Categories
cloud

amazonaws.com AKA Amazon EC2 is Being Abused

Have you recently discovered a long list of amazonaws.com IPs listed in your websites stats and wondered what’s it for?  I was under the assumption that if I saw those IPs it’d probably be good news because I thought Amazon’s Elastic Compute Cloud had reputable clients.  It turns out that Amazon’s EC2 is a breeding ground for bad and abusive bots.

The Amazon EC2 website describes their service as:

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers.

Amazon EC2’s simple web service interface allows you to obtain and configure capacity with minimal friction. It provides you with complete control of your computing resources and lets you run on Amazon’s proven computing environment. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change. Amazon EC2 changes the economics of computing by allowing you to pay only for capacity that you actually use. Amazon EC2 provides developers the tools to build failure resilient applications and isolate themselves from common failure scenarios.

While all that sounds lovely, what they really could use is some quality control.  Have a look at this thread over at webmasterworld describing a long list of complaints and abusive IPs.  One particular nasty bot is hammering my site as well:

ec2-174-129-122-146.compute-1.amazonaws.com – 339,583 hits – 15.95 GB

You read that correctly, the bot has taken up nearly 16 gig, and it’s only been 11 days worth.  There are so many bots out there that eat up bandwith and resources that we have no choice but to block them.  I wish we could find out who these IPs are working for so we know who to really blame.

Until then, block amazonaws abusive bots:

deny from 67.202.0.0/18 “Amazon ec2-Cloud”
deny from 72.44.32.0/19 “Amazon ec2-Cloud”
deny from 75.101.128.0/17 “Amazon ec2-Cloud”
deny from 79.125.0.0/18 “Amazon ec2-Cloud”
deny from 174.129.0.0/16 “Amazon ec2-Cloud”
deny from 184.72.0.0/15 “Amazon ec2-Cloud”
deny from 204.74.108.0/24 “Amazon ec2-Cloud”
deny from 204.236.128.0/17 “Amazon ec2-Cloud”
deny from 204.74.108.0/24 “Amazon ec2-Cloud”