--
© 2017 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/ed9a41ce-288a-4912-8a08-f59162997052%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Thanks for your help. The account is still disable, i wouldn't even know if i was contacted anyway, i have no email and mobiles are out of batteries from complaint calls.
An eye opener experience i must say , 20 years as a sys admin and i didn't see that one coming. Google is the pretty girl or guy with nice features that dumps you with a text message. Great to play with and have fun but if you think you can do serious business with, you pay the high price.
I can't do much for my stuff right now other than helplessly watching the disaster unfold with a first row seat, i'm about to start migrating other customer's services which are on separate projects/accounts to more business safe platforms after informing them of what could happen to them overnight, complete waste of my time for weeks to come but i don't want to be personally responsible, the savings are not worth the risk.
I have since found in some tech related forums that quite a fair few businesses got burnt the same way, i wish i had found those before, i've added my experience to the pool, it might save a few souls.
Thank you again for trying to help.
Michael Ibanes
--
© 2017 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/cf518e74-fed3-4b74-8e58-d54b77c4d042%40googlegroups.com.
Folks,I appreciate that this is an extremely frustrating experience for each of you, and we are working on a more formal response. However, our more effective engagement for solving a specific case is to respond to customer's situation directly, not generically in a public forum.Both of your situations, and anybody else who chooses to post here are actually incredibly rare and unique cases, and generalizing to what all customers might experience is not realistic.To be clear, we don't like doing takedowns of any kind. We take it incredibly seriously, and it is an option of very last resort. Yet the processes we use and controls we have in place work very well for the vast majority of cases where we have to apply them. That said, it is not acceptable to us that there are *any* cases where customers have a bad experience, and we routinely investigate each one of those to learn how it could have been avoided.I would be happy to continue this conversation in a productive vein of discussing what we're doing to make improvements. We cannot however discuss the details of what our criteria are, because that helps bad actors (not you, others) take advantage. We can reiterate some relevant parts of our Terms of Service, if that would be valuable. We cannot effectively engage in hypotheticals like "what should we tell all customers that would consider using Google."Please feel free to post your specific questions or concerns here, and we will do our best to address them.(And, note, Mike's account has been reinstated while we continue discussing the issue with him)Thanks,-P
On May 12, 2017 11:45 AM, "Michael Ibanes" <goo...@techsoup.com.au> wrote:
And there's been a few others since ! , i'm still waiting for an answer to my last post, it's been 20 some days , i think it says it all.--It's obviously not a safe and reliable platform for business, I'm slowly moving customer VM's away, i'm not willing to risk it, i don't know anybody who would if they knew about it at the first place. I'm making sure to warn other people, in much higher traffic areas than those forums. The least i can do, while i'm waiting for an answer to my post :-)And if you think you are cranky now, wait till you know why they suspended it, probably some ridiculous reason too.
© 2017 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
Hah, yeah one day quite randomly my RADIUS server vanished after a routine system upgrade and reboot. You can imagine the consequences of that... I found the fault and fixed it myself, and now they get shitty with me because I won't tell them what the fault was...
--
© 2017 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/009ad2d3-08f4-4e47-8fa0-41c59cace8d6%40googlegroups.com.
Hi Steve, unfortunately I'm not able to tell what you're alluding to, or who "they" is, so I'll follow up privately. I'd like to understand what you're saying and if there's something we can be doing better, to make sure the right people have that feedback.
On Wed, May 17, 2017 at 3:52 PM, Steve Wright <stevew...@gmail.com> wrote:
Hah, yeah one day quite randomly my RADIUS server vanished after a routine system upgrade and reboot. You can imagine the consequences of that... I found the fault and fixed it myself, and now they get shitty with me because I won't tell them what the fault was...
--
© 2017 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/009ad2d3-08f4-4e47-8fa0-41c59cace8d6%40googlegroups.com.
Action required: Critical problem with your Google Cloud Platform / API project ClickHouse Test (id: clickhouse-test)
Dear Developer,
We have detected that your Google Cloud Project ClickHouse Test (id: clickhouse-test) has been committing denial of service (DoS) attacks via 35.185.60.76 between 2017-05-18 00:43 and 2017-05-18 04:18.
You can fix the problem by stopping the instance(s) as soon as possible. Verify the outgoing traffic usage of your instance and if the behavior is intentional, please provide a business justification for this.
Meanwhile, to protect our users, we have set an outbound bandwidth rate limit on your instance. Please note that as the project owner you are responsible for securing the software installed on your machine. To learn more about securing your instance visit the Securing Instances section of the Cloud Security Help Center.
We will suspend your project in 3 days unless you correct the problem andrespond to this email by submitting an appeal. Please note that you should be logged in as the project owner to access the appeals page. For more help on submitting an appeal or to learn more about the process check the Policy Violation FAQ.
If the behavior of your instance starts affecting the service or other users in an egregious manner, we may have to suspend the project before the warning window expires. Please get back to us as soon as possible to help prevent that situation.
We just received the email from google-cloud-compliance@google.com with the following contents:
--These instances communicate only by a single TCP port with the outside world - 9000 (clickhouse) and accept TCP packets only by a few TCP ports - 22 (ssh), 9100 (prometheus), 8123 and 9000 (clickhouse). Access to ports 8123 and 9000 is restricted to a small set of our IPs via both cloud firewall and clickhouse configs. We ssh into these hosts only via public key - password authentication is disabled. So we are confident that these instances couldn't participate in any ddos mentioned in the email from google-cloud-compliance@google.com above.This looks very weird.
© 2017 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/e5ac44e5-a914-4add-8e17-41faadd8875c%40googlegroups.com.
Hi Aliaksandr,Please respond to the message by clicking on the "Appeals" link in the email and someone from my team will get back to you.Thanks,Swati
On Thu, May 18, 2017 at 9:28 AM, Aliaksandr Valialkin <val...@gmail.com> wrote:
We just received the email from google-clou...@google.com with the following contents:
Action required: Critical problem with your Google Cloud Platform / API project ClickHouse Test (id: clickhouse-test)
Dear Developer,
We have detected that your Google Cloud Project ClickHouse Test (id: clickhouse-test) has been committing denial of service (DoS) attacks via 35.185.60.76 between 2017-05-18 00:43 and 2017-05-18 04:18.
You can fix the problem by stopping the instance(s) as soon as possible. Verify the outgoing traffic usage of your instance and if the behavior is intentional, please provide a business justification for this.
Meanwhile, to protect our users, we have set an outbound bandwidth rate limit on your instance. Please note that as the project owner you are responsible for securing the software installed on your machine. To learn more about securing your instance visit the Securing Instances section of the Cloud Security Help Center.
We will suspend your project in 3 days unless you correct the problem andrespond to this email by submitting an appeal. Please note that you should be logged in as the project owner to access the appeals page. For more help on submitting an appeal or to learn more about the process check the Policy Violation FAQ.
If the behavior of your instance starts affecting the service or other users in an egregious manner, we may have to suspend the project before the warning window expires. Please get back to us as soon as possible to help prevent that situation.Just after that two of our 13 instances that belong to db cluster have been limited in network traffic to a few kpbs (the second once is 104.196.177.224). It looks like the network bandwidth limit applies also to persistent disk read/writes, because these servers completely stopped writing and reading data. Reboot didn't help - after the reboot the db failed to prefetch data from persistent disks.We store up to 400Tb of data in this db. The data is sharded among 13 instances, so now we effectively lost access to 2/13th of our data stored on the suspended instances and had to re-configure db cluster to write data to the remaining 11 instances.
These instances communicate only by a single TCP port with the outside world - 9000 (clickhouse) and accept TCP packets only by a few TCP ports - 22 (ssh), 9100 (prometheus), 8123 and 9000 (clickhouse). Access to ports 8123 and 9000 is restricted to a small set of our IPs via both cloud firewall and clickhouse configs. We ssh into these hosts only via public key - password authentication is disabled. So we are confident that these instances couldn't participate in any ddos mentioned in the email from google-clou...@google.com above.This looks very weird.
--
© 2017 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
Hi there,Here is a follow up (see ticket #12773581 for details):
The network bandwidth restrictions on two of our instances have been lifted.
But persistent disks attached to these instances (both root disks and data disks) contained errors and didn't mount properly after the reboot. They were mounted in read-only mode. So we had to spend a few hours fixing filesystem errors. It looks like the network bandwidth restrictions also apply to persistent disks, so this resulted in disks' corruption.
Broken filesystems led to broken database files with more than 60TB of business-critical data. Thanks to genius design of filesystem data layout in clickhouse, almost all of the data has been recovered. Only the last hour of data before the restrictions start has been lost.
Our wishes to Google Cloud Platform:
- To provide more details on the incident, so we could investigate it and justify the downtime of our services.
- To provide guidance on how to avoid such incidents in the future. We started thinking on moving our services outside Google Cloud Platform. We'll definitely migrate from GCP if such an incident will be repeated in the future.
- To provide compensation for the downtime and data loss.
- To figure out how to avoid persistent disk corruption when network bandwidth restrictions are applied.
- To investigate why only a single person out of 7 (seven) project owners of the project received the notification from google-cloud-compliance@google.com about the incident. According to this thread there are chances that the next time the notification email may never reach any project owner leading to sudden project termination.
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/7fdbf113-816d-443f-ad0c-7a7788f41260%40googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.