SES Account hacked!

0

Hi, my SES account was attacked and someone is sending a lot of phishing emails! Please, how can I block all sendings? It's very urgent!

asked 10 months ago554 views
2 Answers
0

Sorry to hear that! If you haven't already - I would start by limiting IAM Access in your account itself.

Futhermore, you could also check SES:

From a security perspective, if someone has access via IAM to your account, I would also check CloudTrail and other logging to see what else they have done in the account.

This is not comprehensive, but a good start: https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/

I would also reach out to AWS Support: https://console.aws.amazon.com/support/home#/

jsonc
answered 10 months ago
0

I only managed to achieve this using AWS cli. If you do not already have cli access keys:

  • access AWS console: https://us-east-1.console.aws.amazon.com/iamv2/home#/users (while you're there take a look into who accessed what resources how recently)
  • select your User and then select the tab "Security credentials"
  • click button "Create access key" (you need these credentials for next step)
  • enter terminal command aws configure and enter the key and secret generated
  1. check SNS status
aws ses get-account-sending-enabled --region {REGION_OF_SNS}

expect this response:

{
    "Enabled": true
} 
  1. Disable SNS:
aws ses update-account-sending-enabled --no-enabled --region {REGION_OF_SNS}
  1. Confirm SNS status
aws ses get-account-sending-enabled --region {REGION_OF_SNS}

expect this response:

{
    "Enabled": false
}

Now please upvote my answer : )

and figure out what else might be happening, and how this happened to you:

answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions