Share via

website is being used to conduct DDOS and Brute force activity.

Watt Song 0 Reputation points
2025-04-24T14:54:47.4533333+00:00

I got email talked about my website:
it would appear that your resource /subscriptions/d767d87f-d275-40a7-b6b3-09213dfa4237/resourcegroups/viewtool/providers/microsoft.compute/virtualmachines/viewtool is being used to conduct DDOS and Brute force activity. This has been detected a number of times over the last few months. 
Please take action to prevent this resources from being used for continued abuse on the Azure Platform. 
Can someone lead me to solve this issue step by step?

Azure DDos Protection
Azure DDos Protection
An Azure service that provides defense against distributed denial-of-service (DDoS) attacks.
82 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ganesh Patapati 7,165 Reputation points Microsoft External Staff Moderator
    2025-04-24T15:37:28.56+00:00

    Hello Watt Song

    It looks like you've received a concerning email about your Azure resource being used for DDoS and brute force activities. Here's a step-by-step approach to tackle this issue:

    • Please Check and review your Azure Activity Logs for any unusual or unauthorized access patterns to your VM. You can access the logs through the Azure Portal.
    • Enable JIT access for your VM to restrict exposure to only when you need to connect, reducing vulnerability to attacks.

    Refer: https://learn.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-overview?tabs=defender-for-container-arch-aks

    • If you need to connect to your VM, consider using Azure Bastion for a secure connection via the Azure portal, which does not expose your VMs to the public internet.
    • Review and update your NSG Rules to limit incoming traffic to your VM. Make sure to restrict RDP access to specific IP addresses if necessary.
    • Setting up a VPN can provide an encrypted tunnel for remote access, keeping your VM less exposed.
    • Leverage Azure Security Center to assess and improve your security posture. It can offer insights into any vulnerabilities and recommendations tailored to your setup.

    Review Best Practices

    • Use complex and long passwords for any user accounts on your VMs.
      • Regularly update your software, including the OS and any applications, to protect against known vulnerabilities.

    If the attacks persist, consider enabling logging and alerts to monitor for suspicious activities continuously. Check for abnormal connections, repeated failed logins, or unusual resource utilization in your VM.

    Can you please update us if the action plan provided by was helpful?

    Should there be any follow-up questions or concerns, please let us know and we shall try to address them. Please don’t forget to close the thread by clicking "Accept the answer" and "Yes" wherever the information provided helps you, as this can be beneficial to other community members.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.