website at all (SFTP also).

Hi there @FFGCCLUB,

Very sorry that you are experiencing this issue. I have requested that this is escalated internally and you should get a response soon on the related support ticket for this issue. Unfortunately, as a community, we cannot do anything more to assist with resolving this.

With the weak password that you had set, it is possible that a malicious user managed to guess it and then abuse your droplet to launch a DDoS attack from it.

- Matt.

Have another answer? Share your knowledge.