Someone is using my apache webserver installed on EC2 instance (Amazon Linux 2) to DOS attack other sites
I have these logs in my apache access_log
servername.com:80 127.0.0.1 - - [21/Oct/2020:07:49:03 -0400] 127.0.0.1 "GET / HTTP/1.1" 404 370 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0”
servername.com:80 127.0.0.1 - - [21/Oct/2020:07:50:26 -0400] cpanel.edojewelry.site "GET /wp-login.php HTTP/1.1" 404 370 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0”
The log report on the target website
x.x.x.x - - [21/Oct/2020:07:01:13 +0200] "POST /xmlrpc.php HTTP/1.1" 403 1228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
x.x.x.x - - [21/Oct/2020:07:01:11 +0200] "POST /wp-login.php HTTP/1.1" 200 2035 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
How do we prevent this or configure apache to not allow such attacks ? Is it possible to deny outgoing traffic from my instance to port 80 ?
Or should I go with a tool to prevent these outbound DOS ?
Edited by: wirescale on Oct 22, 2020 8:45 AM