Hacker News new | ask | show | jobs
by suhair 4254 days ago
This is my second incidence in a span of one month. Just search and you can find a large number of such incidences in digitalocean. When this happens, the options to resolve are very minimal. I can see that some strange files are being created inside the /boot/directory of that droplet. DigitalOcean support says, only option is to just create another droplet and migrate. I thought in this situation i could install a malware scanner and remove the threat or is this the standard state of addressing security?
1 comments
stevekemp 4254 days ago
It sounds like you have some files appear, which proves a compromise has occurred, but you don't know the source of those files then?

If that is the case, if you're running software that has security vulnerabilities if you install that same software on Linode, or anohter host, you'll just get compromised again.

The solution has to be for you to:

* Learn how you were compromised.

* Actively take steps to avoid it.

Otherwise you'll find yourself posting in six months time "Linode disabled my server, help!" and "I'm moving to Hetzner".

link
suhair 4254 days ago
My wild guess is that, the version of the ubuntu for that droplet is not supported now. Yes from a learning perspective this is fine. But you cannot recover the droplet from malware is not a pleasant news.
link