Today I was notified by DigitalOcean that my droplet was hacked and a DDOS attack was generated from it. It was a droplet I used as a staging server for a webapp I will send to production later, and I just need to do vagrant destroy
and vagrant up
and I'll have my droplet again.
I don't need to recover my data, but I don't want this to happen when I'm in production, so I want to check how I was hacked, where can I start? Is there some standard steps to perform to do this?
If is relevant: It was a Ubuntu 14.04, with WP, Laravel and MariaDB in docker.