Block Amazon AWS Traffic

I’ve had a few instances where there were compromised machines in the Amazon AWS environment that were connecting and trying to brute force some logins to cPanel or a CMS like WordPress. I found amazon has a list of their ip’s here:

and more specifically this list:

I wanted to block the range for a while so I ran these command from ssh:

cp -rp /etc/csf/csf.deny /etc/csf/csf.deny.backup
grep ip_prefix ip-ranges.json | awk ‘{print $2}’ | sed s/\”//g | sed s/\,//g >> /etc/csf/csf.deny

I made a backup of the csf.deny file first so it could be reverted later. Otherwise having this many ip’s in the list may slow the firewall and even the whole server down.