Skip to content disloops

2

I recently spent some time exploring the issue of CloudFront domain hijacking. This is not a new issue but I think it has gone mostly unnoticed for a few reasons:

  • CloudFront's default behavior is not intuitive. Some standard DNS configurations can mislead users into thinking that their vulnerable domains are configured correctly.
  • In the past year, misconfigured S3 buckets have been everyone's priority. Other AWS security issues have played second banana.
  • Because a misconfigured domain presents an obvious error message, one would assume there is no "low-hanging fruit" for attackers.

There are a couple reports on HackerOne but I'd say that this issue is still relatively unexplored. So I devoted some time to finding the right targets and scripting the testing process. The results are below.

...continue reading "CloudFront Hijacking"

I recently started using CloudWatch, Amazon's host monitoring service. It has a number of features but I just wanted a way to view all my logs in one place. Configuring hosts to use CloudWatch was easy, and I described the process in an article on setting up Anonymous FTP.

Timeout Errors

With monitoring in place, I noticed a lot of 408 errors coming from the Apache logs on my WordPress instance. The errors appeared in:

/var/log/httpd/access_log
/var/log/httpd/ssl_access_log

...continue reading "Apache Logs in AWS"

1

I wanted to create an FTP server to share some of the media that I've saved over the years. I like the old protocols and services and I plan to stand up more of them. Because each service has its own inherent security issues, the deployment process becomes an exercise in mitigating the risks. Check it out at ftp.disloops.com

I used an Ubuntu Server 14.04 LTS instance for the FTP server and gave it an AWS Elastic IP (EIP). An entry must be added to the /etc/hosts file when deploying Ubuntu instances in AWS:

127.0.0.1  (hostname here)

Without specifying the hostname, using sudo creates an error message. Next I ran updates and changed SSH to a non-default port, then installed VSFTPD and backed up the config file:

sudo apt-get update
sudo apt-get dist-upgrade
sudo vi /etc/ssh/sshd_config
sudo apt-get install vsftpd
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.old

...continue reading "Hosting Anonymous FTP"

This site is being hosted in Amazon Web Services (AWS). It relies on a number of cloud services, including RDS, S3, and CloudFront. The following are some of the steps that were required to set it up.

Provisioning a Server

Create an AWS account if you don't already have one and complete the steps listed in the Identity and Access Management (IAM) service. It's especially important to set up multi-factor authentication (MFA) for your account. You should have an IAM user in the "Administrators" group when you're done.

Next go to the EC2 service, Amazon's storefront for virtual machines. Before launching a new instance, we'll create a key pair than can be used to access it securely. Use the following command locally to create a key pair:

ssh-keygen -t rsa -b 4096

Upload the public key by clicking "Key Pairs" and then "Import Key Pair" from the EC2 dashboard. Now we can launch an instance.

...continue reading "WordPress in AWS"