Getting warning as "performing brute-force attacks" while doing bench build

I tried running bench build on my DO instance but ended up getting a warning as follows

We’ve received a report from a 3rd party that your Droplet xyz is performing brute-force attacks via SSH. Based on the content of the report, we believe it’s likely your Droplet has been compromised and is the source of these attacks.

What is the reason and How to fix this?


It may help to say the where you obtained the frappe-bench code and how it was installed.

Following guide was followed for installation

If bench-build has been run in the past without complaint, then your site may be compromised and the site should be backed up and reinstalled. here’s a couple of links to consider:

If you want to investigate how or where the attacks are originating, the time needed to do a forensic analysis may be greater than the benefit. If there are actors targeting your installation then locking down is most important. It may be worthwhile to contact DO and see if they can confirm the problem and who has reported it for verification.