/
Malicious User Agent Detected

Malicious User Agent Detected

Owned by Former user (Deleted)
Feb 18, 2021
1 min read

Description: 

This alert monitors all inbound user agent strings communicating with GCP web services. This is a confident indication that the website is being attacked from a 3rd party. 

Based on the user agent string we look for well-known attacking tools for web applications. Example - NMAP, Nikto, ZAP, etc. This shows the source IP of the attacker. 

Solution: 

Our recommendation is to ensure you have no web application vulnerabilities, if you are unsure how to scan for web application vulnerabilities please contact Cybersec@columbia.edu. Additionally, we recommend the GCP account owner review their application logs for any suspicious from the source IP attacking the site.  If this activity is undesirable it would be beneficial for GCP account owners to build a Network ACL blocking the IP. 

Reference: 



Related content

Monitor for Malicious Logins against GCP Console
Monitor for Malicious Logins against GCP Console
CUIT CyberSecurity
More like this
Monitor for web application attacks
Monitor for web application attacks
CUIT CyberSecurity
More like this
Monitor for brute force attacks against GCP Console
Monitor for brute force attacks against GCP Console
CUIT CyberSecurity
More like this
GCP Security Alerts
GCP Security Alerts
CUIT CyberSecurity
More like this
Ensure that corporate login credentials are used instead of Gmail accounts
Ensure that corporate login credentials are used instead of Gmail accounts
CUIT CyberSecurity
More like this
Web App Attack Detected Malicious UserAgent
Web App Attack Detected Malicious UserAgent
CUIT CyberSecurity
More like this