If you are reading this then there is a chance you have a poc.txt in your s3 bucket.
This is just a little heads up to say attackers can upload and overwrite files in your s3 bucket and if you are serving up files like JS they can add an XSS or coinhive to your js.
If you login to your AWS console find the bucket please remove the public-write permission from the bucket and this will fix the issue.
| #!/usr/bin/env bash | |
| BUCKET=$1 | |
| CWD=$(pwd) | |
| if [[ -n $1 ]]; then | |
| aws s3 sync s3://$BUCKET/cf-logs . | |
| cat *.gz > combined.log.gz | |
| find $CWD ! -name 'combined.log.gz' -name '*.gz' -type f -exec rm -f {} + | |
| gzip -d combined.log.gz |
| package main | |
| import ( | |
| "bufio" | |
| "fmt" | |
| "io" | |
| "net/http" | |
| "os" | |
| "sync" | |
| ) |
| FROM ubuntu | |
| MAINTAINER "Bobby Wilson" | |
| RUN apt-get update | |
| RUN apt-get install curl -y | |
| RUN cd /usr/local; curl -O http://nodejs.org/dist/v0.10.16/node-v0.10.16-linux-x64.tar.gz | |
| RUN cd /usr/local; tar xzf node-v0.10.16-linux-x64.tar.gz | |
| ENV PATH /usr/local/bin:/usr/sbin:/bin:/usr/local/node-v0.10.16-linux-x64/bin | |
| ADD . /app | |
| EXPOSE 8000:8000 | |
| ENV PORT 8000 |
| #!/usr/bin/env ruby | |
| require 'syslog' | |
| require 'net/http' | |
| require 'aws-sdk' | |
| Syslog.open | |
| AWS.config({ | |
| :access_key_id => '<iam user key>', | |
| :secret_access_key => '<iam user secret>' |
| #!/usr/bin/env sh | |
| ## | |
| # This is script with usefull tips taken from: | |
| # https://github.com/mathiasbynens/dotfiles/blob/master/.osx | |
| # | |
| # install it: | |
| # curl -sL https://raw.github.com/gist/2108403/hack.sh | sh | |
| # |
| upstream php-fpm { | |
| server unix:/var/run/php5-fpm.sock; | |
| } | |
| server { | |
| listen 80; | |
| server_name www.example.com; | |
| rewrite ^ http://example.com$request_uri?; | |
| } |