|
|
|
|
|
|
by dodobirdlord
2079 days ago
|
|
|
Cloud providers are vigilant for signs that accounts have been compromised and are being used by hackers for nefarious things. It's in their best interest to detect this early and step in before the hackers can pile up a ton of charges that the account owner is then going to dispute. Some big clues are (1) seems to be mining cryptocurrency, (2) seems to be trying to DDoS something, (3) seems to be sending email spam, and (4) seems to be scanning the entire internet for vulnerabilities. Sending a ton of email is usually actively prohibited and the cloud provider will blackhole your packets because they're protective of the reputation of their address blocks. Scanning the internet is more of a "try it and see" sort of thing. If it's not a significant change in behavior from the background of what's normally going on in your account, or if you're doing it from a trivial number of machines, probably nothing will happen. If you suddenly spin up a ton of infrastructure for this purpose you can probably expect a friendly phone call fairly quickly, followed by having your account suspended until they hear back from you. If you run a big account with your cloud provider they won't go suspending your VMs willy-nilly, but also if you have a big account with your cloud provider they have your business number and expect you to answer it. |
|
|