VMs / EC2 Unauthorized Access Attempt

There have been unauthorized access attempts to the VM/EC2 instance.

Understanding Prometheus and Its Role in Monitoring

Prometheus is an open-source systems monitoring and alerting toolkit originally built at SoundCloud. It is now a standalone open source project and maintained independently of any company. Prometheus's main purpose is to collect metrics from configured targets at given intervals, evaluate rule expressions, display the results, and trigger alerts if some condition is observed to be true.

Symptom: Unauthorized Access Attempt

One of the alerts you might encounter when using Prometheus to monitor your VMs or EC2 instances is the Unauthorized Access Attempt alert. This alert indicates that there have been unauthorized access attempts to your VM/EC2 instance.

Why This Alert Matters

Unauthorized access attempts can be a sign of malicious activity, such as a brute force attack or an attempt to exploit vulnerabilities in your system. It is crucial to address these alerts promptly to protect your infrastructure and data.

Details About the Unauthorized Access Attempt Alert

The Unauthorized Access Attempt alert is triggered when Prometheus detects suspicious login attempts or access patterns that do not match the expected behavior. This could be due to multiple failed login attempts, access from unknown IP addresses, or attempts to use invalid credentials.

Common Causes of Unauthorized Access Attempts

Weak or default passwords being used.
Unpatched security vulnerabilities.
Misconfigured security groups or firewall rules.
Access keys or credentials being leaked or compromised.

Steps to Fix the Unauthorized Access Attempt Alert

To resolve this alert, you need to take a series of steps to secure your VM/EC2 instance and prevent future unauthorized access attempts.

1. Review Security Logs

Start by reviewing the security logs of your VM/EC2 instance to identify the source of the unauthorized access attempts. You can use tools like AWS CloudTrail for AWS environments or Azure Monitor for Azure environments to track access logs and identify suspicious activities.

2. Update Security Configurations

Ensure that your security configurations are up to date. This includes:

Changing default passwords and using strong, complex passwords.
Regularly updating and patching your operating system and applications.
Configuring security groups and firewall rules to restrict access to only trusted IP addresses.
Disabling unused services and ports.

3. Implement Multi-Factor Authentication (MFA)

Enable Multi-Factor Authentication (MFA) for all user accounts to add an extra layer of security. This ensures that even if credentials are compromised, unauthorized users cannot access your systems without the second authentication factor.

4. Rotate Access Keys and Credentials

Regularly rotate access keys and credentials to minimize the risk of them being compromised. Use tools like AWS IAM for managing access keys in AWS environments.

Conclusion

By following these steps, you can effectively address the Unauthorized Access Attempt alert and enhance the security of your VM/EC2 instances. Regular monitoring and proactive security measures are essential to protect your infrastructure from unauthorized access and potential breaches.

Master

VMs / EC2 Unauthorized Access Attempt

debugging in Minutes

— Grab the Ultimate Cheatsheet

(Perfect for DevOps & SREs)

Most-used commands

Real-world configs/examples

Handy troubleshooting shortcuts

Thankyou for your submission

We have sent the cheatsheet on your email!

Oops! Something went wrong while submitting the form.

VMs / EC2 Unauthorized Access Attempt

Cheatsheet

(Perfect for DevOps & SREs)

Most-used commands

Thankyou for your submission

We have sent the cheatsheet on your email!

Oops! Something went wrong while submitting the form.

MORE ISSUES

supabase Unauthorized API Access

Detected unauthorized access attempts to the API, indicating potential security threats.

supabase Replication Lag

Significant delay in database replication, which may affect data consistency.

supabase Pod Eviction

Pods are being evicted due to resource constraints or node failures.

supabase Service Dependency Failure

A dependent service is failing, affecting the functionality of the primary service.

supabase Service Latency Spike

Sudden increase in service latency, potentially affecting user experience.

supabase Database Deadlock

Detected deadlocks in the database, which may affect transaction processing.

supabase High I/O Wait

Excessive I/O wait times, indicating potential disk or network bottlenecks.

supabase Node Memory Pressure

A node is under memory pressure, affecting pod scheduling and performance.

supabase High Swap Usage

Excessive swap usage, which may degrade system performance.

supabase Service Restart Loop

A service is continuously restarting, indicating potential configuration or resource issues.

supabase API Rate Limit Exceeded

API requests have exceeded the allowed rate limit, potentially affecting service availability.

supabase Configuration Drift

Detected changes in system configuration that deviate from the desired state.

supabase Node Disk Pressure

A node is experiencing disk pressure, which may affect pod scheduling and performance.

supabase Job Failure

Scheduled jobs or tasks have failed to execute successfully.

supabase Service Unavailable

A service is temporarily unavailable, possibly due to overload or misconfiguration.

supabase High Load Average

The system load average is higher than expected, indicating potential resource saturation.

supabase High Network Traffic

Unusually high network traffic, which may indicate a DDoS attack or misconfigured services.

supabase Backup Failure

Scheduled backups have failed, risking data loss in case of system failures.

supabase High Latency

Increased response times for requests, which may impact user experience.

supabase Unauthorized Access Attempts

Multiple failed login attempts detected, indicating potential security threats.

supabase Pod CrashLoopBackOff

A pod is repeatedly crashing and restarting, indicating issues with the application or configuration.

supabase Certificate Expiry

SSL/TLS certificates are nearing expiration, risking secure communication failures.

supabase Node Not Ready

A node in the cluster is not ready, potentially due to resource constraints or failures.

supabase Service Down

A critical service is not responding, possibly due to crashes or network issues.

supabase High Memory Usage

The memory consumption has surpassed the set limit, which may lead to performance degradation.

supabase Disk Space Low

The available disk space is below the acceptable threshold, risking data write failures.

supabase High CPU Usage

The CPU usage has exceeded the defined threshold, indicating potential over-utilization of server resources.

supabase Database Connection Errors

Frequent connection errors to the database, possibly due to network issues or misconfigurations.

supabase High Error Rate

An increased rate of errors in the application, indicating potential bugs or misconfigurations.

supabase Slow Query Response

Queries are taking longer than expected to execute, affecting application performance.

OpenSearch Index Recovery Failure

An index recovery operation has failed, potentially due to resource constraints or configuration issues.

OpenSearch Cluster Node Joined

A new node has joined the cluster, potentially affecting cluster balance.

OpenSearch Index Read-Only Mode

An index has been set to read-only mode due to disk space issues.

OpenSearch Node Heap Dump Generated

A heap dump has been generated, indicating potential memory issues.

OpenSearch Cluster Node Left

A node has unexpectedly left the cluster.

OpenSearch Node Network Latency High

Network latency between nodes is higher than expected, impacting cluster performance.

OpenSearch Cluster Node Disk Full

A node's disk is full, preventing further data operations.

OpenSearch Cluster State Update Failure

The cluster is unable to update its state due to resource constraints or configuration issues.

OpenSearch Node Disk I/O High

Disk I/O operations on a node are consistently high, impacting performance.

OpenSearch Indexing Throughput Low

The rate of indexing operations is lower than expected.

OpenSearch Search Throughput Low

The rate of search operations is lower than expected.

OpenSearch Node JVM Heap Pressure High

The JVM heap pressure on a node is consistently high, indicating potential memory issues.

OpenSearch Cluster Node Count Low

The number of nodes in the cluster is below the expected count.

OpenSearch Snapshot Failure

A snapshot operation has failed, potentially due to storage issues or configuration errors.

OpenSearch Node Disk Watermark Exceeded

Disk usage on a node has exceeded the high watermark threshold.

OpenSearch Index Shard Size Large

One or more index shards have grown larger than the recommended size.

OpenSearch Snapshot Duration High

Snapshot operations are taking longer than expected to complete.

OpenSearch Cluster Rebalance Failure

The cluster is unable to rebalance shards due to resource constraints or configuration issues.

OpenSearch Pending Tasks High

There is a high number of pending tasks in the cluster, indicating potential bottlenecks.

OpenSearch Cluster Shard Allocation Failure

The cluster is unable to allocate shards due to resource constraints or configuration issues.

OpenSearch Search Latency High

Search queries are taking longer than expected to complete.

OpenSearch Indexing Latency High

Indexing operations are taking longer than expected.

OpenSearch Frequent Garbage Collection

Frequent garbage collection events are occurring, impacting performance.

OpenSearch High JVM Heap Usage

The JVM heap usage is consistently high, leading to potential garbage collection issues.

OpenSearch Node Disk Usage High

The disk usage on one or more OpenSearch nodes is above the threshold.

OpenSearch Node Not Reachable

An OpenSearch node is not reachable or has been removed from the cluster.

OpenSearch Cluster Status Red

One or more primary shards are unassigned in the OpenSearch cluster.

OpenSearch Cluster Status Yellow

One or more replica shards are unassigned in the OpenSearch cluster.

OpenSearch High Memory Usage

The memory usage on the OpenSearch nodes is consistently above the threshold.

OpenSearch High CPU Usage

The CPU usage on the OpenSearch nodes is consistently above the threshold.

ClickHouse ClickHouseHighZooKeeperEphemeralNodeCount

The number of ephemeral nodes in ZooKeeper is too high, which can affect stability.

ClickHouse ClickHouseHighZooKeeperWatchCount

The number of watches in ZooKeeper is too high, potentially affecting performance.

ClickHouse ClickHouseHighZooKeeperNodeCount

The number of nodes in ZooKeeper is too high, which can affect performance.

ClickHouse ClickHouseHighZooKeeperSessionCount

The number of ZooKeeper sessions is too high, potentially overloading the ZooKeeper cluster.

ClickHouse ClickHouseHighZooKeeperRequestErrors

A high number of errors are occurring in requests to ZooKeeper, disrupting coordination.

ClickHouse ClickHouseHighZooKeeperRequestLatency

Requests to ZooKeeper are experiencing high latency, affecting distributed operations.

ClickHouse ClickHouseHighBackgroundTaskQueueSize

The background task queue is too large, potentially delaying important maintenance tasks.

ClickHouse ClickHouseHighMutationQueueSize

The mutation queue size is too large, which can delay data updates.

ClickHouse ClickHouseHighCompactionQueueSize

The compaction queue size is too large, indicating delays in data compaction.

ClickHouse ClickHouseHighPartCountInPartition

A partition has too many parts, which can degrade query performance.

ClickHouse ClickHouseHighReplicaQueueSize

The size of the replication queue is too large, which can delay data synchronization.

ClickHouse ClickHouseHighNetworkErrors

A high number of network errors are occurring, which can disrupt data operations.

ClickHouse ClickHouseHighDiskIOWait

Disk I/O wait times are high, indicating potential bottlenecks in disk operations.

ClickHouse ClickHouseInsertFailureRateHigh

A high rate of insert failures is occurring, which can affect data ingestion.

ClickHouse ClickHouseHighNetworkLatency

Network latency is high, affecting communication between ClickHouse nodes or clients.

ClickHouse ClickHouseQueryFailureRateHigh

A high rate of query failures is occurring, indicating potential issues with queries or server stability.

ClickHouse ClickHouseHighReplicaLag

The lag between replicas and the primary server is too high, risking data consistency.

ClickHouse ClickHouseBackgroundMergesFailing

Background merge operations are failing, which can lead to performance issues.

ClickHouse ClickHouseMergeTreePartCountHigh

The number of parts in a MergeTree table is too high, which can degrade performance.

ClickHouse ClickHouseTableNotReplicated

A table that should be replicated is not being replicated correctly.

ClickHouse ClickHouseZooKeeperSessionExpired

The session with ZooKeeper has expired, potentially disrupting distributed operations.

ClickHouse ClickHouseHighWriteLatency

Write operations are experiencing high latency, which can delay data ingestion.

ClickHouse ClickHouseHighReadLatency

Read operations are experiencing high latency, affecting query performance.

ClickHouse ClickHouseReplicaDown

One or more replicas are not reachable, which can affect data redundancy and availability.

ClickHouse ClickHouseZooKeeperConnectionLoss

The ClickHouse server has lost connection to ZooKeeper, affecting distributed coordination.

ClickHouse ClickHouseHighMemoryUsage

The ClickHouse server is using an unusually high amount of memory, which could lead to performance degradation or crashes.

ClickHouse ClickHouseHighCPUUsage

The CPU usage on the ClickHouse server is consistently high, indicating potential performance issues.

ClickHouse ClickHouseTooManyConnections

The number of connections to the ClickHouse server has exceeded the configured limit.

ClickHouse ClickHouseQueryTimeout

Queries are taking too long to execute and are timing out.

ClickHouse ClickHouseDiskSpaceLow

The disk space on the ClickHouse server is running low, which could prevent new data from being written.

ClickHouse ClickHouseReplicaLag

One or more replicas are lagging behind the primary server, which can lead to stale reads.

Cassandra CassandraClusterWideLatencyHigh

High latency observed across the entire cluster, indicating potential systemic issues.

Cassandra CassandraRepairFailures

Failures occurred during repair operations, potentially affecting data consistency.

Cassandra CassandraNodeLoadImbalance

Uneven data distribution across nodes, leading to load imbalance.

Cassandra CassandraTableCompactionHigh

Compaction tasks for a specific table are taking longer than expected.

Cassandra CassandraHintsDeliveryLatencyHigh

Hint delivery is taking longer than expected, indicating potential network or node issues.

Cassandra CassandraBatchLogReplay

Batch log replay is occurring, indicating potential issues with batch operations.

Cassandra CassandraCQLRequestsHigh

A high number of CQL requests are being processed, potentially overloading the node.

Cassandra CassandraThriftRequestsHigh

A high number of Thrift requests are being processed, potentially overloading the node.

Cassandra CassandraReadRepairFailures

Failures occurred during read repair operations.

Backed by

Resources

Contact

Platform

Connect

Deep Sea Tech Inc. — Made with ❤️ in & 🏢

Doctor Droid