Using apache to outbound DOS attack other sites
Someone is using my apache webserver installed on EC2 instance (Amazon Linux 2) to DOS attack other sites
I have these logs in my apache access_log
servername.com:80 127.0.0.1 - - [21/Oct/2020:07:49:03 -0400] 127.0.0.1 "GET / HTTP/1.1" 404 370 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0”
servername.com:80 127.0.0.1 - - [21/Oct/2020:07:50:26 -0400] cpanel.edojewelry.site "GET /wp-login.php HTTP/1.1" 404 370 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0”
The log report on the target website
x.x.x.x - - [21/Oct/2020:07:01:13 +0200] "POST /xmlrpc.php HTTP/1.1" 403 1228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
x.x.x.x - - [21/Oct/2020:07:01:11 +0200] "POST /wp-login.php HTTP/1.1" 200 2035 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
How do we prevent this or configure apache to not allow such attacks ? Is it possible to deny outgoing traffic from my instance to port 80 ?
Or should I go with a tool to prevent these outbound DOS ?
Edited by: wirescale on Oct 22, 2020 8:45 AM
I'd suggest reposting this in the EC2 forum, as it isn't related to AWS Security Hub.
When to update apache 2.4.52 on amazon linux ?
I am currently using apache old version (2.4.51), does it affect security?
504 Gateway Time-out when using curl on ec2 with Apache and PHPasked 3 months ago
Connect Windows 10 WorkSpace to Amazon Linux 2 EC2 Instanceasked 3 months ago
Amazon Linux 2 Apache package version updateasked 6 months ago
Amazon Linux 2, Apache and Open SSL 1.1.xasked 4 months ago
Unable to restart apacheasked a year ago
Why is HTTP/2 not being served on EC2 Linux2 Apache 2.4 although enabled?asked 2 years ago
Upgrade to Apache 2.4.48asked a year ago
Using apache to outbound DOS attack other sitesasked 2 years ago