A few months ago I started trying out the free tier of amazon EC2. I set up my linux box to run a new pure JS version of my website. My original plan was to move everything over to EC2 and use that as my primary hosting from now on. I didn’t really have a lot of time to spend so I only paid attention to what I needed to in order to start up 1 machine and be able to ssh into it to install the programs I needed.
In the last few days my account was compromised, some instances were started and my monthly bill ended up at $280. Luckily I was back from holiday and able to check my emails or it could have easily ended up in the thousands. Thankfully amazon were nice enough to get rid of the charges since they were caused by someone else. I have since closed my account so that I don’t end up in this position again.
This is the first time I have had a problem with internet security. I’ve been of the opinion that nothing I have on the internet is really that important and for the most part this is true. Someone hacking my account and defacing my website would only be a minor inconvenience. I did not ever think about someone setting up a server farm and footing me with the bill.
Since this has happened I’ve rethought how I approach securing my accounts. I’ve changed a number of my passwords just to be sure and where possible enabled 2 factor authentication. Thankfully no one has yet gained access to any of my other accounts and I’m hoping my increased security will keep it that way.