Security error or glitch with ghost docker image and hosted on AWS using ECS and EC2

Hi All, In a few past couple weeks I have been coming in every monday just to see that someone has touched my blog page and deleted various kind of featured images, sometimes title of blogs and sometimes even changed my hierarchy of titles.

When I check the history, i do not find anyone doing any changes or the ghost does not show it.
This morning it went a little extreme as I could not see any of the images and titles of blogs posted in the last week.

I have attached the proof, and I would like to know what changes can be made and who’s fault is it.

Ghost hosted by creating its docker image and hosted on AWS using ECS and EC2.

That’s very strange, although the attached image doesn’t help me understand the problem much.

I’d check for unexpected users under Staff (check all categories). Change the passwords. I’d also check for unexpected API keys under integrations, and regenerate API keys for integrations that are supposed to be there.

Any services like Zapier or Make set up, that might be allowed to edit your site?

You should also investigate whether your install on AWS is secured. Are there default passwords somewhere that need to be changed? Is there anything informative in your AWS logs?

1 Like