Issue with Google Cloud declaring Eve-NG is crypto-mining

Before posting something, READ the changelog, WATCH the videos, howto and provide following:
Your install is: Bare metal, ESXi, what CPU model, RAM, HD, what EVE version you have, output of the uname -a and any other info that might help us faster.

Moderator: mike

Post Reply
hammer6
Posts: 2
Joined: Sat Aug 28, 2021 8:56 pm

Issue with Google Cloud declaring Eve-NG is crypto-mining

Post by hammer6 » Wed Feb 02, 2022 1:36 pm

I have run into an issue with Google Cloud declaring that the VM running Eve-NG is crypto-mining. It has happened twice. The first time I destroyed and rebuilt the VM but it has happened again. I think they are mistaking the large lab's I was running for crypto-mining. I normally do not even have a connection to the internet, just a VPN to my house terminating on a Cisco Firepower appliance. The VM was up to date on patching. Has anyone else had this issue with Google? Any suggestions on how to prevent this in the future would be appreciated.

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Issue with Google Cloud declaring Eve-NG is crypto-mining

Post by Uldis (UD) » Wed Feb 02, 2022 2:40 pm

You should watch your EVE mate, because it is not first time your eve have been hacked, and running some extra services w/o you.
check cli command
top

also make sure what are those labs you are running? are they connected to cloud0??

By default EVE have no any vulnearble services included.

hammer6
Posts: 2
Joined: Sat Aug 28, 2021 8:56 pm

Re: Issue with Google Cloud declaring Eve-NG is crypto-mining

Post by hammer6 » Wed Feb 02, 2022 5:21 pm

I normally don't use Cloud0 but yesterday I did have it connected to a router testing it out. However The GPC VPC didn't have an external IP address assigned, just a VPN IP that went to my home office firewall so I don't see have that could be an issue. It was a somwhat large lab running ISE, a three ASA's, about a dozen router and switches, plus a Windows 2016 server. I will try top the next time I fire it up. Still waiting to hear back from Google.

Thanks

Grrrshark
Posts: 9
Joined: Sun Apr 25, 2021 10:58 pm

Re: Issue with Google Cloud declaring Eve-NG is crypto-mining

Post by Grrrshark » Thu Feb 10, 2022 7:41 pm

Yeah, I had the same issue that I believe was due to CPU usage from a more extensive running lab. My cloud firewall is set only to allow my public IP, so almost positive this is a false alarm due to CPU usage of the instance when it has internet access. You can test by running the lab with access to the internet, waiting for the ban, and then run the same lab, but take away access to the internet, and it won't get flagged. The only solution is to ramp up the CPU or stop giving the lab access to the internet.

dragonfly
Posts: 9
Joined: Tue Oct 16, 2018 7:50 pm

Re: Issue with Google Cloud declaring Eve-NG is crypto-mining

Post by dragonfly » Tue Aug 02, 2022 5:01 pm

I had this too..

So far day 2 since not getting any cyrpto-mining emails.

I have activated the Firewall Egress, ensuring that I only have access from my home network.

I also put the Cloud service in 'Suspended' mode too.

Bad news is at the minute, I access Eve-Ng & the project, but none of my Putty Apps give me access to the routers or switch, so on a mission to find out why..

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Issue with Google Cloud declaring Eve-NG is crypto-mining

Post by Uldis (UD) » Tue Aug 02, 2022 6:05 pm

It is because you are trying connect EVE lab nodes to cloud0, or simply did not secure your eve elemntary ssh, and some screwed your eve

Post Reply