Dear guys, I have a droplet which I use as an email server. Applications that I installed there are: 1. iRedmail, 2. Phplist, 3. MySql, 4. Apache httpd I had been using it for 3 months already, and suddenly I got a ticket from digitalocean support which shows that my droplet has been performing brute force attack against another server's SSH ... My questions: 1. How can I find out that my server does this things? 2. How can I clean my server that might already invested by a BOTNET? Thanks in advance, Bromo