Using apache to outbound DOS attack other sites
Someone is using my apache webserver installed on EC2 instance (Amazon Linux 2) to DOS attack other sites
I have these logs in my apache access_log
servername.com:80 127.0.0.1 - - [21/Oct/2020:07:49:03 -0400] 127.0.0.1 "GET / HTTP/1.1" 404 370 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0”
servername.com:80 127.0.0.1 - - [21/Oct/2020:07:50:26 -0400] cpanel.edojewelry.site "GET /wp-login.php HTTP/1.1" 404 370 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0”
The log report on the target website
x.x.x.x - - [21/Oct/2020:07:01:13 +0200] "POST /xmlrpc.php HTTP/1.1" 403 1228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
x.x.x.x - - [21/Oct/2020:07:01:11 +0200] "POST /wp-login.php HTTP/1.1" 200 2035 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
How do we prevent this or configure apache to not allow such attacks ? Is it possible to deny outgoing traffic from my instance to port 80 ?
Or should I go with a tool to prevent these outbound DOS ?
Edited by: wirescale on Oct 22, 2020 8:45 AM
I'd suggest reposting this in the EC2 forum, as it isn't related to AWS Security Hub.
Relevant questions
When to update apache 2.4.52 on amazon linux ?
asked 6 months agoI am currently using apache old version (2.4.51), does it affect security?
asked 6 months ago504 Gateway Time-out when using curl on ec2 with Apache and PHP
asked 3 months agoConnect Windows 10 WorkSpace to Amazon Linux 2 EC2 Instance
asked 3 months agoAmazon Linux 2 Apache package version update
asked 6 months agoAmazon Linux 2, Apache and Open SSL 1.1.x
asked 4 months agoUnable to restart apache
asked a year agoWhy is HTTP/2 not being served on EC2 Linux2 Apache 2.4 although enabled?
asked 2 years agoUpgrade to Apache 2.4.48
asked a year agoUsing apache to outbound DOS attack other sites
asked 2 years ago