This is an E2 instance on GCP, I only have 5 containers running and caddy in front of them as reverse-proxy. Nothing else is installed, this is during off-hours as well relative to my users’ demographics. I use ssh-keys to authenticate ssh sessions.
I’ve had 2 other occasions during the free trial period with GCP where GCP warned me and suspended my VM because I was accused of mining crypto currency. The symptoms are the same as well. long constant CPU usage.
I’ve read that there are docker containers that can contain malicious code, but how do I detect them?
I’m open to any advice on what I can do to prevent this before I destroy this instance, thanks!