AWS sent me a report where my personal EC2s have been implicated in sending spam or unsolicited email to others, as seen below:
Let me re-emphasize, this email is about my personal AWS account, and not from my workplace.
This suspicious activity isn’t intended. Someone managed to hack into my servers and inserted code where it will lead others in spam or do phishing activities within my websites. Basically, I have been neglecting this server and website due to work and studies, and I forgot about making the necessary upkeep to keep hackers away.
What is the damage?
AWS has shut down web access to my websites, which means my websites in this server are inaccessible. I’m actually not worried about the websites because they are personal projects that have been neglected. The actual servers that I use for business aren’t affected by this report.
A message to all small business owners
Neglecting upkeep and maintenance for your software could shut it down.
There was a time in my life where I was building websites and apps for clients actively as a side hustle. Many owners of small businesses think that software is like buying a table. You build a table with good wood, and it’s supposed to last for decades.
Except that software isn’t anywhere near a table. Software can become old and vulnerable with time, where hackers find ways and means to break into your system. Hackers are always coming up with creative ways to compromising exposed web apps for a couple of quick bugs. I have known of friends’ websites held on a ransom because of vulnerabilities.
Many uninformed business owners refused to pay for maintenance or upkeep packages to keep their apps or websites alive. The freelancer goes away after doing his or her job, and you’re happy with your web app until it goes down because someone was able to hack into your system and cause trouble.
Then the blame game happens.
So my message to you is, stop being a cheapskate and factor in software maintenance services as part of your business. Or subscribe to a SaaS (software-as-a-service) instead. Let the experts worry about vulnerabilities, and you focus on your business.
I know that maintenance services feels like bleeding money. However, losing business because you lost access to your software is far more costly.
What’s next?
I’m going to take this opportunity to make a video series on how to fix this AWS abuse report. There are occasions where business owners wonder why do they pay maintenance services, and I intend to illustrate the necessary steps and work so that they know what they are paying for.
I will also use this opportunity to enrich my AWS CDK tutorial, where I build another personal website on my journeys in the United States. So stay tuned for more updates!