Hi All,

Just a quick question in case I’ve missed something. I’m seeing a lot of hits from { ec2-52-57-177-65.eu-central-1.compute.amazonaws.com, ec2-18-184-58-233.eu-central-1.compute.amazonaws.com, ec2-52-58-143-144.eu-central-1.compute.amazonaws.com} to port 80,443. I’ve checked Apache2 access/error logs but this doesn’t show the any traffic related to the above.

I’ve started to rate limit these in net filter on my border router, is anyone else experiencing this?

I’d expect that those EC2 hosts in AWS are compromised and are simply doing a IP network scan to find other vulnerable hosts.

Not much you can do about it, hopefully they move on to another host soon.

You could try reporting to AWS?

https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/