Question
Recover from Compromised Droplet
Hi there,
I got an alert that my droplet had been probing other sites for security holes. I emailed back and forth with the Digital Ocean support team, and they said "compromised droplets are backdoored and you will likely need to delete the droplet."
Two questions:
1. How could this have happened? I thought I had secure passwords for my ssh access and for mysql. Were there other passwords I needed to be aware of?
2. How do I delete the droplet and make a new one? Is there anything I should be aware of concerning the compromised account? Could they have inserted files or something into my Wordpress blog database? Everything still looks normal.
Add a comment
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×