Many advised that I discovered, to power off droplet via command line - noob question (as I’m a beginner)....where can I find the command line tool?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×Hey!
For starters, in the Dashboard. Look on the right side of your droplet that says “More”, click on it and you’ll find “Access Console”. This is one direct way of accessing the server’s command line.
If you want to shut down the server via CLI (Command Line Interface), enter this command. Using the command from the dashboard though will not let you copy and paste versus using SSH. Which is something you may need to look up later on.
Question
shutdown -h now
This is not the only command to shutdown the server, but this is one of the safest as there are other options such as the one from the dashboard that basically either forces the server to power off or restart.
Hey, thanks - sorry but i find that when asked for login and password, they’re not the same as my digital ocean account credentials. Is there any way I can reset this (I assume the guy that I worked with, associate his own email to tie with the login and password, as I did not receive any email when I tried to reset the password? How can I go about this?
You may need to ask the owner of that server for the password. Naturally the default username of the server is “root”. If he/she does not have knowledge of the server’s password, then the holder of that account should request a password reset. It’s important that the account holder has knowledge of the state of the server’s security.
i log into digital ocean account fine, but not via access console - am I to understand that my developer could set a different set of login and password for the console?
If that’s the case, how can I back-up my website immediately? I’ve enabled backup feature, but it’s only scheduled to backup few days from now.
I’m still trying to piece the puzzle together…thanks for bearing.
The developer can create additional accounts within the server if needbe, of course, you would need to use the sudo command (thus using the root password regardless) in order to shutdown/restart the server. Unless he creates an additional account that has root privileges, you’ll need to use sudo.
Sounds like sudo would be useless in controlling the server, as he holds the login credential in the access console (i.e. having least a different account within the server (my understanding - correct me if I’m wrong).
In which case, i’m leaning towards backing up the website immediately to an offsite location- how can I do this? I’ve enabled backup but the next automated scheduled session would only occur few days from now. Can’t find any sources online for this unfortunately.
You’ll be able to create a new droplet that uses the backup so that you’ll have the exact same server (but DigitalOcean is capable of reconfiguring the server for a new IP, Hostname, and Password).
If you want to put this site on a different server sooner, you’ll need to do a snapshot (requires temporarily powering off the server).
My understanding being droplet=server? If that’s the case, would it be safe for me to assume that if my developer has backdoor/different account, he retains control only over that 1 existing server I have? * silly question, I’m guessing ‘yes’ of course, just wish to confirm
Well yes, if a backdoor were to be the case, then one of the best solutions is to move the website itself (alongside cleaning the database and checking files as well) to a new server instead of duplicating the server. As the developer’s key could be in the server, and a key lets you not have to use a password.
I’ve moved the website to a new server now. Not sure how to go bout cleaning database & check the files - does this mean he could still have some backdoor access at any point to the site at the new server? *if yes, what are some of the tools I can use for database cleaning & file checking?
Realistically, no one is safe. I can’t say on any tools as I do not know any, I’m always having to do a lot of maintenance by hand as I develop everything myself. There are many tutorials on security here, so you’ll have to look about the many options that may appear before you. You’ll start to gain interest on being in more control over your own servers.
Don’t worry, not every developer here knows how to backdoor.