View Feed
group-icon
Coffee Room
Discuss anything here - everything that you wish to discuss with fellow engineers.
12940 Members
Join this group to post and comment.
Kaustubh Katdare
Kaustubh Katdare • Apr 15, 2016

Before you setup your server on DigitalOcean...

Just found that one of the test domains I had on DigitalOcean got hacked; and after lot of troubleshooting and attempts to find the root cause, it's apparent that the problem lies with DigitalOcean! Someone tricked the DigitalOcean's 'Network' to alter the domain mapping; and apparently it wasn't very difficult to do so.

I'd not say I'm totally against DigitalOcean. I use them to setup test servers and once the job is done, I destroy the droplet. However, if you are thinking about hosting your business website on DigitalOcean; I'd suggest that you should think again. Are you a server admin Ninja? Do you love troubleshooting servers? If your answer is yes, go with DigitalOcean. The rest - there are a LOT of good (if not better) choices available in the market.

Over the past decade of running online venture, I can tell you with full confidence that recovering a hacked website or domain isn't pleasant or fulfilling at all. The process is often painful and you're not sure till you recover the last bit of your data.

If you are a tech startup - invest in a web host that offers you rock solid support. Every 'extra' penny you think you're spending on them would be worth it when things go wrong.
Ashish Nanda
Ashish Nanda • Apr 16, 2016
Hi Kaustubh,

I have been using Digital Ocean for a long time now to host websites, test websites, run tunnels and well a lot more and I have faced many types of attacks (DOS and Bruit force being the most common). The most awful issue I ever faced was the server shutting down due to CPU usage going to 140% ...

I am not questioning your capabilities but looks like there might have been a loophole during your setup which someone exploited (probably a bot trying different usernames and passwords). I use SSH keys as it becomes almost impossible for the hacker to intercept your session or try any bruit force...

Do let me know the details for the same, it might help me secure my servers better 😀
Kaustubh Katdare
Kaustubh Katdare • Apr 16, 2016
@Ashish Nanda - It's not a question of capability. DigitalOcean's own system can be tricked as well - and I'm pretty sure that was the main hack in my case. All I had on the droplet were few static files and I'd be okay even if the hacker gained complete control of the droplet.

I'm confident that DigitalOcean must have fixed the issue by now; which is beyond the control of any of their customer.

Share this content on your social channels -