- Newest
- Most votes
- Most comments
I believe you are reading the message wrong. I believe you are being informed that your host was used to attack the site listed as part of a DDoS attack. As I read the log, I suspect that your host is 54.214.137.99 and it appears that you have SSH (tcp/22) open to public addresses on the internet as I can connect to this host via SSH from my internet connection. You should check logs on your host for unauthorized access, inspect for malware and secure the Security Group on your instance to only allow SSH from trusted IPs. In addition, I would suggest that you contact AWS support for additional information.
Hope this helps.
You're server was not secured and is now compromised. You need to delete it, start over and secure it by limiting your inbound security groups on sensitive ports. If you haven't done this yet then AWS will isolate it.
Also this is not a DDoS attack as this resembles your machine attempting to access sensitive pages on someone's word press login page.
Relevant content
- asked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago