API tools faq
paste
lyfsy

Has AWS degraded into an attacker haven?

lyfsy
Jan 23rd, 2020
103
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.73 KB | None | 0 0
raw download clone embed print report
  1. Has AWS degraded into an attacker haven?
  2. We continually get slammed by AWS servers with everything from brute force SMTP/POP hack attempts, SYN attacks, DNS denial attempt attacks, etc. We are up to well over 25 separate abuse claims filed with them - but only 2 of which even got a reply. Right now we are still wasting time on a 5+ day attack set from maybe 5-10 different AWS servers and its just your standard "wack-a-mole" as we block one AWS range and then get hit by another 1-3. We are going to have to black hole all AWS IP space as they clearly seem to not be able to control their users or servers. Aside from Digital Ocean (gag) no other single provider in the world has sourced so many attacks against us as AWS servers; and we are just a small, private web host of no particular note. We have hosted sites for about 15 years and never seen this volume of consistent attacks before.
  3. ++++++++++++++
  4. list of top cheapest host http://Listfreetop.pw
  5.  
  6. Top 200 best traffic exchange sites http://Listfreetop.pw
  7.  
  8. free link exchange sites list http://Listfreetop.pw
  9. list of top ptc sites
  10. list of top ptp sites
  11. Listfreetop.pw
  12. Listfreetop.pw
  13. +++++++++++++++
  14.  
  15. Are others seeing this ongoing childish silliness from AWS? We would have thought it was just crap coming from the lame 'free' servers they peddle - but we have seen attacks coming from maybe 10 different IPs in the same class C spaces.
  16.  
  17. Anyone else regularly experiencing this mishegoss?
  18. I do not know if it is a coincidence, but today has been a day of many SYN attacks from Amazon servers.
  19. WebSitePanel/ MspControl / SolidCP / Smartermail / Installation / Configuration / Troubleshooting / Migrations
  20. Windows Server Management / Security / Hardening
  21. I speak English and Spanish
  22. AWS is the largest hosting provider in the world, the bulk of attacks are more than likely a small percentage of their customers and the bulk of the internet is hosted with AWS. The best thing you can do is use the following https://aws.amazon.com/premiumsuppor...ort-aws-abuse/ and report anything excessive to the police as the attacks are technically crimes. So something that might seem like a large attack to you could be little to nothing so you have to keep submitting abuse reports when attacks occur.
  23.  
  24. I would recommend automating submitting the abuse report when thresholds are met to reduce any human labor, eventually whoever is doing it should be blocked or have their account cancelled. Similar to attacks coming from Google and Microsoft cloud services they need the reports in order to shutdown attacks that are trying to stay under the radar of their automated systems.
  25. Well, according to HostingAdvice (and others) - Godaddy has about 15% of all sites, Amazon has 8.9% and Google has 7.3%. So those 3 together account for only about 30% of hosted web sites; so Amazon is hardly the 'largest hosting provider in the world'. They are however the only large provider who indiscriminately allows free accounts to be created and used to attack other systems. No port filtering, no application restrictions, just a wild-west open attacker platform which has been the source of hundreds and hundreds of attacks against our own network over the past couple of years. Lost count of the number of times we have filed abuse reports with them - and only had 2 of them even responded to. The number of attacks coming from AWS are nothing even remotely close to Google or Microsoft and its very surprising to hear someone claim otherwise; and both were providing cloud services some 4+ years before Amazon. When you exclude Asia and Eastern Europe they sit very firmly as the leader in attack vectors.
  26.  
  27. minergate.com
  28. hosting lookup
  29. rdlnk.co
  30. go.pub2srv.com
  31. 631 hosting
  32. wiredpay.com
  33. host defense my community
  34. glowbux.com
  35.  
  36. I honestly mean no insult but exactly where did you get the impression that AWS is the 'largest hosting provider'? The largest and most used attacker network - yes, but hardly the largest provider, and hardly a provider without the resources to control damaging traffic. While AWS has done only marginally in limiting spam hosting, that is the least of the problems coming from their network. The only other network which deserves being black holed is Digital Ocean - who does even less to control their malicious users.
  37.  
  38. Sorry, just do not know where you got your impressions from. We have hosted ecommerce sites exclusively for over 15 years and have been attacked regularly since day #1. Its not an issue which is new or unfamiliar to us.
  39. GoDaddy was the largest until they moved the majority (probably all by now) of their hosting to AWS.
  40.  
  41. https://www.businesswire.com/news/ho...ddy-All-In-AWS
  42.  
  43. Which made AWS the largest hosting provider, though they are still the largest domain registrar due to their marketing, advertising and hitting the hardest back when the internet was first becoming hot.
  44.  
  45. I understand your frustration, but AWS, Google, etc. all are just offering IaaS/PaaS etc., everything else is being run by their customers. You can also try alternatives and report abuse to ic3.gov and have your attorneys send in something official if they have not properly addressed your concerns. The attacks will unfortunately not stop as they are apart of doing business and come in from other providers too, the best you can do is insure your infrastructure is setup to mitigate and drop attacks before they reach your front facing services and customers.
  46. We are seeing HUGE amounts of Wordpress attacks coming from Digital Ocean, and have had to block large numbers of their IP's from our network as a result, including numerous /20's, it's getting so bad we're considering blocking them entirely.
  47. I report abuse to Microsoft and Amazon. As far as I can tell, these folks do respond. My issue is Google. Several times I have carefully filled out their abuse report form. It ALWAYS results in an email from Google stating that some information is missing from my report. It is not. I have resorted to blocking /24 subdomains of google.
  48. Well, according to HostingAdvice (and others) - Godaddy has about 15% of all sites, Amazon has 8.9% and Google has 7.3%. So those 3 together account for only about 30% of hosted web sites; so Amazon is hardly the 'largest hosting provider in the world'. They are however the only large provider who indiscriminately allows free accounts to be created and used to attack other systems. No port filtering, no application restrictions, just a wild-west open attacker platform which has been the source of hundreds and hundreds of attacks against our own network over the past couple of years. Lost count of the number of times we have filed abuse reports with them - and only had 2 of them even responded to. The number of attacks coming from AWS are nothing even remotely close to Google or Microsoft and its very surprising to hear someone claim otherwise; and both were providing cloud services some 4+ years before Amazon. When you exclude Asia and Eastern Europe they sit very firmly as the leader in attack vectors.
  49.  
  50. I honestly mean no insult but exactly where did you get the impression that AWS is the 'largest hosting provider'? The largest and most used attacker network - yes, but hardly the largest provider, and hardly a provider without the resources to control damaging traffic. While AWS has done only marginally in limiting spam hosting, that is the least of the problems coming from their network. The only other network which deserves being black holed is Digital Ocean - who does even less to control their malicious users.
  51.  
  52. Sorry, just do not know where you got your impressions from. We have hosted ecommerce sites exclusively for over 15 years and have been attacked regularly since day #1. Its not an issue which is new or unfamiliar to us.
  53. No one scales (in horizontal sense) with GoDaddy. No one. The most you'll get is someone upgrading all the way to a very large dedicated server. Its not uncommon for AWS customers to have 10,000 or more EC2 instances. Godaddy might have the most domains resolving to their IP spaces but 95% of them are probably just parked to their landing page. You're not going to wake up one day and learn Spotify is with Godaddy (I believe they are with GCP now), or that iCloud uses Godaddy (they use Azure iirc), or that Netflix use Godaddy (they use AWS except for edge nowadays I believe). https://www.quora.com/Who-are-the-to...-AWS-customers
  54.  
  55. Yeah, I'll take AWS as the largest hosting company by any meaningful measure..
  56. But you might wake up one morning and learn GoDaddy have moved most of it's infrastructure to AWS
  57. https://techcrunch.com/2018/03/28/go...s-75m-domains/
  58. MattF - Since the start..
  59. Thanks HelpOps - I did not know that, but it honestly does not address the concerns I expressed in my OP, you know? And I also feel that companies the akin to the size of Godaddy have a level of accessibility and control far beyond any small to medium web host; aka the folks who frequent this fine establishment (smile).
  60.  
  61. Regardless how large they have grown it does not excuse their tacit approval of becoming a primary attack vector, it actually illustrates their ability to address the ongoing, established abuse which originates on and from their network. In my mind there is simply no excuse for it and no way they do not know what their network is actively being used for. Basic traffic security patterns mean that they know about it and have made an intentional decision to permit it.
  62.  
  63. Why even allow outbound SMTP from a free server? Why permit aggressive port scanning to occur from those same servers? It is not unintentional, it is not "par for the course" for any large scale provider. Its TCPIP class #101 and network monitoring class #101 stuff and Amazon has the capability and resources to address these problems. Their tacit approval and facilitation of these attacks is, in my opinion and dimwitted understanding of the current state of technology: criminal. They point responsibility at the victims, which sucks with the level and scope of the resources available to AWS. It is why we terminated all our servers at AWS and simply will not go back. We do not have to live in that sort of neighborhood. When obvious bad behavior consistently and regularly happens on the corner of my street I should not have to call the police (i.e. file abuse complaints, et al) every single time I see a crime committed. The cops are smarter than me and have bigger guns; and are supposed to know what the fundamental security basics of they are doing. {Ignore Chicago and Fresno please.}
  64.  
  65. I think that AWS has become a cesspool of security which stinks to high heaven. Was just curious to hear whether any others shared that perspective or that I was off on a Don Quixote tangent, as old web hosts are apt to do now and again.
  66. Not really shocking...
  67.  
  68. They have been known for spamming too both AWS and Google. We blocked them via our own RBL.
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!