运行Ubuntu的Google Compute Engine中的拒绝服务攻击 [英] Denial of service attack in Google Compute Engine running Ubuntu

问题描述

我注意到Google云平台中的VM正在生成DOS，并想知道它可能来自何处.在进一步的搜索中，我注意到一个不是我创建的文件，并删除了该文件.

I noticed that my VM in the google cloud platform is generating DOS and wondering where that may be coming from. On further search, I noticed a file that wasn't created by me and deleted the file.

到目前为止，我已经更改了ssh端口，但是我仍然收到该项目似乎正在实施拒绝服务攻击

So far, I have changed the ssh port but I'm still getting This project appears to be committing denial of service attacks

我想提出一些建议，以防止将来出现这种情况.

I would like suggestions on what else I can do to prevent this in the future.

推荐答案

我要在这里留下一些有趣的资源，您可以检查这些资源以保护Google Compute Engine实例的安全:

I'm leaving here some interesting resources you can check to secure your Google Compute Engine instance:

• Ubuntu SSH Guard联机帮助页
• ArchLinux SSH防护指南(指导您完成安装和设置)
>
• 来自geekflare的Apache强化指南
• 来自OWASP的PHP安全速查表
• MySQL安全准则

• Ubuntu SSH Guard manpage
• ArchLinux SSH guard guide (guides you through installation and setup)
• Apache hardening guide from geekflare
• PHP security cheatsheet from OWASP
• MySQL security guidelines

关于Google Cloud Platform实例的常规安全建议:

• 在项目级别设置用户权限.
• 安全地连接到您的实例.
• 确保项目防火墙未对互联网上的所有人开放.
• 使用强密码，并安全存储密码.
• 确保所有软件都是最新的.
• 监视通过监视API紧密监视项目使用情况，以识别异常的项目使用情况.

• Set user permissions at project level.
• Connect securely to your instance.
• Ensure the project firewall is not open to everyone on the internet.
• Use a strong password and store passwords securely.
• Ensure that all software is up to date.
• Monitor project usage closely via the monitoring API to identify abnormal project usage.

要诊断与GCE实例有关的问题，请串行端口输出会很有用.

To diagnose trouble with GCE instances, serial port output from the instance can be useful.

• 您可以通过单击实例名称来检查串行端口输出 然后在串行端口1(控制台)"上.请注意，此日志已清除 实例关闭时重新启动，并且日志不可见 实例未启动时.

• You can check the serial port output by clicking on the instance name and then on "Serial port 1 (console)". Note that this logs are wipped when instances are shutdown & rebooted, and the log is not visible when the instance is not started.

监控堆栈驱动程序还有助于提供审核跟踪到 诊断问题.

Stackdriver monitoring is also helpful to provide an audit trail to diagnose problems.

此处是一些可以确保GCP项目安全的提示.

Here are some hints you can check on keeping GCP projects secure.

这篇关于运行Ubuntu的Google Compute Engine中的拒绝服务攻击的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！