Unauthorized requests to Amazon S3 bucket

amazon-web-services amazon-s3

I developed an open source library and hosted its assets on Amazon S3 (CSS, JS), these files were used in demo via URLs like: http://my_bucket_name.s3.amazonaws.com/some-file.js (my bad, I know). Without my permission, some websites started hot-linking these files.

It was fine for a while, but recently a few large NSFW sites hot-linked it and I get tens of millions GET requests in a month. So I deleted/moved these files, but I still get a lot of GET requests that return 403 errors, and Amazon bills them as a valid requests (see Charge Details section).

  • I tried contacting sites that hotlinked my library, but never got any reply.
  • I'm worried that if I delete the bucket "my_bucket_name", someone else might create it with the same name and hotlink malicious JS files.

What should I do to avoid getting billed for error requests that I don't make?


Solution 1:

You can either:

  • Delete the bucket
  • or disable static website access to the bucket and keep the bucket. Then use a new bucket.

You might want to add a policy to this bucket to restrict the access to the bucket, e.g. Restricting Access to a Specific HTTP Referrer

Related

How to scan for Windows viruses on Linux servers?
Tuning sequential disk reads for performance
Difference between Class Driver and PCL Driver
NFS server not serving share after reboot
warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
What does "defer features updates" do in Windows Server 2016?
How can I lock out an account after a certain number of successful logins?
Apapche + php-fpm + mysql too slow on powerful server
Why very slow / no directory caching with SSHFS?
Conditional ssl_verify_client in NGINX
Why is the Application event log getting cleared every night?
LSI Megaraid: Samsung 850 Pro SSD can't modify "disk cache policy"