AWS server keeps getting compromised

amazon-web-services ubuntu-18.04

Admittedly, I am fairly new to ubuntu server management. I have an AWS server that keeps getting compromised and injecting tags into all the the files for all of the sites on the server. I don't really know what I'm doing wrong or what to do to prevent it. Any help would be much appreciated.

  • Running AWS Ubuntu 18.04 servers
  • Security groups setup to not allow port 80
  • No FTP rules - only SSH (and restricted to my IP)

What am I missing?


Solution 1:

injecting tags into all the the files for all of the sites on the server

That looks like a website compromise, not necessarily a server compromise (although that's possible too).

My guess is that your website has vulnerabilities and these are exploited by the attackers to insert their own content on the pages. If the website is Wordpress, Drupal, Joomla or something like that make sure that you've got the latest version, that all the plugins are updated, that you only have the necessary plugins installed, etc.

Google something like "securing a wordpress website" (or drupal website, etc) - there'll be plenty of pages to learn from.

Hope that helps :)

Related

Centos8: Selinux blocking Samba service from starting
apache 2.4 config to allow ELB health check
Get list of Outlook Favorite Item via Powershell
HAPROXY regsub match '?' questionmark
How to change keyboard background color in iOS?
Constant login failures in event viewer with changing ports
is it ok to combine one machine with network driver ixgbe and other machine with network driver i40e
Settings on php.ini ignored
Multiply several matrices in numpy
Postfix does not retry after 451 error / greylisting
Exchange 2010: Merge a mailbox between two users
Use of private and public DNS with DNSSEC