AWS Intrusion Attempts by an ec2 with ERPNext on it

Hey all,

so on 26th of march i had launched an ec2 instance with ERPNext 13 using the AMI (link:, on 1st April i got an email from AWS saying that the instance was hitting other servers

the email just gives a small part of the log file, but to diagnose the issue i would require the entire log file, but aws also blocked the outbound ports so now i can ssh in ?

i don’t know what to really do here, any suggestions would be great


Are you sure that you replaced all default passwords that the ova uses?
If no: I would recommend to terminate the instance and start fresh, first action to adapt default pwds.

1 Like

oh yea lol :sweat_smile:, idk how i missed that