Case study – How to Protect Your Server from the Hackers.

Case study – How to Protect Your Server from the Hackers.

October 17, 2020 / Eternal Team

Server hacked, what steps do you need to do to clean it?

First, the question is how did you know that your server was hacked?

Answer

There are some third-party tools which give you the idea about the, who hacked what type of hacked and many more.

So this blog we will know about the tool in detail, and we will discuss one of the case studies so that you can easily understand.

And free advice, Take coffee /tea because….. You will get the answer .. hahaha

case-study-how-to-protect-your-server-from-the-hackers

Let us take a scenario, one of the client’s website is running completely fine, but some hacker hacked the website. Now we have to investigate and mitigate, what a hacker has done to the website.

They hacked the website so that if you hit the website, after some time an automatic APK file will be downloaded to your system without your permission.

And also your hosting provider also mails you about the type of hack. In our case, the hack type is “spam emitters”.

Spam emitters are like your server sends the mail to the 1000’s of clients per day mail using SMTP protocol and that email contains lots of malicious files.

Here you can see the mail in the directory of the post fix.

case-study-how-to-protect-your-server-from-the-hackers

“36043117DA7” this is file and inside and each file is sending the email.

Let us open the file.

case-study-how-to-protect-your-server-from-the-hackers

This will send an email to lots of users per day.

And by feature investigation, we find that main “php.info” file also hacked so that user get apk file download automatically once anyone hits the website.

See the php.info page:

case-study-how-to-protect-your-server-from-the-hackers

Now, how did the website get hacked so easily?

  • Improper SG configuration
  • Lack of web application firewall.
  • File integrity monitoring should always be there.
  • Patch management
  • Monitor for sudden open ports and logs and there can be many more.

Solution

  1. The hosting provider will notify you that your server was hacked.
  2. AWS sends the abuse report to the customer when their AWS resources are being used for abusive purposes.

Before you should know about the “AWS Acceptable use policy”. It’s basically like what customer can do and what customer cannot do.

case-study-how-to-protect-your-server-from-the-hackers

If you do something without AWS permission, then AWS will delete your account. So be careful.

Now, who raises abuse complaints?

The abuse complaint can directly be filed by clients who are getting affected.

If you are receiving some suspected unknown traffic from AWS resource, you can find abuse complaint in the “report EC2 abuse form”.

Bonus topics

If you want to protect your AWS account there are some services that can help you to protect your website against hacking attempts:

I hope this blog will help you to understand what steps to do when your server has hacked and what is “AWS abuse report”

And yeah coffee/tea really works ……. Ahahahah

case-study-how-to-protect-your-server-from-the-hackers

AWS-Consulting-Partner

Talk to AWS Certified Consultant

Want to start a project?

It’s simple.

Contact us