Trying to report a potential attack to AWS but they require logs and timezone
I recently upgraded our analytics package to see more detailed traffic stats.
It looks like we our site, hosted on github, but proxied through Cloudflare, is potentially under attack.
We can't be sure if it's legitimate traffic, but it's potentially also unbeknown to the people responsible for the servers they are running.
For context, the site is the JSON Schema project, which hosts meta-schemas. Some of these are being accessed at the rate of 35M requests over 7 days. The highest path accessed is not what we would expect for reasons that don't really matter here.
We are keen to reach users who are creating these large volumes of requests.
Here's the most recent response from AWS.
Please note that in order to accurately identify the customer responsible for these request we will require the correct time zone and activity logs that show the requests being made to your end point. As you mentioned, you not sure of the exact time zone and are unable to provide logs due to not having Cloudflare enterprise package which unfortunately leave us with too little information to be able to accurately identify the responsible customer and investigate accordingly. I would recommend reaching out to Cloudflare to see if there is any possibility of them assisting you with retrieving activity logs to provide to us so we can further investigate. Again, this should include the Date, Time, Time zone and Log extract of the requests being made to your endpointAnything that can be done here as a one-off? The potential attacks are continual.
0 Replies