Have you recently discovered a long list of amazonaws.com IPs listed in your websites stats and wondered what’s it for? I was under the assumption that if I saw those IPs it’d probably be good news because I thought Amazon’s Elastic Compute Cloud had reputable clients. It turns out that Amazon’s EC2 is a breeding ground for bad and abusive bots.
The Amazon EC2 website describes their service as:
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers.
Amazon EC2’s simple web service interface allows you to obtain and configure capacity with minimal friction. It provides you with complete control of your computing resources and lets you run on Amazon’s proven computing environment. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change. Amazon EC2 changes the economics of computing by allowing you to pay only for capacity that you actually use. Amazon EC2 provides developers the tools to build failure resilient applications and isolate themselves from common failure scenarios.
While all that sounds lovely, what they really could use is some quality control. Have a look at this thread over at webmasterworld describing a long list of complaints and abusive IPs. One particular nasty bot is hammering my site as well:
ec2-174-129-122-146.compute-1.amazonaws.com – 339,583 hits – 15.95 GB
You read that correctly, the bot has taken up nearly 16 gig, and it’s only been 11 days worth. There are so many bots out there that eat up bandwith and resources that we have no choice but to block them. I wish we could find out who these IPs are working for so we know who to really blame.
Until then, block amazonaws abusive bots:
deny from 67.202.0.0/18 “Amazon ec2-Cloud”deny from 72.44.32.0/19 “Amazon ec2-Cloud”deny from 75.101.128.0/17 “Amazon ec2-Cloud”deny from 79.125.0.0/18 “Amazon ec2-Cloud”deny from 174.129.0.0/16 “Amazon ec2-Cloud”deny from 184.72.0.0/15 “Amazon ec2-Cloud”deny from 204.74.108.0/24 “Amazon ec2-Cloud”deny from 204.236.128.0/17 “Amazon ec2-Cloud”deny from 204.74.108.0/24 “Amazon ec2-Cloud”
3 replies on “amazonaws.com AKA Amazon EC2 is Being Abused”
This is an abuse originated from instances running in Amazon EC2, not S3.
Amazon provides an abuse report form here: http://www.amazon.com/gp/html-forms-controller/…. You should file a complaint. The case will be investigated. If confirmed, the abuser account will be terminated.
Thanks for clarifying that its actually EC2, and not S3. I've updated the post.
I went ahead and reported the IP.
Hahaha, and after reporting the incident to the abuse blackhole, you will either earn 1 Million $ in cash or nothing will happen (whichever is easier for Amazon).
Don't believe me? See for example here: http://securitybraindump.blogspot.com/2010/02/f…