How To Deal With The AWS Abuse Report

Posted By : Sehdev Bhadana | 21-Apr-2020

cloud computing amazon aws ses AWS DevOps

In this blog post, you'll learn how to deal with the AWS abuse report.

If you have received the AWS abuse report then you are at the right place. Because AWS does not provide any technical support on this kind of issues. This blog post highlights useful steps to deal with the Abuse reports that you may receive during AWS application development.

If you have got an AWS Abuse mail then do not panic. Please make sure to check the sending email address as AWS uses [email protected] mail address to send such kind of reports.

Details In The AWS Abuse Report

AWS Account ID
EC2 Instance ID
Region
Activity type like Dos
Abuse Time
Port Numbers.
Public IP address of the aws instance.
URL, Port number and the IP address (Public & Private) of the destination machine.
Number of Packets sent and received (If any data transfer occured)
Abusive activity start and end time (If it is already ended).
Logs – Go through the logs by which we can easily identify the type of incident involved in the aws instance.

Steps To Abuse Resolution

- First, we need to check in the security groups whether ssh port is accessible from the outside world or not. If it is accessible then we need to close it asap.

- Change the AWS account credentials for both root and IAM users.

- Change the AWS access key on the server.

- Reply over the abuse report mail within 24 hours of receiving of that mail. Because AWS might suspend or block the AWS account if they does not get any reply.

- Contact the AWS support or you can contact to the abuse team on [email protected] email address.

- Check the billing section that AWS has apply any charges on the abuse activity. Because in some cases if there is any data transfered from your instance then it may leads to involve AWS charges.