Join 1M+ other developers and:
- Get help and share knowledge in Q&A
- Subscribe to topics of interest
- Get courses & tools that help you grow as a developer or small business owner
security email from digital ocean - what setps i need to follow ?
I got below email from digital ocean. we created many droplets in digital ocean. so is the below email indicates any of the droplet if attacked ? what i need to do now ?
< TLDR: A long-standing vulnerability has been identified which affects some 1-Clicks running MySQL. We strongly recommend that you run this script to see if your Droplet is impacted and update your credentials if necessary. > If you changed your debian-sys-maint MySQL user credentials upon install, you are not impacted by the vulnerability and no action is required.
Here are the 1-Clicks impacted and potentially remotely exploitable unless you have taken action to change the debian-sys-maint password:
MySQL and PHPMyAdmin
We will be issuing a public notice regarding this issue, but first wanted to ensure our impacted users had time to take action. As part of our verification process, we have discovered that images on other cloud providers also have this mis-configuration. Please consider updating any instances you have there as well; you can use the script we’ve created (it works on Debian and Ubuntu MySQL/MariaDB installations).
We have changed our 1-Clicks to ensure that all future Droplets will have unique, auto-generated passwords for this user.
If you have any questions, please contact our support team.