Ontopic Random Computer-Electronics Thread

@fly my aws account got raped again. This is after a password change, and security questions implemented. I closed it, i dont need to risk a 50,000 ec2 bill because someone can start an instance and i dont notice it for a couple hours.
 

Attachments

  • suspectedfraud.PNG
    suspectedfraud.PNG
    167.8 KB · Views: 13
@fly my aws account got raped again. This is after a password change, and security questions implemented. I closed it, i dont need to risk a 50,000 ec2 bill because someone can start an instance and i dont notice it for a couple hours.
So they were right. In your case, they had detected fraud! Any chance you accidentally posted some IAM credentials on Github or somewhere? There are bots that scan for that. Once they have the root access key and secret, your actual account is no longer needed.
 
So they were right. In your case, they had detected fraud! Any chance you accidentally posted some IAM credentials on Github or somewhere? There are bots that scan for that. Once they have the root access key and secret, your actual account is no longer needed.

i think thats the most likely case. i might have fucked something up setting up the lambda instance and made the iam credentials public-ish.

wtf is the point of changing my password/etc/etc if the iam key overrides all that

I suppose shutting down the account was the best course of action
 
i think thats the most likely case. i might have fucked something up setting up the lambda instance and made the iam credentials public-ish.

wtf is the point of changing my password/etc/etc if the iam key overrides all that

I suppose shutting down the account was the best course of action
It's possible to revoke IAM keys...

Also, now that I think about it, I think they've removed 'root' IAM keys, but you can still create one that's an admin and have the same result.
 
man, i think i got super lucky. Im reading about other instances of this where people racked up 10k a day by scammers opening 80 EC2 instances in each region, then hiding them all.

I put budget alerts for "anything more than 1 dollar" after the last security instance, and didnt get any, so i dont think they created any instances, but that was close.
 
man, i think i got super lucky. Im reading about other instances of this where people racked up 10k a day by scammers opening 80 EC2 instances in each region, then hiding them all.

I put budget alerts for "anything more than 1 dollar" after the last security instance, and didnt get any, so i dont think they created any instances, but that was close.
From what I've read, Amazon is pretty understanding about that kind of stuff and doesn't actually charge you. Still scary...

edit: That's why you need a cloud architect like me! :D
 
From what I've read, Amazon is pretty understanding about that kind of stuff and doesn't actually charge you. Still scary...

edit: That's why you need a cloud architect like me! :D

unrelated, where did you see that the smarttiles.click replacement is pay? i installed it and its free
 
  • Gravy
Reactions: Domon