Apparently, a bug in memcached (which we use in Koha) causes it to be used an intermediary in a DDoS attack:
https://arstechnica.com/information-technology/2018/02/in-the-wild-ddoses-use-new-way-to-achieve-unthinkable-sizes/ I'm not an expert on this kind of thing by any means, but judging from this: https://github.com/memcached/memcached/wiki/ReleaseNotes156 It seems that we can disable the attack by preventing memcached from listening on a UDP port. I was able to do this by adding the following lines to /etc/memcached.conf: # Disable UDP -U 0 Then restarted memcached and apache2. My questions for the experts: Is this the correct approach? Is it even necessary? Is there more we should do? _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
