I launched keep launching EC2 instances and for some reason i keep getting this email and then the server amazon shuts the server down...How do i restrict access to the port in question...
here is my email
We have detected that your instance(s):
i-acfadec3
have been behaving in the following way that is against our AWS Customer Agreement:
Port Scanning
Please be aware that in terms of the Web Services License Agreement http://aws.amazon.com/agreement/ if your instance(s) continue such abusive behavior, your account may be subject to termination.
EC2 has taken the following administrative action(s) against your instance(s):
THROTTLED OUTBOUND PORT 22
It may be possible that you are not hosting this yourself, but your environment may have been compromised by an external attacker. It remains your responsibility to ensure that your instances and all applications are secured against attack. Furthermore, you should:
- Restrict access to specific and required ports and source addresses using the ’ec2-authorize’ command.
You can use simple iptable rule for this.
The above commands will block inbound connections on port 22 both TCP and UDP.
It looks like amazon thinks that you are running port scans from your instance, if you are not (and from the sound of it doesnt sound like you are) then there is a possbility that your box has been compromised and is being used to stage attacks to other servers.
Use the
lastcommand to see if you notice any strange logins, check out /var/log/auth.log. use thetopcommand to see if there are any unknown processes running.