AWS server keeps getting compromised
Admittedly, I am fairly new to ubuntu server management. I have an AWS server that keeps getting compromised and injecting tags into all the the files for all of the sites on the server. I don't really know what I'm doing wrong or what to do to prevent it. Any help would be much appreciated.
- Running AWS Ubuntu 18.04 servers
- Security groups setup to not allow port 80
- No FTP rules - only SSH (and restricted to my IP)
What am I missing?
Solution 1:
injecting tags into all the the files for all of the sites on the server
That looks like a website compromise, not necessarily a server compromise (although that's possible too).
My guess is that your website has vulnerabilities and these are exploited by the attackers to insert their own content on the pages. If the website is Wordpress, Drupal, Joomla or something like that make sure that you've got the latest version, that all the plugins are updated, that you only have the necessary plugins installed, etc.
Google something like "securing a wordpress website" (or drupal website, etc) - there'll be plenty of pages to learn from.
Hope that helps :)