Digital Ocean = Criminal Ocean ?!

Peppery9

I get port scanned and brute forced from AWS and Azure. These criminal organisations must be stopped at once.

CheepCluck

@Peppery9 said: I get port scanned and brute forced from AWS and Azure. These criminal organisations must be stopped at once.

Call your local police station and report this ILLEGAL activity at once!

Damian

@xaoc said:
Issue with DO is that they got too many clueless developers(talking about the client base). The abusers aren't actually DO clients, is just 0wn3d boxes.

Please be sure to put "@123" on the end of any password. That makes it 100% secure.

nqservices

And what about Linode? Also a large and similar provider. Does it have the same "issues" like digitalocean in terms of abuse?

At Linode all new servers created have the ports 25, 587 and 465 blocked by default. User must open a ticket to open that ports. Is just related with mail (not port scanning, etc..), but Im sure it helps.

chihcherng

@nqservices said: And what about Linode? Also a large and similar provider. Does it have the same "issues" like digitalocean in terms of abuse?

On Jan 23, 3396 IP addresses from DigitalOcean probed my servers for TCP open ports.
Only 223 IP addresses from Linode did that on the same day.

Liso

@chihcherng said:

@nqservices said: And what about Linode? Also a large and similar provider. Does it have the same "issues" like digitalocean in terms of abuse?

On Jan 23, 3396 IP addresses from DigitalOcean probed my servers for TCP open ports.
Only 223 IP addresses from Linode did that on the same day.

How did you perform this ip check ? Im thinking of doing it on my server too.

NickA

Anyone else seeing huge brute forcing today coming from most AWS regions? At this rate we'll have to block most of AWS for a while

babuum

@nqservices said:
And what about Linode? Also a large and similar provider. Does it have the same "issues" like digitalocean in terms of abuse?

I've just checked for ssh brute force attempts on my honeypot. There where 2759 unique addresses from 526 different networks. 617 are from Digital Ocean. That's more than the next 5 networks combined. Linode has 12.

Maounique

@babuum said: That's more than the next 5 networks combined.

This begins to look more like a template problem.

@CheepCluck said: Call your local police station and rdeport this ILLEGAL activity at once!

FTFY

chihcherng

@NickA said:
Anyone else seeing huge brute forcing today coming from most AWS regions? At this rate we'll have to block most of AWS for a while

Numbers of IP addresses which probed my servers for TCP open ports from the following providers on Jan 24:

DigitalOcean: 3650
Linode: 215
Amazon AWS: 173

chihcherng

@Liso said: How did you perform this ip check ?

Wait for suspicious connection attempts by forcing HAProxy to listen at thousands of TCP ports.

TCP port scan detection with HAProxy: Revised

nikozin

Digitalocean is cesspool of spam and shady practices.

I myself submitted an abuse report, no action or reply from them.

neverain

the reason DO is used for abuse is because of the account credit offer, in a lot of marketplaces the 100$ credit accounts are sold for 10 to 20$ and a lot of their legit clients don't configure server possibly and it gets cracked and thats also sold and used for spamming, hosting phishing pages, brute, ddos etc