Why am I getting disconnected from network so frequently?

May 6, 2019 734 views
DigitalOcean Networking Ubuntu

This is the third time I created a droplet in order to have access to my content and yet, the next day I receive the following message:

“We are writing to let you know that your Droplet Celats-18.11 at 68.183.100.152 has been disconnected from the network after it contributed 125.7 Mbps to a 12.6 Gbps Distributed Denial of Service attack. The network traffic from your Droplet matches a pattern of malicious traffic originating from other Droplets targeted at a specific victim”

This is certeanly gonna cause me a lot of trouble and really want to know how to avoid this.

7 Answers

Greetings!

I’m sorry that this has caused so much trouble. I understand first hand how frustrating that can be. If this keeps happening to you, it should be true that something unique to your situation is the underlying cause. Generally this means one of two things:

  • Public facing software that contains a vulnerability, being exploited by a remote party.
  • Compromised root password (shared with a compromised website, easily guessed, things like that).

I know that’s a little vague but if it keeps happening, it’s surely one of those. It’s just hard for me to know which one it might be.

Jarland

  • Hi there jarland

    About the reasons why I’m getting disconnected so often… I think the second one is not the case, ‘cause yesterday I used (for the very first time) pair-key authentication. About the first one, that one may be a reason. However, I took some measures given in the community, like… Creating a firewall, whitelist IPs. So I really don’t know what else I should do.

    My application is a Library Software called Koha, and this has two interfaces which I access using IP and the ports 8080 (intranet) and 8081 (Catalog). it doesn’t have a domain or a SSL certificate and I think these are not mandatory to keep working in my droplet.

    I would appreciate any guidance or tips to solve this problem

Hi there jarland

About the reasons why I’m getting disconnected so often… I think the second one is not the case, ‘cause yesterday I used (for the very first time) pair-key authentication. About the first one, that one may be a reason. However, I took some measures given in the community, like… Creating a firewall, whitelist IPs. So I really don’t know what else I should do.

My application is a Library Software called Koha, and this has two interfaces which I access using IP and the ports 8080 (intranet) and 8081 (Catalog). it doesn’t have a domain or a SSL certificate and I think these are not mandatory to keep working in my droplet.

I would appreciate any guidance or tips to solve this problem

Without notifying us, DIGITAL ocean just disconnect from us from network. What a business very damn supportive to customer that paid regularly.

“We are writing to let you know that your Droplet imagemakehouse.jp at 68.183.229.140 has been disconnected from the network after it contributed 379869.37 pps to a 590283.43 pps Distributed Denial of Service attack. The network traffic from your Droplet matches a pattern of malicious traffic originating from other Droplets targeted at a specific victim. We understand how disruptive this may be to your work; however, it was critical for us to disconnect your Droplet to reduce further harm.”

Hello i just get the same problem. I think in my case, it is compromised password. 3 Days ago, my consultant just changed root password to an easy one.

How to connect the Droplet back online?

I have the same problems three times:

  1. One [DigitalOcean] Ticket #02991008: Networking Disabled: FORMULA1: ref:00Df218t5m.5004Pyyyun:ref Inbox x

DigitalOcean Abuse abuse-replies@digitalocean.com
Sun, Oct 6, 1:29 PM (1 day ago)
to me

Hi,

We are writing to let you know that your Droplet FORMULA1 at 157.230.87.95 has been disconnected from the network after it contributed 1.6 Gbps to a 10.1 Gbps Distributed Denial of Service attack. The network traffic from your Droplet matches a pattern of malicious traffic originating from other Droplets targeted at a specific victim. We understand how disruptive this may be to your work; however, it was critical for us to disconnect your Droplet to reduce further harm.

  1. Two [DigitalOcean] Ticket #02898010: Networking Disabled: ubuntu-s-1vcpu-1gb-nyc3-01: ref:00Df218t5m.5004PxvvcI:ref Inbox x

DigitalOcean Abuse abuse-replies@digitalocean.com
Sun, Aug 18, 12:37 PM
to me

Hi,

We are writing to let you know that your Droplet ubuntu-s-1vcpu-1gb-nyc3-01 at 167.71.184.105 has been disconnected from the network after it contributed 1.2 Gbps to a 12.5 Gbps Distributed Denial of Service attack. The network traffic from your Droplet matches a pattern of malicious traffic originating from other Droplets targeted at a specific victim. We understand how disruptive this may be to your work; however, it was critical for us to disconnect your Droplet to reduce further harm.

  1. Three [DigitalOcean] Ticket #02892397: Networking Disabled: ubuntu-s-1vcpu-1gb-nyc3-01: ref:00Df218t5m.500f21T0dh2:ref Inbox x

DigitalOcean Abuse abuse-replies@digitalocean.com
Thu, Aug 15, 12:29 PM
to me

Hi,

We are writing to let you know that your Droplet ubuntu-s-1vcpu-1gb-nyc3-01 at 167.71.88.145 ....

Many problems....

The same problem. Please advice a good hosting instead of DO. Заебали ссуки

Dear, I have the same problem I want to reset the drop to support the information but I have no support response.
I ask for your help and suggestion to recover the server

They sent this to me in the mail
[DigitalOcean] Ticket #03064088: Networking Disabled: idempiere.aapresolution: ref:00Df218t5m.5004P10hhCQ:ref

Have another answer? Share your knowledge.