AWS Abuse Notices

The AWS Abuse Notices team sends abuse reports to contact as listed in AWS account

Types of abusive behavior

• Spam: Receiving unwanted emails from AWS-owned IP address.
• Port scanning: Logs show that AWS-owned IP addresses are sending packets to multiple ports on server, and may be to discover unsecured ports.
• Denial of service attacks (DOS): Logs point that AWS-owned IP addresses are flooding ports on AWS resources with packets.
• Intrusion attempts: AWS-owned IP addresses are attempting to log in to AWS resources.
• Hosting objectionable or copyrighted content: Evidence that AWS resources are used to host or distribute illegal content.
• Distributing malware: Evidence that AWS resources are used to distribute malware

Abuse Resolution

• First step should be change of AWS account password for both IAM and root user
• Delete or rotate all AWS access keys
• Deleting any potentially compromised IAM users
• Delete any unrecognized or unauthorized resources
• Contact AWS Support

Report abuse of AWS resources    

• If AWS resources are being used for abusive purposes,
  • contact the AWS Abuse Notices team using Report Amazon EC2 Abuse form, or
  • by contacting [email protected]

Abuse Notice receipt

If you receive an abuse notice from AWS, then

• Review abuse notice about reported activity.
• Reply directly to abuse report and explain your actions to prevent abusive activity in future.
• If you don’t respond to an abuse notice within 24 hours, AWS might block resources or suspend AWS account.