'. So in your case, it is highly possible that someone could have appealed on your behalf. I therefore, suspects an act of hacking on your project.
If you believes that the instance had undergone any DDoS attack or hacked, there are some documentation available on avoiding the DDoS attack. You may need to refer
these documentations for the best practices to avoid the DDoS attack. If you suspect a malicious activity in the traffic, you may need use the
Cloud Armor to protect the instance.
Mentioned below are the
best Practices that you could follow to secure the instances in future to avoid these type of unwanted situations.(below mentioned practices are from best
practice guide)
1.-
Connect securely to your instance. For externally facing applications, it's a good idea to configure your firewalls properly and secure your ports.
2.- Ensure the project firewall is not open to everyone on the internet. Leaving all firewall rules open to 0.0.0/0 will mean that any source on the internet can establish a connection to your instance. Unless you specifically want to make your instance publicly available, a general best practice is to allow access only to your application, and only on the ports your application needs access to. For best practice information about firewalls, see
Firewall rules links from best practice guide.
3.- Use a strong password. Passwords ensure that only authorized people have access to your instance. For information on creating strong passwords, see
Creating a strong password. In addition, remember to secure the Gmail account that you use for accessing the Cloud Platform Console. For tips on securing your Gmail account, see
Gmail security checklist.
4.- Ensure that all software is up to date. Make sure that the software you have installed is up to date and that there are no known vulnerabilities that could compromise your instance.
5.- Monitor project usage closely via the monitoring API to identify abnormal project usage. Google Cloud Platform offers Cloud Logging. Cloud Logging enables you to collect and store logs from applications and services on the Google Cloud Platform. You can use logging to create log-based metrics for monitoring and alerting on unusual behavior. For more information, see the
Cloud Logging Documentation. Investigate any suspicious usage to ensure that your instance is not being hijacked by malicious software.
6.- Ensure that your
service accounts have just the necessary permissions. Please, verify the
roles of these service account and consider recreate them with new roles and keys if these are necessary.
Here, one of my other recommendation for you is to stop your instance, if you have a
snapshot(ie one created before the attack) of the instance you should be able restore the GCE VM using that
snapshot.