Elasticsearch wrote a blog post regarding the issue today: http://www.elasticsearch.org/blog/scripting-security/
-- Ivan On Wed, Jul 9, 2014 at 2:39 AM, Umutcan <[email protected]> wrote: > You are right. We were aware that exposing cluster to internet was a bad > idea. It was a temporary situation. We are planing to use it behind an > application in our product. > > Thanks for advice. > > > On 09-07-2014 12:01, David Pilato wrote: > > 3 bad things here: > > * You exposed your cluster to internet directly > * You did not disable dynamic scripting > * May be you are running your elasticsearch node as root? > > You should read that documentation: > http://www.elasticsearch.org/guide/en/elasticsearch/reference/0.90/modules-scripting.html#_disabling_dynamic_scripts > > > -- > *David Pilato* | *Technical Advocate* | *Elasticsearch.com* > @dadoonet <https://twitter.com/dadoonet> | @elasticsearchfr > <https://twitter.com/elasticsearchfr> > > > Le 9 juillet 2014 à 10:45:30, Umutcan ([email protected]) a écrit: > > Hi, > > We have been testing Elasticsearch for a while. Our ES cluster was on > AWS. We installed Bigdesk, Marvel, Thrift, EC2 Discovery plugins. There > were 5 instance (1 load balancer, 4 data node) and all of them were > version 0.90. > > Yesterday, We have received an e-mail from AWS. They said one of our > instance in ES cluster was making DOS attacks from UDP port 80. > > We did not restrict ports, because it was an test cluster. It can be > main cause of this problem, but I still want to ask if there is a known > bug (in ES or modules or plugins) that cause something like this or if > there is anyone who have seen some kind of similar problem. > > Thanks, > Umutcan Onal > > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/53BD012A.2090109%40gamegos.com > . > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/etPan.53bd04d9.189a769b.6455%40MacBook-Air-de-David.local > <https://groups.google.com/d/msgid/elasticsearch/etPan.53bd04d9.189a769b.6455%40MacBook-Air-de-David.local?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/53BD0DD2.5080400%40gamegos.com > <https://groups.google.com/d/msgid/elasticsearch/53BD0DD2.5080400%40gamegos.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQBxE6KnZb5Art%2B%3DKMiVSQBcOChDaVsnnDoJAxdNCanLTA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
