So last night I got a mail from google-cloud-compliance that one of the VM instance have some critical problems and it will be suspended after 72 hours if pattern is continued and appeal not filed. Below is the mail I received.
We have recently detected that your Google Cloud Project has been performing intrusion attempts against a third-party and appears to be violating our Terms of Service. Specifically, we detected port scanning on remote port 22 originating from your Compute Engine project targeting more than 4451 IP addresses between 2019-04-02 09:31 and 2019-04-02 09:55 (Pacific Time). Please check the traffic originating from all your instances and fix any other instances that may be impacted by this.
To access the VM via ssh you've to add your public key in the instance itself. A normal Django project is deployed in the instance and I don't think it was due to both of these things. So my question is what caused it and how I can secure my VM instance.
No comments:
Post a Comment