What Do I Do If a Huawei Cloud IP Address Trigger a Brute-force Attack Alarm?
An alarm indicates that an attack was detected. It does not mean your cloud servers have been intruded.
If you receive an alarm, handle it and take countermeasures in a timely manner.
Possible Cause
Some Huawei Cloud servers users use simple passwords or common ports, or do not use any security protection products. These users' accounts can be easily cracked. Attackers can exploit the accounts and attack other users. In this way, alarms are reported from the IP addresses of the exploited accounts.
Solution
- Restrict access from the IP addresses that triggered alarms. For details, see Adding a Security Group Rule.
- When brute-force attacks are detected, they are blocked immediately and alarms are reported. Handle the alarm within seven days, or the EIPs that triggered alarms will be blocked until their alarms are handled.
- You can enhance security by setting strong passwords and changing ports. For details, see How Do I Defend Against Brute-force Attacks?
- You can purchase HSS to protect your servers. For more information, see Purchase HSS Quota. For details about HSS editions, see Features.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot