- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Hello,
Q. How can we best check for evidence that this specific activity was outgoing from this server? How can we validate whether this host has been rooted or if it was accessed via webshell or injection? => You will need to check application and OS level logs for this, only logs can help here. Also if you have VPC flow logs enabled you can check those as well.
Additionally, I would like to inform you that AWS takes the security and privacy of its customers very seriously, due to which issues of security and abuse are handled directly by our abuse team. Thus, requesting you to reach-out to abuse team by replying the abuse report you have received or else you can contact AWS Trust & Safety at abuse@amazonaws.com. As they will in better position to help you regarding abuse.
NOTE - Please make sure you will share abuse related data on abuse mail only, as this post is public and sharing data here can cause security issue.