Before you setup your server on DigitalOcean...

Kaustubh Katdare · 2016-04-14T21:02:22+00:00

Just found that one of the test domains I had on DigitalOcean got hacked; and after lot of troubleshooting and attempts to find the root cause, it's apparent that the problem lies with DigitalOcean! Someone tricked the DigitalOcean's 'Network' to alter the domain mapping; and apparently it wasn't very difficult to do so. I'd not say I'm totally against DigitalOcean. I use them to setup test servers and once the job is done, I destroy the droplet. However, if you are thinking about hosting your business website on DigitalOcean; I'd suggest that you should think again. Are you a server admin Ninja? Do you love troubleshooting servers? If your answer is yes, go with DigitalOcean. The rest - there are a LOT of good (if not better) choices available in the market. Over the past decade of running online venture, I can tell you with full confidence that recovering a hacked website or domain isn't pleasant or fulfilling at all. The process is often painful and you're not sure till you recover the last bit of your data. If you are a tech startup - invest in a web host that offers you rock solid support. Every 'extra' penny you think you're spending on them would be worth it when things go wrong.

Before you setup your server on DigitalOcean...

Kaustubh Katdare
@thebigk

Updated: Oct 26, 2024

Views: 1.3K

Just found that one of the test domains I had on DigitalOcean got hacked; and after lot of troubleshooting and attempts to find the root cause, it's apparent that the problem lies with DigitalOcean! Someone tricked the DigitalOcean's 'Network' to alter the domain mapping; and apparently it wasn't very difficult to do so.

I'd not say I'm totally against DigitalOcean. I use them to setup test servers and once the job is done, I destroy the droplet. However, if you are thinking about hosting your business website on DigitalOcean; I'd suggest that you should think again. Are you a server admin Ninja? Do you love troubleshooting servers? If your answer is yes, go with DigitalOcean. The rest - there are a LOT of good (if not better) choices available in the market.

Over the past decade of running online venture, I can tell you with full confidence that recovering a hacked website or domain isn't pleasant or fulfilling at all. The process is often painful and you're not sure till you recover the last bit of your data.

If you are a tech startup - invest in a web host that offers you rock solid support. Every 'extra' penny you think you're spending on them would be worth it when things go wrong.

0

Replies

Howdy guest!

Dear guest, you must be logged-in to participate on CrazyEngineers. We would love to have you as a member of our community. Consider creating an account or login.

Replies

Ashish Nanda

Member • Apr 16, 2016

Hi Kaustubh,

I have been using Digital Ocean for a long time now to host websites, test websites, run tunnels and well a lot more and I have faced many types of attacks (DOS and Bruit force being the most common). The most awful issue I ever faced was the server shutting down due to CPU usage going to 140% ...

I am not questioning your capabilities but looks like there might have been a loophole during your setup which someone exploited (probably a bot trying different usernames and passwords). I use SSH keys as it becomes almost impossible for the hacker to intercept your session or try any bruit force...

Do let me know the details for the same, it might help me secure my servers better 😀

Are you sure? This action cannot be undone.
Cancel
Kaustubh Katdare

Administrator • Apr 16, 2016

#-Link-Snipped-# - It's not a question of capability. DigitalOcean's own system can be tricked as well - and I'm pretty sure that was the main hack in my case. All I had on the droplet were few static files and I'd be okay even if the hacker gained complete control of the droplet.

I'm confident that DigitalOcean must have fixed the issue by now; which is beyond the control of any of their customer.

Are you sure? This action cannot be undone.
Cancel