We see many times malicious traffic coming from the Amazon Web Services (AWS) network. The attackers try to connect to cPanel or WordPress. If you see such attacks on your server, it can be a good idea to block AWS traffic – at least temporarily.
We will download the AWS IPs and add them to the CSF csf.deny file. Use this command to download the JSON file (JSON file is the only available format offered by Amazon):
# wget https://ip-ranges.amazonaws.com/ip-ranges.json
To extract the IPs
# grep ip_prefix ip-ranges.json | awk '{print $2}' | tr -d \",
root@web [/temp4]# grep ip_prefix ip-ranges.json | awk '{print $2}' | tr -d \",
3.5.140.0/22
35.180.0.0/16
52.93.178.234/32
52.94.76.0/22
52.95.36.0/22
120.52.22.96/27
150.222.81.0/24
13.34.24.160/27
15.230.39.60/31
52.219.168.0/24
150.222.78.0/24
15.230.39.208/31
52.93.17.0/24
52.93.240.164/31
52.95.150.0/24
52.219.60.0/23
13.248.56.0/22
13.248.117.0/24
......
To extract the IPs and add them to csf.deny file:
# grep ip_prefix ip-ranges.json | awk '{print $2}' | tr -d \", >>/etc/csf/csf.deny
Don’t forget to restart CSF:
# csf -r
References:
AWS IP address ranges
AWS IP list json file
Works fine! Many Thanks!
why temporarily? :0
Many thanks man 🙂
Fingers crossed! Been getting hit from them for the past week.