Securing GCP compute instance

Question

I've a Linux (ubuntu) instance running on google cloud platform .I've created this instance just for learning purpose. It is hosting a website using NodeJS server listing on port 80.The website is serving a simple webpage . In firewall setting, I've allowed all HTTP/HTTPS traffic and also all inbound traffic is allowed (All IPs allowed) . Further to connect to my GUI base ubuntu I used NoMachine utility software ,which uses port 4000 (NX protocol). I got an email from google stating

Resources associated with your project Stream Project (id: XXXXXXXXXXXXX) are being suspended for cryptocurrency mining in violation of our Terms of Service.

After further enquiry they responded me with this email.

We've detected that your Google Cloud Project Stream Project (id: XXXXXXXXX) IP appears to be performing intrusion attempts against a third party.

My password of compute instance were weak (like "someting123") as I just wanted to use it for learning purpose . Now google notified tat they will suspend my account if don't take necessary security steps . How do I secure my GCP? I only want to use it to serve my website and create OpenVPN serer for my private use. I cannot configure firewall to grant IP specific access to my compute instance as I don't have a static ip to connect to my instance . Please suggest how can I secure my Instance .

Answer 1

I suggest you to follow this public information guide which contains best practices to have the instances more secure.

Option 1: Review the host key values

You can use the gcloud command-line tool to verify that SSH keys are written to guest attributes:

gcloud compute instances get-guest-attributes VM_NAME \
  --query-path="hostkeys/" \
  --zone=ZONE

Replace the following:

VM_NAME: the name of the VM
ZONE: the name of the zone in which the VM is located

Option 2: Review the serial port

View the serial port output.
Select serial port 1.

click here for more documentation.