Networking disabled in Digital Ocean

Hello Guys,

Have you encounter this message coming from digital ocean.

Hi there,

We are sorry to report that we have detected what appears to be a large flood of traffic from one or more of your servers that is disrupting the normal traffic flow for other users.

To prevent this traffic from causing further disruption, we have disabled the networking interface on the server or servers involved. In order to correct the issue, here is the direct link to the console of the affected droplet https://cloud.digitalocean.com/droplets/XXXXXX/console

Please take action at your earliest convenience in order to investigate and resolve the situation. Once this is done, if you determine the program was malicious, please also determine how this software came to be installed on your droplet and prevent it from being installed again in the future. As soon as this is done let us know and we will investigate re-enabling your networking.

If you need any guidance on how to find and resolve this issue, we recommend reviewing this:

https://www.digitalocean.com/community/tutorials/how-to-recover-from-a-compromised-droplet-sending-an-outgoing-flood-or-ddos

Please understand that this is a very serious issue as it negatively impacts our platform and your server. If you have any questions just let us know. 

Thank you,
DigitalOcean Support

Any ideas how did you resolve yours?

Hello,

This generally means that your virtual server was compromised, meaning malicious hackers were able to break into and take control. They probably then used it to send lots of spam emails, launch DDoS attacks, or both. Generally the best thing to do in this situation is to complete delete your server (Digital Ocean calls them Droplets) and start over with a new one. I would strongly recommend disabling password-based logins to your new machine once it is setup, as ssh key-based authentication is much more secure.