Violation of our Free Terms of Service by mining cryptocurrency from VM

240 views
Skip to first unread message

Praveen Kumar

unread,
Jun 3, 2021, 11:55:38 AM6/3/21
to gce-discussion
Hello Folks,
Yesterday evening a mail from "google-cloud-compliance[@]google.com"  that 
"Immediate action required: Your Google Cloud Platform / API project My-Project (id:  My-Project  285714) resources are being suspended."
(attached picture below)

A noticing thing I found  in that mail,
"We recommend that you review this activity to determine if it is intended. Cryptocurrency mining is often an indication of the use of fraudulent accounts and payment instruments, and we require verification in order to mine cryptocurrency on our platform."

MY actual setup :
VM instances type : 1 vCPU, 2.75 GB memory
OS : Centos 7
Firewalls rule/Port Open : Allow HTTP traffic/80 ,Allow HTTPS traffic/443
Webserver : Nginx
SSL : Lets Encrypt

My doubt :
1, What is the actual issue?
2. What is meant by Cryptocurrency mining?
3. How  Cryptocurrency mining  happened into my VM without my permission ?
4. Next what should I do , How can secure my VM from this kind of issues/attacks?

Note : I'm beginner to GCP(cloud computing) , Correct me if anything wrong with my approach.
mail_record_from googleapi.PNG

Gautham (Google Cloud Support)

unread,
Jun 4, 2021, 11:19:53 AM6/4/21
to gce-discussion

There might be a possibility that your account has been hacked. Regarding explanation about cryptocurrency mining, I would recommend you to take look at this thread[1].

The email you got form google-cloud-compliance[@]google.com  should also contain more detailed information on how to resolve the issue. If you have any questions, please reply to their email directly.

In the meantime, you can also consult our Policy violations FAQ for more information: [2]

Praveen Kumar

unread,
Jun 5, 2021, 3:31:55 AM6/5/21
to gce-discussion
Hello Gautham ,
Appreciate your answer, this thread[1] gave me better understating of Bitcoin mining and how it workings. And I have to add another point , the violation mail I got from  google-cloud-compliance[@]google.com doesnt contain any solution for this issue.

Can your please help me with to secure my VM from this kind of issues/attacks? ? or Can I get any direction for resolving this issue !

Thanks.

Nahuel Gavilan Bernal

unread,
Jun 7, 2021, 11:37:40 AM6/7/21
to gce-discussion

I would suggest best practices for Authorization/Authentication and Securing VM instance.

Fortunately, GCP provides several tools to support you for account management, authorization and password management. You can refer to the link. [1]

 1. Hash Passwords

 2. Allow for third-party identity providers if possible

 3. Seperate the concept of user identity and user account

 4. Allow multiple identities to link to a single user account

 5. Don’t block long or complex passwords

 6. Don’t impose unreasonable rules for usernames

 7. Allow users to change their username

 8. Let your users delete their accounts

 9. Make a conscious decision on session length

 10. Use 2-Step Verification

 11. Make user IDs case insensitive

 12. Build a secure auth system


To secure VM instances, there are a variety of scenarios in which you want to keep the instances from being reached from the public internet: 

Protecting services on machines with external IP addresses

 - Firewalls

 - HTTPS and SSL

 - Port forwarding over SSH

 - SOCKS proxy over SSH

Connecting to instances without external IP addresses

 - Bastion hosts and SSH forwarding

 - Cloud IAP for TCP forwarding

 - VPN

 - NAT gateway for egress

 - Interactive serial console access

 - HTTPS and SSL proxy load balancers


To know details, please refer to the link. [2]

For a reference, here are further general strengthened security approaches. [3]

Note that this link contains information which has not been directly endorsed by Google.


Reply all
Reply to author
Forward
0 new messages