Random Http Hack Attempts

August 22, 2024 less than 1 minute read

Minutes after releasing and announcing a side project to the internet, I saw hundreds of attempts per hour to hack the credentials and secrets within the service—a simple three-tier application hosted on a dedicated VPC.

While scanning through the server logs, I noticed a few patterns. The attacker assumed that the website ran on WordPress or a PHP-based framework and continuously tried to exploit the /wp-admin route. There were numerous attempts to retrieve AWS access keys and environment credentials. An IP lookup of the origin IP addresses traced the calls predominantly to N. America, Asia, and Europe, supposedly masked.

What’s next?

Raised awareness among all contributors about the hack attempts.
Blocked suspicious IP addresses through the web server deny-list.
Scheduled recurring password and secret rotations.

Conclusion

Making security a built-in feature is a must-have for every product.

Attached is a snippet of the logs.

Snapshot

Share on

Twitter Facebook LinkedIn

Random Http Hack Attempts

What’s next?

Conclusion

Attached is a snippet of the logs.

Share on

You may also enjoy

Incident Driven Learning

Learning on Demand

Multi-cluster database migration using logical replication

How To Connect and Query Relational Databases in Scala Using Slick