By paandittya
I have been hosting my web api server on Digital Ocean for over 2 years now. In last 5-6 months I noticed my droplet dashboard has a persistent periodic (generally every 1 hour) CPU% utilization spike as shown in this image link . At first I thought that may be I accidentally pushed some orphan process via my git pull in the api which is running periodically. So I started to investigate my code. However I found that there is nothing wrong with my application. So my suspicion increased and then I started checking my authentication logs. There I saw huge number of malicious SSH auth attempts and subsequent failure logs. Although I have UFW and Fail2Ban in place for protection and I am using passwordless ssh keys, but these spam events cause spikes in my server cpu usage, disk IOs and network in outs. I am just wondering if this is normal (which I do not think because a few months ago this was not that frequent). I have also noticed a dramatic upsurge in my web server 4xx logs. Is anyone else experiencing such events. If yes, then what counter measures have you taken. If no, then can anyone please guide me how such events are mitigated?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.