Action required: Critical problem with your Google Cloud Platform / API project MAIN-CDH-CLUSTER

1,118 views
Skip to first unread message

Paruchuri Pavan

unread,
Sep 20, 2017, 1:21:06 PM9/20/17
to gce-discussion
Hi All,

i have provisioned 4 nodes in google cloud.

 

after provisioning the instances i have logged into the instances by using “ppavan10” from google cloud console.ppavan10 is the default user. 


I have changed one property called “root remote login to Yes” instead of “No”  in ” /etc/ssh/sshd_config” because we need to access it from putty. and also I have changed the root password.

 

Now I am able to login into  “cdh-cl1-m1(instance name) " by using root with the changed password.

 

 

i have generated ssh key in “cdh-cl1-m1” using “ssh-keygen”. it will create both public and private key. Based on those we can create password less ssh between the  hosts. I have copied private key to target hosts.

 

Password less ssh is required to setup cluster.

 

But after some time.my project received warning and mail.

mail details are mentiond below

Dear Developer,
We have  recently detected that your Google Cloud Project MAIN-CDH-CLUSTER (id: main-cdh-cluster-new1) has been committing denial of service attacks and appears to be violating our Terms of Service. You can fix the problem by  ensuring that your project traffic directed at third-parties is expected, and that your project has not been compromised.  To protect our users, we have set an outbound bandwidth rate limit on your project.
We will suspend your project in 3 days unless you correct the problem andrespond to this email by submitting an appeal. Please note that you should be logged in as the project owner to access the appeals page. For more help on submitting an appeal or to learn more about the process check the  Policy Violation FAQ.
If the behavior of your instance starts affecting the service or other users in an egregious manner, we may have to suspend the project before the warning window expires. Please get back to us as soon as possible to help prevent that situation.

Please Help me out

Thanks in Advance

Paul Nash

unread,
Sep 20, 2017, 3:59:05 PM9/20/17
to Paruchuri Pavan, gce-discussion
Hello,

On the surface, our abuse and attack detection doesn't look at specific login settings of a VM, but rather is based on other factors (could be many things, including external sites reporting that they are receiving attacks from your IP. I'm not able to elaborate on what may have triggered your particular case). IF you are running software that is targeting other sites (there are some legitimate reasons to do this), please review whether those actions are consistent with our Terms of Use. If you are not, please seek assistance to determine if your VMs may have been compromised by attackers.

Unfortunately (and this is true across all cloud providers or really even any datacenter vendor), it is ultimately customers' responsibility to ensure that their VMs are secure. Due to the wide variety of software configurations customers deploy, it's not feasible for us to provide specific debugging or problem solving. Some things to look at would include:
  • whether your logs indicate logins or actions that you wouldn't expect,
  • whether there is any software running on the machines you wouldn't expect,
  • whether you or someone with access may have accidentally published source code with security credentials or API keys to public source control like github,
  • whether all your software is updated and patched against known security vulnerabilities, etc.
  • whether there are any known configuration issues or weaknesses (insecure packages, default passwords, etc) with the software you're running
Finally, if you believe you have resolved the issue, please follow the instructions in the notice to file an appeal, which should prevent us from taking the action stated until the case can be reviewed more.

--
© 2017 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/c1bc01c4-3516-4839-ba8a-aa2a89d508c6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--

Paul R. Nash | Group Product Manager, Compute Engine | paul...@google.com | 206-876-1620

Reply all
Reply to author
Forward
0 new messages