nlplab

Download

nlplab@cs.vt.edu

August 2023

1 participants
2 discussions

this week meeting schedule
by Lifu Huang 28 Aug '23

28 Aug '23

I will start to schedule a weekly meeting with everyone from this week. All the following time slots are based on EST. We will meet on the following zoom: https://virginiatech.zoom.us/j/5961845863 Monday: 9:45-10:30pm: Zhiyang 10:30-11:15pm: Ying, Zhiyang Tuesday: 9-9:45am: Minqian 9:45-10:30am: Jingyuan 10:30-11:15am: Barry 9-9:45pm: Sijia 9:45-10:30pm: Tong, Sijia 10:30-11:15pm: Zoe, Sijia Wednesday: 9-9:45am: Zihao 9:45-10:30am: Mian 10:30-11:15am: Trevor, Jingyuan, Zhiyang 9-9:45pm: Mohammad, Jingyuan, Sijia, Zhiyang, Minqian, Ying 9:45-10:30pm: Chao, Zhiyang, Ying --------------------------------- Lifu Huang Assistant Professor Department of Computer Science Virginia Tech

1 0

Fwd: Your AWS Abuse Report [10540378820] [AWS ID 486296349731]
by Lifu Huang 04 Aug '23

04 Aug '23

Please let me know ASAP if you have web-crawling jobs on the AWS servers and stop them ASAP. --------------------------------- Lifu Huang Assistant Professor Department of Computer Science Virginia Tech ---------- Forwarded message ---------- From: ec2-abuse via VT-AWS-ACCT_075 <vt-aws-acct_075-g(a)vt.edu> Date: Aug 4, 2023 at 12:24 AM -0400 To: vt-aws-acct_075-g(a)vt.edu Cc: nishraju(a)amazon.com, brettss(a)amazon.com, mjocarro(a)amazon.com Subject: Your AWS Abuse Report [10540378820] [AWS ID 486296349731] > Account ID: > 486296349731 > Account contact email: > vt-aws-acct_075-g(a)vt.edu > Security contact: > - > Security contact email: > - > Hello, > > We've received a report(s) that your AWS resource(s) > > AWS ID: 486296349731 Region: us-east-1 EC2 Instance Id: i-0395511eb474f51f5 > AWS ID: 486296349731 Region: us-east-1 EC2 Instance Id: i-060101beb370df36e > AWS ID: 486296349731 Region: us-east-1 EC2 Instance Id: i-0847e563ba5437bbf > AWS ID: 486296349731 Region: us-east-1 EC2 Instance Id: i-08fb539e255e46965 > AWS ID: 486296349731 Region: us-east-1 EC2 Instance Id: i-0cd8231aa71d55a81 > AWS ID: 486296349731 Region: us-east-1 Network Interface Id: eni-008c1ea8822102732 > AWS ID: 486296349731 Region: us-east-1 Network Interface Id: eni-059810a27e14244fb > AWS ID: 486296349731 Region: us-east-1 Network Interface Id: eni-06d9f029f138ce265 > AWS ID: 486296349731 Region: us-east-1 Network Interface Id: eni-0a2f7f0b116ffb280 > AWS ID: 486296349731 Region: us-east-1 Network Interface Id: eni-0ddfd77f10b733572 > > > has been implicated in activity which resembles web-crawling; the reporter of the activity has indicated that the activity is unwelcome, disruptive, or excessive. Operating a webcrawler at an excessive or disruptive rate is forbidden in the AWS Acceptable Use Policy (https://aws.amazon.com/aup/). We've included the original report below for your review. > > Please take action to stop the reported activity and reply directly to this email with details of the corrective actions you have taken. If you do not consider the activity described in these reports to be abusive, please reply to this email with details of your use case. > > If you're unaware of this activity, it's possible that your environment has been compromised by an external attacker, or a vulnerability is allowing your machine to be used in a way that it was not intended. > > We are unable to assist you with troubleshooting or technical inquiries. However, for guidance on securing your instance, we recommend reviewing the following resources: > > * Amazon EC2 Security Groups User Guide: > https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.… (Linux) > https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/using-network-securi… (Windows) > > * Tips for Securing EC2 Instances: > https://aws.amazon.com/answers/security/aws-securing-ec2-instances (Linux) > https://aws.amazon.com/answers/security/aws-securing-windows-instances (Windows) > > * AWS Security Best Practices: > https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.p… > https://aws.amazon.com/blogs/security/getting-started-follow-security-best-… > https://docs.aws.amazon.com/security/?secd_intro2 > > If you require further assistance with this matter, you can take advantage of our developer forums: > > https://forums.aws.amazon.com/index.jspa > > Or, if you are subscribed to a Premium Support package, you may reach out for one-on-one assistance here: > > https://console.aws.amazon.com/support/home#/case/create?issueType=technical > > Please remember that you are responsible for ensuring that your instances and all applications are properly secured. If you require any further information to assist you in identifying or rectifying this issue, please let us know in a direct reply to this message. > > Regards, > AWS Trust & Safety > > > Case Number: 10540378820-1 > > ---Beginning of forwarded report(s)--- > > * Log Extract: > <<< > …/… > ./virtualmin/sepeba.fr_access_log:44.203.154.110 - - > [02/Aug/2023:03:58:56 +0200] "GET /IMG/jpg/tableau_des_rotor.jpg > HTTP/1.1" 200 329185 "-" "Googlebot-Image/1.0" > ./virtualmin/sepeba.fr_access_log:100.26.104.4 - - [02/Aug/2023:07:40:40 > +0200] "GET /IMG/jpg/image_rubrique_no2-2.jpg HTTP/1.1" 200 47727 "-" > "Googlebot-Image/1.0" > ./virtualmin/sepeba.fr_access_log:3.83.88.245 - - [02/Aug/2023:07:51:43 > +0200] "GET /IMG/jpg/construction.jpg HTTP/1.1" 200 437695 "-" > "Googlebot-Image/1.0" > ./virtualmin/sepeba.fr_access_log:52.23.233.21 - - [02/Aug/2023:09:40:14 > +0200] "GET /IMG/jpg/ecv2.jpg HTTP/1.1" 200 61247 "-" "Googlebot-Image/1.0" > ./virtualmin/sepeba.fr_access_log:44.204.65.180 - - > [02/Aug/2023:10:28:45 +0200] "GET /IMG/jpg/eclateurs.jpg HTTP/1.1" 200 > 138179 "-" "Googlebot-Image/1.0" > ./virtualmin/sepeba.fr_access_log:18.233.162.153 - - > [02/Aug/2023:11:13:11 +0200] "GET /IMG/jpg/ecv1.jpg HTTP/1.1" 200 22151 > "-" "Googlebot-Image/1.0" > …/… > > >>> > > * Comments: > <<< > Dear administrator, > > The following IP : > 44.203.154.110 > 100.26.104.4 > 52.23.233.21 > 44.204.65.180 > 18.233.162.153 > are from your Amazon network did access to a web site hosted on our > server with the user agent "Googlebot-Image/1.0 ». According to the > whois these IP are not the allowed Google bot and they has been cough by > the Fail2ban protection. These attempts clearly constitute identity > theft and therefore unauthorized access to these sites or may be > considered an attack. > Please do the necessary to stop these attempts. > Please find below the extract of the website log. The destination IP is > 163.172.227.230 > > Best regards > >>> > How can I contact a member of the AWS abuse team or the reporter? > Reply to this email with the original subject line. > Amazon Web Services > Amazon Web Services LLC is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message produced and distributed by Amazon Web Services, LLC, 410 Terry Avenue North, Seattle, WA 98109-5210. > -- > You received this message because you are subscribed to the Google Groups "VT-AWS-ACCT_075" group. > To unsubscribe from this group and stop receiving emails from it, send an email to vt-aws-acct_075-g+unsubscribe(a)vt.edu. > To view this discussion on the web visit https://groups.google.com/a/vt.edu/d/msgid/vt-aws-acct_075-g/01000189bec9cb…. > For more options, visit https://groups.google.com/a/vt.edu/d/optout.

1 0