AmazonAWS, the Double-Edged Sword

You may be familiar with Amazon S3, providing low-cost online storage. You may also be familiar with Amazon EC2, providing the ability to have your own server in the cloud. These two form a small part of a collection of services provided yb Amazon and knows as AWS (Amazon Web Services).

There is a dark side to Amazon AWS however: It provides hackers with an inexpensive way to erect large scale bots. A bot is nothing more than a computer program that roams from website to website looking for known vulnerabilities. Right now one such bot is attacking websites of several of our clients. Each website log shows hundreds of attacks per day from this bot.

This is an easy problem to solve however if you have a firewall: The hostname always ends with “amazonaws.com”. No legitimate user will have that hostname. Set your firewall to block al requests from hostname “*.amazonaws.com”.

We see similar activity but on a smaller scale from GoDaddy servers, so I would suggest also blocking “*.secureserver.net”.