My account is getting attacked?
Hello, I was just playing around with AWS s3 as a learning tool and I went to bed and i woke up with over 60million requests that I have no idea where they came from. I got hit with a bill and AWS customer support is very unwilling to help. I reset all of my passwords, MFA and access keys, deleted my s3 buckets but when i upload an image to my bucket i see it but then over night i get a bunch of requests from N Virgina, and East Ohio. It is a lot less but it is still concerning to me. Does anyone have a similar experience or know whats going on? Is my account compromised and should i delete it and start a new one? It is so frustrating, I followed all the steps for best practice for security but there are still a little bit of requests coming from an unknown source.
- Newest
- Most votes
- Most comments
Are these buckets set to be public? Are you using cli access keys? Do you have mfa setup on all users and enforce MFA?
Are you running any projects outside of hosting this public-blocked bucket of images? Consider enabling server access logs or CloudTrail to get an idea of what these events are coming from. If there is a chance that this account is compromised I would rotate the access keys and check other services for something running you did not enable. I also suggest setting up billing alerts as a warning mechanism.
Relevant content
- asked 3 months ago
AWS OFFICIALUpdated 7 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 years ago
My buckets are set to block all public access. I have MFA on my admin user account I only have one user. As for the access keys I’m using the one I created in the aws portal. Should I make the access keys in the cli? Thank you.