[goodwink]

My setup was clearly flawed and I acknowledged that in the message. Their system /does/ have serious problems though since someone is likely intercepting their password reset emails or else accessing their root password database which shouldn't even exist. I'd say those are real problems regardless of the poor config of the machine (which I readily accept my mea culpas for).

[kamme]

Well, to be honest, every setup has serious problems, it just depends how far you want it to go. 100% Secure doesn't exist and while it may look like bad service from your point of view, truth is I've seen other vps solutions do the same thing. The issue here is that people with experience in system administration change the default password and set up key based authentication and try not to rely on password management from others. It's a shame your box got hacked, but immediately jumping to the conclusion the whole of digitalocean has a root exploit in the wild is a bit much imho...

[goodwink]

I don't think you reads the whole article.

[DanOWar]

Was fail2ban even working? After a reformat, did you install fail2ban manually, or from a repo? Are you using syslog or rsyslog? Each's log format is slightly different, meaning you have to edit the filter to accomodate. The base install filter didn't even work correctly for me on a fresh CentOS re-image. Also, the latest version on the website is v0.8.7.1, but on CentOS epel it's v0.8.4.