Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #128916

    Hello Diego,

    I completed section 3.3 “Cloning Websites & Uploading Them to The Cloud” and uploaded the Facebook login source files about a week ago. No files have been modified to capture credentials.
    Today I received the following email apparently from:

    SUBJECT: Your AWS Abuse Report [15397950604] [AWS ID 471112961935]
    From: [email protected]

    We’ve received a report(s) that your AWS resource(s)
    AWS ID: 47111296xxxx Region: us-east-1 EC2 Instance ID: i-060ef4da7288xxxxx
    AWS ID: 47111296xxxx Region: us-east-1 EC2 Instance ID: eni-05b58791d1f2xxxxx
    has been implicated in hosting content that resembles a phishing website. Hosting a phishing website is forbidden in the AWS Acceptable Use Policy (https://aws[.]amazon[.]com/aup/). We’ve included the original report below for your review.
    Please take action to remove the reported content and reply directly to this email with details of the corrective actions you have taken. If you do not consider the activity described in these reports to be abusive, please reply to this email with details of your use case.

    AWS Trust & Safety
    Detailed abuse report information is included below.
    Resource: i-060ef4da7288xxxxx
    Region: us-east-1
    Resource: eni-05b58791d1f2xxxxx
    Region: us-east-1
    Abuse Case: 1539795xxxxxx
    * Log Extract:
    We have discovered a phishing attack located on your network:
    http://54[.]172[.]xx[.]xxx/ []
    It is possible that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries:
    United States
    This attack targets our customer, Facebook, website URL https://www[.]facebook[.]com/.
    Would it be possible to have the fraudulent content, and any other associated fraudulent content, taken down as soon as you are able to?
    Additionally, please keep the fraudulent content safe so that our customer and law enforcement agencies can investigate this incident further once the site is offline.


    Any suggestions or recommendations?
    They ask for a reply about my corrective actions. How should I reply?

    Thank you in advance.

    Diego PérezDiego Pérez

    Just tell them the true. And may be replace the facebook login page with another page (it could be the default apache page) or shutdown the instance while you are not practicing.


Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.