Amazonaws showing as suspicious activity

  • Hi-

    I seem to be getting a lot of activity showing as suspicious allegedly from amazonaws domains. One such example is below. Any ideas would be appreciated!

    ——————————

    30 April 2020, 18:24 https://www.doggieboat.co.uk//wp-json/wp/v2/users
    GET REST API HTTP 403 Forbidden 512 ms Details

    Request to REST API denied

    34.253.200.58
    ec2-34-253-200-58.eu-west-1.compute.amazonaws.com Opera on Windows

    ——————————

    30 April 2020, 18:24 https://www.doggieboat.co.uk//wp-content/themes/twentysixteen/index.php
    GET HTTP 403 Forbidden 148 ms Details

    Probing for vulnerable PHP code Denied

    34.253.200.58
    ec2-34-253-200-58.eu-west-1.compute.amazonaws.com Opera on Windows

    ——————————

    For reference, the twentysixteen theme is NOT installed!

    Regards
    Tim

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author gioni

    (@gioni)

    It’s because you’ve blocked access to REST API on the Hardening tab. The second one typically means a bot tries to scan the website and detect a vulnerable PHP script.

    What is your concern? There is a lot of hacked Amazon web servers that are used as penetration tools nowadays. Having an AWS server doesn’t make it safe, secure, or bullet-proof. It’s the same servers as servers on any other hosting.

    Thread Starter timboc

    (@timboc)

    My concern is that I am not using any Amazon services or servers. Therefore I can’t understand what they are looking for.

    If, as you seem to be suggesting, this is unwanted bot activity due to the Amazon servers in question being hacked, then I am quite happy to block those IPs.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Amazonaws showing as suspicious activity’ is closed to new replies.