[AusNOG] AWS CloudFront Issues
Robert Hudson
hudrob at gmail.com
Sat Feb 8 08:48:02 AEDT 2025
As a follow-up.
Yes, we raised a ticket with AWS for this.
The compounding issue was that the IPs were then associated with a number
of domains/sub-domains, some of which are not only presented via
CloudFront, and it took some time to get agreement on this point.
The IPs were removed, and security services are slowly backing down (we
started with 7 services as tracked by VirusTotal marking us as malicious,
it crept up to 12, its now down to 11).
Hopefully we're on the path to redemption. But it's a slow journey.
I suspect the longer term solution to prevent this occurring again is to
move to static IP assignments where we use CloudFront - not exactly cheap,
but cheaper than what's happened here.
On Fri, 7 Feb 2025, 2:29 pm Robert Hudson, <hudrob at gmail.com> wrote:
> Hi all,
>
> Is anyone else seeing AWS CloudFront "fronted" domains being marked as
> malicious or hosting phishing?
>
> We have one domain being marked as such right now after four new IP
> addresses which were previously hosting malware and phishing attempts were
> apparently added by AWS to a pool used by CloudFront.
>
> It's causing quite the drama for us, was just wondering if it's a bit more
> widespread...
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ausnog.net/pipermail/ausnog/attachments/20250208/84c44901/attachment.htm>
More information about the AusNOG
mailing list