Server down - Denial of Service attack

August 18, 2016 938 views
DigitalOcean Ruby on Rails Ubuntu

Hi there,

I am running ruby on rails application in my Droplet and I got mail like "Denial of Service attack" and I checked the application log file and 3 more users only accessed the server so I don't how Denial of Service attack happen.

Is there any way to find out the what is the issue and where to check and how to resolve this kind of issues?

Please help on this, thanks in advance.

Thanks!

3 Answers

Was the mail you received from DigitalOcean? Did it specify that there was an incoming Denial of service attack targeting your droplet or a denial of service attack coming from your droplet? If a ticket was opened on your account the very first step should be to respond to that ticket and our team can help you understand your options moving forward.

Hi ryanpq,

Thanks for the response
Yes I received mail from Digital Ocean.
They specify like "Outgoing Denial of Service attack originating from your Droplet"

Yes I respond and asked for the reason. But they are advising to take backup and restore.

I had the same problem. I also received an email from them. Let me get this straight, Are they implying that "somebody" hacked into my droplet and used it to create a Denial of Service Attack? I know I didn't do it. How can they do it? I checked the /var/log/auth.log and there was nothing. Should I register an e-mail every time somebody logs into my droplet? Perhaps that hacker used a security hole in the application server (tomcat) or perhaps some malware in my java libraries (all of them are Open Source). Could be it because a security problem in Digital Ocean?
Well I re-installed everything, I changed the default ssh port and I installed a firewall.
Any help to prevent this from happening again would be appreciated.

Have another answer? Share your knowledge.