Question

My Droplet sending Brute Force attact?

Posted April 19, 2014 3.1k views
Dear guys, I have a droplet which I use as an email server. Applications that I installed there are: 1. iRedmail, 2. Phplist, 3. MySql, 4. Apache httpd I had been using it for 3 months already, and suddenly I got a ticket from digitalocean support which shows that my droplet has been performing brute force attack against another server's SSH ... My questions: 1. How can I find out that my server does this things? 2. How can I clean my server that might already invested by a BOTNET? Thanks in advance, Bromo
Add a comment
bromokun
By:
bromokun
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

2 answers
dtnet0843 April 19, 2014
Hello Bromo,

Which OS are you on?

More than likely someone used a exploit on your server.

- Alex
Reply Report
asb April 21, 2014
The first place I'd look is /var/log/auth.log to see if someone else is logging on to the droplet.

I'd also encourage you to install rkhunter as well.
Reply Report
Submit an Answer

Looking for something else?

Ask a new question Search for more help