By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Hack of webpage hosted on S3

0

This domain name has DNS hosted by Route 53. The DNS "A" record is pointed to an S3 bucket. There is a DNS "CNAME" record for "www" that points to the "A" record.

When you visit this URL (without www), you see the file in the s3 bucket that I intended: index.html. When you visit the URL with www, you see a website hosted by a hacker:

http://printsafe.net http://www.printsafe.net

The hacker created a bucket using the "www" version of my domain name. He then uploaded his content to that bucket. AWS and S3 server the hacker's content when visiting the "www" version of my domain name.

I solved this by modifying the DNS record in Route 53. For the "www" record, I switched the "www" from a CNAME. I change it to an "A" record that points to 127.0.0.1

Topics
Networking & Content Delivery
Tags
Amazon Route 53
Language
English
John W
asked 9 months ago348 views
4 Answers
1

If you own the domain printsafe.net then you own the DNS record for www.printsafe.net Id check DNS configuration and bucket settings are correct.

It may be a case of miss configuration. A hacker cant create a bucket in your subdomain unless they have access to your DNS records. If you suspect this, then contact AWS Support

Either that or the bucket could be public read/write and someone has modifed the code.

profile picture
EXPERT
Gary Mclean
answered 9 months ago
0
Accepted Answer

I do control the DNS. What the hacker did was to configure his own S3 bucket using the "www" variant of my domain name. AWS S3 did NOT detect this or prevent this.

The is a security hole in S3.

John W
answered 9 months ago
  • Gary Mclean EXPERT
    9 months ago

    S3 buckets do not control DNS records. You create alias to buckets. If you are naming your buckets after your domain name thats a different matter. Anyone can create a bucket of any name

0

If you suspect that your AWS account may have been compromised, please contact AWS Support immediately.

To route domain traffic to an S3 bucket, use Amazon Route 53 to create an alias record that points to your bucket. An alias record is a Route 53 extension to DNS. It's similar to a CNAME record, except you can create an alias record both for the root domain, such as example.com, and for subdomains.

AWS
Piotrek
answered 9 months ago
0

Another way to overcome this situation is to put a CloudFront distribution in front of your S3 bucket. This will allow you to use both addresses and your bucket can have any name. See:

  1. Amazon S3 + Amazon CloudFront: A Match Made in the Cloud.
  2. Speeding up your website with Amazon CloudFront
  3. AWS Free Tier Data Transfer Expansion – 100 GB From Regions and 1 TB From Amazon CloudFront Per Month
profile pictureAWS
EXPERT
kentrad
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content