How to block Amazon AWS traffic

We see many times malicious traffic coming from the Amazon Web Services (AWS) network. The attackers try to connect to cPanel or WordPress. If you see such attacks on your server, it can be a good idea to block AWS traffic – at least temporarily.

amazon aws logo
Amazon AWS Logo

We will download the AWS IPs and add them to the CSF csf.deny file. Use this command to download the JSON file (JSON file is the only available format offered by Amazon):

# wget https://ip-ranges.amazonaws.com/ip-ranges.json

To extract the IPs

# grep ip_prefix ip-ranges.json | awk '{print $2}' | tr -d \",
root@web [/temp4]# grep ip_prefix ip-ranges.json | awk '{print $2}' | tr -d \",
3.5.140.0/22
35.180.0.0/16
52.93.178.234/32
52.94.76.0/22
52.95.36.0/22
120.52.22.96/27
150.222.81.0/24
13.34.24.160/27
15.230.39.60/31
52.219.168.0/24
150.222.78.0/24
15.230.39.208/31
52.93.17.0/24
52.93.240.164/31
52.95.150.0/24
52.219.60.0/23
13.248.56.0/22
13.248.117.0/24
......

To extract the IPs and add them to csf.deny file:

# grep ip_prefix ip-ranges.json | awk '{print $2}' | tr -d \", >>/etc/csf/csf.deny

Don’t forget to restart CSF:

# csf -r

References:
AWS IP address ranges
AWS IP list json file

This Post Has 4 Comments

  1. Harrygrey

    Works fine! Many Thanks!

  2. Alfonso

    why temporarily? :0

  3. Peter

    Many thanks man 🙂

  4. Doug

    Fingers crossed! Been getting hit from them for the past week.

Leave a Reply