How to detect where the issue on my server is, and whether the server is being used for cryptocurrency mining?
I just received an email from Google and my server stopped working.
Dear Developer,
Our systems identified that your Google Cloud Platform / API Project ID HelloWorld (id: fair-solution-555555) may have been compromised and used for cryptocurrency mining.
This activity was detected as originating from IP xyz and VM ID 123456:us-east1-b to destination IP abc on remote port 6233 between 2020-10-22 23:14 and 2020-10-22 23:22 (Pacific Time), though it may still be ongoing.
We recommend that you review this activity to determine if it is intended. Cryptocurrency mining is often an indication of the use of fraudulent accounts and payment instruments, and we require verification in order to mine cryptocurrency on our platform.
Therefore if you wish to continue engaging in cryptocurrency mining, and you haven't already applied for an Invoiced Billing Account (support.google.com/cloud/contact/apply_for_invoiced_billing), please do so. Additional information is available in the Cloud Security Help Center(support.google.com/cloud/answer/6262505).
If you believe your project has been compromised, we recommend that you secure all your instances (https://support.google.com/cloud/answer/6262505), which may require uninstalling and then re-installing your project.
To better protect your organization from misconfiguration and access the best of Google's threat detection, you may consider enabling Security Command Center (SCC) for your organization. To learn more about SCC visit
https://cloud.google.com/security-command-center
.Once you have fixed the issue, please respond to this email. If the behavior is intentional, please explain so that we do not ping you again for this activity. Please do not hesitate to reach out to us if you have questions.
Should you require further assistance or information related to this matter, don't hesitate to email us and we'll get back to you as soon as we're able. In the best effort to help out, feel free to provide us your best contact number as well as the best time to contact you. Looking forward to your response.
Sincerely,
Hanna Google Cloud Platform Support