{"id":5747,"date":"2019-06-13T11:51:37","date_gmt":"2019-06-13T11:51:37","guid":{"rendered":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/?p=5747"},"modified":"2019-06-13T11:51:37","modified_gmt":"2019-06-13T11:51:37","slug":"droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos","status":"publish","type":"post","link":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/","title":{"rendered":"Droplet gets Compromised and Sends an Outgoing Flood or DDoS &#8211; What to do?"},"content":{"rendered":"<p>Is your server causing any issues? It might be affected due to virus or <strong>Trojans<\/strong>.<\/p>\n<p>Check this advice for finding the evidence of virus and trojans on your server causing issues.<\/p>\n<p>1. Log in to your server via the console in our control panel.<\/p>\n<p>2. You will see the link as here: <strong>https:\/\/cloud.digitalocean.com\/droplets\/XXXXX\/console<\/strong> where <strong>XXXXX<\/strong> refers to your droplet&#8217;s ID.<\/p>\n<p>3. It is important that you have a password for root and so if you aren\u2019t having one, contact the support team for further advice.<\/p>\n<p>4. After logging on the console, check one of these commands to try to find a strange process running:<\/p>\n<p>5. If this command is installed, it displays programs that contain open a network socket.<\/p>\n<pre class=\"lang:default decode:true\">lsof -i<\/pre>\n<p>6. To see all running processes execute the below command:<\/p>\n<pre class=\"lang:default decode:true\">ps -ef<\/pre>\n<p>7. When a pipe is added to a output paging program, it might help for long output, example:<\/p>\n<pre class=\"lang:default decode:true\">lsof -i | less\r\nps -ef | less<\/pre>\n<p>8. In the below command, if you replace XXXX with a Process ID (PID), it will display you the path to an executable file that is the process\u2019s origin:<\/p>\n<pre class=\"lang:default decode:true\">ls -al \/proc\/XXXX\/exe<\/pre>\n<p>9. You will find trojans hiding in<strong> \/boot \/tmp \/run and \/root<\/strong>. With the below command you will be able to list all content, including <strong>&#8220;dot files&#8221;<\/strong>, in \/boot.<\/p>\n<pre class=\"lang:default decode:true\">ls -al \/boot<\/pre>\n<p>10. In case you find something that is foreign, check who is owning the files for getting an hint on user privileges used for installing the code, killing the process, removing the files, and reviewing your log files. With this you will be able to find out how the way code was installed so that you can start working on preventing it from re-happening.<\/p>\n<p>11. In case you need any advice, send any data you are looking for, to the support team that you require help with and they will help you to get in the right direction. You can take the screenshot of the console displaying the data you aren\u2019t sure of, upload to a file sharing service (ex: <strong>imgur.com, dropbox.com<\/strong>) and send the URL in the ticket.<\/p>\n<p>Some programs that may also help are:<\/p>\n<p>\u2022 rkhunter<br \/>\n\u2022 chkrootkit<br \/>\n\u2022 maldet<br \/>\n\u2022 clamscan<\/p>\n<p>If you don\u2019t find anything, inform this to the support via a support ticket for advice.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Is your server causing any issues? It might be affected due to virus or Trojans. Check this advice for finding the evidence of virus and trojans on your server causing issues. 1. Log in to your server via the console in our control panel. 2. You will see the link as here: https:\/\/cloud.digitalocean.com\/droplets\/XXXXX\/console where XXXXX [&hellip;]<\/p>\n","protected":false},"author":16,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[771],"tags":[772,773,774],"class_list":["post-5747","post","type-post","status-publish","format-standard","placeholder-for-hentry","category-digital-ocean","tag-droplet-gets-compromised","tag-droplet-issue","tag-droplet-sends-an-outgoing-flood"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Droplet Gets Compromised and Sends An Outgoing Flood or DDoS<\/title>\n<meta name=\"description\" content=\"The article reveals the steps to resolve the issue when your droplet gets compromised and sends an outgoing flood or DDoS.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Droplet Gets Compromised and Sends An Outgoing Flood or DDoS\" \/>\n<meta property=\"og:description\" content=\"The article reveals the steps to resolve the issue when your droplet gets compromised and sends an outgoing flood or DDoS.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/\" \/>\n<meta property=\"og:site_name\" content=\"Web Hosting FAQs by MilesWeb\" \/>\n<meta property=\"article:published_time\" content=\"2019-06-13T11:51:37+00:00\" \/>\n<meta name=\"author\" content=\"Pallavi Godse\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pallavi Godse\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/\",\"url\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/\",\"name\":\"Droplet Gets Compromised and Sends An Outgoing Flood or DDoS\",\"isPartOf\":{\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website\"},\"datePublished\":\"2019-06-13T11:51:37+00:00\",\"author\":{\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/7e3952607fa9eb4e82fea9f7cad9c945\"},\"description\":\"The article reveals the steps to resolve the issue when your droplet gets compromised and sends an outgoing flood or DDoS.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Droplet gets Compromised and Sends an Outgoing Flood or DDoS &#8211; What to do?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website\",\"url\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/\",\"name\":\"Web Hosting FAQs by MilesWeb\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/7e3952607fa9eb4e82fea9f7cad9c945\",\"name\":\"Pallavi Godse\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/eefc9695ea2b2c6e143c9c9919701aaa?s=96&d=blank&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/eefc9695ea2b2c6e143c9c9919701aaa?s=96&d=blank&r=g\",\"caption\":\"Pallavi Godse\"},\"description\":\"Pallavi is a Digital Marketing Executive at MilesWeb and has an experience of over 4 years in content development. She is interested in writing engaging content on business, technology, web hosting and other topics related to information technology.\",\"url\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/author\/pallavi\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Droplet Gets Compromised and Sends An Outgoing Flood or DDoS","description":"The article reveals the steps to resolve the issue when your droplet gets compromised and sends an outgoing flood or DDoS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/","og_locale":"en_GB","og_type":"article","og_title":"Droplet Gets Compromised and Sends An Outgoing Flood or DDoS","og_description":"The article reveals the steps to resolve the issue when your droplet gets compromised and sends an outgoing flood or DDoS.","og_url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/","og_site_name":"Web Hosting FAQs by MilesWeb","article_published_time":"2019-06-13T11:51:37+00:00","author":"Pallavi Godse","twitter_misc":{"Written by":"Pallavi Godse","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/","url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/","name":"Droplet Gets Compromised and Sends An Outgoing Flood or DDoS","isPartOf":{"@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website"},"datePublished":"2019-06-13T11:51:37+00:00","author":{"@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/7e3952607fa9eb4e82fea9f7cad9c945"},"description":"The article reveals the steps to resolve the issue when your droplet gets compromised and sends an outgoing flood or DDoS.","breadcrumb":{"@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/droplet-gets-compromised-and-sends-an-outgoing-flood-or-ddos\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/"},{"@type":"ListItem","position":2,"name":"Droplet gets Compromised and Sends an Outgoing Flood or DDoS &#8211; What to do?"}]},{"@type":"WebSite","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website","url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/","name":"Web Hosting FAQs by MilesWeb","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/7e3952607fa9eb4e82fea9f7cad9c945","name":"Pallavi Godse","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/eefc9695ea2b2c6e143c9c9919701aaa?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/eefc9695ea2b2c6e143c9c9919701aaa?s=96&d=blank&r=g","caption":"Pallavi Godse"},"description":"Pallavi is a Digital Marketing Executive at MilesWeb and has an experience of over 4 years in content development. She is interested in writing engaging content on business, technology, web hosting and other topics related to information technology.","url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/author\/pallavi\/"}]}},"views":712,"_links":{"self":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts\/5747","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/comments?post=5747"}],"version-history":[{"count":1,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts\/5747\/revisions"}],"predecessor-version":[{"id":5748,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts\/5747\/revisions\/5748"}],"wp:attachment":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/media?parent=5747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/categories?post=5747"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/tags?post=5747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}