Unauthorized docker container installation

I have had multiple unauthorized containers being installed. I am using shipyard docker management or what. Does anyone have any idea how to determine how they are being installed.

The last time that an unauthorized container was installed it was part of a DDOS attack and digitalocean took the VPS off the public network. The time before that I had a bitcoin miner container installed without my permission.

I am running ubuntu 16.04 with a 14 character password including Upper case, lower case, numbers and symbols on both the VPS root account and on shipyard with the default admin account deleted and a new one created a password the same as the ubuntu.

Any help would be appreciated. I am not sure I picked the correct category

This sounds like a system-administration problem, not a Docker problem.

Have you properly configured ufw (or iptables directly) to block undesirable inbound traffic? Frequently virtual private servers are created without any firewall rules at all, leaving them vulnerable until a proper rule-set is applied by the end-user. Further, are you using password-based authentication for SSH? If so, you should strongly consider switching over to public-key authentication exclusively (disabling password-based authentication) as it is not susceptible to dictionary attacks.

The last time this happened, I was using SSH public key access. The unauthorized docker containers are only being installed when I have Shipyard for dockers up and running. Lately I have been stopping all containers for shipyard and have not had any unauthorized containers installed.

What about firewall rules? Are you properly controlling access to your ports?

I cannot remember the firewall rules that were running at the time, since I have had to reload the VPS do to a drive fault.

Here are the current ufw status

To Action From

OpenSSH ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)

If you look on the Shipyard github, you will see that there is one other person besides myself that have had unauthorized dockers installed.

I can restart all Shipyard, if there is a way to prevent new containers from being installed, but allows for logging of any attempts to install new containers.