SES Account hacked!


Hi, my SES account was attacked and someone is sending a lot of phishing emails! Please, how can I block all sendings? It's very urgent!

asked 10 months ago554 views
2 Answers

Sorry to hear that! If you haven't already - I would start by limiting IAM Access in your account itself.

Futhermore, you could also check SES:

From a security perspective, if someone has access via IAM to your account, I would also check CloudTrail and other logging to see what else they have done in the account.

This is not comprehensive, but a good start:

I would also reach out to AWS Support:

answered 10 months ago

I only managed to achieve this using AWS cli. If you do not already have cli access keys:

  • access AWS console: (while you're there take a look into who accessed what resources how recently)
  • select your User and then select the tab "Security credentials"
  • click button "Create access key" (you need these credentials for next step)
  • enter terminal command aws configure and enter the key and secret generated
  1. check SNS status
aws ses get-account-sending-enabled --region {REGION_OF_SNS}

expect this response:

    "Enabled": true
  1. Disable SNS:
aws ses update-account-sending-enabled --no-enabled --region {REGION_OF_SNS}
  1. Confirm SNS status
aws ses get-account-sending-enabled --region {REGION_OF_SNS}

expect this response:

    "Enabled": false

Now please upvote my answer : )

and figure out what else might be happening, and how this happened to you:

answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions