Re: [Gluster-users] Volume hacked

check out the syslogs of iptables logs on ip address access during that time. maybe you should move in the future to the centralised logging independent of vm infrastructure Am 07.08.2017 2:20 nachm. schrieb : > > It really depends on the application if locks are used.

Re: [Gluster-users] Volume hacked

> It really depends on the application if locks are used. Most (Linux) > applications will use advisory locks. This means that locking is only > effective when all participating applications use and honour the locks. > If one application uses (advisory) locks, and an other application now, > well,

Re: [Gluster-users] Volume hacked

On Sun, Aug 06, 2017 at 08:54:33PM +0100, lemonni...@ulrar.net wrote: > Thinking about it, is it even normal they managed to delete the VM disks? > Shoudn't they have gotten "file in use" errors ? Or does libgfapi not > lock the access files ? It really depends on the application if locks are

Re: [Gluster-users] Volume hacked

On Mon, Aug 7, 2017 at 2:17 PM, wrote: > On Mon, Aug 07, 2017 at 10:40:08AM +0200, Arman Khalatyan wrote: > > Interesting problem... > > Did you considered an insider job?( comes to mind http://verelox.com > > recent troubles) > > I would be really

Re: [Gluster-users] Volume hacked

On Mon, Aug 07, 2017 at 10:40:08AM +0200, Arman Khalatyan wrote: > Interesting problem... > Did you considered an insider job?( comes to mind http://verelox.com > recent troubles) I would be really really surprised, we are only 5 / 6 with access and as far as I know no

Re: [Gluster-users] Volume hacked

Interesting problem... Did you considered an insider job?( comes to mind http://verelox.com recent troubles) On Mon, Aug 7, 2017 at 3:30 AM, W Kern wrote: > > > On 8/6/2017 4:57 PM, lemonni...@ulrar.net wrote: > > > Gluster already uses a vlan, the

Re: [Gluster-users] Volume hacked

On 8/6/2017 4:57 PM, lemonni...@ulrar.net wrote: Gluster already uses a vlan, the problem is that there is no easy way that I know of to tell gluster not to listen on an interface, and I can't not have a public IP on the server. I really wish ther was a simple "listen only on this

Re: [Gluster-users] Volume hacked

> You should add VLANS, and/or overlay networks and/or Mac Address > filtering/locking/security which raises the bar quite a bit for hackers. > Perhaps your provider can help you with that. > Gluster already uses a vlan, the problem is that there is no easy way that I know of to tell gluster

Re: [Gluster-users] Volume hacked

On 8/6/2017 1:09 PM, lemonni...@ulrar.net wrote: Are your gluster nodes physically isolated on their own network/switch? Nope, impossible to do for us ok, yes, that makes it much harder to secure. You should add VLANS, and/or overlay networks and/or Mac Address

Re: [Gluster-users] Volume hacked

On Sun, Aug 06, 2017 at 01:01:56PM -0700, wk wrote: > I'm not sure what you mean by saying "NFS is available by anyone"? > > Are your gluster nodes physically isolated on their own network/switch? Nope, impossible to do for us > > In other words can an outsider access them directly without

Re: [Gluster-users] Volume hacked

I'm not sure what you mean by saying "NFS is available by anyone"? Are your gluster nodes physically isolated on their own network/switch? In other words can an outsider access them directly without having to compromise a NFS client machine first? -bill On 8/6/2017 7:57 AM,

Re: [Gluster-users] Volume hacked

Thinking about it, is it even normal they managed to delete the VM disks? Shoudn't they have gotten "file in use" errors ? Or does libgfapi not lock the access files ? On Sun, Aug 06, 2017 at 03:57:06PM +0100, lemonni...@ulrar.net wrote: > Hi, > > This morning one of our cluster was hacked, all

[Gluster-users] Volume hacked

Hi, This morning one of our cluster was hacked, all the VM disks were deleted and a file README.txt was left with inside just "http://virtualisan.net/contactus.php :D" I don't speak the language but with google translete it looks like it's just a webdev company or something like that, a bit