MilesWeb
UK Web Hosting Company
Award-winning Web Hosting Company
Everything that you need to build, host and manage a website is available at just 0.60/mo

Droplet gets Compromised and Sends an Outgoing Flood or DDoS – What to do?

Is your server causing any issues? It might be affected due to virus or Trojans.

Check this advice for finding the evidence of virus and trojans on your server causing issues.

1. Log in to your server via the console in our control panel.

2. You will see the link as here: https://cloud.digitalocean.com/droplets/XXXXX/console where XXXXX refers to your droplet’s ID.

3. It is important that you have a password for root and so if you aren’t having one, contact the support team for further advice.

4. After logging on the console, check one of these commands to try to find a strange process running:

5. If this command is installed, it displays programs that contain open a network socket.

6. To see all running processes execute the below command:

7. When a pipe is added to a output paging program, it might help for long output, example:

8. In the below command, if you replace XXXX with a Process ID (PID), it will display you the path to an executable file that is the process’s origin:

9. You will find trojans hiding in /boot /tmp /run and /root. With the below command you will be able to list all content, including “dot files”, in /boot.

10. In case you find something that is foreign, check who is owning the files for getting an hint on user privileges used for installing the code, killing the process, removing the files, and reviewing your log files. With this you will be able to find out how the way code was installed so that you can start working on preventing it from re-happening.

11. In case you need any advice, send any data you are looking for, to the support team that you require help with and they will help you to get in the right direction. You can take the screenshot of the console displaying the data you aren’t sure of, upload to a file sharing service (ex: imgur.com, dropbox.com) and send the URL in the ticket.

Some programs that may also help are:

• rkhunter
• chkrootkit
• maldet
• clamscan

If you don’t find anything, inform this to the support via a support ticket for advice.

Pallavi Godse

Pallavi is a Digital Marketing Executive at MilesWeb and has an experience of over 4 years in content development. She is interested in writing engaging content on business, technology, web hosting and other topics related to information technology.

Leave a Reply

Your email address will not be published. Required fields are marked *