I didn't take it as written because it was too ambiguous to know. Often your actual IP or network range might be null routed from upstream providers. Or perhaps DO just turns off routing for the systems in question. Or it could be a poor description of something else.

I work at an ISP. We will null route colocated customer IP addresses if they are causing problems until they resolve them and contact us, or if they are the target of a DDOS. The point of null routing is that other providers won't even send you the traffic anymore, so it neatly solves the problem. Sometimes we have to do it for IPs for our own services if they are the target of a DDOS.

> I never said and/or blamed DO for it.

I'm just letting you know how network providers work. If you cause hard to the network, and all their other customers, whether on purpose or just because you're the person responsible for the resources in question, they will shut you down. That's expected. It's a good thing they do, otherwise none of these providers could even offer useful service because every day there's be an event destroying their network, and your experience every day prior to the problem would have been crappy service.

> I just stated the situation as it was in my original comment and wanted some insights on how ( and mostly if ) it could be handled better...

The correct way to handle your service being part of a botnet is to immediately remove your server from the network, whether they do it or you do. You server is causing active harm to other people on the internet while it's left online in that state. It sucks for you that it goes down, but really, that's how the world works. When something you control is causing harm to the public, it will be dealt with whether you like how it happens or not. The way to deal with that problem is to do everything in your power to prevent if from getting to that state.

Because of that, iit's impossible to be absolutely secure from a network provider shutting down your service. If it's that important, you need to have backup plans, le other services you can can bring up at a moment's notice and swing DNS to. People make good money designing and implementing disaster recovery and business continuity plans like this. That's likely not feasible for a personal site. But usually people understand and can deal with a few hours or even days of downtime for personal sites, while a business might not recover as well from that.

> I handled your guesses in my original comment already at the time and you seem to be focusing on attacking my explanation of the situation instead of my only question and answering questions i didn't ask and already resolved.

I think perhaps you didn't understand what I was trying to express. What you experienced is normal and the correct and expected way network providers will deal with a problem like that. I tried to express that.

As for whether your consultant installed a botnet on your system, it's possible I thought it unlikely because the amount they could gain from one extra hour of repeat business from you likely dwarfs the gain from a single extra botnet computer, of which botnet networks have thousands. There's just not a lot of incentive for a consultant to put a system they're working on on a botnet. I would rate it as more likely that something the consultant did left the system in a vulnerable state, but it doesn't really matter does it? I wasn't trying to attack you or indicate you screwed up, just indicate that if your system was on a botnet it probably got there like 99.999% of other systems on them, which is some automated work that infects it, adds a control mechanism, and then scans to add other hosts. Or some script kiddie ran some scanner/infector tool and added the control mechanism to join it to a botnet. Because the time to do it manually isn't really worth the one extra system in a lot of cases, I would imagine.