We’ve received a report(s) that your AWS resource(s)
AWS ID: ************ Region: us-west-2 Lightsail Instance Name: Eredda
Private IP : Public IP =My Public IP : My static IP
has been implicated in activity which resembles attempts to access remote hosts on the internet without authorization. Activity of this nature is forbidden in the AWS Acceptable Use Policy (AWS Acceptable Use Policy). We’ve included the original report below for your review.
Please take action to stop the reported activity and reply directly to this email with details of the corrective actions you have taken. If you do not consider the activity described in these reports to be abusive, please reply to this email with details of your use case.
If you are unaware of the source of the reported activity it is likely that your Lightsail instance has been compromised by an external actor.
The best recourse in this case is to create a new Lightsail instance from a snapshot taken well before this abuse notice was first received, for instructions on creating a new instance from a snapshot see: Creating an instance from a manual snapshot in Amazon Lightsail | Lightsail Documentation
If you do not have a such snapshot, please consider creating a new Lightsail instance from scratch.
To prevent further abuse from your new Lightsail resource(s), AWS Trust & Safety has the following recommendations:
• Review Lightsail documentations on Security best practices: Search Results – Overviews | Lightsail Documentation
• Ensure that you use strong and complex passwords for administrative access.
• Ensure that you are taking your Lightsail snapshots on a regular basis. Also consider utilizing Automatic Snapshots feature to automate this process: Enabling or disabling automatic snapshots for instances or disks in Amazon Lightsail | Lightsail Documentation
• Ensure latest OS patches and security updates have been applied. If your Lightsail is running a content management platform such as Wordpress, also ensure their applications and plugins are kept up to date as much as possible. Any unnecessary applications and plugins should be removed.
• Consider moving administrative access ports, such as TCP 22 or 3389, to non-default port and enhancing site security with Lightsail firewall features : Enhancing site security with new Lightsail firewall features | AWS Compute Blog
• Ensure you are monitoring Average CPU Utilization, Incoming Network Traffic, and Outgoing Network Traffic regularly and look for any abnormalities, such as unusual spikes.
Please remember that you are responsible for ensuring that your resources and all applications are properly secured.
Regards,
AWS Trust & Safety
Case Number: 17166407404-1
—Beginning of forwarded report(s)—
- Log Extract:
<<<
Time of catch: 2023-07-25 10:44:12 GMT
Incident content:
Url: [hi###nt.###.au/]
Remote connection: [My static IP :33114](http://My static IP:33114/)]
Headers: [array (
‘Host’ => ‘hi###nt.###.au’,
‘User-Agent’ => ‘Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36’,
‘Accept’ => ‘text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9’,
‘Accept-Language’ => ‘en-US,en;q=0.9’,
‘Connection’ => ‘close’,
)]
Get data: [Array
(
[author] => 45
)
]
- Comments:
<<<
BitNinja presents a CAPTCHA to the visitor, if it is resolved correctly (either automatically via our Browser Integrity Check, or manually), the IP address will be removed from the greylist, if ignored, it will generate a security incident, and the connection will be terminated.