Knowledge Base Hub

Browse through our helpful how-to guides to get the fastest solutions to your technical issues.

Home  >  DigitalOcean  >  Droplet gets Compromised and Sends an Outgoing Flood or DDoS – What to do?
Top Scroll

Droplet gets Compromised and Sends an Outgoing Flood or DDoS – What to do?

 3 min

Is your server causing any issues? It might be affected due to virus or Trojans.

Check this advice for finding the evidence of virus and trojans on your server causing issues.

1. Log in to your server via the console in our control panel.

2. You will see the link as here: where XXXXX refers to your droplet’s ID.

3. It is important that you have a password for root and so if you aren’t having one, contact the support team for further advice.

4. After logging on the console, check one of these commands to try to find a strange process running:

5. If this command is installed, it displays programs that contain open a network socket.

lsof -i

6. To see all running processes execute the below command:

ps -ef

7. When a pipe is added to a output paging program, it might help for long output, example:

lsof -i | less
ps -ef | less

8. In the below command, if you replace XXXX with a Process ID (PID), it will display you the path to an executable file that is the process’s origin:

ls -al /proc/XXXX/exe

9. You will find trojans hiding in /boot /tmp /run and /root. With the below command you will be able to list all content, including “dot files”, in /boot.

ls -al /boot

10. In case you find something that is foreign, check who is owning the files for getting an hint on user privileges used for installing the code, killing the process, removing the files, and reviewing your log files. With this you will be able to find out how the way code was installed so that you can start working on preventing it from re-happening.

11. In case you need any advice, send any data you are looking for, to the support team that you require help with and they will help you to get in the right direction. You can take the screenshot of the console displaying the data you aren’t sure of, upload to a file sharing service (ex:, and send the URL in the ticket.

Some programs that may also help are:

• rkhunter
• chkrootkit
• maldet
• clamscan

If you don’t find anything, inform this to the support via a support ticket for advice.

For our Knowledge Base visitors only
Get 10% OFF on Hosting
Special Offer!
Claim the discount before it’s too late. Use the coupon code:
Note: Copy the coupon code and apply it on checkout.