By using AWS re:Post, you agree to the Terms of Use
/Using apache to outbound DOS attack other sites/

Using apache to outbound DOS attack other sites

0

Someone is using my apache webserver installed on EC2 instance (Amazon Linux 2) to DOS attack other sites

I have these logs in my apache access_log
servername.com:80 127.0.0.1 - - [21/Oct/2020:07:49:03 -0400] 127.0.0.1 "GET / HTTP/1.1" 404 370 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0”
servername.com:80 127.0.0.1 - - [21/Oct/2020:07:50:26 -0400] cpanel.edojewelry.site "GET /wp-login.php HTTP/1.1" 404 370 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0”

The log report on the target website
x.x.x.x - - [21/Oct/2020:07:01:13 +0200] "POST /xmlrpc.php HTTP/1.1" 403 1228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
x.x.x.x - - [21/Oct/2020:07:01:11 +0200] "POST /wp-login.php HTTP/1.1" 200 2035 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

How do we prevent this or configure apache to not allow such attacks ? Is it possible to deny outgoing traffic from my instance to port 80 ?

Or should I go with a tool to prevent these outbound DOS ?

Edited by: wirescale on Oct 22, 2020 8:45 AM

1 Answers
0

I'd suggest reposting this in the EC2 forum, as it isn't related to AWS Security Hub.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions