So recently I attended my first DDOS attack, of course not on purpose.
It appeared that one of my Droplets on DigitalOcean had been compromised, I think this happened because I messed a little with the Docker socket openings and some sketchy Wiki software - Because there was no problems for over 6 months.
Anyway when you Droplet so kindly attends a DDOS attack or exceeds some ridiculous bandwidth you get a nice email:
We've detected an outgoing Denial of Service attack (http://do.co/21Y1Gc1) originating from your Droplet. Specifically, we have detected inbound traffic exceeding 0.04 Mb/s and outbound traffic exceeding 352.79 Mb/s. Due to the traffic’s harmful nature, your Droplet was taken offline; this means it is not connected to the internet and all hosted sites and services are unreachable. We know that this action is disruptive, but it’s necessary to protect you, our network, and the target of your Droplet’s attack.
You can access your droplet using this console link: https://cloud.digitalocean.com/droplets/37330593/console
Because this means your Droplet has been compromised, you’ll need to back up your data and transfer it to a new Droplet. We have a recovery tool to assist you, but any databases on your Droplet will need to be backed up before we boot your Droplet into the recovery tool because you won’t be able to make the backups afterwards.
Specific backup steps vary depending on the database software in use, which is most commonly MySQL. If you’re not sure how, http://do.co/1h0uWgm will show you how to back up your databases from MySQL.
Once you have finished backing up your data, the next step is downloading and transferring your data to your new Droplet. Please update this ticket when you’re ready and we’ll configure this Droplet so you can proceed.
If you’ve enabled our backup service or have a snapshot of the Droplet, you can restore directly from that image instead of going through the recovery process. Be aware that this will destroy any changes or additions made to the Droplet since the creation date of the image you use to restore from. If you do this, please update the ticket as we will need to reconfigure networking to get your Droplet back online.
If you don’t need the data from this Droplet, you can destroy this Droplet at your convenience. If you’d like to keep the current IP address, you will need to use our rebuild function. This acts like a clean install of your OS and is currently the only way to ensure you retain your IP. As with restoring from an image, please let us know once you’ve done this.
If you have any further questions, or if we can further assist, please let us know.
Trust & Safety
Now this is fine, however since they locked down my NIC on my Droplet I couldn't access my data, they recommend you write their support whenever your ready for them to transfer it to the "recovery tool". I wrote the support and waited over 5 hours... I got tired of waiting and decided to test some alternative way to get my data, which to my surprise worked.
Steps to get your data without the "recovery tool"
- Make a snapshot of your Droplet
- Create a new Droplet, and under the Droplet creation simply choose to use your previous taken snapshot as the image
- Success - Now go get your data
- Destroy the two Droplets for security reasons