How to report another AWS server has performed vunerability scanning on my server?
Someone pointed Nessus at my EC2 machine and performed a 12minute vunerability scan - Their IP traces back to AWS - There are more than 200 entries across all logs in /var/log/httpd. I believe my server is fine, undamaged, but the actions should not go unrewarded.
How do I raise this with AWS?
Thanks
The best way to raise this is by using the report abuse form: https://support.aws.amazon.com/#/contacts/report-abuse.
Since the target was your EC2 instance, it's probably best to use the link in the form to sign in to your account first.
Two further attempts to submit my report at https://support.aws.amazon.com/#/contacts/report-abuse failed, and thus I have decided not to Accept the answer suggested above as others may experience the same result as I got. When I filled in the form and clicked submit, I again with "Something went wrong" error. I will raise a separate ticket on this.
For now, I emailed abuse@amazonaws.com, attached log files, provided source and target server IP and requesting support on the EC2 user who performed an unsolicited and unwelcome vunerability scan of my EC2 server.
Relevant questions
Cognito - using Cognito for server to server authentication
Accepted Answerasked 3 years agoDMS to migrate SQL Server from RDS to EC2
asked 2 years agoHow to report another AWS server has performed vunerability scanning on my server?
Accepted Answerasked a month agoHow to fix EC2 Abuse Report
asked 2 months agoSQL Server RDS migration to EC2 SQL Server
Accepted Answerasked a month agoIs AppStream like a server for my desktop software products?
asked 5 days agoHow to scan the server files
asked a month agohow to connect to an mysql comm server 5.7 on ec2 from another ec2 instance
asked 2 years agoHow to point my namecheap domain to my EC2 intance
Accepted Answerasked 2 years agoUnable to access Spring Boot application deployed on AWS EC2 instance (Windows Server 2022)
asked 11 days ago
I was going to click Accept and give this a thumbs up however "Something went wrong" when attempting the process you suggested. I have, clicked the link to sign on to my account first, shared a contact email address, then filled in the form, indicated someone did port scanning, added extracts from my log files and then clicked Submit. This resulted in "Something went wrong". I repeated the process with the same result. There are no warnings attached anywhere else in the form indicating where I might have omitted a required value. Not good start to my day.