By using AWS re:Post, you agree to the Terms of Use
/AWS Security Hub/

Questions tagged with AWS Security Hub

Sort by most recent
  • 1
  • 90 / page

Browse through the questions and answers listed below or filter and sort to narrow down your results.

AWS Abuse Report - Never got one of these before

We have been using an LS instance (preconfigured Ubuntu 20.04lts VM) running PLESK and a wordpress site for our church. Has been up for about a month. Today, I got an email from AWS about an abuse. The report shows that the IP6 was doing automated crawling: ******* * Log Extract: <<< ****We are seeing automated scraping of Google Web Search from a large number of your IPs/VMs. ********** There's nothing in the data of the report except this: **+----------------------------------------+--------------------------+----------+---------------------+ | Source | Time_UTC | Destination | DestPort | +----------------------------------------+--------------------------+----------+---------------------+ 2600:1f18:6502:5000:a087:4d0e:325:9709 2021-12-13 22:17:01 2607:f8b0:4004:808::2004 443** The prebuilt VM (an ubuntu 20.04 LTS preconfigured with Wordpress/plesk) had IP6 enabled by default. So I need some help as this is not my area of expertise. When I run NETSTAT -AN, I see no established connections over that IP6 address. Since we don't use IP6, I have disabled it. But there was no established IP6 connections to any endpoint, let alone the one noted specifically above). Still, I'm concerned my system is compromised. I don't really know what to do. I had the Network config and the WAF limiting access, bu somehow the system looks to have been compromised. How do I root out whether there's a breach, an already in place virus or malware or rootkit? How do I scan my system for threats?
asked 7 months ago
  • 1
  • 90 / page