Brute Force Abuse Report

Please have a look: https://digitalocean.abusehq.net/share/6VtSh3qfpOp-LimYoaHMZsZznbXsKkfSupqeGFQ6pq0

This is the serious issue if brute force dictionary attack is initiated from a droplet, with only ERP installed.

Please guide, how can this be traced.

I think best to seek help from DO. They have an interest in resolving this and may choose to close down your server if you do not take prompt action. Refer to their FAQ and forum for pointers. A Google search may give you ideas too for eg https://www.digitalocean.com/community/questions/bruteforce-attack-through-our-server

You should also look at suitable protection on your droplet for any internet facing ports such as SSH.

Install unattended upgrades or manually ensure you have installed all security updates.

Config two factor authentication on your ERP install and the droplet itself.

Also try running netstat -pntl to see what ports are open and accessible

1 Like