Digital Ocean – N1 Source of Attacks and Probes
For the last six months Digital Ocean has become N1 source of continious generic or WordPress specific attacks.
In the past we have used their abuse reporting system. But now it is impossible do to so, because we must spend all day reporting each and every abuse and attack. And it is very hard to follow IP changes coming from their “Cloud” services.
The vast majority of attacks come from Singapore IPs (according to AbuseIPDB) but also from other countries. And from AbuseIPDB we see that most of the attacks are never resolved or new ones appear from the same IPs.
We are sorry to see what Digital Ocean has become …..
A small sample of last days attacks:
Read what you MUST block:
Same problem – digitalocean bruteforce attacks are almost daily. Reporting seems to do no good. They’re clearly aware that the problem exists.
13/Jan/23 19:27:59 #1503173 CRITICAL – 206.189.53.79 GET /wp-login.php – Brute-force attack detected on wp-login.php – [enabling HTTP authentication for 60mn]
If there was an easy way to block completely everything coming from digital ocean ….
Is there?
Not possible, Digital Ocean has a huge ammount of IPs and not always a “host name” that you can block.
Keep reading this blog post and monitor the IPs we are blocking. Those IP ranges can be easily be blocked via your Cpanel.