Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Another crypto-mining alert #913

Open
rabernat opened this issue Jan 13, 2021 · 1 comment
Open

Another crypto-mining alert #913

rabernat opened this issue Jan 13, 2021 · 1 comment

Comments

@rabernat
Copy link
Member

I often get notifications such as these and have no ability to respond to them.

cc @yuvipanda and @choldgraf just for thinking about how we might handle these types of alerts once these hubs are under 2i2c administration.

Dear Developer,

Our systems identified that your Google Cloud Platform / API Project ID
pangeo (id: pangeo-181919) may have been compromised and used for
cryptocurrency mining.

This activity was detected as originating from IP 35.202.87.3 and VM ID
3209684261390015728:us-central1-b to destination IP 146.59.217.34 on remote
port 17055 between 2021-01-12 11:12 and 2021-01-12 11:15 (Pacific
Time), though it may still be ongoing.

We recommend that you review this activity to determine if it is intended.
Cryptocurrency mining is often an indication of the use of fraudulent
accounts and payment instruments, and we require verification in order to
mine cryptocurrency on our platform.

Therefore if you wish to engage in cryptocurrency mining, and you
haven't already applied for an Invoiced Billing Account
(support.google.com/cloud/contact/apply_for_invoiced_billing), please do
so. Additional information is available in the Cloud Security Help
Center(support.google.com/cloud/answer/6262505).

If you believe your project has been compromised, we recommend that you
secure all your instances
(https://support.google.com/cloud/answer/6262505), which may require
uninstalling and then re-installing your project.

To better protect your organization from misconfiguration and access the
best of Google's threat detection, you may consider enabling Security
Command Center (SCC) for your organization. To learn more about SCC visit
https://cloud.google.com/security-command-center.

Once you have fixed the issue, please respond to this email. If the
behavior is intentional, please explain so that we do not ping you again
for this activity. Please do not hesitate to reach out to us if you have
questions.
@mrabtikhalid
Copy link

this is a crypto mining process, often comes as a wordpress plugin, please scan running processes (ps -aux), this process uses a lot of your cpu power

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rabernat @mrabtikhalid