I am reaching out regarding an incident involving unauthorized access to our server. Upon investigation, it appears that the IP address 34.207.209.209, identified through ipinfo.io as belonging to Amazon, initiated an illegal request targeting the .git directory on our server.
This unauthorized access attempts to the .git directory trigger a 503 error response from our server. Subsequently, our server goes down, and I am unable to ascertain the specific reason for this behavior. The consistent occurrence of a 503 error followed by server downtime is concerning, especially as there are no visible indications within our load balancer or instance that suggest resource exhaustion, such as CPU or memory overload.
For your reference, I provide the relevant log file as below:
https 2024-01-07T01:05:31.613971Z "my_Amazon_load_balancer" 34.207.209.209:39238 - -1 -1 -1 503 - 203 332 "GET https://3.210.51.159:443/templates/.git/config HTTP/1.1" "Mozilla/5.0 (OS/2; Warp 4.5; rv:24.0) Gecko/20100101 Firefox/24.0" TLS_AES_128_GCM_SHA256 TLSv1.3 arn:aws:elasticloadbalancing:us-east-1:213064908535:targetgroup/my_target_group/e22d549341d575a4 "Root=1-6599f8db-695f63d57bf0ff0b738adad2" "-" "arn:aws:acm:us-east-1:213064908535:certificate/ab21f1f8-cd78-4fb1-b49f-ed4551c240fa" 0 2024-01-07T01:05:31.613000Z "forward" "-" "-" "-" "-" "-" "-"
I kindly request your assistance in investigating this matter further and understanding why the server becomes unresponsive after a 503 error. Any insights or guidance you can provide to address this issue would be greatly appreciated.
AWS OFFICIALUpdated 10 months ago
In addition to WAF, as 34.207.209.209 is a non-changing address, you can also forbid it to access your server via a the security group of the VPC in which you instance resides until you don't see the access requests.
Thanks a lot! I have blocked the ip. The main reason for the 503 I think is the video file I hosted at the instance. The video file simply is too big and might overload the server's RAM. I will try the request or rate control.