- 最新
- 投票最多
- 评论最多
This issue occured earlier due to phishing attack complaint from our websites hosted on EC2, bu that time i was notified about the issue on health dashboard,
Did AWS Trust and Safety issue a warning about this? Did they send you any correspondences explaining the problem, or if they isolated this EC2 Instance? To get to the bottom of why the EC2-Instance is unreachable it would be wise to take the old instance, move it to a private VPC and search it's logs for corruption or malware. We don't know much about this website, what are your security groups, is it WordPress, how do you secure it on an infrastructure and application layer?
it sounds like you have taken several steps to troubleshoot the issue already, including restarting services and rebooting the EC2 instance. Since recreating the instance from an AMI resolved the problem, it is possible that there was some issue or corruption within the instance that was resolved by creating a new instance from a clean image.
Update : Apache logs showed lot of SQL injection requests, also i done a malware scan by using ClamAV, and removed a backdoor file. Iam able to browse the websites from the affected EC2 instance after the removal of backdoor file.
Thanks david for pointing about security, the sites hosted on same server down again second time, upon checking apache logs, i see lot of SQL injection attacks, also i ran a clamAV scan, found and removed a backdoor file, now the sites workinig fine.