DigitalOcean disconnecting Algo droplets because of DDOS concerns

[sellersshrug0y]

Is this happening to anyone else? I received emails from DigitalOcean this morning informing me that both droplets I use for Algo VPN were disconnected because they were DDOSing my home IP address. I destroyed the droplets and spun up some new Algo VPNs that immediately got flagged for the same DDOS concern. Is this something that can be addressed here? Or is it more of a DO/service provider issue? If it matters, my service provider is Verizon. Here's one of the emails:

Hi,

We are writing to let you know that your Droplet [my droplet name] at [droplet IP address] has been disconnected from the network after performing 43,171 pps out of total 130,524 pps Distributed Denial of Service attack from 2 droplet(s) on our network aimed at [my public IP address].

Details of the Attack:- Source IP:- [droplet IP address] Total traffic used in attack:- 130,524 pps [my droplet name] contribution in attack:- 43,171 pps Target of attack:-[my public IP address] Total Number of Droplets involved:- 2

The network traffic from your Droplet matches a pattern of malicious traffic originating from other Droplets targeted at a specific victim. We understand how disruptive this may be to your work; however, it was critical for us to disconnect your Droplet to reduce further harm.

Your path to resolution will be influenced by how you use [my droplet name], your technical expertise, and/or your time available for investigation.

Path 1 - If [my droplet name] does not collect or contain any data you need to preserve, we suggest destroying this Droplet and starting over. This is the most straightforward way to get back up and running. Please note, you will still be billed for your Droplet usage, even in a network disconnected state.

Path 2 - If [my droplet name] stores data you need to recover, please follow our recovery checklist on https://www.digitalocean.com/docs/droplets/resources/recovery-iso/ before destroying this Droplet and starting over. This is the best path if you do not wish to attempt recovery of your Droplet, but do need to recover data from it before destroying it.

Path 3 - If you are confident in your technical ability and want to troubleshoot, identify, and triage the problem on your own, we do have a resource available at https://www.digitalocean.com/docs/droplets/resources/ddos/ that includes some suggestions.

We would also like to make sure you’re aware of a few things before you begin taking any of the above steps, as they may help guide you to the correct choice in this issue.

First, as this indicates a high probability that your Droplet has been compromised, please be aware that merely changing passwords or adding a firewall rule or any other form of access control won’t resolve this issue, as your Droplet has already been compromised. A malicious attacker has installed software on your Droplet, which was then used to launch this attack.

Furthermore, we’re unable to restore networking to your Droplet before you have taken action as outlined above on Paths 2 or 3. Re-enabling the network will allow the malicious software to connect to its controller and resume the attack. To restore networking along Path 3, we need you to outline what steps you took to remove the malicious software and prevent reinfection when we bring your Droplet back online.

Finally, as a self-managed provider, we cannot access customer Droplets at the command line or application level. This means we can only provide you guidance from the information you give us about your Droplet server in regards to error logs, configuration files, or the output of commands.

We're more than happy to help if you get stuck or have a question, so however, please don't hesitate to ask.

Best, Security Operations Center DigitalOcean

[sellersshrug0y]

i think i fixed the issue by restarting my router and getting a new IP address.

[jansendotsh]

For anyone seeing this in the future, you can absolutely just ticket Support at DigitalOcean, share what you're doing and they can work with you to get your Droplet unrestricted and prevent future action.