My Droplet is compromised and Network Interface disabled

Posted August 25, 2017 4k views
WordPressDigitalOceanNetworkingDNSControl PanelsUbuntu 16.04

My droplet was compromised and Digital Ocean team shutdown my network interface. Now they email me that
<^>Hello there,

I have set your boot device to our Recovery Environment where you will be able to mount your file system (content will appear under /mnt/ ), enable networking, and connect via SSH/SFTP to migrate your backup files to your local machine or a new Droplet.

There are a few steps involved in this process and we’ve listed them in this guide:

Please get back to us when you are finished.


Trust & Safety

But I am getting this error on Step 2 :

What can i do now ? I need sftp access to delete the compromised files. Its been 45 hours and my droplet is still shutdown.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Have you tried force stopping the droplet and turn it back on again?
Make sure next time to protect your droplet from malicious people, probably longer it’s down the better.
You should read this before you start a new droplet once you’ve gotten access and recovered your files

Also may I strongly suggest that once you’ve recovered those files you try and check for any back doors that might be hidden in those files since they’re pretty easy to spread.

by Tim Kornhuber
To protect your SSH server with an two-factor authentication, you can use the Google Authenticator PAM module. Read this tutorial to expand your knowledge on the subject.
  • Thanks for answer, how to force stop droplet ?

    • There should be a slider button on the droplet information page.

      • i did it, poweroff the droplet then ON but still the same error:

        Its been 48 hours and no one is solving my issue. This is the level of DO support ? No one compromized or hack his own server but the response of digital ocean is pathetic. This is why i pay monthly so when i need support no one responce and just shutdown my droplet and websites without having any backups

        • Back-ups are the owner’s responsibility. You can ask DO to perform back-ups for a price (% of your monthly service fee).

          • I know but its been 48 hours and no one is solving my issue … this is what “The Best Server Provider” do with their customers ???? To shutdown their websites and not responding.

          • In reply to almobilecover
            Your droplet alerted digitalocean that it is compromised.
            I’ll say it again, it’s your responsibility to secure your server to avoid stuff like this happening.
            There’s allot of tickets that need to dealt with, if everyone wants a proper response then it’s best you are patient.
            You will not be charged in the mean time.
            They didn’t shut down your site, they shut down your server for your safety and theirs as a company.

    • I had the same issue, I am very unhappy with the support.

      If they want to disable my droplets , I am fine with it. All i need is enable networking for a while to download my data.

      Very unhappy with the result, it took very long time more than 48 hrs and clients are now complaining. We now have no choice but to migrate to other service providers.

      I had been a loyal customer with more than ten droplets,I also did enourage other developers to use DO but their support is terrible.

      Bad experience.