Tag Archives: do

DigitalOcean droplets used to ssh force entry

Today I was watching my fail2ban logs, on one of my servers and found a DigitalOcean ip trying to brute force via SSH.

2015-10-18 18:08:07,471 fail2ban.actions: WARNING [ssh] Ban 46.101.227.169

IP WHOIS

inetnum: 46.101.128.0 - 46.101.255.255
netname: EU-DIGITALOCEAN-DE1
descr: Digital Ocean, Inc.
country: DE
org: ORG-DOI2-RIPE
admin-c: BU332-RIPE
tech-c: BU332-RIPE
status: ASSIGNED PA
mnt-by: digitalocean
mnt-lower: digitalocean
mnt-routes: digitalocean
mnt-domains: digitalocean
created: 2015-06-03T01:15:35Z
last-modified: 2015-06-03T01:15:35Z
source: RIPE # Filtered

Since, I have 3 droplets @ digitalocean, decided to use their support to see what will they do about it…

Captura de ecrã 2015-10-18, às 17.51.04