Curious if anyone else operating any type of web services sees endless malicious traffic from Digital Ocean / ASN 14061? Behind China, I see a constant competition between Digital Ocean and France’s OVH (ASN 16276) for the number two slot as an originator of garbage web traffic. Throwaway VPS’s you don’t even have to pay for for two months; how could that ever go wrong? They also seem to host an ever increasing number of hacked WordPress sites; imagine that.
In any case, the more important issue is that they don’t seem to ever respond to any abuse reports, nor does submitting abuse reports ever seem to result in any action being taken.
Wondering if it’s just my bad luck or not. Need to decide if I just start ignoring 14061 advertisements at the edge of networks I maintain.
Day 7 – thus far, the only consequences of dropping announcements from 14061 have been:
- Monitoring service Alertra appears to have nearly all of their monitoring locations housed at Digital Ocean, and all locations appear to use the same ASN, so I’m assuming Digital Ocean backhauls their own traffic if they’re offering multi-location service but all from the one ASN. In any case, that would seemingly reduce Alertra’s service value if monitoring your website availability is really only monitoring its availability from Digital Ocean, rather than a meaningful collection of unique transit providers. I personally like Site24x7.
- Similarly, no frills monitoring service Down Notifier has the same issue, but only for their US location. If you choose one of the other geographic regions, it no longer uses Digital Ocean, so there’s an easy workaround with them.
- WordPress plugin Cleantalk, designed to combat spam and other malicious wordpress activity, ironically has its data feeds served from Digital Ocean, when Digital Ocean’s network is one of the worst sources of malicious traffic targeted at WordPress installs.
I have to block digital ocean constantly. Ended up grabbing a number of their blocks off ARIN and blacklisting them.